swiso
/
website
14
91
Fork 18
Code Issues 89 Pull Requests 8 Releases Activity
Labels Milestones
New Issue

Remove Liberapay and Open Collective #141

Open
opened 3 years ago by xr_rider · 32 comments
xr_rider commented 3 years ago

Both Liberapay and Open Collective are privacy-abusing CloudFlare sites. It's foolish enough to trust CloudFlare with financial information, and it goes against the mission purpose of Switching Software to endorse any service that feeds the biggest adversary of the Tor community which has centralized over 10% of the web and destroyed net neutrality.

Open Collective then has the nerve to allow CloudFlare to ask for donations on their platform. It's absolutely sickening to see a corporation so predatory to human beings ask for charitible donations.

Alternatives are listed here.

Liberapay ethical issues enumerated

centralized service
The most unethical CDN in the world: CloudFlare
The most unethical hosting provider in the world: Amazon AWS
The most unethical payment processor in the world: Paypal
The most unethical credit card network in the world: American Express
The 2nd most unethical credit card network in the world: Visa
The 2nd most unethical git hoster in the world: Microsoft Github (second to gitlab.com)
Liberapay is a CloudFlare website

Liberapay is centralized in the private walled-garden of CloudFlare. CloudFlare is a vigilante extremist organization that takes the decentralized web and centralizes it under one corporate power who dictates terms in the worlds largest walled-garden. A very large portion of the web (10%+) were once freely open to all but are now controlled and monitored by a single central authority who decides for everyone who may access what web content. This does serious damage to net neutrality, privacy, and has immediate serious consequences:

  1. CloudFlare mounts mutlifaceted attacks on privacy
    1. CloudFlare is a man-in-the-middle who sees all traffic including usernames, unhashed passwords, and financial data within the HTTPS tunnel. This is done surreptitiously. Liberapay neglects to warn users and even has the nerve to threaten users with accountability in the event of a breach. From the ToS: "The organization cannot be held responsible for the consequences of negligence by the user, notably of failure by the user to secure their password." This clause is written without telling users that CloudFlare automatically sees their passwords. This means when Liberapay writes in their privacy policy "We do our best to protect everyone's privacy", it's a false statement. And when they say "we strive to collect only the personal information we actually need, and we don't sell it to anyone", it's a deception because CloudFlare sees all the traffic (note that CloudFlare charges nothing to Liberapay for their service).
    2. Cloudflare has a policy to block all Tor users by default. It's a crude, reckless and unsophisticated (but cheap) way to create the illusion of security. Collateral damage is high. Privacy takes a global hit because Cloudflare has decided what best suits their business to the detriment of everyone else.
    3. CloudFlare helps spy orgs conduct illegal surveillance two ways:
      • damage to anonymity: CF deployed an anonymity compromising Google reCAPTCHA from 2009 to mid-2020. Apart from the direct compromise by the CAPTCHA, Tor users are also driven off Tor in droves as a consequence of access inequality of Tor/non-Tor users (which constitutes a network neutrality abuse as access equality is central to net neutrality).
      • centralization of copious data on this immeasurable scale within reach of any spy org will cause that spy org to foam at the mouth -- and they will get access to it one way or another.
    4. ISPs collect data on their own customers and exploit it for profit in the US. Under Obama it became illegal for an ISP to sell data collected on their customers without express consent. Trump reversed Obama's policy in 2017. In the absence of legal protections, Tor serves as a technical protection from ISP snooping. CloudFlare's attack on Tor users facilitates privacy abuse by ISPs.
    5. The gratis service also raises the question about how CF is monetizing all that data that's exposed to them (which Liberapay recklessly increases). They do not disclose to the public how they monetize that data, but what CF cannot hide is that they seek to hire a machine learning data scientist with big data expertise for their marketing department.
    6. A CF customer who became increasingly concerned with CF's unchecked power deleted their account. Two months after CF confirmed that the account was deleted, the customer received an email from CF, proving the account had not been deleted.
    7. CF imposes execution of javascript, and javascript cannot be generally trusted. E.g., eBay has been caught sending javascript that snoops on their own customers by port scanning the LAN and reporting back to eBay. Streetwise users disable j/s. Yet it's impossible to solve CF's CAPTCHA with j/s disabled. So people are forced into vulnerability by CloudFlare (who has proven to be untrustworthy).
    8. When a user solves a CAPTCHA, CF is paid a cash reward via Paypal, a privacy abuser who shares customer data with 600 companies.
  2. CloudFlare takes away software freedom
    1. CF imposes CAPTCHAs that require the user to execute non-free javascript.
      • CF restricts how users may use their software by rendering the web dysfunctional for some browsers.
  3. CloudFlare diminishes network neutrality -- Access Equality is the centerpiece of net neutrality, while CF yields widespread access inequality.
    1. CloudFlare took a seat on the FCC's Open Internet Advisory Committee, and serves its own interest (to influence legislation against net neutrality).
    2. CloudFlare discriminates against connections coming from developing countries.
    3. CloudFlare discriminates unfairly against Tor users, those who use non-graphical browsers, and those who deploy beneficial robots.
    4. CloudFlare also discriminates against people with impairments and disabilities (details in the human rights section)
  4. CloudFlare's detriment to human rights
    1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. The labor violates the 13th amendment of the US Constitution due to involuntary servitude. The most perverse manifestation is when a citizens attempts to access a government service such as voter registration, and they're forced to solve a puzzle, the labor of which compensates CloudFlare instead of the laborer.
    2. CF discriminates against people with impairments and disabilities by imposing a proprietary "hCAPTCHA," which violates several WCAG 2.0 principles:
      • "1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language." <= hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle.
      • "1.2: Time-based media: Provide alternatives for time-based media." <= hCAPTCHA has an invisible timer that the user cannot control.
      • "1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure." <= When a user attempts to use lynx, w3m, wget, cURL, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible.
      • "2.1: Make all functionality available from a keyboard." <= The hCAPTCHA does not accept answers from the keyboard.
      • "2.2: Provide users enough time to read and use content." <= If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit.
      • "3.1: Make text content readable and understandable." <= When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand.
      • "3.2: Make web pages appear and operate in predictable ways." <= It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable.
      • "4.1.: Maximize compatibility with current and future user
        agents, including assistive technologies.        " <= When a user attempts to use lynx, w3m, wget, cURL or any other text-based tool, the blockade imposes tooling limitations on the user.
  5. CloudFlare inflicts customers and web users with excessive vulnerabilty to exploits. Liberapay claims: "We will investigate legitimate reports and make every effort to quickly resolve any vulnerability." Of course the absurdity is LP's use of CloudFlare and Amazon which grows the attack surface out of control.
    1. CloudFlare's immense centralization becomes catastrophic when a single bug emerges. The degree of damage is acutely heightened when over 10% of the web is subject to vulnerabilities on CloudFlare. The enticement for malicious hackers to find a zero-day is also greatly heightened as a result of the widespread scale of impact. Cloudbleed was a vulnerability that had serious widespread consequences. Even a simple accident at CloudFlare like a one-line erroneous regular expression brought down a huge segment of the web on July 17th, 2020.
    2. A tragedy of the commons has manifested. Website owners are baited to act independantly in their own self interest by using CloudFlare at no charge-- but each website that becomes part of CloudFlare shrinks the ethical decentralized web while incrementing the size of the centralized walled-garden which inflicts harm to everyone collectively. Each website owner only perceives CloudFlare as solving their problem but unwittingly they create a host of new problems for everyone else. It's a selfish move that occurs on a much larger scale than the quantity of selfish personalities because most of CloudFlare's patrons are kept in the dark as to the harm they're contributing to.
  6. CloudFlare is detrimental to availability
    1. The CAPTCHAs are often broken.
      1. E.g.1: some browsers that block j/s always report errors communicating with the captcha server on all CF-pushed CAPTCHAs
      2. E.g.2: the CAPTCHA server itself refuses to give the puzzle saying there is too much activity.
    2. The CAPTCHAs are often unsolvable.
      1. E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?)
      2. E.g.2: the puzzle is expressed in a language the viewer doesn't understand.
    3. The CAPTCHAs block all robots indiscriminately causing collateral damage to beneficial (non-malicious) robots.
    4. GUI CAPTCHAs deny service to users of text-based web browsers. E.g. CloudFlare's GUI CAPTCHA breaks torsocks lynx 'https://www.simplyrecipes.com/recipes/buffalo_wings'. CloudFlare effectively dictates that all Tor users must use a GUI browser and in many cases it must also be javascript capable.
    5. CloudFlare uses punitive collective judgement as a consequence of mislabeling Tor traffic.
      1. "Experts say that group punishment is ineffective, counterproductive, lazy and unethical"
      2. CloudFlare's use of this technique is acutely and perversely abusive because they harm potentially as many as 70,000 users in the course of countering just one single bad actor. And worse, unlike typical uses of collective punishment this is not in the slightest a situation where the other 70,000 have any shred of influence over the one malicious user.
      3. A study finds that collective punishment is strictly counterproductive.
  7. CloudFlare's detriment to democracy
    1. CF impedes petition signing on change.org, moveon.org, and actionnetwork.org. Voters who are blocked by CF's access restrictions are effectively denied participation in democratic processes.
    2. Voter suppression: CF impedes voter registration in 8 US states (16% of voter registration sites).
  8. CloudFlare's censorship
    1. CloudFlare restricts access to scientific papers.
      1. Universities outsource ebooks to Proquest, a Tor-hostile CloudFlare site. RUC is an example of a university that closed their library during the pandemic, while online access to books is subject to CloudFlare's terms and privacy abuses.
      2. ACM's Digital Library is jailed in CloudFlare's exclusive walled-garden despite ACM's intent to be "open" during a pandemic. The perverse affect is that privacy-seekers are subject to CF's privacy abuses when attempting to access a paper about privacy abuse.
    2. CloudFlare attacks freedom of expression.
    3. When a review exposed CloudFlare's doxxing of whistle blowers, CF censored the review.
  9. CloudFlare is a burden on the environment
    1. Images account for the most significant burden on Internet bandwidth. Naturally the most ecological web users are those who do not download images (robots, users of text browsers, and users who disable image retrieval). Because robots tend not to download images, anti-robot algorithms target all image-free sessions as robotic. CloudFlare consequently attacks the most ecological users on the web.
    2. CF forces transmission of copious bandwidth-wasting images in order to supply CAPTCHAs.
    3. hCAPTCHA uses 4 levels of nested javascript. So users with j/s disabled are often forced to reload the CAPTCHA page 4 times just to see the puzzle.
  10. False statements, deceptive practices, and poor character of CloudFlare
    1. No transparency: as Cloudflare performs a DoS attack on Tor users they obviously do not inform web owners. Web owners are usually unaware that legitimate patrons are being blocked from accessing their site. These businesses are all damaged so that one business can profit.
    2. False errors when j/s is disabled.
    3. CloudFlare deceives website visitors into believing their connection is secure (HTTPS & browser padlock) when in fact the user is MitMd.
    4. CloudFlare has been caught making false statements to the public. CF said in their FaQ: "Why should I trust Cloudflare? You don’t need to. The Cloudflare Onion Service presents the exact same certificate that we would have used for direct requests to our servers," the first part of which is incorrect. CloudFlare sees all traffic traversing their servers in the clear, regardless of how secure the tunnel to them is. So of course CloudFlare requires your trust. The second statement about certificates is non-sequitur and irrelevant to the question of trust.
    5. CloudFlare deceives users about what the problem is, causing users to blame Tor or their browser. CloudFlare suggests to Tor users who reach the CAPTCHA "If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware."
    6. Lack of human decency -- CF's mean-spirited CEO displays schadenfreude amid the grief his company has caused innovative people who use the web non-maliciously.
    7. CloudFlare asks those who anonymously report illegal conduct on their websites to reveal their true identity. Yet CF has a history of doxxing whistle blowers and making them into victims. Instead of apologizing in the child porn case, the CEO (Matthew Prince) said the whistle blowers should have used fake names. (see "CloudFlare shelters criminals")
    8. Ironically, CloudFlare spams people (despite their spam-mitigation purpose). Customers (former and current) as well as people who never used CF are receiving spam from CloudFlare. Customers receive spam from CF without express consent and possibly contrary to privacy policies.
    9. When a large profit-driven tech giant uses a non-profit fund raising platform to solicit donations to feed their own staff at events, it's clear that professionalism is in short supply at CloudFlare Inc.
  11. CloudFlare shelters criminals
    1. CF protects pro-ISIS websites from attack.
    2. CF protected a website that distributed child pornography. When a whistle blower reported the illegal content to CF, CF actually doxxed the people who reported it. CloudFlare revealed the whistle blowers identities directly to the website owner, who then published their names and email addresses to provoke retaliatory attacks on the whistle blowers! Instead of apologizing, the CEO (Matthew Prince) said the whistle blowers should have used fake names.
Liberapay is hosted by Amazon

Liberapay pays Amazon for hosting, which puts LP's own customers at a proven risk of a data breach and ultimately finances copious abuses of privacy, human rights, civil liberties, the environment, etc:

