ciferecaNinjo

joined 2 years ago
MODERATOR OF
Brussels
privacy
sorted by: new top controversial old
6
Belgian banks demand proof of cash sources, while German ATMS do not print receipts (slrpnk.net)
 

Belgian banks have gone to the Orwellian extremes of outright refusing cash deposits without proof of source, even for small amounts as low as €50! The war on cash (war on privacy) is in full swing in Belgium.

At the same time, German ATMs are not producing receipts. My understanding of EU law is that the ATM must print a receipt if there is a currency exchange on the ATM’s side of the transaction (please correct me if I’m wrong). But I see no EU law requiring ATMs to print receipts generally. Some ATMs in Germany don’t even have printers; no slot for dispensing receipts. By extension, I suppose such ATMs must not be capable of offering dynamic currency conversion (which is bizarre because that’s where the most profit is in the ATM business).

In any case, it seems a bit off that you can get cash from a German ATM, get denied a receipt (you don’t know in advance that a receipt will not be given), and then you cannot deposit that cash in Belgium due to their nannying.

Or can you? What if you write down the ATM machine’s number, location, time, date, and amount. Would a log of that information serve to document the source of the cash to legal standards?

7
Are bad actors on Tor all really from the general public? Or are they anti-Tor people looking to maintain a stigma? (fedia.io)
 

A Turk was telling me about a peaceful demonstration he attended, in Turkey. He said police surrounded the protest. Then someone in plain clothes threw a stone at the police. One of the demonstrators noticed that the guy who threw the stone had handcuffs in his back pocket. IOW, a cop posing as a demonstrator threw a stone in order to justify the police tagging the protest as “violent” so they could shut it down.

So of course the question is, to what extent are bad actors on Tor actually boot lickers who are working to ruin Tor for everyone?

8
The Tor community needs a resource that tests and publishes a report whether a website is “open access” (fedia.io)
 

There are many situations where gov-distributed public information is legally required to be open access. Yet they block Tor.

To worsen matters, the general public largely and naively believes it’s correct to call something as “open access” when in fact there are access restrictions in place.

The resource should work like this:

  1. User supplies an URL
  2. Robot tries to access that page from a variety of different countries, residential and datacenter IPs, Tor, various VPNs, different user-agent strings, etc.
  3. Report is generated that reports the site as “openly accessible” if no obsticles (like 403s) were detected. Otherwise tags the site as “restricted access” and lists the excluded demographics of people.

The report should be dated and downloadable as PDF so that activists can send it to the org behind site with a letter saying: “your website is not open access -- please fix”.

This need somewhat aligns with the mission of the OONI project, but they are not doing this AFAICT.

Update

I just read an announcement about Belgium’s “open data” law, which is basically a summary. It said something like “there should be no unnecessary access restrictions”. I’m not sure to what extent that accurately reflects the law, but it’s an example of what one country considers “open”, fwiw. From there, I would say most Tor blockades are not necessary but rather some lazy sysadmin looking for an easy job. They of course would then like to argue that it’s “necessary” to keep the baddies out.

Update 2

The Open Knowledge Foundation Network defines open data to be completely free from restrictions:

https://okfn.org/en/library/what-is-open/

8
EU directives must be implemented in each EU member state, which the EU then verifies. Is that done in English? (fedia.io)
 

Take the anti-spam directive, for example:

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32002L0058&qid=1747912567106

The website gives us the directive but makes no references to the member state’s implementations of that. It seems a bit sloppy that visitors have to try manually searching using some private-sector surveillance advertising search tool to find a member state’s version. In Belgium it’s especially a mess because many of the official websites that “publish” laws are access restricted (e.g. Tor users often denied access). Only some segments of the public can reach some websites. We have Moniteur Belge but that involves digging a law out of a large PDF that globs together many unrelated laws and publications.

According to the EC website, the EC has a duty to verify whether the member state’s version was implemented timely and correctly. Is that done in English, or does the EU have native speakers of all languages on staff doing the verification?

I ask because if there is a translation step, then the EU would perhaps have a good quality English translation of member states laws

which I would like access to. To date, I do machine translations which is tedious. And if the source language is Dutch, the translation tends to be quite poor.

