I noticed a library that has ethernet ports, which I must say is quite impressive. So many libraries strictly expect people to use wifi which has downsides:

  • many (most?) wifi NICs have no FOSS drivers (ethernet is actually the only way I can get my FOSS laptop online)
  • ethernet is faster and consumes less energy
  • wifi radiation harms bees and other insects according to ~72 studies (update: separate discussion thread here which shows the research is heavily contested)
  • apparently due to risk of surrounding households consuming bandwidth, 2FA is used (which is inadvertently exclusive at some libraries)
  • enabling wifi on your device exposes you to snooping by other people’s iPhones and Androids according to research at University of Hamburg. Every iPhone in range of your device is collecting data about you and sending it to Apple (e.g. SSIDs your device previously connected to). From what I recall about this study, it does not happen at the network level, so ethernet devices attached to the same network would not be snooped on (and certainly SSID searches would not be in play).
  • (edit) users at risk to AP spoofing (thanks @NoneYa@lemm.ee for pointing this out)

I don’t know when (if ever) I encountered a library with ethernet. Is this a dying practice and I found an old library, or a trending practice by well informed forward-thinking libraries?

BTW, the library that excludes some people from wifi by imposing mobile phone 2FA is not the same library that has ethernet ports, unfortunately. If you can’t use the wifi of the SMS 2FA library then your only option is to use their Windows PCs.

  • freedomPusher@sopuli.xyzOP
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    11 months ago

    Ok so cloudflare can see my password hash

    No, not the hash. The hash is only marginally sensitive. CF sees your /unhashed/ password (that is, your password before hashing).

    everything else is the same as you,

    Not at all. Cloudflare /only/ sees my public content, nothing that I listed as non-public. Of course that can change if Sopuli would suddently decide to use cf.

    I can live with that if it helps the instance admin manage his free work.

    Several instance admins have managed to offer their gratis service /without/ the Cloudflare compromise. So you’ve made a needless compromise in support of a harmful actor.

    Afaik CGNAT shouldn’t be a problem by itself.

    CGNAT users hit the blockade unpredictably. Cloudflare is anti-bot (that also includes beneficial bots). So if someone is perceived as running a bot on your network CF will either blackball the IP address or the whole range. You could then receive that blackballed IP address.

    I know images are not synced to your instance,

    There are many reasons why accessing the original post is useful. Images is indeed one of the problems with CF.

    Federation is not supported on Tor:

    In the free world of FOSS, we are not limited to what is “supported” because people can grab the code and support themselves. There is in fact a fedi client that shakes free of the server and directly accesses servers needed to assemble a thread. This tool was designed to resist fedi politics. It would naturally be blocked when accessing CFd servers over Tor. CF is just another case where a philosophically dubious configuration by a reckless profit-driven corp causes unforeseen collateral damage to human beings and broke the decentralization of the fedi with a purpose-defeating outcome. The fedi was designed for decentralization but obviously a gross oversight that a majority of fedi users are centralized on CF.

    • infeeeee
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      In the free world of FOSS, we are not limited to what is “supported” because people can grab the code and support themselves

      Can you? Why don’t you have your own lemmy server and lemmy fork? I’m really curious now, if everything is so terrible here.

      • freedomPusher@sopuli.xyzOP
        link
        fedilink
        arrow-up
        1
        ·
        11 months ago

        Can you? Why don’t you have your own lemmy server and lemmy fork? I’m really curious now, if everything is so terrible here.

        I do not have the kind of uplink that can handle that volume.

        • infeeeee
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          Why do you need good uplink? You would be the only user, only just your comments should be uploaded, most of the data would be just download anyway.

          Why don’t you use a VPS, there are really good privacy respecting service providers nowadays.

          Or just publish your fixes in the lemmy repo. Like the admin of lemm.ee does: https://github.com/sunaurus

          • freedomPusher@sopuli.xyzOP
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            11 months ago

            When running an instance, everything i follow or subscribe to would be fetched. A server is not going to wait until a user requests a specific article. The timeline will be populated and mirror everything – more than I would likely read. Lemmy is designed so the timeline is populated and visits to articles are instant. I do not read every single article in any community. As an end user, my client only fetches content I under my micro-control.

            If there is a gratis VPS somewhere, I would be keen… that would open up more options.

            • infeeeee
              link
              fedilink
              arrow-up
              1
              ·
              11 months ago

              So everyone is stupid trying to run lemmy the way they can, maybe not the way you think it could be the best. Because privacy is more important on a public forum than fighting the bots. But someone for some reason should give you a server for free. But you CAN solve the issues of lemmy because you CAN fork it, but you won’t. You trust some random guy from Finland more than everyone else, because they are just one guy. So you won’t contribute, won’t help just nag about everything. ok.

              • freedomPusher@sopuli.xyzOP
                link
                fedilink
                arrow-up
                1
                ·
                edit-2
                11 months ago

                So everyone is stupid trying to run lemmy the way they can

                Some people are more skilled than others. Skilled admins know how to avoid CF. Skilled users know how to find instances that are run by skilled admins (non-CF). Unwise users give up something for nothing and needlessly trust and empower a demonstrably abusive tech giant.

                Because privacy is more important on a public forum than fighting the bots.

                Of course. Privacy is about control not just security. Those bots CF fights are beneficial. The fight against beneficial bots has collateral damage on humans caught in the cross-fire, evidenced by countless discriminatory CAPTCHAs, driven by some protectionist asshole who doesn’t want their data scraped. The fight against bots is harmful to human users; not just because of the discrimination against blind people but also because we lose the benefits that beneficial bots bring us.

                But someone for some reason should give you a server for free. … So you won’t contribute, won’t help just nag about everything. ok.

                Of course. Money isn’t free. Your expectation that a developer not only contribute labor to the commons but also spend their own money is a perversely absurd demonstration of self-entitlement. If you want a tor version make it yourself and use the high-speed connection you already have to test with.

                But you CAN solve the issues of lemmy because you CAN fork it, but you won’t.

                Fork it for what purpose? Adding Tor support is useless on a capped uplink.

                You trust some random guy from Finland more than everyone else,

                Citation needed. I’ll trust any random person more than Cloudflare because CF has proven to be untrustworthy.