coffeeClean @ coffeeClean @infosec.pub

Posts

54

Comments

137

Joined

3 yr. ago

Moderating

---

Interesting perspective, but I’d tend to argue that the technologies such as WiFi have massively increased inclusiveness and accessibility for magnitudes more people than it has raised issues for.

Not in the slightest¹. It has reduced inclusiveness. The groups being excluded were previously given full and equal access. To argue that nighttime access is possible is to inherently advocate for exclusive access to those who would sit on the sidewalk with their device while people who need access by other means are denied. What a bizarre and obscure corner case. It’d be somewhat elitist to be selective like that. Human rights calls for equal access to public services (UDHR Art.21¶2). That means if a service cannot be offered to all demographics it should be offered to no one.

It’s really hair-splitting esoterics to be concerned about what library access there is at night time on the sidewalk. Maybe it’s fair enough to say outside of hours there is no sense of equal access. I don’t want to die on the nighttime access hill either way. My post concerns equality during the day when the library doors are open. If there really is a notable need for nighttime access from the sidewalk, that can also be deployed in an egalitarian way by mounting exterior ethernet ports and removing the captive portals.

(edit)¹ well, Wi-Fi in the 2000s was inclusive because it did not generally come with a captive portal and it was offered in parallel to ethernet. Having Wi-Fi is an essential part of being inclusive now that wi-fi-only devices exist. But the way they are doing it in 2024 is exclusive, depending on the library. Some libraries still today do not have captive portals but that’s becoming more rare as libraries prioritize a paperless agreement above equal access.

I am also concerned with outsourcing. But worried about cloudflare are pretty far down the list. Adobe controlled DRM on most ebooks, and even third party cloud based catalogues, are way more concerning.

You’re thinking about the barriers and inconveniences to you personally. But when I speak about exclusivity, I’m talking about different demographics of people getting different treatment and different service. It’s unacceptible for a public service to say “sorry, some people just do not make the cut for the profile of those we are including.. our public service is only for people who subscribe to private GSM service” (precisely the demographic less in need of public service). It’s better to pull the plug to ensure equality than to create unequal access.

The DRM problem is not a problem of exclusivity w.r.t the public library, AFAICT, because the library secures whatever DRM rights are needed equally for all patrons. DRM does not cause someone who cannot afford a mobile phone to be refused service. Unless a DRM mechanism were to require an SMS verfication -- then I would be with you on that because that would be discriminatory and exclusive. Although I’ve heard that some forms of DRM prevent reading a page more than once. I can imagine that someone with an impairment of some kind might need to read a page more times than someone else to absorb the same book. In that case, DRM would indeed be adding to the exclusivity problem and would need a remedy in that regard. If a library could not negotiate an egalitarian deal in that case, then the egalitarian remedy is to drop that book from the library’s catalog completely, as that would ensure equal access.

Lets face it, the half dozen people per million (if that) who care about the FLOSS status of thier WiFi hardware’s firmware, probably are technically capable enough to find a way to access library resources securely more than most people!

It’s not a technical problem. It’s an ethical problem. When a public funded service is forces people to run proprietary non-free software on their own devices, it’s an abuse of public funding to needlessly force people into the private sector. In the US, the American Library Association has a bill of rights that states people are not to be excluded from the library based on their views or beliefs. Designing a library to only cater for people who are ethically okay with running non-free proprietary software would undermine that principle. It would be comparable to a public service denying service to vegans because of their ethical viewpoints.

Wouldn’t direct access to a library’s network via Ethernet in an uncontrolled manner pose a security risk though?

You would have to detail why. Ethernet offers /more/ security by not exposing users’ traffic and by avoiding MitM to a reasonable extent. It’s far easier to spoof a Wi-Fi AP from next door or even a block away than it would be to to plant an ethernet attached MitM box, which means getting behind the drywall or breaking into a utility room. Not to mention the mass surveillance of all iOS devices collecting data, timestamps, location of every other WiFi device in range and feeding that to Apple. Ethernet is trivially immune to that collection, whereas Wi-Fi users are exposed without a countermeaure. They can dynamically change their MAC daily or whatever but that’s not the only data being collected by Apple.