Update: perhaps the biggest shit show is this site:

https://www.stradalex.com/

Visiting from a tor exit node with uMatrix installed, that site is in some kind of endless loop. No idea what kind of shitty JavaScript causes this, but it reloads itself non-stop and never renders. Opening the uMatrix UI shows 3rd party js rows popping up and disappearing faster than you can click to give perms. These people should not be allowed to do web service for legal information.

update 2

This page gives some general links to member state’s law pubs, but you are still left with having to dig around for the implementation that corresponds to the EU directive -- if you can get access.

update 3

Found something useful.. this page is openly accessible and has a “National Transposition” link. From there we can do an /advanced search/ and limit the collection to national transposition and search on 32002L0058, for example.

Then it finds no results, which seems a bit broken. But if I simply do a quick search on 32002L0058 then use the “national transposition” link on the left bar, that seems to work. But then in this test case I followed it all the way to a page that said “ Text is not available.”

In fact, “Text is not available” is what I got on 3 of 3 samples. So it’s a crapshoot. Hopefully the EC folks who verify national implementations are not relying on this same mechanism.

7
French DPA: forcing SNCF customers to specify “Mr.” or “Mrs.” when buying a train ticket does not violate data minimisation... (www.vbb.com)
 

Wow, so that’s bizarre. I wonder why the French DPA would think it’s okay to force customers to reveal their gender. Luckily the CJEU overruled them and made it right in the end. But of course it’s still disturbing when a DPA is working against privacy rights.

0
Dude could not simply deposit €50 cash into his Belgian bank account (fedia.io)
8
“Due to a court order in Belgium requiring the implementation of blocking measures to prevent access within Belgium to certain domains, the OpenDNS service is not currently available to users in Belgi (fedia.io)
 

wtf.. we cannot simply do an NS lookup in Belgium?

$ dig @"$(tor-resolve resolver1.opendns.com)" -t ns -q europeangreens-eu.mail.protection.outlook.com +tcp +nocomments +nostats +nosearch +noclass +dnssec +noauth +noquestion +nocmd

europeangreens-eu.mail.protection.outlook.com. 0 TXT "Effective April 11, 2025: Due to a court order in Belgium requiring the implementation of blocking measures to prevent access within Belgium to certain domains, the OpenDNS service is not currently available to users in Belgium"

Update

Seems relevant:

Belgian Constitution Article 25:
The press is free; censorship can never be introduced; no security can be demanded from authors, publishers or printers. When the author is known and resident in Belgium, neither the publisher, the printer nor the distributor can be prosecuted.

4
Do EU corporations have a heirchy of headquarters? Would that make “forum shopping” for a good GDPR venue possible by choosing a data controller’s HQ instead of where you live? (fedia.io)
5
GDPR tactic: “forum shopping”, by choosing a data controller’s HQ.. does this work? (sopuli.xyz)
 

Many member states a daft when it comes to GDPR enforcement. But there are an exceptional few member states that have a Data Protection Authority that actually does their job. E.g., in principle, I might want to file all Article 77 complaints in Norway. Of course, without living there and having no transaction there, it’s outside of the jurisdiction. OTOH, what happens when a company like Microsoft or Google abuses your data and violates the GDPR? I think MS has headquarters in multiple countries: France, Finland, Spain, Norway, Germany, etc. If I have zero confidence in the DPA for the country I am in, can it be effective to direct the GDPR to a another country if MS has a headquarters there? Is there a heirchy of headquarters whereby an ultimate top level headquarters where a corporation is most relevant?

3
GDPR tactic: “forum shopping”, by choosing a data controller’s HQ.. does this work? (fedia.io)
 

Many member states a daft when it comes to GDPR enforcement. But there are an exceptional few member states that have a Data Protection Authority that actually does their job. E.g., in principle, I might want to file all Article 77 complaints in Norway. Of course, without living there and having no transaction there, it’s outside of the jurisdiction.

OTOH, what happens when a company like Microsoft or Google abuses your data and violates the GDPR? I think MS has headquarters in multiple countries: France, Finland, Spain, Norway, Germany, etc. If I have zero confidence in the DPA for the country I am in, can it be effective to direct the GDPR to a another country if MS has a headquarters there?