  1. Amazon mounts mutlifaceted attacks on privacy
    1. Amazon is making an astronomical investment in facial recognition to exploit a market worth $8 billion which will destroy physical travel privacy worldwide. Amazon's innaccurate technology erroneously matched 100 US and UK politicians to criminals. Amazon also developed the technology by unlawfully using people's images without consent to train facial recognition products.
    2. Amazon deploys Ring and Alexa to surveil neighborhoods and surveil the inside of homes.
      1. Amazon keeps Alexa recordings and transcripts indefinitely
    3. Amazon’s Echo and the smart TVs monitor everything you do -- even if you disable ad reporting. (Note the research paper is not open to the public because ACM locks their digital library in the exclusive walled-garden of CloudFlare)
    4. Amazon paid $195k to fight privacy in California by lobbying against the CCPA.
    5. Amazon supported CISA.
    6. War on cash is war on privacy: Amazon's grocery stores do not accept cash. They impose the same surveillance as ordering online from Amazon. Cashless shops discriminate against the 6.5% of the US population that does not have a bank account.
    7. Amazon spent $30 million and ranked in the top 5 promoters of Facebook ads in 2012 (thus substantially feeding a privacy abuser).
    8. Facebook and Amazon made a secret deal with to give Amazon access to Facebook's data about users.
    9. The Kindle Swindle informs Amazon when the user reads books that didn't come from Amazon. It also tells Amazon which pages each user reads.
    10. Amazon distributes NRAtv which promotes a privacy-hostile political party and the resulting policies. Also sells the Trump line of suits in their webshop.
    11. Sensitive data for 100 million people banking at Capital One was leaked by an Amazon worker. Amazon refuses blame for it and Liberapay agrees.
  2. Amazon is responsible for human rights and civil liberties abuses
    1. Amazon supplies unlawfully developed facial recognition to law enforcement who use it to abuse civil liberties, despite protest by Amazon employees, 40 civil rights organizations, and 150,000 petitioners.
    2. Amazon supplies AWS to ICE and Palantir, a database firm that exploits social media to facilitate ICE and CBP to enforce Trump's inhumane zero tolerance immigration policy that entails child-parent separation. Palantir was also co-founded by a notorious xenophobic and billionaire backer of Donald Trump: Peter Thiel. Peter Thiel founded Palantir to help ICE deploy algorithms that find people to deport. Peter Thiel called Google "unpatriotic" for "not embracing opportunities to work with federal agencies" thinking that Google appeased employees who opposed inhumane treatment of immigrants (he was unaware that Google's announcement and action differed).
    3. Amazon supports Breitbart (the right-wing extremist site) by advertising there.
    4. Amazon uses FedEx (an NRA-supporting ALEC member who feeds republican warchests via ALEC and NRA [republican policy is xenophobic and detrimental to gun control and individual privacy]).
    5. Amazon in Germany hired "security" guards from a company of Nazi sympathizers to intimidate and repress foreign workers. Reporters came to cover this, and the guards tried to arrest them and take their cameras. (2013)
  3. Amazon is detrimental to consumer rights
    1. Amazon distributes ebooks in a way that strips users of many freedoms.
    2. The Amazon Kindle has a back door that can erase books. Amazon was caught remotely erasing thousands of copies of 1984.
    3. Amazon rents textbooks to students with a requirement not to take them across state lines.
  4. Amazon is notorious for mistreating employees despite its wealth and growth.
    1. Amazon runs an extreme sweatshop that diminishes quality of life. The consequential mental health crisis is evidenced by 189 calls from Amazon warehouses to 911 in five years.
      1. Amazon drug tests its employees, thus intruding on their privacy outside the workplace and also harming their healthcare.
    2. oppressive and callous attitude toward staff.
    3. 55-hour work weeks
    4. 90,000+ warehouse employees treated like cattle (7 examples)
  5. Amazon proliferates censorship
    1. Amazon has partnered with the MPAA to campaign for repression of sharing on the net.
    2. Amazon cut off service to Wikileaks, claiming that whistle-blowing violates its terms of service.
  6. Amazon is detrimental to the environment
    1. Amazon powers 50% of their servers with unclean energy.
    2. Amazon's excessive packaging destroys 1 billion trees annually. (examples)
    3. Amazon retaliates against employees who seek climate action.
    4. Amazon works for BP and Shell to deliver a machine learning service to discover locations to drill for oil and gas.
    5. Amazon has been caught financing climate deniers.
Liberapay accepts Paypal
  1. Paypal is a privacy abuser.
    1. PayPal shares customers' data with 600 companies
    2. PayPal goes overboard on the KYC, blocking accounts on KYC grounds when enough info is known to legally service an account. So PayPal is a privacy abuser.
  2. Paypal is detrimental to civil liberties
    1. PayPal has a history littered with power-abusing payment blockades that are often politically motivated to benefit right-wing agendas. E.g.:
      1. PayPal blocked Iraq War resisters.
      2. PayPal blocked Wikileaks.
      3. PayPal blocked an account intended to raise money for the distribution of Boris Nemtsov's report "Putin. War", which details Russia's intervention in Ukraine.
  3. Paypal's greed cheats people out of money they're entitled to.
    1. PayPal declined to pay a reward offered in its Bug Bounty Program to a 17-year-old German student who had reported a cross-site scripting flaw on its site.
    2. PayPal is often reported to simply take customers' money or deny them access as they arbitrarily freeze the accounts of many people.
  4. Paypal is detrimental to consumer rights.
    1. Hundreds of consumers complain about PayPal annually on the Consumer Affairs website. By 2016, there were over 1200 complaints.
    2. Staff becomes unreachable and website becomes inoperable when trying to unfreeze accounts.
    3. PayPal algorithmically uses money laundering triggers that are so arbitrary that PayPal's customer service don't know themselves why accounts get frozen.
  5. PayPal neglects to adhere to banking regulations by claiming PayPal is not a bank.
Liberapay accepts American Express

(reference)

  1. Amex is a member of the American Enterprise Institute (AEI). The AEI for Public Policy Research is a non-profit influential right-wing think tank that advocates for lower taxes, fewer protections for consumers and the environment, and cuts to the social safety net. Specifically, AEI finances climate denial propaganda and was caught bribing climate change scientists and economists $10k ea. to undermine climate change reporting.
  2. Amex is a member of American Legislative Exchange Council (ALEC). ALEC doubles as a superPAC and bill mill that lobbies and writes policy for U.S. republicans to:
    1. fight affirmative action
    2. fight public healthcare
    3. fight public education
    4. fight immigration
    5. fight gun control
    6. fight environmental protection
    7. fight worker's rights
    8. fight consumer protections
    9. support voter suppression policy
    10. finance republicans
  3. Amex favors US republican candidates with politican contributions (55% R/41% D)
  4. Amex blocks Wikileaks
  5. Amex supported CISPA
  6. Amex was the 9th highest patron of Facebook advertising in 2015
Liberapay accepts Visa and Mastercard
  1. War on cash is war on privacy. Visa and Mastercard are both members of the Better than Cash Alliance, and organization bent on eliminating cash. Visa also offered $10k to merchants who agree to refuse cash.
  2. Visa blocked payments to Wikileaks, thus proactively intervening to suppress whistle-blowing while undermining peoples' control over their own charitable donations.
  3. Visa and Mastercard blocked payments to Wikileaks -- but they're okay with serving the KKK.
  4. Visa and Mastercard supported CISPA
  5. Visa spends millions annually on Facebook advertising ($15M in 2012 alone)
  6. Visa and Mastercard sell customer data to data brokers unless they opt-out. Mastercard's opt-out page blocks Tor, thus forcing privacy seekers to reveal their IP address to Mastercard, which can be traced back to their identity.
  7. Visa sponsored the NFL during the "Take A Knee" protest, thus taking a speech-chilling stand against athletes who protested police brutality.
  8. Mastercard is partnered with Microsoft.
Liberapay uses Microsoft for development

(reference)

  1. Microsoft harms the environment by serving the two most destructive oil companies in the world: ExxonMobil and Chevron.
    1. (#ExxonKnew) Exxon notoriously knew about climate change since 1977. They not only kept it secret from the public, but they also financed a disinformation campaign.
    2. Microsoft and Chevron were caught each paying $100k to "the Cloakroom", a project to hide bribes going from large corporations to republican politicians.
    3. Chevron's right-leaning stance is further pushed through its membership with ALEC, which doubles as a superPAC and bill mill that lobbies and writes policy for U.S. republicans.
  2. Microsoft is a notorious privacy abuser:
    1. Microsoft supported CISPA and collaborates with the NSA.
    2. Microsoft paid $195k to fight the California Consumer Privacy Act (CCPA).
    3. In 2012 Microsoft spent $35 million on Facebook ads and in 2015 Microsoft was the third biggest spender on Facebook ads in the world.
    4. Microsoft proxies through Accenture to make Sweden cashless. The war on cash is war on privacy.
    5. Microsoft owns and operates Outlook Email and the LinkedIn social media site, both of which are exclusive walled-gardens that limit participation to those who have a phone number and the will to share it with Microsoft.
    6. MS failed to secure Github, which was breached to the tune of 500gb of private projects. Security incompetence is further showcased by an MS-imposed requirement to create and account and sign in to report an MS security bug. And for those not discouraged by that, the sign-in page is also broken. Then security was breached again in July 2020 when OAuth tokens were stolen from both Github and Gitlab.com.
    7. MS unlawfully used people's images without consent to train their facial recognition products
    8. Microsoft distributes a nonfree operating system, Microsoft Windows, which is jam-packed with malicious functionalities, including surveillance of users, DRM, censorship and a universal back door.
    9. MS was caught surreptitiously recording Xbox users and paying contractors to listen to the recordings.
    10. Dutch government commissioned a study which found Microsoft to have several GDPR violations. E.g. Office 365 violates GDPR article 51.c, GDPR article 17, and stores the data outside the EEA (may also be a GDPR breach).
  3. Microsoft is detrimental to human rights and democracy
    1. MS suppresses democracy by blocking Github access to a project that facilitates protests in Catalonia.
    2. Microsoft finances AnyVision to produce facial recognition technology that the Israeli military uses as a weapon against the Palestinian people who they oppress in their occupation. Note that Israeli snipers murdered an unarmed civilian Palestinian medic (in breach of the Geneva Convention) then edited the video to deceive the public for PR damage control.
    3. Microsoft supports ICE in a variety of ways in the course of ICE's implementation of Trump's xenophobic border policies. Microsoft services an ICE contract worth $19.4 million dollars despite protest from employees. In addition to MS Office products, Microsoft has renewed a Github contract and also supplies cloud computing through its Azure platform.
    4. MS partnered with FedEx, an NRA-supporting ALEC member as well as JP Morgan Chase, the most evil bank in the world.
    5. MS conceals US military contracts to bias PR and dodge social accountablity. They have a much bigger piece these contracts than the rest of MACFANG, they lack Googles AI principles, and unlike Google they ignore employee protest and petitions.
  4. MS is among the top 15 recipients of Trump's corporate tax breaks, a benefit of $128 billion. Microsoft sacked hundreds of employees immediately after receiving the tax breaks in February 2018.
  5. MS is anti-consumer and anti-competitive
    1. MS tricked users into "upgrading" to Windows 10, which sabotages users in a variety of ways, one of which is to prevent cloud-free accounts.
    2. MS strong-armed nearly all PC manufacturers charge every buyer for an MS Windows license regardless of whether the user actually wants Windows.
    3. MS hoards software patents and uses them to fight free software.

(click the arrows to expand rationale with supporting facts cited)

A diagram of Liberapay’s detrimental relationships is attached.