(edit) It’s worth noting as well that the NSA actually advises people not to use Wi-Fi.

Also, while propriety Wi-Fi and other technology-related solutions are sometimes frustrating, many libraries are ultimately budget constrained, making the use of standardized solutions far more economical than custom ones.

Economics does not justify excluding some demographics of people¹. If a public funded service cannot offer service in an equitable way, it’s better to not offer the service at all. When a public library offers a service, assumptions are then made in other contexts that the whole public has that access. Governments operate on the assumption that people they serve have access, and they use that assumption to remove analog means of contact and service. Some government offices have already closed their over-the-counter service. How was it that they could afford it previously but not anymore? Those budgets are themselves set by assumptions, like assumptions that everyone carries a mobile phone.

¹ exceptionally, public funding cannot for example cover every heart transplant everyone needs. But the library does not face those kinds of extremes. Ethernet cable is cheap enough. Getting people to agree to terms of service the old fashioned way (paper) is cheap enough. Priorities have to be really screwed up to be willing to exclude someone from service to save money on paper agreements.

Some of them do, while some libraries proactively take steps to /block/ people who make egress Tor connections from the library’s network, which is a revolting contrast to the librarians who care. The same libraries who block Tor also impose SMS verification on Wi-Fi users. Note that article is US based and only the US has a “Library Bill of Rights”. Outside the US it’s quite a different story.

I wonder if it’s because privacy is in such a poor state of affairs in the US to start with that the US libraries are motivated to give some refuge.

Hate to be a party pooper but the author is a bit off. From the article:

It’s a place I can get free wifi and where I don’t have to explain myself to anyone in any way.

This is precisely where libraries demonstrate poor governance.

First of all by offering Wi-Fi and not ethernet the library discriminates against people with old hardware, people who oppose the non-FOSS firmware that Wi-Fi cards depend on as well as those who don’t want to expose their traffic to all eavesdroppers in range and those who prefer to avoid spoofed APs and those who would rather be less wasteful with energy. I do not think I’ve encountered any library in the past decade that intentionally offer ethernet. The very few I’ve encountered with open ethernet ports apparently offer it by accident (ports that were likely meant for the libraries own assets but unused and left inadvertently connected).

Even if you are in the included group who are happy to see ethernet users marginalised, among Wi-Fi users are those who are discrimated against because they do not have a mobile phone, thus cannot get past the Wi-Fi captive portal that demands SMS verification. Which also inherently discriminates against people whose devices cannot handle captive portals as well. So libraries are less of a refuge from corporate bullshit than they were in the past.

And that we can do it without a profit motive, simply because we think that’s the way it ought to be.

It’s great that the library itself is non-profit. But that only mitigates part of the problem brought by corporate commercial greed. The library needs to evolve to:

• help people find refuge from tech giants, which means not imposing mobile phones on the public and ideally go as far as offering access to FOSS PCs. It should be mostly FOSS PCs, and perhaps 1 or 2 Windows and MACs for those who have various special needs. Most libraries are 100% MS Windows with Chromium (possibly Firefox as an alternative) and the search engine default is Google. So library visitors are still being immersed in the same exploitive commercial environment that dominates homes and workplaces.
• the library blocks Youtube front-ends like Invidious but not Youtube, which ensures delivering an a profitable audience to Google. I realise the library has to avoid copyright violations, but Invidious is not a clear offender. It’s murky gray area but the library should be fighting for the people considering Invidious nodes are not being shut down which highlights the weakness of Google’s position.
• mention of lending out Rokus is a double-edged sword. Yes it’s keeping pace with the times to get people access to streams but Roku is a smart TV which doubles as spyware designed to enrich corporations. I’m not sure if there is a FOSS alternative. I’m tempted to say Kodi but it would then have to be installed on portable hardware that the library could lend.
• cut ties with all e-book suppliers who lock their books up into Cloudflare’s exclusive walled garden. Cloudflare should not be a gatekeeper for who gets access to e-books.