Is there a heirchy of headquarters whereby an ultimate top level headquarters where a corporation is most relevant?

What kind of cuisine uses malt vinegar (besides UK and US)? in c/food@slrpnk.net
[–] ciferecaNinjo@fedia.io 2 points 1 month ago (3 children)

I mainly use it on fried potatoes, and I’m open to experiments, perhaps with lentil salad. I am familiar with Sarson’s and managed to find another bottle of that but I would like to try more varieties of malt vinegar. Saw a small bottle of lambic-based vinegar in a speciality shop and didn’t buy it because the price is a bit high (€14).

3
bPost “Prior” stamps sold by default -- trick to watch for! (fedia.io)
 

I asked for a sheet of national stamps. They gave me prior stamps which do not have “prior” printed on them. Price was high, but I just figured the postage rates are jumping leaps and bounds. It turns out a circled 1 “①” is apparently a priority indicator.

Just a heads-up.. watch out for that. The normal stamps come in a sheet of 10 and I think it’s the head of a prime minister on those things.

2
Mexico ranks above Belgium on open data index (2015.index.okfn.org)
 

“The state of government open data across the globe in 2015”

^ ok, bit old. But still, I’m surprised. Maybe Mexico does well on the basis of not having much data to share.

Belgium Rules Sharing Americans’ Bank Data Violates Privacy Law in c/europe@feddit.org
[–] ciferecaNinjo@fedia.io 2 points 2 months ago (1 children)

Well, it wouldn’t require lying but certainly it seems tricky. You can deregister before you leave the country and neglect to provide an address for where you are going -- because you wouldn’t necessarily know in advance and you cannot provide information that does not exist. So they clear your address from your id card which then just has an empty address.

Correct me if I’m wrong, but you don’t have a specific legal obligation to state where you live abroad.

Though one snag is that you have a legal obligation to vote in elections and you must vote in the nearest embassy, which requires giving an address to get on the voting roster. However, voting is not strictly enforced. If you fail to vote there is a small fine but I don’t think they actually hit unregistered people abroad with that. If you do not vote in 3 consecutive elections, then you could lose your voting rights for a few years, I think.

I do not believe the bank gets a notification that you have deregistered. But at some point your ID card on the bank’s files will expire and they will expect an updated copy and freeze your account until they receive it.

If you walk into an embassy to “renew” your passport, do they demand an address? I would think you would pick up your passport at the embassy a week later. Or do they mail it?

Anyway, I can understand giving in to surveillance and disclosing US ties, but OTOH it seems like a nightmare to do what’s expected as well.. to be tagged as a toxic US person. It’s a mess either way. Perhaps the wisest move is to “move” to Canada, stay there a couple months, setup residency, then move to the US and just neglect to mention it. Get mail forwarding from Canada.

Belgium Rules Sharing Americans’ Bank Data Violates Privacy Law in c/europe@feddit.org
[–] ciferecaNinjo@fedia.io 1 points 2 months ago (3 children)

Half their internet banking site is off-limits to me

Mind elaborating? Did they restrict your account specifically, or does the website simply treat logins from the US differently? I’m surprised you wouldn’t retain full cloud access so long as your account exists under the terms you signed up for.

I don’t understand why you would tell your Belgian bank that you left Belgium, particularly when your new residence is the US which flags you as a toxic asset that requires special handling. That could only work against you. Surely you would be better off not telling them you moved and use a VPN to Belgium to access your acct.

Belgium Rules Sharing Americans’ Bank Data Violates Privacy Law in c/europe@feddit.org
[–] ciferecaNinjo@fedia.io 1 points 2 months ago

Bingo. This is true even across EU borders. Rabobank in Netherlands does not exchange info with Rabobank in Belgium, IIUC. (but note I think Rabobank quit doing business in Belgium eventually anyway)

German postboxes: access denied. Could not put cash in someone’s mailbox. in c/Germany@europe.pub
[–] ciferecaNinjo@fedia.io 1 points 2 months ago (1 children)

I appreciate the insight. My other speculation was that it was an anti-spam tactic.