Both Liberapay and Open Collective are privacy-abusing CloudFlare sites. It's foolish enough to trust CloudFlare with financial information, and it goes against the mission purpose of Switching Software to endorse any service that feeds the biggest adversary of the Tor community which has centralized over 10% of the web and destroyed net neutrality. Open Collective then has the nerve to allow CloudFlare to ask for donations on their platform. It's absolutely sickening to see a corporation so predatory to human beings ask for charitible donations. Alternatives are [listed here](https://codeberg.org/swiso/website/issues/111). ---- # Liberapay ethical issues enumerated | | centralized service | |----|----| | The most unethical **CDN** in the world: | CloudFlare | | The most unethical **hosting provider** in the world: | Amazon AWS | | The most unethical **payment processor** in the world: | Paypal | | The most unethical **credit card network** in the world: | American Express | | The 2nd most unethical **credit card network** in the world: | Visa | | The 2nd most unethical **git hoster** in the world: | Microsoft Github (second to gitlab.com) | <details> <summary>Liberapay is a CloudFlare website</summary> Liberapay is centralized in the private walled-garden of **CloudFlare**. CloudFlare is a vigilante extremist organization that takes the decentralized web and centralizes it under one corporate power who dictates terms in the worlds largest walled-garden. A very large portion of the web (10%+) were once freely open to all but are now controlled and monitored by a single central authority who decides for everyone who may access what web content. This does serious damage to net neutrality, privacy, and has immediate serious consequences: 1. CloudFlare mounts mutlifaceted attacks on **privacy** 1. CloudFlare is a man-in-the-middle who [sees all traffic](http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem) including usernames, unhashed passwords, and financial data within the HTTPS tunnel. This is done surreptitiously. Liberapay neglects to warn users and even has the nerve to threaten users with accountability in the event of a breach. From the [ToS](https://web.archive.org/web/20201029163854/https://liberapay.com/about/legal): "*The organization cannot be held responsible for the consequences of negligence by the user, notably of failure by the user to secure their password.*" This clause is written without telling users that CloudFlare automatically sees their passwords. This means when Liberapay writes in their [privacy policy](https://web.archive.org/web/20200821054335/https://liberapay.com/about/privacy) "*We do our best to protect everyone's privacy*", it's a false statement. And when they say "*we strive to collect only the personal information we actually need, and we don't sell it to anyone*", it's a deception because CloudFlare sees [all the traffic](https://cypherpunk.is/2015/04/02/why-cloudflare-is-probably-a-honeypot) (note that CloudFlare charges nothing to Liberapay for their service). 1. Cloudflare has a policy to block all Tor users by default. It's a crude, reckless and unsophisticated (but cheap) way to create the illusion of security. [Collateral damage is high](https://blog.torproject.org/trouble-cloudflare). Privacy takes a global hit because Cloudflare has decided what best suits their business to the detriment of everyone else. 1. CloudFlare helps spy orgs conduct illegal surveillance two ways: * damage to anonymity: CF deployed an [anonymity compromising](https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm) Google reCAPTCHA from 2009 to mid-2020. Apart from the direct compromise by the CAPTCHA, Tor users are also [driven off](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf) Tor in droves as a consequence of access inequality of Tor/non-Tor users (which constitutes a network neutrality abuse as access equality is central to net neutrality). * centralization of copious data on this immeasurable scale within reach of any spy org will cause that spy org to [foam at the mouth](https://www.reddit.com/r/privacy/comments/b8dptl/another_landmark_day_in_the_war_to_control/ejxmmhq) -- and they will get access to it one way or another. 1. ISPs collect data on their own customers and exploit it for profit in the US. Under Obama it became illegal for an ISP to sell data collected on their customers without express consent. Trump [reversed](https://www.nbcnews.com/news/us-news/trump-signs-measure-let-isps-sell-your-data-without-consent-n742316) Obama's policy in 2017. In the absence of legal protections, Tor serves as a technical protection from ISP snooping. CloudFlare's attack on Tor users facilitates privacy abuse by ISPs. 1. The gratis service also raises the question about how CF is monetizing all that data that's exposed to them (which Liberapay recklessly increases). They do not disclose to the public how they monetize that data, but what CF cannot hide is that they [seek to hire](https://web.archive.org/web/20200704235401/www.datayoshi.com/offer/595856/data-scientist-cloudflare) a machine learning data scientist with *big data* expertise for their marketing department. 1. A CF customer who became increasingly concerned with CF's unchecked power deleted their account. Two months after CF confirmed that the account was deleted, the customer [received an email](https://shkspr.mobi/blog/2019/11/can-you-trust-cloudflare-with-your-personal-data) from CF, proving the account had not been deleted. 1. CF imposes execution of javascript, and javascript cannot be generally trusted. E.g., eBay has [been caught](http://web.archive.org/web/20200526092506/blog.nem.ec/2020/05/24/ebay-port-scanning) sending javascript that snoops on their own customers by port scanning the LAN and reporting back to eBay. Streetwise users disable j/s. Yet it's impossible to solve CF's CAPTCHA with j/s disabled. So people are forced into vulnerability by CloudFlare (who has proven to be untrustworthy). 1. When a user solves a CAPTCHA, CF is [paid](https://docs.hcaptcha.com/faq) a cash reward via Paypal, a privacy abuser who shares customer data with [600 companies](https://www.schneier.com/blog/archives/2018/03/the_600_compani.html). 1. CloudFlare takes away **software freedom** 1. CF imposes CAPTCHAs that require the user to execute non-free javascript. * CF restricts how users may use their software by rendering the web dysfunctional for some browsers. 1. CloudFlare diminishes **network neutrality** -- *Access Equality* is the centerpiece of net neutrality, while CF yields widespread access *inequality*. 1. CloudFlare took a seat on the FCC's [Open Internet Advisory Committee](https://web.archive.org/web/20190203014215/https://www.fcc.gov/about-fcc/advisory-committees/general/open-internet-advisory-committee), and serves its own interest (to influence legislation against net neutrality). 1. CloudFlare [discriminates](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf#page=6) against connections coming from developing countries. 1. CloudFlare discriminates unfairly against Tor users, those who use non-graphical browsers, and those who deploy beneficial robots. 1. CloudFlare also discriminates against people with impairments and disabilities (details in the human rights section) 1. CloudFlare's detriment to **human rights** 1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. The labor violates the 13th amendment of the US Constitution due to involuntary servitude. The most perverse manifestation is when a citizens attempts to access a government service such as voter registration, and they're forced to solve a puzzle, the labor of which compensates CloudFlare instead of the laborer. 1. CF discriminates against people with impairments and disabilities by imposing a proprietary "hCAPTCHA," which violates several [WCAG 2.0 principles](https://en.wikipedia.org/wiki/Web_Content_Accessibility_Guidelines): * "*1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.*" <= hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle. * "*1.2: Time-based media: Provide alternatives for time-based media.*" <= hCAPTCHA has an invisible timer that the user cannot control. * "*1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.*" <= When a user attempts to use `lynx`, `w3m`, `wget`, `cURL`, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible. * "*2.1: Make all functionality available from a keyboard.*" <= The hCAPTCHA does not accept answers from the keyboard. * "*2.2: Provide users enough time to read and use content.*" <= If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit. * "*3.1: Make text content readable and understandable.*" <= When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand. * "*3.2: Make web pages appear and operate in predictable ways.*" <= It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable. * "*4.1.: Maximize compatibility with current and future user agents, including assistive technologies.*" <= When a user attempts to use `lynx`, `w3m`, `wget`, `cURL` or any other text-based tool, the blockade imposes tooling limitations on the user. 1. CloudFlare inflicts customers and web users with excessive **vulnerabilty** to exploits. Liberapay [claims](https://hackerone.com/liberapay?type=team): "*We will investigate legitimate reports and make every effort to quickly resolve any vulnerability.*" Of course the absurdity is LP's use of CloudFlare and Amazon which grows the attack surface out of control. 1. CloudFlare's immense centralization becomes catastrophic when a single bug emerges. The degree of damage is acutely heightened when over 10% of the web is subject to vulnerabilities on CloudFlare. The enticement for malicious hackers to find a zero-day is also greatly heightened as a result of the widespread scale of impact. *Cloudbleed* was a vulnerability that had serious widespread consequences. Even a simple accident at CloudFlare like a one-line erroneous regular expression brought down a huge segment of the web on July 17th, 2020. 1. A *tragedy of the commons* has manifested. Website owners are baited to act independantly in their own self interest by using CloudFlare at no charge-- but each website that becomes part of CloudFlare shrinks the ethical decentralized web while incrementing the size of the centralized walled-garden which inflicts harm to everyone collectively. Each website owner only perceives CloudFlare as solving their problem but unwittingly they create a host of new problems for everyone else. It's a selfish move that occurs on a much larger scale than the quantity of selfish personalities because most of CloudFlare's patrons are kept in the dark as to the harm they're contributing to. 1. CloudFlare is detrimental to **availability** 1. The CAPTCHAs are often broken. 1. E.g.1: some browsers that block j/s always report errors communicating with the captcha server on all CF-pushed CAPTCHAs 1. E.g.2: the CAPTCHA server itself refuses to give the puzzle saying there is too much activity. 1. The CAPTCHAs are often unsolvable. 1. E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?) 1. E.g.2: the puzzle is expressed in a language the viewer doesn't understand. 1. The CAPTCHAs block all robots indiscriminately causing collateral damage to beneficial (non-malicious) robots. 1. GUI CAPTCHAs deny service to users of text-based web browsers. E.g. CloudFlare's GUI CAPTCHA breaks `torsocks lynx 'https://www.simplyrecipes.com/recipes/buffalo_wings'`. CloudFlare effectively dictates that all Tor users must use a GUI browser and in many cases it must also be javascript capable. 1. CloudFlare uses punitive collective judgement as a consequence of mislabeling Tor traffic. 1. "[Experts say that group punishment is ineffective, counterproductive, lazy and unethical](https://mypointexactly.wordpress.com/2009/07/21/group-punishment-ineffective-unethical)" 1. CloudFlare's use of this technique is acutely and perversely abusive because they harm potentially as many as 70,000 users in the course of countering just one single bad actor. And worse, unlike typical uses of collective punishment this is not in the slightest a situation where the other 70,000 have any shred of influence over the one malicious user. 1. A study [finds](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.296.9155&rep=rep1&type=pdf) that collective punishment is strictly counterproductive. 1. CloudFlare's detriment to **democracy** 1. CF impedes petition signing on change.org, moveon.org, and actionnetwork.org. Voters who are blocked by CF's access restrictions are effectively denied participation in democratic processes. 1. Voter suppression: CF impedes voter registration in 8 US states (16% of voter registration sites). 1. CloudFlare's **censorship** 1. CloudFlare restricts access to scientific papers. 1. Universities outsource ebooks to [Proquest](ebooks.proquest.com), a Tor-hostile CloudFlare site. [RUC](ruc.dk) is an example of a university that closed their library during the pandemic, while online access to books is subject to CloudFlare's terms and privacy abuses. 1. ACM's Digital Library is jailed in CloudFlare's exclusive walled-garden despite ACM's intent to be ["open" during a pandemic](https://www.scott-a-s.com/acm-digital-library-should-remain-open). The perverse affect is that privacy-seekers are subject to CF's privacy abuses when attempting to access [a paper about privacy abuse](https://dl.acm.org/doi/10.1145/3319535.3354198). 1. CloudFlare [attacks freedom of expression](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf#page=2). 1. When a review exposed CloudFlare's doxxing of whistle blowers, CF [censored](https://nitter.net/phyzonloop/status/1178836176985366529) the review. 1. CloudFlare is a burden on the **environment** 1. Images account for the [most significant](http://www.aptivate.org/webguidelines/Images.html) burden on Internet bandwidth. Naturally the most ecological web users are those who do not download images (robots, users of text browsers, and users who disable image retrieval). Because robots tend not to download images, anti-robot algorithms target all image-free sessions as robotic. CloudFlare consequently attacks the most ecological users on the web. 1. CF forces transmission of copious bandwidth-wasting images in order to supply CAPTCHAs. 1. hCAPTCHA uses 4 levels of nested javascript. So users with j/s disabled are often forced to reload the CAPTCHA page 4 times just to see the puzzle. 1. **False statements, deceptive practices, and poor character of CloudFlare** 1. No transparency: as Cloudflare performs a DoS attack on Tor users they obviously do not inform web owners. Web owners are usually unaware that legitimate patrons are being blocked from accessing their site. These businesses are all damaged so that one business can profit. 1. False errors when j/s is disabled. 1. CloudFlare [deceives](http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/) website visitors into believing their connection is secure (HTTPS & browser padlock) when in fact the user is MitMd. 1. CloudFlare has been caught making false statements to the public. CF said in their [FaQ](https://web.archive.org/web/20180926003344/https://blog.cloudflare.com/cloudflare-onion-service/#why-should-i-trust-cloudflare): "*Why should I trust Cloudflare? You don’t need to. The Cloudflare Onion Service presents the exact same certificate that we would have used for direct requests to our servers,*" the first part of which is incorrect. CloudFlare sees all traffic traversing their servers in the clear, regardless of how secure the tunnel to them is. So of course CloudFlare requires your trust. The second statement about certificates is non-sequitur and irrelevant to the question of trust. 1. CloudFlare [deceives](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf#page=4) users about what the problem is, causing users to blame Tor or their browser. CloudFlare suggests to Tor users who reach the CAPTCHA "If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware." 1. Lack of human decency -- CF's mean-spirited CEO [displays](https://nitter.net/eastdakota/status/1273277839102656515) [schadenfreude](https://en.wikipedia.org/wiki/Schadenfreude) amid the grief his company has caused innovative people who use the web non-maliciously. 1. CloudFlare asks those who anonymously report illegal conduct on their websites to reveal their true identity. Yet CF has a history of doxxing whistle blowers and making them into victims. Instead of apologizing in the child porn case, the CEO (Matthew Prince) said the whistle blowers [should have used fake names](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5). (see "CloudFlare shelters criminals") 1. Ironically, CloudFlare spams people (despite their spam-mitigation purpose). Customers (former and current) as well as people who never used CF are receiving spam from CloudFlare. Customers [receive spam](https://nitter.net/thexpaw/status/1108424723233419264) from CF without express consent and possibly contrary to privacy policies. 1. When a large profit-driven tech giant uses a non-profit fund raising platform to [solicit donations](https://web.archive.org/web/20191112033605/https://opencollective.com/cloudflarecollective#section-about) to feed their own staff at events, it's clear that professionalism is in short supply at CloudFlare Inc. 1. CloudFlare **shelters criminals** 1. CF [protects](https://www.theguardian.com/technology/2015/nov/19/cloudflare-accused-by-anonymous-helping-isis) pro-ISIS websites from attack. 1. CF protected a website that distributed child pornography. When a whistle blower reported the illegal content to CF, CF actually [doxxed](https://boingboing.net/2015/01/19/invasion-boards-set-out-to-rui.html) the people who reported it. CloudFlare revealed the whistle blowers identities directly to the website owner, who then published their names and email addresses to provoke retaliatory attacks on the whistle blowers! Instead of apologizing, the CEO (Matthew Prince) said the whistle blowers [should have used fake names](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5). </details> <details> <summary>Liberapay is hosted by Amazon</summary> Liberapay pays **Amazon** [for hosting](https://liberapay.com/about/legal), which puts LP's own customers at a [proven](https://www.forbes.com/sites/rachelsandler/2019/07/29/capital-one-says-hacker-breached-accounts-of-100-million-people-ex-amazon-employee-arrested) risk of a data breach and ultimately finances copious abuses of privacy, human rights, civil liberties, the environment, etc: 12. Amazon mounts mutlifaceted attacks on **privacy** 1. Amazon is making an astronomical investment in facial recognition to exploit a market worth [$8 billion](https://www.forbes.com/sites/korihale/2020/06/15/amazon-microsoft--ibm-slightly-social-distancing-from-the-8-billion-facial-recognition-market) which will destroy physical travel privacy worldwide. Amazon's innaccurate technology [erroneously matched](https://www.independent.co.uk/life-style/gadgets-and-tech/news/amazon-facial-recognition-false-positives-recognition-congress-criminals-a9536351.html) 100 US and UK politicians to criminals. Amazon also developed the technology by [unlawfully](https://www.cnet.com/news/amazon-google-and-microsoft-sued-over-photos-in-facial-recognition-database) using people's images without consent to train facial recognition products. 1. Amazon deploys Ring and Alexa to surveil neighborhoods and surveil the inside of homes. 1. Amazon keeps Alexa recordings and transcripts [indefinitely](https://arstechnica.com/tech-policy/2019/07/amazon-confirms-it-keeps-your-alexa-recordings-basically-forever/) 1. Amazon’s Echo and the smart TVs [monitor everything you do](https://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance) -- [even if you disable ad reporting](https://blog.acolyer.org/2020/02/10/watching-you-watch). (Note the research paper is not open to the public because ACM locks their digital library in the exclusive walled-garden of CloudFlare) 1. Amazon [paid](http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1) $195k to fight privacy in California by lobbying [against the CCPA](https://arstechnica.com/tech-policy/2018/04/facebook-donated-200000-to-kill-a-privacy-law-but-now-its-backtracking/). 1. Amazon supported CISA. 1. *War on cash* is war on privacy: Amazon's grocery stores [do not accept cash](http://motherboard.vice.com/read/amazon-go-isnt-trying-to-kill-cashier-jobs-its-after-something-bigger). They impose the same surveillance as ordering online from Amazon. Cashless shops discriminate against the [6.5% of the US population](https://www.fastcompany.com/90389594/aclu-cash-free-retail-amazon-sweetgreen-privacy) that does not have a bank account. 1. Amazon spent $30 million and ranked in the top 5 promoters of Facebook ads in 2012 (thus substantially feeding a privacy abuser). 1. Facebook and Amazon made [a secret deal](https://gizmodo.com/amazon-and-facebook-reportedly-had-a-secret-data-sharin-1831192148) with to give Amazon access to Facebook's data about users. 1. The Kindle Swindle informs Amazon when the user reads books that didn't come from Amazon. It also tells Amazon which pages each user reads. 