Our governmental structures and agencies should not be in the service of business,

Indeed. But when a library excludes those without mobile phones, they are serving the telephony industry and undermining the human right to equal access to public services.

The author himself, J.Hill, deployed this blog from a website that is inside an exclusive walled garden that discriminates against some demographis of people. I agree with his push to defend libraries from right-wing assholes and in that sense we are united. But a fight is also needed within the library systems to stop libraries from discriminating against some classes of people. They are outsourcing their technology to tech giants who have made library access exclusive.

I see a lot of downvotes on your comments on this thread and I wonder if it’s due to differences in nationality/geography/jurisdiction.

Guess I should answer this. The enormous class of people with mobile phones (likely 100% of those in this channel) are happy to be in the included group and amid any chatter about expanding the included group to include those without a phone (a segment they do not care about), they think: “that extra degree of egalitarian policy to support a more diverse group will cost more and yield nothing extra to me; yet that extra cost will be passed on to me.”

Which is true. And very few people among them care about boycott power because it’s rarely used by willful consumerist consumers of tech and telecom svc. But the ignorance is widespread failure to realise that as mobile phones become effectively a basic requirement for everyone, the suppliers will have even less incentive to win your business. The duopolies and triopolies can (and will) increase prices and reduce service quality as a consequence of that stranglehold. Most people are too naïve to realise the hold-out non-mobile phone customers are benefiting them even from the selfish standpoint of the mobile phone customers. And the fact that they are paying an invisible price with their data doesn’t occur to most people either, or how that loss of privacy disempowers them.

They will pay more in the end than if they had supported diversity and egalitarian inclusion.

I see that the relevant websites (FCC and lifelinesupport.org) both block Tor so you can’t be poor in need of the Lifeline and simultaneously care about privacy. Many parts of the US have extremely expensive telecom costs. I think I heard an avg figure of like $300/month (for all info svcs [internet,phone,TV]), which I struggle to believe but I know it’s quite costly nonetheless. One source says $300/month is the high end figure, not an avg. Anyway, a national avg of $144/month just for a mobile phone plan is absurdly extortionate.

About Lifeline:

Lifeline provides subscribers a discount on qualifying monthly telephone service, broadband Internet service, or bundled voice-broadband packages purchased from participating wireline or wireless providers. The discount helps ensure that low-income consumers can afford 21st century connectivity services and the access they provide to jobs, healthcare, and educational resources.

So they get a discount. But you say free? Does the discount become free if income is below a threshold? Do they get a free/discounted hardware upgrade every 2-3 years as well, since everyone is okay with the chronic forced obsolescence in the duopoly of platforms to choose from? In any case, I’m sure the program gets more phones into more needy hands, which would shrink the population of marginalized people. That’s a double edged sword. Shrinking the size of a marginalized group without completely eliminating it means fewer people are harmed. But those in that group are further disempowered by their smaller numbers, easier to oppress, and less able to correct the core of the problem: not having a right to be analog and be unplugged (which is an important component of the right to boycott).

This topic could be a whole Lemmy community, not just a thread. In the US, you have only three carriers: AT&T, Verizon, and T-Mobile. I’ve seen enough wrongdoing by all 3 to boycott all 3. I would not finance any them no matter how much money I have. T-Mobile is the lesser of evils but it’s wrong to be forced to feed any of the three as an arbitrary needless precondition to using the library’s public wifi. It’s absolutely foolish that most people support that kind of bundling between public and private services.