In Belgium residents can post a sign/sticker saying /no pub/ and by law it must be complied with, but there is no enforcement and not much compliance. Unlike Switzerland, who charges people to opt-out of ads but then diligently fines violators.

deGoogled phone and Itsme... can it work ? in c/Belgium@europe.pub
[–] ciferecaNinjo@fedia.io 1 points 2 months ago

Considering your apparent adversity to surveillance advertising US tech giants, it’s a bit of a surprise that you would consider using ItsMe, a service that forces you to trust Cloudflare and be subject to Cloudflare’s bullying, oversight and access restrictions. There is no way to use ItsMe without letting Cloudflare see your sensitive data.

That said, I do not know the answer to your question because I would never even try to use ItsMe in the very least because of it’s hostility toward tor users.

Fight for ETS by sending snail-mail instead of email. Because almost all gov agencies in Europe use MS Outlook. in c/ETS@europe.pub
[–] ciferecaNinjo@fedia.io 1 points 3 months ago

Glad to hear you can help drive that from the EU side. Until then, I will continue sending paper correspondence. It would help if more people would insist on paper correspondence to create a bit of motivation.

German ATMs do not give receipts. This goes against intl law, no? And what about fee transparency? Upside: they give big notes, but how do you know in advance? in c/germany@feddit.org
[–] ciferecaNinjo@fedia.io 1 points 3 months ago

I don't know of any such law or even which organization would be able to make such a law.

Regulation (EU) 2021/1230 covers ATMs to some extent. I think there was a law even broader than EU law but I’ve lost track of it -- or just have a bad memory.

(found the bit about receipts being required)

Article 4
Currency conversion charges related to card-based transactions

  1. With regard to the information requirements on currency conversion charges and the applicable exchange rate, as set out in Article 45(1), Article 52, point (3), and Article 59(2) of Directive (EU) 2015/2366, payment service providers and parties providing currency conversion services at an automated teller machine (ATM) or at the point of sale, as referred to in Article 59(2) of that Directive, shall express the total currency conversion charges as a percentage mark-up over the latest available euro foreign exchange reference rates issued by the European Central Bank (ECB). That mark-up shall be disclosed to the payer prior to the initiation of the payment transaction.
  2. Payment service providers shall also make the mark-up referred to in paragraph 1 public in a comprehensible and easily accessible manner on a broadly available and easily accessible electronic platform.
  3. In addition to the information referred to in paragraph 1, a party providing a currency conversion service at an ATM or at the point of sale shall provide the payer with the following information prior to the initiation of the payment transaction: (a) the amount to be paid to the payee in the currency used by the payee; (b) the amount to be paid by the payer in the currency of the payer’s account.
  4. A party providing currency conversion services at an ATM or at the point of sale shall clearly display the information referred to in paragraph 1 at the ATM or at the point of sale. Prior to the initiation of the payment transaction, that party shall also inform the payer of the possibility of paying in the currency used by the payee and having the currency conversion subsequently performed by the payer’s payment service provider. The information referred to in paragraphs 1 and 3 shall also be made available to the payer on a durable medium following the initiation of the payment transaction.

….

What I find shitty about this wording is it’s unclear if the receipt is only required in the case of currency conversion by the ATM. Apparently yes.. apparently if DCC is not offered the the ATM is off the hook for giving a receipt. Several ATMs did not have DCC, but the machie that did not even have a receipt printer offered a DCC option, which seems to be illegal.

Fee structure is indeed extremely intransparent in most cases. Generally, I have too look up ATM fees in my online banking access and I never know them beforehand. Iiuc, your bank and the ATM-operating bank roll the dice to find out the fees they each want to charge as part of the process of handing out your cash anyway.

The fee structure is indeed very well concealed. Before approaching an ATM the fees are undisclosed and many ATMs demand your PIN as the very 1st step. It’s a shit show for sure. But at least they must inform you of fees before you commit to the transaction, per 2021/1230.

In any case, no store wants to receive notes above €100 because politicians and media have successfully created mental associations between those notes and money laundry/corruption/organized crime.

Yeah I heard Germany has no cash acceptance obligation whatsoever, which by extension supports your narrative that they can be fussy about banknotes, as in France.