1. Amazon distributes NRAtv which promotes a privacy-hostile political party and the resulting policies. Also sells the Trump line of suits in their webshop. 1. Sensitive data for 100 million people banking at Capital One was [leaked](https://www.forbes.com/sites/rachelsandler/2019/07/29/capital-one-says-hacker-breached-accounts-of-100-million-people-ex-amazon-employee-arrested) by an Amazon worker. Amazon [refuses blame](https://web.archive.org/web/20200618091312/https://www.newsweek.com/amazon-capital-one-hack-data-leak-breach-paige-thompson-cybercrime-1451665) for it and [Liberapay agrees](https://mastodon.xyz/@Liberapay/104417896428193223). 1. Amazon is responsible for **human rights** and **civil liberties** abuses 1. Amazon [supplies](https://www.seattletimes.com/business/amazon-employees-demand-company-cut-ties-with-ice/) [unlawfully developed](https://www.cnet.com/news/amazon-google-and-microsoft-sued-over-photos-in-facial-recognition-database) facial recognition to law enforcement who use it to abuse civil liberties, despite [protest](https://thehill.com/business-a-lobbying/393583-amazon-employees-protest-sale-of-facial-recognition-tech-to-law) by Amazon employees, 40 civil rights organizations, and [150,000 petitioners](https://www.zdnet.com/article/now-amazon-employees-rebel-end-police-facial-recognition-contracts-ice-support). 1. Amazon [supplies](https://thehill.com/business-a-lobbying/393583-amazon-employees-protest-sale-of-facial-recognition-tech-to-law) AWS [to ICE](https://www.usaspending.gov/#/award/62522780) and Palantir, a database firm that exploits social media to [facilitate](https://www.govtech.com/biz/Documents-Reveal-ICE-Used-Palantir-for-Deportations.html) ICE and CBP to enforce Trump's inhumane *zero tolerance* immigration policy that entails child-parent separation. Palantir was also co-founded by a notorious xenophobic and billionaire backer of Donald Trump: Peter Thiel. Peter Thiel founded Palantir to [help ICE](https://www.businessinsider.com/us-customs-border-protection-testing-google-cloud-anthos-2019-8?international=true&r=US&IR=T) deploy algorithms that find people to deport. Peter Thiel called Google "unpatriotic" for "[not embracing opportunities](https://www.businessinsider.com/us-customs-border-protection-testing-google-cloud-anthos-2019-8?international=true&r=US&IR=T) to work with federal agencies" thinking that Google appeased employees who opposed inhumane treatment of immigrants (he was unaware that Google's announcement and action differed). 1. Amazon supports Breitbart (the right-wing extremist site) by [advertising](http://www.valuewalk.com/2017/02/337k-amazon-ceo-jeff-bezos-stop-advertising-breitbart) there. 1. Amazon uses FedEx (an NRA-supporting ALEC member who feeds republican warchests via ALEC and NRA [republican policy is xenophobic and detrimental to gun control and individual privacy]). 1. Amazon in Germany [hired](https://www.independent.co.uk/news/world/europe/amazon-used-neo-nazi-guards-to-keep-immigrant-workforce-under-control-in-germany-8495843.html) "security" guards from a company of Nazi sympathizers to intimidate and repress foreign workers. Reporters came to cover this, and the guards tried to arrest them and take their cameras. (2013) 1. Amazon is detrimental to **consumer rights** 1. Amazon distributes ebooks in a way that [strips](http://gnu.org/philosophy/the-danger-of-ebooks.html) users of many freedoms. 1. The Amazon Kindle has a back door that can erase books. Amazon was [caught](http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others) remotely erasing thousands of copies of 1984. 1. Amazon rents textbooks to students with a requirement not to take them [across state lines](http://www.insidehighered.com/news/2013/08/16/amazon-restricts-students-bringing-certain-textbook-rentals-across-state-lines). 1. Amazon is notorious for **mistreating employees** despite its wealth and growth. 1. Amazon runs an extreme sweatshop that diminishes quality of life. The consequential mental health crisis is [evidenced](https://gizmodo.com/report-amazon-warehouses-called-911-for-mental-health-1833220938) by 189 calls from Amazon warehouses to 911 in five years. 1. Amazon drug tests its employees, thus intruding on their privacy outside the workplace and also harming their healthcare. 1. [oppressive and callous attitude](https://www.independent.co.uk/news/business/news/amazon-devastating-expose-accuses-internet-retailer-of-oppressive-and-callous-attitude-to-staff-10458159.html) toward staff. 1. [55-hour work weeks](https://www.independent.co.uk/news/uk/home-news/amazon-workers-working-hours-weeks-conditions-targets-online-shopping-delivery-a8079111.html) 1. 90,000+ warehouse employees treated like cattle ([7 examples](https://www.pastemagazine.com/articles/2017/12/7-examples-how-amazon-treats-their-90000-warehouse.html)) 1. Amazon proliferates **censorship** 1. Amazon has [partnered with the MPAA](https://torrentfreak.com/inside-the-mpaa-netflix-amazon-global-anti-piracy-alliance-170918/) to campaign for repression of sharing on the net. 1. Amazon cut off service to Wikileaks, claiming that [whistle-blowing violates its terms of service](http://www.guardian.co.uk/media/blog/2010/dec/03/wikileaks-knocked-off-net-dns-everydns). 1. Amazon is detrimental to the **environment** 1. Amazon [powers](https://www.greenamerica.org/blog/10-reasons-not-shop-amazon-prime) 50% of their servers with unclean energy. 1. Amazon's excessive packaging [destroys](https://www.forbes.com/sites/jonbird1/2018/07/29/what-a-waste-online-retails-big-packaging-problem) 1 billion trees annually. ([examples](https://www.buzzfeed.com/morenikeadebayo/amazon-packaging-needs-to-chill-the-fuck-out)) 1. Amazon [retaliates](https://www.tbray.org/ongoing/When/202x/2020/04/29/Leaving-Amazon) against employees who seek climate action. 1. Amazon works for BP and Shell to deliver a [machine learning service](http://qklhadlycap4cnod.onion/watch?v=v3n8txX3144) to discover locations to drill for oil and gas. 1. Amazon has [been caught](https://www.theguardian.com/environment/2019/oct/11/google-contributions-climate-change-deniers) financing climate deniers. </details> <details> <summary>Liberapay accepts Paypal</summary> 18. Paypal is a **privacy** abuser. 1. PayPal shares customers' data with [600 companies](https://www.schneier.com/blog/archives/2018/03/the_600_compani.html) 1. PayPal goes overboard on the KYC, blocking accounts on KYC grounds when enough info is known to legally service an account. So PayPal is a privacy abuser. 1. Paypal is detrimental to civil liberties 1. PayPal has a history [littered](https://en.wikipedia.org/wiki/PayPal#Criticism) with power-abusing payment blockades that are often politically motivated to benefit right-wing agendas. E.g.: 1. PayPal [blocked Iraq War resisters](https://en.wikipedia.org/wiki/PayPal#Criticism). 1. PayPal [blocked Wikileaks](https://www.forbes.com/sites/andygreenberg/2010/12/07/visa-mastercard-move-to-choke-wikileaks). 1. PayPal [blocked](https://www.economist.com/europe/2015/05/13/boris-nemtsovs-parting-shot) an account intended to raise money for the distribution of Boris Nemtsov's report "Putin. War", which details Russia's intervention in Ukraine. 1. Paypal's greed cheats people out of money they're entitled to. 1. PayPal [declined](https://www.pcworld.com/article/2039940/paypal-denies-teenager-reward-for-finding-website-bug.html) to pay a reward offered in its [Bug Bounty Program](https://hackerone.com/paypal) to a 17-year-old German student who had reported a cross-site scripting flaw on its site. 1. PayPal is often reported to simply take customers' money or deny them access as they [arbitrarily freeze](https://www.globes.co.il/news/article.aspx?did=1000998078) the accounts of [many people](https://mywifequitherjob.com/why-paypal-freezes-or-limits-accounts-and-how-to-prevent-this-from-happening-to-you). 1. Paypal is detrimental to consumer rights. 1. Hundreds of consumers complain about PayPal annually on the [Consumer Affairs website](https://www.consumeraffairs.com/online/paypal_02.html). By 2016, there were over 1200 complaints. 1. Staff becomes unreachable and website becomes inoperable when trying to [unfreeze](https://mirasee.com/blog/paypal) accounts. 1. PayPal algorithmically uses money laundering triggers that are so arbitrary that PayPal's customer service [don't know themselves](https://www.computerweekly.com/blog/Cliff-Sarans-Enterprise-blog/PayPal-money-laundering-nonsense) why accounts get frozen. 1. PayPal neglects to adhere to banking regulations by [claiming](https://www.cnet.com/news/feds-paypal-not-a-bank) PayPal is not a bank. </details> <details> <summary>Liberapay accepts American Express</summary> ([reference](https://liberapay.com/about/faq)) 23. Amex is a member of the American Enterprise Institute (AEI). The AEI for Public Policy Research is a non-profit influential right-wing think tank that advocates for lower taxes, **fewer protections for consumers and the environment**, and **cuts to the social safety net**. Specifically, AEI finances **climate denial propaganda** and was caught bribing climate change scientists and economists $10k ea. to undermine climate change reporting. 1. Amex is a member of American Legislative Exchange Council (ALEC). ALEC doubles as a superPAC and bill mill that lobbies and writes policy for U.S. republicans to: 1. fight affirmative action 1. [fight public healthcare](https://www.alecexposed.org/wiki/Health,_Pharmaceuticals,_and_Safety_Net_Programs) 1. [fight public education](https://www.alecexposed.org/wiki/Privatizing_Public_Education,_Higher_Ed_Policy,_and_Teachers) 1. [fight immigration](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration) 1. [fight gun control](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration) 1. [fight environmental protection](https://www.alecexposed.org/wiki/Environment,_Energy,_and_Agriculture) 1. [fight worker's rights](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights) 1. [fight consumer protections](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights) 1. [support voter suppression policy](https://www.alecexposed.org/wiki/Democracy,_Voter_Rights,_and_Federal_Power) 1. [finance republicans](https://www.sourcewatch.org/index.php?title=ALEC_Civil_Justice_Task_Force#Politicians) 1. Amex [favors](https://www.sourcewatch.org/index.php?title=American_Express#Political_contributions) US republican candidates with politican contributions (55% R/41% D) 1. Amex [blocks Wikileaks](https://www.cio.com/article/2390123/credit-card-blockade-of-wikileaks-donations-likely-to-be-legal--eu-says.html) 1. Amex [supported CISPA](https://www.digitaltrends.com/web/cispa-supporters-list-800-companies-that-could-help-uncle-sam-snag-your-data) 1. Amex was the 9th highest patron of Facebook advertising in 2015 </details> <details> <summary>Liberapay accepts Visa and Mastercard</summary> 29. *War on cash* is war on **privacy**. Visa and Mastercard are both [members](https://www.betterthancash.org/members/page/8) of the Better than Cash Alliance, and organization bent on eliminating cash. Visa also [offered](http://kgg2m7yk5aybusll.onion/watch?v=GbECT1J9bXg&t=622) $10k to merchants who agree to [refuse cash](https://www.nbcnews.com/business/consumer/war-cash-intensifies-visa-offers-restaurants-10-000-go-cashless-n782276). 1. Visa [blocked](https://www.forbes.com/sites/andygreenberg/2010/12/07/visa-mastercard-move-to-choke-wikileaks) payments to Wikileaks, thus proactively intervening to suppress whistle-blowing while undermining peoples' control over their own charitable donations. 1. Visa and Mastercard [blocked](https://www.wikileaks.org/IMG/pdf/WikiLeaks-Banking-Blockade-Information-Pack.pdf) payments to Wikileaks -- but they're okay with [serving the KKK](https://web.archive.org/web/20200422194937/https://www.techdirt.com/articles/20101207/09264812164/visa-mastercard-kkk-is-a-ok-wikileaks-is-wicked.shtml). 1. Visa and Mastercard [supported CISPA](https://www.digitaltrends.com/web/cispa-supporters-list-800-companies-that-could-help-uncle-sam-snag-your-data) 1. Visa spends millions annually on Facebook advertising ([$15M in 2012](https://web.archive.org/web/20181210080400/https://www.businessinsider.com/top-advertisers-on-facebook-2013-11) alone) 1. Visa and Mastercard sell customer data to data brokers unless they [opt-out](https://marketingreportoptout.visa.com/OPTOUT/request.do). Mastercard's [opt-out page](https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy/data-analytic-opt-out.html) blocks Tor, thus forcing privacy seekers to reveal their IP address to Mastercard, which can be traced back to their identity. 1. Visa [sponsored](https://www.visa.ca/en_CA/about-visa/sponsorships-promotions/nfl-partnership.html) the NFL during the "Take A Knee" protest, thus taking a speech-chilling stand against athletes who protested police brutality. 1. Mastercard is [partnered](https://newsroom.mastercard.com/latin-america/press-releases/mastercard-and-microsoft-announce-partnership-to-promote-technological-innovation-in-msme) with Microsoft. </details> <details> <summary>Liberapay uses Microsoft for development</summary> ([reference](https://github.com/liberapay/liberapay.com)) 37. Microsoft harms the **environment** by serving the two most destructive oil companies in the world: [ExxonMobil](https://corporate.exxonmobil.com/news/newsroom/news-releases/2019/0222_exxonmobil-to-increase-permian-profitability-through-digital-partnership-with-microsoft) and [Chevron](https://news.microsoft.com/2019/09/17/schlumberger-chevron-and-microsoft-announce-collaboration-to-accelerate-digital-transformation). 1. (#ExxonKnew) Exxon notoriously [knew](https://www.scientificamerican.com/article/exxon-knew-about-climate-change-almost-40-years-ago) about climate change since 1977. They not only kept it secret from the public, but they also financed a disinformation campaign. 1. Microsoft and Chevron were [caught](http://web.archivecrfip2lpi.onion/web/publicintegrity.org/federal-politics/republican-lawmakers-posh-hideaway-bankrolled-by-secret-corporate-cash) each paying $100k to "the Cloakroom", a project to hide bribes going from large corporations to republican politicians. 1. Chevron's right-leaning stance is further pushed through its membership with ALEC, which doubles as a superPAC and bill mill that lobbies and writes policy for U.S. republicans. 1. Microsoft is a notorious **privacy** abuser: 1. Microsoft supported CISPA and [collaborates](http://techrights.org/wiki/index.php/Microsoft_and_the_NSA) with the NSA. 1. Microsoft [paid](http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1&session=2017) $195k to [fight](http://web.archivecrfip2lpi.onion/web/20200318144031/www.theverge.com/2018/6/15/17468292/amazon-microsoft-uber-california-consumer-privacy-act) the California Consumer Privacy Act (CCPA). 1. In 2012 Microsoft spent $35 million on Facebook ads and in 2015 Microsoft was the third biggest spender on Facebook ads in the world. 1. Microsoft proxies through Accenture to [make Sweden cashless](https://web.archive.org/web/20200722105800/https://tokenpost.com/Central-Bank-of-Sweden-is-testing-digital-currency-5197). The war on cash is war on privacy. 1. Microsoft owns and operates Outlook Email and the LinkedIn social media site, both of which are exclusive walled-gardens that limit participation to those who have a phone number and the will to share it with Microsoft. 1. MS failed to secure Github, which was [breached to the tune of 500gb of private projects](https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen). Security incompetence is further showcased by an MS-imposed requirement to create and account and sign in to report an MS security bug. And for those not discouraged by that, [the sign-in page](https://msrc.microsoft.com/create-report) is also broken. Then security was breached again in July 2020 when OAuth tokens were [stolen](https://www.zdnet.com/article/hackers-stole-github-and-gitlab-oauth-tokens-from-git-analytics-firm-waydev) from both Github and Gitlab.com. 2. MS [unlawfully](https://www.cnet.com/news/amazon-google-and-microsoft-sued-over-photos-in-facial-recognition-database) used people's images without consent to train their facial recognition products 1. Microsoft distributes a [nonfree operating system](http://gnu.org/philosophy/free-software-even-more-important.html), Microsoft Windows, which is jam-packed with [malicious functionalities](http://gnu.org/proprietary/malware-microsoft.html), including surveillance of users, DRM, censorship and a universal back door. 2. MS was [caught](https://www.vice.com/en_us/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana) surreptitiously recording Xbox users and paying contractors to listen to the recordings. 3. Dutch government commissioned [a study](https://www.rijksoverheid.nl/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office) which found Microsoft to have [several GDPR violations](https://www.zdnet.com/article/dutch-government-report-says-microsoft-office-telemetry-collection-breaks-gdpr). E.g. Office 365 violates [GDPR article 5](https://gdpr-info.eu/art-5-gdpr/) ¶ `1.c`, [GDPR article 17](https://gdpr-info.eu/art-17-gdpr/), and stores the data outside the EEA (may also be a GDPR breach). <!-- to do - incorporate https://www.reddit.com/r/opensource/comments/acwc2b/how_a_danish_university_dependent_on_corporate/eddptey/--> 1. Microsoft is detrimental to **human rights** and **democracy** 1. MS suppresses democracy by [blocking](https://www.bbc.com/news/technology-50232902) Github access to a project that facilitates protests in Catalonia. 1. Microsoft [finances AnyVision](https://www.forbes.com/sites/thomasbrewster/2019/08/01/microsoft-slammed-for-investing-in-israeli-facial-recognition-spying-on-palestinians) to produce facial recognition technology that the Israeli military uses as a weapon against the Palestinian people who they oppress in their occupation. Note that Israeli snipers [murdered](https://edition.cnn.com/2018/06/03/middleeast/razan-al-najjar-gaza-nurse-killed/index.html) an unarmed civilian Palestinian medic (in breach of the Geneva Convention) then [edited](https://www.independent.co.uk/news/world/middle-east/gaza-protests-latest-idf-condemned-edited-video-angel-of-mercy-medic-razan-al-najjar-a8389611.html) the video to deceive the public for PR damage control. 1. Microsoft [supports ICE](https://companies-that-work-with-ice.com) in a variety of ways in the course of ICE's implementation of Trump's xenophobic border policies. Microsoft services an ICE contract worth [$19.4 million dollars](https://thehill.com/policy/technology/393358-microsoft-employees-dissatisfied-by-ceo-response-plan-action-against-ice) despite protest from employees. In addition to MS Office products, Microsoft has renewed a [Github contract](https://www.theverge.com/2019/10/9/20906213/github-ice-microsoft-software-email-contract-immigration-nonprofit-donation) and also supplies cloud computing through its [Azure platform](https://gizmodo.com/microsoft-employees-up-in-arms-over-cloud-contract-with-1826927803). 1. MS [partnered with FedEx](http://fortune.com/2020/05/18/microsoft-fedex-partnership-build), an NRA-supporting ALEC member as well as [JP Morgan Chase](https://www.zdnet.com/article/honeywell-set-to-launch-its-quantum-computer-with-quantum-volume-of-64), the most evil bank in the world. 1. MS [conceals](https://techinquiry.org/SiliconValley-Military) US military contracts to bias PR and dodge social accountablity. They have a much bigger piece these contracts than the rest of MACFANG, they lack Googles [AI principles](https://ai.google/principles), and unlike Google they ignore employee protest and petitions. 1. MS is among the top 15 recipients of Trump's corporate tax breaks, a benefit of $128 billion. Microsoft [sacked hundreds of employees](https://web.archive.org/web/20200529160343/https://www.cheatsheet.com/web/20200529160343mp_/https://www.cheatsheet.com/money-career/these-companies-started-firing-employees-right-after-getting-tax-cuts-from-trump.html) immediately after receiving the tax breaks in February 2018. 1. MS is anti-consumer and anti-competitive 1. MS [tricked](http://www.theguardian.com/technology/2016/feb/02/microsoft-downloading-windows-10-automatic-update) users into "upgrading" to Windows 10, which [sabotages](https://www.cnet.com/news/microsoft-windows-10-forced-updates-auto-restarts-are-the-worst) users in a variety of ways, one of which is to [prevent cloud-free accounts](https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation). 1. MS [strong-armed](http://www.linfo.org/microsoft_tax.html) nearly all PC manufacturers charge every buyer for an MS Windows license regardless of whether the user actually wants Windows. 1. MS [hoards](http://techrights.org/2017/03/15/still-using-patents-to-coerce) software patents and uses them to [fight free software](http://techrights.org/2017/02/27/microsoft-novell-v2-via-azure). </details> (click the arrows to expand rationale with supporting facts cited) A diagram of Liberapay’s detrimental relationships is attached.
liberapay_design.png
1.5 MiB
brickup changed title from condemn Liberapay and Open Collective to Remove Liberapay and Open Collective 3 years ago
brickup added the content label 3 years ago
brickup commented 3 years ago
Owner

