this post was submitted on 24 Oct 2023
25 points (96.3% liked)

Free and Open Source Software

17941 readers
172 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

The #FSD purpose is to help people “find freedom-respecting programs”. Browsing the directory reveals copious freedom-disrespecting resources. For example:

FSF has no tags for these anti-features. It suggests a problem with integrity and credibility. People expect to be able to trust FSF as an org that prioritizes user freedom. Presenting this directory with unmarked freedom pitfalls sends the wrong message & risks compromising trust and transparency. Transparency is critical to the FOSS ideology. Why not clearly mark the freedom pitfalls?

UPDATE

The idea of having exclusive clubs with gatekeepers is inconsistent with FSF’s most basic principles, specifically:

  • All important site functionality that's enabled for use with that package works correctly (though it need not look as nice) in free browsers, including IceCat, without running any nonfree software sent by the site. (C0)
  • Does not discriminate against classes of users, or against any country. (C2)
  • Permits access via Tor (we consider this an important site function). (C3)

Failing any of those earns an “F” grade (Github & gitlab·com both fail).

If Cloudflare links in the #FSF FSD are replaced with archive.org mirrors, that avoids a bulk of the exclusivity. #InternetArchive’s #ALA membership automatically invokes the Library Bill of Rights (LBR), which includes:

  • V. A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.
  • VI. Libraries which make exhibit spaces and meeting rooms available to the public they serve should make such facilities available on an equitable basis, regardless of the beliefs or affiliations of individuals or groups requesting their use.
  • VII. All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.

The LBR is consistent with FSF’s principles so this is a naturally fitting solution. The Universal Declaration of Human Rights is also noteworthy. Even if the FSD is technically not a public service, the public uses it and FSF is an IRS-qualified 501(c)(3) public charity, making it public enough to observe these UDHR clauses:

  • art.21 ¶2. Everyone has the right of equal access to public service in his country.
  • art.27 ¶1. Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.

These fundamental egalitarian principles & rights are a minimum low bar to set that cannot be construed as “unreasonable” or “purist” or “extremist”.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (2 children)

As far as Cloudflair… they are a CDN. relax. Nothing is locked there

Nonsense. Cloudflare (a proxy not a CDN) is exclusive. People like myself are in the excluded group. If Cloudflare gives you no problems personally, then you are in the included group. It’s designed so those excluded are invisible to the included group. You can only see the barriers to entry if you are actually excluded.

[–] [email protected] 8 points 1 year ago (2 children)

Please tell me how and why you are excluded. Curios I am.

[–] [email protected] 11 points 1 year ago (1 children)

Yeah, when I hear things like this, what I hear is "I was a user of a site/community/forum/etc. that got banned for hate speech, brigading, etc." Hopefully that's not the case here, but these days when you see people talk about "censorship" or "exclusion" or whatever wrt internet services that almost always what it ends up being

[–] [email protected] 4 points 1 year ago

You're mixing up cranks and bigots. Bigots tend to get banned because they're harmful. Cranks tend to exclude themselves on principle.

The term "crank" is usually used as a pejorative, but cranks can sometimes be beneficial. Richard Stallman is the prototypical example of a Free Software crank. Definitely annoying, but also definitely a net benefit to all of us.

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago) (3 children)

First of all Cloudflare does not disclose to excluded communities why they are excluded. This non-transparency keeps the marginalized in the dark about both the technical criteria for exclusion and also the business reason for exclusion.

Why I personally have been excluded is irrelevant trivia. The full extent of CF’s exclusion is unknown but it’s evident that at a minimum these groups of people are excluded:

  • public libraries
  • Tor users
  • VPN users
  • CGNAT users (often poor people in impoverished regions whose ISPs have fewer IPv4 addresses to allocate than the number of users)
  • people who use scripts to access web resources (and interactive users who merely appear to be bots by using non-graphical FOSS tools, blind people IIRC as they are not loading images)
  • all people with a moral objection to exposing ~20—30% of their web traffic (metadata & payloads both) to one single centralized tech giant in a country without privacy safeguards.

I personally experience exclusion by all of the above except CGNAT.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (1 children)

Sounds to me like this is the kind of abuse blocking any site would use not just cloudflair. Do you have any evidence that Cloudflair is unique in any way in this?

I mention this because I am not sure not using Cloudflair would change much. You would have to use another CDN or build your own solution. Abuse is a real thing and is the reason we cannot have nice things.

Edit: By the way, I am sorry you have had issues. I am just not sure what the solution is and am skeptical that this is a Cloudflair only issue.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Sounds to me like this is the kind of abuse blocking any site would use not just cloudflair. Do you have any evidence that Cloudflair is unique in any way in this?

That’s not a meaningful comparison. Blocking sites do indeed block differently in various different circumstances & discriminate against different groups of people. There are patterns (like Tor blocking) but the meaningful comparison is CF to inclusive sites. E.g. gnucash.org. Gnucash demonstrates how a website can be deployed in an inclusive manner that respects user’s rights.