This contrasts with Belgium where brick and mortar merchants must accept banknotes. They can reject money that is disportionately sized if they want. E.g. they can reject a €200 note on a transaction of €20 but not on a transaction of €175. Or they can reject a shit ton of coins on a 3+ figure transaction.

German ATMs do not give receipts. This goes against intl law, no? And what about fee transparency? Upside: they give big notes, but how do you know in advance? in c/germany@feddit.org
[–] ciferecaNinjo@fedia.io 1 points 3 months ago

I would say mostly true. And that much is driven by Regulation (EU) 2021/1230. If an ATM offers DCC¹, it must show the exchange rate and fees, and it must give a comparison to a non-DCC option, which must be offered (iow, there must be an opt out).

A common practice is to charge a flat transaction fee when DCC is not used, and to charge no fee when DCC is used, because the exchange rate is so terrible they are profitting hand over fist if you use DCC. But the ATMs often do not expressly state that the fee is waived in the DCC case -- they simply make no mention of the fee you would /otherwise/ pay had you not taken DCC. This is because (IMO) the ATM operator does not want users to relise that the exchange rate builds the fee into their fat margin.

I avoid DCC. But then my bank statement only shows how much was taken from my account in the account’s currency, not the ATM’s currency. The ATM receipt (which apparently does not exist in Germany) gives the local currency you pulled out. These two figures leaves you having trust them as far as the fees go. Some ATMs bundle the fee with the withdrawal amount and the drafting bank has no way of knowing what portion was for the fee. And of course neither do you, unless the machine properly informed you. But what if it didn’t? There is not enough information for the end customer to work out what the overhead was in some cases because the exchange rate applied by the account’s custodian is undisclosed.

¹ DCC: dynamic currency conversion

Would you support a European Citizens Initiative to force our politicians to drop Twitter and create their own Mastodon instances? in c/buyeuropean@feddit.uk
[–] ciferecaNinjo@fedia.io 1 points 3 months ago

Do you think it's politicians' job to provide technology education?

Of course. Public education comes from the public sector. We should be electing politicians with administrations who are smarter than the general public. Any tech education that comes of Twitter abandonment is welcome.

Prepaid mobile calls cost what public payphones had cost when the plug was pulled in c/phones@lemmy.sdf.org
[–] ciferecaNinjo@fedia.io 1 points 3 months ago

Can’t reach that link, but sounds good for folks that talk more than 800 min/yr.

But that’s almost like a postpaid scenario.. use-it-or-lose it rather than pay-as-you-go. My consumption would be well below that, and I can’t even be certain I will be in any one given country for whole year. I’d probably be spending over $1/min with that plan.

Would you support a European Citizens Initiative to force our politicians to drop Twitter and create their own Mastodon instances? in c/buyeuropean@feddit.uk
[–] ciferecaNinjo@fedia.io 1 points 3 months ago (2 children)

But there is a need for politicians to reach their constituents, and if they can be effectively reached by an imperfect method,

Leaders should lead, not follow. Politicians can reach and be reached on a Mastodon server, where all their constituents have access.

Asking ~8 billion (or however many) people to make a personal change first is a non-starter. Demanding many orders of magnitude fewer people (politicians) make the first move to break the dystopian cycle is far more sensible.

then I can accept them using it while also promoting better methods.

Posting on Twitter is an assault on promoting better methods. Mirroring everything on Twitter facilitates the Tyranny of Convenience (great essay by Tim Wu) by making Twitter the superset. It’s important and socially responsible to withhold info from Twitter so that it cannot be the superset.

RMS gives good advice for orgs who think they need a Facebook presence:

https://stallman.org/facebook-presence.html

Politicians don’t need a Twitter presence, but to the extent that they are not convinced, the bare minimum action they can take is implement some of the advice on that RMS page.

Any random 3rd party joe shmoe can make a Twitter bot that mirrors a politician’s msgs to Twitter. In fact, force Twitter to do the work simply by not feeding Twitter. Motivation for Twitter’s self-preservation would appropriately ensure gov resources are not spent on Twitter. Make Twitter be the host of dodgy mirror bots without engagement, where you need Mastodon to actually engage with a politician.

view more: ‹ prev next ›