The linked alternatives are aimed at developers, as they are for example based on commits done. So a lot of use cases for Patreon aren't covered on these. Looking forward to hear about easy-to-use Cloudflare-free alternatives for artists and other creative folks. 🙂

The linked alternatives are aimed at developers, as they are for example based on commits done. So a lot of use cases for Patreon aren't covered on these. Looking forward to hear about easy-to-use Cloudflare-free alternatives for artists and other creative folks. 🙂
xr_rider commented 3 years ago
Poster

To send users into CloudFlare's walled-garden of privacy abuse wholly counteracts the mission. So even in the hypothetical absolute absence of alternatives, it would be more sensible to remove the section or advise people to mail checks in the US and do SEPA transfers in Europe.

Luckily there is an option: villages.io. It's hosted on Amazon AWS which is also problematic but less so than CloudFlare sites and it avoids Paypal (which is quite evil).

There may be a better option listed here. That's not a vetted list (it shows lousy options like Liberapay and Open Collective), so investigation needed.

I suggest replacing the status quo with villages.io right away, since that's an obvious improvement and the status quo is harmful. And of course if someone later finds something better on the unvetted list it can be improved further.

To send users into CloudFlare's walled-garden of privacy abuse wholly counteracts the mission. So even in the hypothetical absolute absence of alternatives, it would be more sensible to remove the section or advise people to mail checks in the US and do SEPA transfers in Europe. Luckily there is an option: villages.io. It's hosted on Amazon AWS which is also problematic but less so than CloudFlare sites and it avoids Paypal (which is [quite evil](https://dev.lemmy.ml/post/30880)). There may be a better option listed [here](https://wiki.snowdrift.coop/market-research/other-crowdfunding). That's not a vetted list (it shows lousy options like Liberapay and Open Collective), so investigation needed. I suggest replacing the status quo with villages.io right away, since that's an obvious improvement and the status quo is harmful. And of course if someone later finds something better on the unvetted list it can be improved further.
wizzwizz4 commented 3 years ago
Collaborator

I asked Liberapay about Cloudflare (reply here: https://mastodon.xyz/@Liberapay/104550963501547168) and they said that they've got two barriers to setting up a non-Cloudflare onion service:

  • Improving their own protections against abuse.
  • A hosting provider that doesn't charge so much for traffic.

Your challenge, should you choose to accept it: anyone know how either of these can be accomplished?

I asked Liberapay about Cloudflare (reply here: https://mastodon.xyz/@Liberapay/104550963501547168) and they said that they've got two barriers to setting up a non-Cloudflare onion service: * Improving their own protections against abuse. * A hosting provider that doesn't charge so much for traffic. Your challenge, should you choose to accept it: anyone know how either of these can be accomplished?
👍 3
davidak commented 3 years ago
Owner

Improving their own protections against abuse.

Protection against DDOS means you can handle the incoming traffic and filter it out. We speak about 20, 40, 100 GBit/s! No small provider or organisation can offer that! So you have to pay someone as a proxy, that is per definition a man-in-the-middle.

A hosting provider that doesn’t charge so much for traffic.

Some offer free traffic, but that has limits. Probably most disallow torrent and Tor. But you probably can find one. See where other hosts their onions.

Update: Hetzner offers free DDOS-Protection for customers. I use and recomment them!

You don't neet an exit node for an onion service i think. So Hetzner would definitively be my recommendation.

https://trac.torproject.org/projects/tor/wiki/doc/ISPCorrespondence#Hetzner

Prices are very good and performance/service is also excellend.

https://www.hetzner.com/cloud

20 TB Traffic for 2.89€/month! "But if you need, you may add more for an extra 1.16 € a month per TB."

>Improving their own protections against abuse. Protection against DDOS means you can handle the incoming traffic and filter it out. We speak about 20, 40, 100 GBit/s! No small provider or organisation can offer that! So you have to pay someone as a proxy, that is per definition a man-in-the-middle. >A hosting provider that doesn’t charge so much for traffic. Some offer free traffic, but that has limits. Probably most disallow torrent and Tor. But you probably can find one. See where other hosts their onions. **Update**: [Hetzner](https://www.hetzner.com/unternehmen/ddos-schutz) offers free DDOS-Protection for customers. I use and recomment them! You don't neet an exit node for an onion service i think. So Hetzner would definitively be my recommendation. https://trac.torproject.org/projects/tor/wiki/doc/ISPCorrespondence#Hetzner Prices are very good and performance/service is also excellend. https://www.hetzner.com/cloud 20 TB Traffic for 2.89€/month! "But if you need, you may add more for an extra 1.16 € a month per TB."
xr_rider commented 3 years ago
Poster

Your challenge, should you choose to accept it: anyone know how either of these can be accomplished?