US govs do not (AFAIK) yet impose tech on people. I think every gov service in the US has an analog option, including cash payment options. That’s not the case in many regions outside the US. There are already govs that now absolutely force you to complete some government transactions online, along with electronic payments which imposes bank patronisation, even if you boycott the banks for investing in fossil fuels and private prisons. And if you don’t like being forced to use their Google CAPTCHA (which supports Google, the surveillance advertiser who participates in fossil fuel extraction), that’s tough. Poor people are forced to use a PC (thus the library) to do public sector transactions with the gov, as are a segment of elderly people who struggle to use the technology. There is also a segment of tech people who rightfully object, precisely because they know enough about how info traverses information systems to see how privacy is undermined largely due to loss of control (control being in the wrong hands). It’s baffling how few people are in that tech segment.

So the pro-privacy tech activists are united with the low-tech elderly and the poor together fighting this oppression (called “digital transformation”) which effectively takes away our boycott power and right to choose who we do business with in the private sector. A divide and conquer approach is being used because we don’t have a well-organised coalition. Giving the poor cheaper tech and giving assistance to the elderly is a good thing but the side effect is enabling the oppression to go unchallenged. When really the right answer in the end is to not impose shitty options in the first place. It’s like the corp swindle of forced bundling (you can only get X if you also take Y). You should be able to get public wifi without a mobile phone subscription.

The UDHR prohibits discrimination on the basis of what property you have. The intent is to protect the poor, but the protection is actually rightfully bigger in scope because people who willfully opt not to have property are also in the protected class.

It’s all quite parallel to Snowden’s take. The masses don’t care about privacy due to not really understanding it.

“Ultimately, arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” ― Edward Snowden

The idea that activists need both free speech and privacy in order to fight for everyone’s rights is lost on people making the /selfish/ choice to disregard privacy. All those mobile phone users who don’t give a shit about mobile phones being imposed on everyone are missing this concept. The choice to have a mobile phone is dying. It’s gradually and quietly becoming an unwritten mandate.

Banking is also becoming bound to having a mobile phone. There are already banks who will not open account for those without a mobile phone. So we are losing the option to have a bank account but not a mobile phone.

Yeah I’ve done the same in one case. Librarian green lit me plugging into the rj45 but it turned out to be a dead port. I might have been able to get permission to hijack an occupied port to an unoccupied machine but just opted to bounce instead.

The wifi is for public use. The Ethernet isn’t. How is that so hard to understand?

How is it hard to understand that those two undisputed facts are actually a crucial part of my thesis? Of course I understand it because it’s the cause for the problems I described and my premise. It’s why this thread exists.

If that weren’t the case, the only notable problem would be with the mobile phone precondition on captive portals.

Could I be in the wrong? No, it must be literally everyone else in this entire thread / national library network.

Is your position so weak that you need to resort to a bandwagon fallacy?

Grow up.

and an ad hominem?

You demonstrate being a grown up by avoiding ad hominems in favor of logically sound reasoning.

Their terms require a phone so yes, on their terms.

I keep a copy of everything I sign. The ToS I signed on one library do not require a mobile phone. It’s an ad hoc implementation that was certainly not thought out to the extent of mirroring the demand for a mobile phone number into the agreement. And since it’s not in the agreement, this unwritten policy likely evaded the lawyer’s eyes (who likely drafted or reviewed the ToS).

Why would they make an exception for anyone?

Because their charter is not: “to provide internet service exclusively for residents who have mobile phones”.

And why would they want to deal with paper agreements for WiFi?

Paper agreements:

• do not discriminate (you cannot be a party to a captive portal agreement that you cannot reach)
• are more likely to actually be read (almost no one reads a tickbox agreement)
• inherently (or at least easily) give the non-drafting party a copy of the agreement for their records. A large volume of text on a tiny screen is unlikely to even be opened and even less likely to save it. Not having a personal copy reduces the chance of adherence to the terms.
• provide a higher standard of evidence whenever the agreement is litigated over

You don’t have to be a member to use WiFi, someone else could have given you the password if there even is one

That’s not how it works. The captive portal demands a phone number. After supplying it, an SMS verification code is sent. It’s bizarre that you would suggest asking a stranger in a library for their login info. In the case at hand, someone would have to share their mobile number, and then worry that something naughty would be done under their phone number, and possibly also put that other person at risk for helping someone circumvent the authentication (which also could be easily detected when the same phone number is used for two parallel sessions).