Cloudflare is unique in how it deceives its users (e.g. tells its users they have a “zero trust” model when in fact you must trust CF with visibility on all traffic payloads). CF holds the SSL keys, unlike other implementations. The recommendation to anti-feature tag CF sites would cover the vast majority of exclusive access-restricted projects. But if a link leads to a rare Siteground site, that should also get an anti-feature tag for being exclusive.

I mention this because I am not sure not using Cloudflair would change much.

Of course it would. Cloudflare brings in a long list of problems. Not using CF (like gnucash.org does) solves all those problems of exclusivity and privacy.

You would have to use another CDN or build your own solution. Abuse is a real thing and is the reason we cannot have nice things.

The Gnucash project disproves this. Furthermore, a CF link can often be replaced with an archive.org link.

[–] [email protected] 4 points 1 year ago (2 children)

and interactive users who merely •appear• to be bots by using non-graphical FOSS tools, blind people IIRC as they are not loading images

I’m gonna need you to explain that one super chief. Do you seriously believe blind people browse the web through a terminal using Lynx or something?

[–] [email protected] 2 points 1 year ago (1 children)

I just encountered a website that uses alt="" on buttons. That means the text description of the button is unreadable in GUI browsers. Mouseovers were coded so you can only get the description in GUI browsers like Firefox by hovering the mouse over the icon. Lynx renders the mouseover text in place of the button. So a screen reader would work on Lynx but not on Firefox for that website.

[–] [email protected] 1 points 1 year ago

That’s not how modern screen readers work. Did you even test it with a screen reader before making this assumption?

[–] [email protected] 2 points 1 year ago (1 children)

From the perspective of screen readers: yes

[–] [email protected] 2 points 1 year ago (2 children)

Please explain this non-sequitur of a reply. Blind people don’t generally actually use apps just designed for blind people. One of the mods of r/Blind pointed this out to Spez during the blackouts. Also, loading images has nothing to do with not passing the Cloudflare check.

This just feels like a really poor attempt at virtue signalling. Like, phone screens could just display black for a blind user. But they don’t. I have a few disabilities myself, and know a couple people who are blind. They just use Firefox.

[–] [email protected] 2 points 1 year ago

Not defending or adding to what OP is talking about, I genuinely don't understand what they're on about, but just replying to your comment. When doing web development, one way to test out your site for accessibility purposes is to view it in a command line browser, since the way a cli browser sees it is how a screen reader is going to see it and parse it.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Also, loading images has nothing to do with not passing the Cloudflare check.

Cloudflare is anti-robot. It’s one of the things they’re not secretive about. Robots do not load images because they are scraping textual information into a DB. Not loading images is relevant to bot detection and triggers anti-bot blockades. So bot creators will sometimes code their bots to needlessly fetch images in order to appear more human.

Like, phone screens could just display black for a blind user. But they don’t.

But they should. The reason they don’t can only be attributed to no one making the effort to extend the battery life for blind users. If the option existed, why wouldn’t blind people use it?

I have a few disabilities myself, and know a couple people who are blind. They just use Firefox.

Certainly you can’t speak for blind people by finding a few who have not realized they can disable images. This does not mean more advanced blind people have not done that. My vision is fine and I still disable images in Firefox in part to not waste bandwidth. Obviously I would keep image loading disabled if I were to go blind. The only reason for a blind person to load images (apart from getting help from someone else) is the same reason bot authors do it: to avoid being treated like a bot.

[–] [email protected] 2 points 1 year ago (1 children)

Many, many sites and services block Tor, and for good reason. It's a massive attack vector. Yes, there are legit uses for it. But the legit users pale in comparison. If you run a financial institution, for example, or anything that houses sensitive personal information, are you willing to allow an entire threat model to attack, just to let the handful of legit users from that model? No. You wouldn't.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Many, many sites and services block Tor

30% at most. Cloudflare compromises ~20—30% of the web and non-CF tor blocking is almost insignificant (likely in the 5—10% of non-CF sites range).

and for good reason

Most of the above-mentioned CF portion blocks Tor out of naïvety. They’re just blindly running with the shitty CF defaults not knowing they can whitelist Tor. Most don’t even know they’re blocking Tor & many don’t even know what Tor is.

But the legit users pale in comparison.

Nonsense. Most Tor users are legit. You’ve apparently been reading Cloudflare’s propaganda where they claim irrationally Tor users are mostly bad actors. It’s a false claim.

If you run a financial institution, for example, or anything that houses sensitive personal information, are you willing to allow an entire threat model to attack, just to let the handful of legit users from that model? No. You wouldn’t.

I insist on using Tor to access my bank account. Banks admit in their ToS that they use customer’s IP address for the express purpose of tracking & logging their realtime location. Some banks are more competent than others. If a bank’s security relies on arbitrary pre-emptive blocking based IP reputation, their security is not up to scratch.

Likewise, there are FOSS projects that also demonstrate ability to serve Tor users. This will stand out when anti-feature tags are applied.