It's not our job to make excuses for those who undermine swiso's mission. Swiso has a duty to stay true to their own cause (privacy & ethics). Leading readers to a CloudFlare site is a reckless abandonment of duty and purpose.

90% of the all web admins have figured out how to function without CloudFlare (as CF MitMs 10% of all websites worldwide). If swiso wants to help improve the other 10%, then endorsing CF sites has precisely the opposite effect. It disincentivizes the correction that's needed.

At the risk of implying that there's merit to the idea of us spending energy reaching out to vendors individually to engage them directly (as opposed to focusing the effort on the website), Liberapay is a poor candidate for this because it's been tried and tried again and they are not open to reason. Liberapay has been contacted several times by privacy and net neutrality proponents without progress. This is the most recent significant attempt:

https://mastodon.xyz/@Liberapay/104416970584190595

Perhaps @davidak can talk some sense into them but I doubt he can get through to them. Such an effort may be more fruitful with Open Collective; I'm not sure if any attempts to reach out to them have been made.

In any case, swiso has a duty to delist Liberapay and Open Collective until they're off CloudFlare.

> Your challenge, should you choose to accept it: anyone know how either of these can be accomplished? It's not our job to make excuses for those who undermine swiso's mission. Swiso has a duty to stay true to their own cause (privacy & ethics). Leading readers to a CloudFlare site is a reckless abandonment of duty and purpose. 90% of the all web admins have figured out how to function without CloudFlare (as CF MitMs 10% of all websites worldwide). If swiso wants to help improve the other 10%, then endorsing CF sites has precisely the opposite effect. It *disincentivizes* the correction that's needed. At the risk of implying that there's merit to the idea of us spending energy reaching out to vendors individually to engage them directly (as opposed to focusing the effort on the website), Liberapay is a poor candidate for this because it's been tried and tried again and they are not open to reason. Liberapay has been contacted several times by privacy and net neutrality proponents without progress. This is the most recent significant attempt: https://mastodon.xyz/@Liberapay/104416970584190595 Perhaps @davidak can talk some sense into them but I doubt he can get through to them. Such an effort may be more fruitful with Open Collective; I'm not sure if any attempts to reach out to them have been made. In any case, swiso has a duty to delist Liberapay and Open Collective until they're off CloudFlare.
wizzwizz4 commented 3 years ago
Collaborator

That attempt was terrible. Sorry, but even I'd expect to have better success than that. You don't convince somebody of anything by attacking them.

At the risk of implying that there’s merit to the idea of us spending energy reaching out to vendors individually to engage them directly

How is there not merit to this? If not for Cloudflare, Liberpay would literally be the best candidate.

In any case, swiso has a duty to delist Liberapay and Open Collective until they’re off CloudFlare.

I'd say we only have a duty to delist them until they prove a non-Cloudflare access method, but pretty much.

That attempt was terrible. Sorry, but even *I'd* expect to have better success than that. You don't convince somebody of anything by attacking them. > At the risk of implying that there’s merit to the idea of us spending energy reaching out to vendors individually to engage them directly How is there not merit to this? If not for Cloudflare, Liberpay would _literally_ be the best candidate. > In any case, swiso has a duty to delist Liberapay and Open Collective until they’re off CloudFlare. I'd say we only have a duty to delist them until they prove a non-Cloudflare access method, but pretty much.
❤️ 1
xr_rider commented 3 years ago
Poster

That attempt was terrible. Sorry, but even I'd expect to have better success than that. You don't convince somebody of anything by attacking them.

What did I miss - where's the ad hominem? Quoting is essential here.

At the risk of implying that there’s merit to the idea of us spending energy reaching out to vendors individually to engage them directly

How is there not merit to this? If not for Cloudflare, Liberpay would literally be the best candidate.

It's ineffecient. Our energy is more needed on getting the website right (which currently endorses adversaries of our cause and partners thereof). Of course each contributor controls how to spend their own time so anyone can reach out to Liberapay if they want -- but it will be a waste in light of the past attempts that are documented.

In any case, swiso has a duty to delist Liberapay and Open Collective until they’re off CloudFlare.

I'd say we only have a duty to delist them until they prove a non-Cloudflare access method, but pretty much.

TL;DR-- It's not the absense of non-CF access that's a problem, it's the existence of CF access that's a problem.

If they were to deploy an onion site for example, that would only correct a fraction of the problem. It would give a CloudFlare-free access method but most users are non-Tor users and would still be exposed to CloudFlare's abuses, unwittingly. I stress unwittingly because most users lack CF awareness and that's the insideous nature of the beast.

The access path in this scenario is generally lead by the beneficiary. That is, Project A puts a "donate" page on their website, which links over to their page on LP. Supporters click that link which directs them straight into CloudFlare. So even if there were an alternate means of access, you would not be able to convince all projects to lead their supporters along a CF-free path.

> That attempt was terrible. Sorry, but even *I'd* expect to have better success than that. You don't convince somebody of anything by attacking them. What did I miss - where's the ad hominem? Quoting is essential here. > > At the risk of implying that there’s merit to the idea of us spending energy reaching out to vendors individually to engage them directly > > How is there not merit to this? If not for Cloudflare, Liberpay would _literally_ be the best candidate. It's ineffecient. Our energy is more needed on getting the website right (which currently endorses adversaries of our cause and partners thereof). Of course each contributor controls how to spend their own time so anyone can reach out to Liberapay if they want -- but it will be a waste in light of the past attempts that are documented. > > In any case, swiso has a duty to delist Liberapay and Open Collective until they’re off CloudFlare. > > I'd say we only have a duty to delist them until they prove a non-Cloudflare access method, but pretty much. TL;DR-- It's not the absense of non-CF access that's a problem, it's the existence of CF access that's a problem. If they were to deploy an onion site for example, that would only correct a fraction of the problem. It would give a CloudFlare-free access method but most users are non-Tor users and would still be exposed to CloudFlare's abuses, unwittingly. I stress unwittingly because most users lack CF awareness and that's the insideous nature of the beast. The access path in this scenario is generally lead by the beneficiary. That is, Project A puts a "donate" page on their website, which links over to their page on LP. Supporters click that link which directs them straight into CloudFlare. So even if there were an alternate means of access, you would not be able to convince all projects to lead their supporters along a CF-free path.
wizzwizz4 commented 3 years ago
Collaborator

What did I miss - where’s the ad hominem?

Never said there was a fallacious argument. But putting people on the defensive is a bad way to convince them of anything.

It would give a CloudFlare-free access method but most users are non-Tor users and would still be exposed to CloudFlare’s abuses,

Individuals aren't stupid; only people in general. We recommend the non-Cloudflare Liberapay site, and they won't take away that we're recommending the Cloudflare one – so long as we state it clearly.

The access path in this scenario is generally lead by the beneficiary. That is, Project A puts a “donate” page on their website, which links over to their page on LP. Supporters click that link which directs them straight into CloudFlare.

So they put a “donate” page, with a link to the non-Cloudflare access method? It's not that hard. Yeah, we wouldn't be able to convince all projects to do this, but it's a darn sight easier than convincing them to drop Liberapay (which, if not for their using Cloudflare, we wouldn't want to do).

> What did I miss - where’s the ad hominem? Never said there was a fallacious argument. But putting people on the defensive is a bad way to convince them of anything. > It would give a CloudFlare-free access method but most users are non-Tor users and would still be exposed to CloudFlare’s abuses, Individuals aren't stupid; only people in general. We recommend the non-Cloudflare Liberapay site, and they won't take away that we're recommending the Cloudflare one – so long as we state it clearly. > The access path in this scenario is generally lead by the beneficiary. That is, Project A puts a “donate” page on their website, which links over to their page on LP. Supporters click that link which directs them straight into CloudFlare. So they put a “donate” page, with a link to the non-Cloudflare access method? It's not _that_ hard. Yeah, we wouldn't be able to convince all projects to do this, but it's a darn sight easier than convincing them to drop Liberapay (which, if not for their using Cloudflare, we wouldn't want to do).
xr_rider commented 3 years ago
Poster

Never said there was a fallacious argument. But putting people on the defensive is a bad way to convince them of anything.

Swiso is working against its own cause. I don't care how gently you would like that to be phrased, it needs to be called out so it can be addressed.

Individuals aren’t stupid;

If "stupid" means CloudFlare unawareness in this context, then yes a vast majority are stupid. You can count on it.

We recommend the non-Cloudflare Liberapay site, and they won’t take away that we’re recommending the Cloudflare one – so long as we state it clearly.

If a project creates a donation profile on the non-CF site, in what reality do you imagine that their profile will not appear on the CloudFlare site? It doesn't matter if they use the non-CF site -- Liberapay would see to it that the profile is visible on the CF site as well. Swiso would still be the cause of privacy abuse in that case.

So they put a “donate” page, with a link to the non-Cloudflare access method? It’s not that hard. Yeah, we wouldn’t be able to convince all projects to do this

That's the problem. It would be impossible. It would be a struggle to convince just 1 project to do such a thing, because most projects are sell-outs when it comes to donations. There are countless projects where privacy and ethics is their core purpose, and yet they don't give a toss when it comes to donations. E.g. PrivacyTools knows Paypal shares information with 600 companies but they refuse to stop accepting Paypal. Good luck convincing them to limit their donors to Tor users (in the case of an onion site). Privacytools is not cherry picked here -- it's the most typical case. Tor Project itself directed donors to a CF page for quite a long time (recently fixed).

but it’s a darn sight easier than convincing them to drop Liberapay (which, if not for their using Cloudflare, we wouldn’t want to do).

For Swiso to stay true to its mission, it must condemn LP and spotlight ethical alternatives. Informing them is as easy as it gets. The idea is to lead the horse to water not to force it to drink. Endorsing LP is leading the horse to quicksand.

If you want to go further, then you take the RMS-Facebook approach. RMS rightly condemns Facebook knowing full well that many people don't have the discipline or constitution to do the right thing. For those people, he suggests a compromise. RMS makes it clear that the compromise is secondary to boycotting. It's a good approach, but ATM there is no CF-free LP mechanism. So LP can only be condemned.

> Never said there was a fallacious argument. But putting people on the defensive is a bad way to convince them of anything. Swiso is working against its own cause. I don't care how gently you would like that to be phrased, it needs to be called out so it can be addressed. > Individuals aren’t stupid; If "stupid" means CloudFlare unawareness in this context, then yes a vast majority are stupid. You can count on it. > We recommend the non-Cloudflare Liberapay site, and they won’t take away that we’re recommending the Cloudflare one – so long as we state it clearly. If a project creates a donation profile on the non-CF site, in what reality do you imagine that their profile will not appear on the CloudFlare site? It doesn't matter if they use the non-CF site -- Liberapay would see to it that the profile is visible on the CF site as well. Swiso would still be the cause of privacy abuse in that case. > So they put a “donate” page, with a link to the non-Cloudflare access method? It’s not that hard. Yeah, we wouldn’t be able to convince all projects to do this That's the problem. It would be impossible. It would be a struggle to convince just 1 project to do such a thing, because most projects are sell-outs when it comes to donations. There are countless projects where privacy and ethics is their core purpose, and yet they don't give a toss when it comes to donations. E.g. PrivacyTools *knows* Paypal shares information with 600 companies but they refuse to stop accepting Paypal. Good luck convincing them to limit their donors to Tor users (in the case of an onion site). Privacytools is not cherry picked here -- it's the most typical case. Tor Project itself directed donors to a CF page for quite a long time (recently fixed). > but it’s a darn sight easier than convincing them to drop Liberapay (which, if not for their using Cloudflare, we wouldn’t want to do). For Swiso to stay true to its mission, it must condemn LP and spotlight ethical alternatives. Informing them is as *easy* as it gets. The idea is to lead the horse to water not to force it to drink. Endorsing LP is leading the horse to quicksand. If you want to go further, then you take the RMS-Facebook approach. RMS rightly [condemns](https://stallman.org/facebook.html) Facebook knowing full well that many people don't have the discipline or constitution to do the right thing. For those people, he suggests a [compromise](https://stallman.org/facebook-presence.html). RMS makes it clear that the compromise is secondary to boycotting. It's a good approach, but ATM there is no CF-free LP mechanism. So LP can only be condemned.
davidak commented 3 years ago
Owner

I think Liberapay is the best Patreon alternative and we should not delist them. The result would be that more people use Patreon again.

That they use Cloudflare and big banking services with high fees is not optimal, but not a problem we can fix here. All we can do is point that out.

@xr_rider your communication is not very constructive and wastes valuable time that could be used to actually improve projects. Please stop that.

I think Liberapay is the best Patreon alternative and we should not delist them. The result would be that more people use Patreon again. That they use Cloudflare and big banking services with high fees is not optimal, but not a problem we can fix here. All we can do is point that out. @xr_rider your communication is not very constructive and wastes valuable time that could be used to actually improve projects. Please stop that.
👍 4
wizzwizz4 commented 3 years ago
Collaborator

@xr_rider

So LP should simply be condemned.

I think this is my biggest source of disagreement. Yes, remove it while it's still got Cloudflare once we have better things to replace it with (much as I love Liberapay, we have standards), but we shouldn't condemn them unless we're condemning everybody else using Cloudflare, too. And they're completely FOSS, so Cloudflare-using non-FOSS ones should be condemned more.