If someone is doing something illegal it’s gonna involve the library if you get caught (that’s why the phone number but maybe they are just being shitty with it). Not worth the risk.

Exactly what makes it awkward to ask someone else to use their phone.

You have, throughout your comments, repeatedly spoken down toward librarians and libraries.

Again, you’re not quoting. You’ve already been told it’s not the case. You need to quote. You replied to the wrong message.

but you’re certainly not painting them as “trying their best”

There are many librarians with varying degrees of motivation. I spoke to one yesterday that genuinely made an effort to the best of their ability. I cannot say the same for all librarians. When I describe a problem of being unable to connect, some librarians cannot be bothered to reach out to tech support, or even so much as report upstream that someone was unable to connect.

“worth having an adult conversation with instead of misrepresenting my situation intentionally”

This is a matter of being able to read people. I don’t just bluntly blurt out a request. I start the conversation with baby steps (borderline small talk) describing the issue to assess from their words, mood, and body language the degree to which they are likely to be accommodating whatever request I am building up to. Different people get a different conversation depending on the vibe I get from them. Even the day of week is a factor. People tend to be in their best mood on Fridays and far from that on Mondays.

You’ll have to quote me on that because I do not recall calling them baddies. I have spotlighted an irresponsible policy and flawed implementation. It’s more likely a competency issue and unlikely a case of malice (as it’s unclear whether the administration is even aware that they are excluding people).

If they are knowingly and willfully discriminating against people without mobile phones, then it could be malice. But we don’t know that so they of course have the benefit of any doubt. They likely operate on the erroneous assumption that every single patron has a mobile phone and functional wifi.

I have to say I didn’t downvote you as you’ve been civil and informative so far. But I’m not sure how to cite/quote from the UDHR as though it’s not law. I named the article and pasted the text. For me whether the enforcement machinery is in force doesn’t matter w.r.t to the merits of the discussion. From where I sit, many nations signed the UDHR because it has a baseline of principles worthy of being held in high regard. When the principles are violated outside the context of an enforcement body, the relevance of legal actionability is a separate matter. We are in a forum where we can say: here is a great idea for how to treat human beings with dignity and equality, and here that principle is being violated. There is no court in the loop. Finger wagging manifests from public support and that energy can make corrections in countless ways. Even direct consumer actions like boycotts. Israel is not being held to account for Gaza but people are boycotting Israel.

I guess I’m not grasping your thesis. Are you saying that if a solidly codified national law was not breached, then it’s not worthwhile to spotlight acts that undermine the UDHR principles we hold in high regard?

After reading your post, I would say, no harm intended, just don’t do it again.

You may be misunderstanding the thesis. This is not really about staying out of trouble. Or more precisely, as an activist up to my neck in trouble it’s about getting into the right trouble. The thesis is about this trend of marginalising people with either no phone and/or shitty wifi gear/software and a dozen or so demographics of people therein who do not so easily give up their rights. It’s about exclusivity of public services funded with public money. Civil disobedience is an important tool for justice outside of courts.

The security matter is really about competency and cost. The main problem is likely in the requirements specification conveyed to the large tech firms that received the contract. From where I sit, it appears they were simply told “give people wifi”, probably by people who don’t know the difference between wifi and internet. In which case the tech supplier should have been diligent and competent enough to ask “do you want us to exclude segments of the public who have no wifi gear and those without phones?”

The UDHR is not a treaty, so it does not create any direct legal bindings.

Sure, but where are you going with this? Legal binding only matters in situations of legal action and orthogonal to its application in a discussion in a forum. Human rights violations are rampant and they rarely go to The Hague (though that frequency is increasing). Human rights law is symbolic and carries weight in the court of public opinion. Human rights law and violations thereof get penalized to some extent simply by widespread condemnation by the public. So of course it’s useful to spotlight HR violations in a pubic forum. It doesn’t require a court’s involvement.