@xr_rider > So LP should simply be condemned. I think this is my biggest source of disagreement. Yes, remove it while it's still got Cloudflare once we have better things to replace it with (much as I love Liberapay, we have standards), but we shouldn't _condemn_ them unless we're condemning _everybody else_ using Cloudflare, too. And they're completely FOSS, so Cloudflare-using non-FOSS ones should be condemned more.
xr_rider commented 3 years ago
Poster

I think Liberapay is the best Patreon alternative and we should not delist them.

Liberapay is a terrible alternative for its CloudFlare loyal usage and LP's absolute refusal to remedy the problem. Liberapay is committed to supporting CloudFlare at the cost of privacy, network neutrality, and ethics and that's not changing anytime soon.

The result would be that more people use Patreon again.

Only if you fail to give an alternative. Patreon is only marginally worse than LP due to Patreon's forced use of Paypal (which Swiso fails to spotlight BTW).

That they use Cloudflare and big banking services with high fees is not optimal, but not a problem we can fix here. All we can do is point that out.

Actually villages.io fixes those problems and doesn't entail the privacy and ethics problems inherent in LP.

@xr_rider your communication is not very constructive and wastes valuable time that could be used to actually improve projects. Please stop that.

It's precisely because the status quo is self-defeating to Swiso's own stated purpose that it was spotlighted. And rightfully so. Please stop trying to suppress this problem -- it's counter productive to the mission and hinders progress.

> I think Liberapay is the best Patreon alternative and we should not delist them. Liberapay is a terrible alternative for its CloudFlare *loyal* usage and LP's absolute refusal to remedy the problem. Liberapay is committed to supporting CloudFlare at the cost of privacy, network neutrality, and ethics and that's not changing anytime soon. > The result would be that more people use Patreon again. Only if you fail to give an alternative. Patreon is only marginally worse than LP due to Patreon's forced use of Paypal (which Swiso fails to spotlight BTW). > That they use Cloudflare and big banking services with high fees is not optimal, but not a problem we can fix here. All we can do is point that out. Actually villages.io fixes those problems and doesn't entail the privacy and ethics problems inherent in LP. > @xr_rider your communication is not very constructive and wastes valuable time that could be used to actually improve projects. Please stop that. It's precisely because the status quo is self-defeating to Swiso's own stated purpose that it was spotlighted. And rightfully so. Please stop trying to suppress this problem -- it's counter productive to the mission and hinders progress.
wizzwizz4 commented 3 years ago
Collaborator

and LP’s absolute refusal to remedy the problem.

There are technical hurdles. It's non-trivial – several weeks of implementing no other features, if they tried to do it all at once. Try ripping systemd out of Debian; how much do you have to change to get that working? (Oh, no, you can't use your text editor any more.)

due to Patreon’s forced use of Paypal (which Swiso fails to spotlight BTW).

I have a suspicion that Swiso's goals don't quite line up with yours. We're not focusing so much on entire dependency chains, whereas you are. You're thinking from the perspective of somebody who doesn't want to introduce new, unethical dependencies, but… most people already have the dependencies anyway.

Actually villages.io fixes those problems

I think you can best contribute to Swiso by opening new issues for more ethical alternatives, instead of trying to get us to cull our already short lists. Do you see why “remove all your Patreon alternatives, no I'm not providing any new suggestions” might be resisted?

> and LP’s absolute refusal to remedy the problem. There are technical hurdles. It's non-trivial – several weeks of implementing no other features, if they tried to do it all at once. Try ripping `systemd` out of Debian; how much do you have to change to get _that_ working? (Oh, no, you can't [use your _text editor any more_](https://packagecloud.io/AtomEditor/atom/packages/any/any/atom_1.49.0_amd64.deb).) > due to Patreon’s forced use of Paypal (which Swiso fails to spotlight BTW). I have a suspicion that Swiso's goals don't _quite_ line up with yours. We're not focusing so much on entire dependency chains, whereas you are. You're thinking from the perspective of somebody who doesn't want to introduce new, unethical dependencies, but… most people already have the dependencies anyway. > Actually villages.io fixes those problems I think you can best contribute to Swiso by opening new issues for more ethical alternatives, instead of trying to get us to cull our already short lists. Do you see why “remove all your Patreon alternatives, no I'm not providing any new suggestions” might be resisted?
xr_rider commented 3 years ago
Poster

and LP’s absolute refusal to remedy the problem.

There are technical hurdles. It's non-trivial – several weeks of implementing no other features, if they tried to do it all at once.

These technical challenges are not our problem. Liberapay has failed to solve their problems in a way that respects privacy and ethics, so they're unfit for endorsement. 90% of other web admins have figured out how to offer service without compromising privacy and ethics by using CloudFlare -- without making their problems a problem for others.

It's also worth noting that projects who

due to Patreon’s forced use of Paypal (which Swiso fails to spotlight BTW).

I have a suspicion that Swiso's goals don't quite line up with yours. We're not focusing so much on entire dependency chains, whereas you are.

Because the Swiso purpose is to promote "ethical" options, supply chains cannot be ignored. Obviously any unethical company (Amazon, Bayar-Monsanto, Nestle, FedEx, Microsoft, CloudFlare, etc) can be subcontracted by an otherwise non-evil proxy, and entirely defeat any attempt at ethical consumption. To turn a blind eye to the supply chain and declare to consumers that the top-level organization is "ethical" actually could not better serve unethical players more. What's the point?

Of course the supply chain is relevant. Fairfone's core mission purpose is to produce an ethical phone. If they neglected the supply chain, the phone would still be produced using material that's mined by child laborers and there would just be one extra middle man to stand in as "ethical". Luckily Fairfone is competent.

Nestle knows people are looking to expose their use of child slave labor in the Ivory coast, but the cost savings is too captivating for them to change so they create a structure of middlemen that gives them plausible deniability when someone manages to trace the supply chain to a child.

B Labs certifies corporations that achieve a relatively high ethical standard. Supply chain is among the factors they evaluate, and it's paramount. If you want to disregard supply chain, you might as well scrap "ethical" from Swiso's stated purpose because it would only serve to mislead consumers who take that seriously.

You're thinking from the perspective of somebody who doesn't want to introduce new, unethical dependencies, but… most people already have the dependencies anyway.

I'm thinking from the standpoint that it doesn't matter when unethical conduct was introduced. Whether it was recent or not, if it's unethical it's unsuitable for Swiso's endorsement going forward.

Actually villages.io fixes those problems

I think you can best contribute to Swiso by opening new issues for more ethical alternatives

If you think it makes sense to open a separate issue for endorsing villages.io, then you're a better candidate for working that task. I'm not the best candidate for that because to me it doesn't make sense, as ethical standing is relative. You can never have an absolute 100% ethical supplier so it's a comparison effort of eliminating the worst. When all options are ethically quite lousy, then it may be sensible to endorse none but that's not the case here. Not just because villages.io is on a higher moral ground than LP but also because in the very least there is the option of US-based services getting a paper check and the rest of the world posting IBAN numbers.

I've also found more dirt on Liberapay than you, so it's better for me to work on the exposure of it and work on getting the bad endorsement removed.

instead of trying to get us to cull our already short lists. Do you see why “remove all your Patreon alternatives, no I'm not providing any new suggestions” might be resisted?

I'm not sure why you would claim that I've not suggested alternates in the very same post where you acknowlege my suggestion of villages.io, and in the same thread where I posted this list.

> > and LP’s absolute refusal to remedy the problem. > > There are technical hurdles. It's non-trivial – several weeks of implementing no other features, if they tried to do it all at once. These technical challenges are not our problem. Liberapay has failed to solve *their* problems in a way that respects privacy and ethics, so they're unfit for endorsement. 90% of other web admins have figured out how to offer service without compromising privacy and ethics by using CloudFlare -- without making their problems a problem for others. It's also worth noting that projects who > > due to Patreon’s forced use of Paypal (which Swiso fails to spotlight BTW). > > I have a suspicion that Swiso's goals don't _quite_ line up with yours. We're not focusing so much on entire dependency chains, whereas you are. Because the Swiso purpose is to promote "*ethical*" options, supply chains cannot be ignored. Obviously any unethical company (Amazon, Bayar-Monsanto, Nestle, FedEx, Microsoft, CloudFlare, etc) can be subcontracted by an otherwise non-evil proxy, and entirely defeat any attempt at ethical consumption. To turn a blind eye to the supply chain and declare to consumers that the top-level organization is "ethical" actually could not better serve unethical players more. What's the point? Of course the supply chain is relevant. Fairfone's core mission purpose is to produce an ethical phone. If they neglected the supply chain, the phone would still be produced using material that's mined by child laborers and there would just be one extra middle man to stand in as "ethical". Luckily Fairfone is competent. Nestle knows people are looking to expose their use of child slave labor in the Ivory coast, but the cost savings is too captivating for them to change so they create a structure of middlemen that gives them plausible deniability when someone manages to trace the supply chain to a child. [B Labs](https://bcorporation.net/) certifies corporations that achieve a relatively high ethical standard. Supply chain is among the factors they evaluate, and it's paramount. If you want to disregard supply chain, you might as well scrap "ethical" from Swiso's stated purpose because it would only serve to mislead consumers who take that seriously. > You're thinking from the perspective of somebody who doesn't want to introduce new, unethical dependencies, but… most people already have the dependencies anyway. I'm thinking from the standpoint that it doesn't matter *when* unethical conduct was introduced. Whether it was recent or not, if it's unethical it's unsuitable for Swiso's endorsement going forward. > > Actually villages.io fixes those problems > > I think you can best contribute to Swiso by opening new issues for more ethical alternatives If you think it makes sense to open a separate issue for endorsing villages.io, then you're a better candidate for working that task. I'm not the best candidate for that because to me it doesn't make sense, as ethical standing is relative. You can never have an absolute 100% ethical supplier so it's a comparison effort of eliminating the worst. When all options are ethically quite lousy, then it may be sensible to endorse none but that's not the case here. Not just because villages.io is on a higher moral ground than LP but also because in the very least there is the option of US-based services getting a paper check and the rest of the world posting IBAN numbers. I've also found more dirt on Liberapay than you, so it's better for me to work on the exposure of it and work on getting the bad endorsement removed. > instead of trying to get us to cull our already short lists. Do you see why “remove all your Patreon alternatives, no I'm not providing any new suggestions” might be resisted? I'm not sure why you would claim that I've not suggested alternates in the very same post where you acknowlege my suggestion of villages.io, and in the same thread where I posted [this list](https://wiki.snowdrift.coop/market-research/other-crowdfunding).
davidak commented 3 years ago
Owner

These technical challenges are not our problem.

i have different standards for community projects than for for-profit companies. they have limited ressources and need our support. when you care about this problem, you can actually solve it. for example by paying a developer to fix it

Luckily Fairfone is competent.

10 of teir 38 material are fair. in your logic, they now have to be condemned because they "failed to solve their problems"

but they are still good and deserve support, to be able to improve further. like Liberapay

I’ve also found more dirt on Liberapay

you probably can find something you don't like in any project. so we end up with an empty list and can close the project and give up on ethics. is that what you want? the result is that people just use the most popular, probably most unethical services

I also like to be radical and don't make compromises, but sometimes is being pragmatical better for archieving the goal.

Like in the case of swiso which focuses on alternatives that endusers can use. For example we recommend elementary OS, which is based on Ubuntu, which has proprietary components like graphic drivers. But it has perfect usability, so people will actually switch from macOS and Windows. And i consider that a success, because they gained freedom. And when they want, they can use some Free System Distribution as specified by the FSF later. https://www.gnu.org/distros/free-distros.en.html

This is how activism can work.

>These technical challenges are not our problem. i have different standards for community projects than for for-profit companies. they have limited ressources and need our support. when you care about this problem, you can actually solve it. for example by paying a developer to fix it >Luckily Fairfone is competent. 10 of teir 38 material are fair. in your logic, they now have to be condemned because they "failed to solve their problems" but they are still good and deserve support, to be able to improve further. like Liberapay >I’ve also found more dirt on Liberapay you probably can find something you don't like in any project. so we end up with an empty list and can close the project and give up on ethics. is that what you want? the result is that people just use the most popular, probably most unethical services I also like to be radical and don't make compromises, but sometimes is being pragmatical better for archieving the goal. Like in the case of swiso which focuses on alternatives that endusers can use. For example we recommend elementary OS, which is based on Ubuntu, which has proprietary components like graphic drivers. But it has perfect usability, so people will actually switch from macOS and Windows. And i consider that a success, because they gained freedom. And when they want, they can use some Free System Distribution as specified by the FSF later. https://www.gnu.org/distros/free-distros.en.html This is how activism can work.
👍 3
xr_rider commented 3 years ago
Poster

These technical challenges are not our problem.

i have different standards for community projects than for for-profit companies. they have limited ressources and need our support.

Some non-profit projects behave very much like profit-driven corporations (note the workers still profit - the only difference is the org itself does not declare a significant corporate profit at the end of a tax year). Open Whisper Systems is a textbook example. It's a non-profit that finances Amazon, Google, CloudFlare, and Facebook in the course of deploying Signal, which forces users to obtain a phone and register their phone number. They bogart their network and threaten with lawsuits projects that fork their software. They push users into the exclusive privacy-abusing walled-garden of Google and subject users to Google's CAPTCHA as they downplay the less abusive option. They make use of Google Analytics and from the user's viewpoint OWS is no different than Microsoft. When a non-profit feeds bullies and they act like a bully, holding them to a lower standard is an injustice. And it's a betrayal of Swiso's purpose.

If you're going to work with two standards, it's insufficient to fail to recognize OWS-like non-profits. In this particular case, you're giving more exposure to a non-profit that subjects donors to privacy abuse and feeds two tech giants (CloudFlare & Amazon) than you give to a *genuine* community-centric project (villages.io), which is more ethical. It doesn't subject people to CloudFlare's surveillance capitalism and also avoids subjecting donors to Paypal.