The judge who presided over the merits of the Israel genocide situation explained this quite well in a recent interview. If you expect an international court to single-handedly remedy cases before it, your expectations are off. The international court renders judgements that are mostly symbolic. But it’s not useless. It’s just a small part of the overall role of international law.

The article you quote may have been excluded, overwritten or rephrased in your jurisdiction.

I doubt it. It’s been a while since I read the exemptions of the various rights but I do not recall any mods to Article 21. The modifications do not generally wholly exclude an article outright. They typically make some slight modification, such as some signatories limiting free assembly (Art.20 IIRC) to /safe/ gatherings so unsafe gatherings can be broken up. I would not expect to see libraries excluded from the provision that people are entitled to equal access to public services considering there is also Article 27:

“Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.”

The European HR convocations take that even further iirc.

You set a great example of getting mad at a bitch eating crackers.

I merely tried to get online using an ethernet cable. I didn’t get hostile. I was calm. And because I was calm, the librarian became calm. The only hostility was in the librarian’s single opening comment to me, and what you see in this thread.

You need to read Article 21. And as you read it, keep in mind it’s a public library.

(edit) There was a day when black people were denied access to the library. I suppose you would have said “Bruh, denying books is not a human rights violation” without any kind of legal rationale that articulates the meaning of Article 21.

Bizarre that so many here think it’s human-rights compliant to block poor people (those without phones) from public internet; who are in fact the people who need it most as governments are abolishing analog mechanisms of public service. Would be interesting to survey that same crowd on how many of them find it okay to block black people from publicly owned books. People can’t be this obtuse. It’s likely a high density of right-wing conservatives here, who understand human rights law but simply condemn anything they regard as competing with their privilege.

That “right” is exclusively available to people who:

• have a mobile phone
• who carry it with them
• who have working wifi hardware

The Universal Declaration of Human Rights has no such limitation on Article 21.

You can use it but on their terms.

Not without a phone.

Captive portal is likely making you agree to not abuse the service.

Have you forgotten that an agreement can be made on paper?

Nothing about a captive portal requires wifi. There are many ways to get that agreement. Neglecting to make the agreement part of the ToS when you become a member is just reckless.

Someone should let the IT staff know so they can properly block those services on ethernet as well.

Someone should let the IT staff know that wi-fi does not work for everyone, including:

• People running a free software platform that lacks support for a wifi NIC that needs a proprietary driver and firmware
• People running free software who ethically object to running the proprietary non-free driver and firmware their wifi NIC requires
• People without a mobile phone to perform the captive portal-mandated SMS verfication
• People with a mobile phone but who want to exercise their GDPR right to data minimization
• Climate activists who prefer not to spend 30 times more energy needed for wi-fi radios
• People who want the security of other wi-fi users not eavesdropping on their traffic by simply pointing a yagi antenna from a block away (on a network that blocks the VPNs that would protect them from that on wi-fi)

(edit)

• People who cannot get past the captive portal for other reasons, such as the captive portal imposing TLS 1.3 on older software (forced obsolescence), or anything else that fails technically, like DNS breakage preventing the captive portal’s hostname from resolving.

And because simply turning on Wi-Fi in public enables all iPhones in your range to automatically snoop, collect your wi-fi params including SSIDs your device looks for before sending it to Apple, along with GPS fix and timestamp (according to research), there are people who:

• for privacy reasons object to being snooped on generally in this way
• boycott Apple already for any number of reasons, and who have enough discipline and resolve to oppose feeding profitable data to Apple -- regardless of whether they actually care about the disclosure.
• boycott the fossil fuel industry, including Google who supplies AI to Totaal Oil to find drilling locations, and thus oppose feeding Google by way of Androids in range doing the same collection as Apple. (note it’s disputed whether Google actually mirrors Apple on this to the extent of Apple)