You're so biased that you're undermining the core principle of Swiso. It's a perverse hypocrisy that Swiso is endorsing CloudFlare sites, particularly when there are ethical CF-free alternatives.

when you care about this problem, you can actually solve it. for example by paying a developer to fix it

Until someone pays Liberapay enough to stop them using CloudFlare, they're unfit for endorsement. The day that happens is a day when it would make sense to reconsider Liberapay endorsement.

Luckily Fairfone is competent.

10 of teir 38 material are fair. in your logic, they now have to be condemned because they "failed to solve their problems"

You missed what I said about ethics being relative.

Have you found a competitor who uses fewer than 28 "unfair" sources? If yes, then indeed Fairfone should be condemned. If not, then Fairfone is worthy of endorsement.

but they are still good and deserve support, to be able to improve further. like Liberapay

Liberapay has demonstrated that they refuse to acknowledge CloudFlare's evil. It's not a simple matter of bad spending (they could outsource to CF's competitors), it's that they don't even accept the basic premise that putting their service inside CloudFlare's walled-garden is ethically dubious. Their core principles are incompatible with a free world that values privacy and ethics. Of course they don't deserve support, particularly in light of competitors that are more ethical.

I’ve also found more dirt on Liberapay

you probably can find something you don't like in any project.

Of course. If you don't find anything, you're not looking hard enough. Finding dirt on these options is crucial to making a competent comparison that doesn't lead you to endorse a service that works against the mission.

so we end up with an empty list and can close the project and give up on ethics.

That's not how it works when you endorse the lesser of evils.

is that what you want?

In some categories, it may make sense not to endorse anyone if all options are so evil that putting one above another is hair-splitting. But this is hypothetical and certainly not the case with the Patreon category herein, where we have villages.io and others.

> >These technical challenges are not our problem. > > i have different standards for community projects than for for-profit companies. they have limited ressources and need our support. Some non-profit projects behave very much like profit-driven corporations (note the workers still profit - the only difference is the org itself does not declare a significant corporate profit at the end of a tax year). Open Whisper Systems is a textbook example. It's a non-profit that finances Amazon, Google, CloudFlare, and Facebook in the course of deploying Signal, which forces users to obtain a phone and register their phone number. They bogart their network and threaten with lawsuits projects that fork their software. They push users into the exclusive privacy-abusing walled-garden of Google and subject users to Google's CAPTCHA as they downplay the less abusive option. They make use of Google Analytics and from the user's viewpoint OWS is no different than Microsoft. When a non-profit feeds bullies and they act like a bully, holding them to a lower standard is an injustice. And it's a betrayal of Swiso's purpose. If you're going to work with two standards, it's insufficient to fail to recognize OWS-like non-profits. In this particular case, you're giving more exposure to a non-profit that subjects donors to privacy abuse and feeds two tech giants (CloudFlare & Amazon) than you give to a \**genuine*\* community-centric project (villages.io), which is more ethical. It doesn't subject people to CloudFlare's surveillance capitalism and also avoids subjecting donors to Paypal. You're so biased that you're undermining the core principle of Swiso. It's a perverse hypocrisy that Swiso is endorsing CloudFlare sites, particularly when there are ethical CF-free alternatives. > when you care about this problem, you can actually solve it. for example by paying a developer to fix it Until someone pays Liberapay enough to stop them using CloudFlare, they're unfit for endorsement. The day that happens is a day when it would make sense to reconsider Liberapay endorsement. > >Luckily Fairfone is competent. > > 10 of teir 38 material are fair. in your logic, they now have to be condemned because they "failed to solve their problems" You missed what I said about ethics being relative. Have you found a competitor who uses fewer than 28 "unfair" sources? If yes, then indeed Fairfone should be condemned. If not, then Fairfone is worthy of endorsement. > but they are still good and deserve support, to be able to improve further. like Liberapay Liberapay has demonstrated that they refuse to acknowledge CloudFlare's evil. It's not a simple matter of bad spending (they could outsource to CF's competitors), it's that they don't even accept the basic premise that putting their service inside CloudFlare's walled-garden is ethically dubious. Their core principles are incompatible with a free world that values privacy and ethics. Of course they don't deserve support, particularly in light of competitors that are more ethical. > >I’ve also found more dirt on Liberapay > > you probably can find something you don't like in any project. Of course. If you don't find anything, you're not looking hard enough. Finding dirt on these options is crucial to making a competent comparison that doesn't lead you to endorse a service that works against the mission. > so we end up with an empty list and can close the project and give up on ethics. That's not how it works when you endorse the lesser of evils. > is that what you want? In some categories, it may make sense not to endorse anyone if all options are so evil that putting one above another is hair-splitting. But this is hypothetical and certainly not the case with the Patreon category herein, where we have villages.io and others.
n commented 3 years ago
Collaborator

Actually villages.io fixes those problems

villages.io also has some issues. They embed Google Analytics, Google Fonts, Google Maps and Facebook SDK on their website. Also, the software behind the website is proprietary, unlike Liberapay and Open Collective.

> Actually villages.io fixes those problems villages.io also has some issues. They embed Google Analytics, Google Fonts, Google Maps and Facebook SDK on their website. Also, the software behind the website is proprietary, unlike [Liberapay](https://github.com/liberapay/liberapay.com) and [Open Collective](https://github.com/opencollective).
👍 1
wizzwizz4 commented 3 years ago
Collaborator

Some non-profit projects behave very much like profit-driven corporations

And Liberapay's structure side-steps these incentives. You donate to them just like any other; getting bigger for the sake of bigger doesn't directly give them more profit.

It’s a perverse hypocrisy that Swiso is endorsing CloudFlare sites, particularly when there are ethical CF-free alternatives.

So where's the pull request, or issue, suggesting to add those alternatives? This is a collaborative project; “we don't already know everything” shouldn't be a criticism, when you can add to “our” knowledge. And it's not hypocrisy; it's just different standards to yours. There are multiple dimensions along which certain services can be better or worse, and you weight them in a certain way; Swiso weights them in a different way. (It's not quite the way I'd do it, and it's not the way the original switching.social did it, but it's a pretty good way all the same.)

Of course. If you don’t find anything, you’re not looking hard enough.

But you clearly haven't looked that hard at Villages.io. Just for starters, it's using the .io TLD, which (according to some reports) directly financially rewards the British Government for the expulsion of the Chagossians from the Chagos Archipelago…

Liberapay has one thing wrong with it: Cloudflare. (Perhaps you've found some more things, but if you have to dig to find them and you haven't dug for every candidate it's not a fair comparison.) We're not removing it just for that, until you can show us an alternative service with no things wrong with it.

where we have villages.io and others.

And others? Please, please open another issue, so we can consider adding them.

> Some non-profit projects behave very much like profit-driven corporations And Liberapay's structure side-steps these incentives. You donate to them just like any other; getting bigger for the sake of bigger doesn't directly give them more profit. > It’s a perverse hypocrisy that Swiso is endorsing CloudFlare sites, particularly when there are ethical CF-free alternatives. So where's the pull request, or issue, suggesting to add those alternatives? This is a collaborative project; “we don't already know everything” shouldn't be a criticism, when you can add to “our” knowledge. And it's _not_ hypocrisy; it's just different standards to yours. There are multiple dimensions along which certain services can be better or worse, and you weight them in a certain way; Swiso weights them in a different way. (It's not quite the way I'd do it, and it's not the way the original switching.social did it, but it's a pretty good way all the same.) > Of course. If you don’t find anything, you’re not looking hard enough. But you clearly haven't looked that hard at Villages.io. Just for starters, it's using the .io TLD, which (according to some reports) directly financially rewards the British Government for the expulsion of the Chagossians from the Chagos Archipelago… Liberapay has _one_ thing wrong with it: Cloudflare. (Perhaps you've found some more things, but if you have to dig to find them and you haven't dug for every candidate it's not a fair comparison.) We're not removing it just for that, until you can show us an alternative service with _no_ things wrong with it. > where we have villages.io and others. And others? Please, please open another issue, so we can consider adding them.
👍 3
themusicgod1 commented 3 years ago

villages is not proprietary.

while it does use github as the main development point ( http://github.com/villagescc ) , the code is available for anyone who needs it (contact me I will give you a copy).

the SDK use is a more valid criticism

villages is not proprietary. while it does use github as the main development point ( http://github.com/villagescc ) , the code is available for anyone who needs it (contact me I will give you a copy). the SDK use is a more valid criticism
wizzwizz4 commented 3 years ago
Collaborator

I've created an issue for discussing Villages IO (#142); could we move this conversation there? (And please create other issues for other alternatives.)

I've created an issue for discussing Villages IO (#142); could we move this conversation there? (And please create other issues for other alternatives.)
n commented 3 years ago
Collaborator

villages is not proprietary.

while it does use github as the main development point ( http://github.com/villagescc ) , the code is available for anyone who needs it (contact me I will give you a copy).

I couldn't find the source when I looked. Thanks for sharing it @themusicgod1!
However, it looks like there is no license on the villagesio repo making it still proprietary software.

> villages is not proprietary. > > while it does use github as the main development point ( http://github.com/villagescc ) , the code is available for anyone who needs it (contact me I will give you a copy). I couldn't find the source when I looked. Thanks for sharing it @themusicgod1! However, it looks like there is no license on the [villagesio repo](https://github.com/villagescc/villagesio2.0) making it still [proprietary software](https://en.wikipedia.org/wiki/Proprietary_software#Exclusive_rights).
themusicgod1 commented 3 years ago

The repo did have a license at one point, I wonder where it went?
I have followed this up with daniel - let's see if we can get this sorted out asap

The repo did have a license at one point, I wonder where it went? I have followed this up with daniel - let's see if we can get this sorted out asap
👍 1
xr_rider commented 3 years ago
Poster

@n

the software behind the website is proprietary, unlike Liberapay and Open Collective.

You don't know that the LP and OC servers are running the source code that is published.
They could be running anything. They neglect to attest to running the published code in their legal disclosures, so they can run whatever they want. It's inherently technologically unverifiable -- and there's also no legal accountability for running something different.

Users are interacting with a service, not software. As such, only one of the 4 software freedoms is useful to donors: seeing the code. LP, OC, and Villages all let users see the code, and none of them attest to running the code they published. So this trivia is a wash and not really interesting compared to the elephant of the room.

@wizzwizz4

And Liberapay’s structure side-steps these incentives. You donate to them just like any other; getting bigger for the sake of bigger doesn’t directly give them more profit.

This is non-sequitur logic. Regardless of whether their income is derived from donations or from transactions wrongdoing is not avoided. The NRA and ALEC are "non-profit" orgs in the US whose income comes from donations, yet most of what they do channels money toward unethical causes.

Behaving like a corporation doesn't necessarily imply growth; nor does LP's business model lock them into inhibiting growth. LP has already publicly announced that they plan to start taking 5% of transactions in the future anyway.

So where’s the pull request, or issue, suggesting to add those alternatives? This is a collaborative project

(emphasis mine)

You've answered your own question. It's a collaborative project.

You also misunderstand the nature of volunteer work. Each worker contributes what they want. We aren't paid, so our contributions are a function of our own intrinsic motivation.

It's also pretentious and uncooperative to do PRs without a thorough public discussion. Doing a PR before the discussion has run its course is to hastily pre-empt feedback from others.

But you clearly haven’t looked that hard at Villages.io.

This is a cooperative effort. Please stop tasking volunteers.

If you want dirt on villages.io, task yourself. I wouldn't want to stop you. I actually welcome it. The more facts on the table the better decision that can be made.

Just for starters, it’s using the .io TLD, which (according to some reports) directly financially rewards the British Government for the expulsion of the Chagossians from the Chagos Archipelago…

This is why it's a cooperative effort. This is exactly why it's a bad idea to rely on one person to find problems. I did not know that about the .io TLD issues. So if you rely on me some things will be overlooked.

Liberapay has one thing wrong with it: Cloudflare.

First of all, that's Nonsense. There is plenty wrong with LP. I'll elaborate more in the next post. Not to mention CloudFlare alone is quite evil enough to condemn it as unethical and privacy-abusing. This project should not be endorsing any CF sites - it's contrary to the stated purpose.

And others? Please, please open another issue, so we can consider adding them.

They were listed in the very first post. I've not vetted that list and in fact LP and OC are listed there. Feel free to open new issues if you feel compeled. I'm not comfortable opening an issue to recommend a particular service until I reach a certain degree of confidence that each particular service is at least superficially worthy.

@n > the software behind the website is proprietary, unlike [Liberapay](https://github.com/liberapay/liberapay.com) and [Open Collective](https://github.com/opencollective). You don't know that the LP and OC servers are running the source code that is published. They could be running anything. They neglect to attest to running the published code in their legal disclosures, so they can run whatever they want. It's inherently technologically unverifiable -- and there's also no legal accountability for running something different. Users are interacting with a ***service***, not *software*. As such, only one of the 4 software freedoms is useful to donors: seeing the code. LP, OC, and Villages all let users see the code, and none of them attest to running the code they published. So this trivia is a wash and not really interesting compared to the elephant of the room. @wizzwizz4 > And Liberapay’s structure side-steps these incentives. You donate to them just like any other; getting bigger for the sake of bigger doesn’t directly give them more profit. This is non-sequitur logic. Regardless of whether their income is derived from donations or from transactions wrongdoing is not avoided. The NRA and ALEC are "non-profit" orgs in the US whose income comes from donations, yet most of what they do channels money toward unethical causes. Behaving like a corporation doesn't necessarily imply growth; nor does LP's business model lock them into inhibiting growth. LP has already publicly announced that they plan to start taking 5% of transactions in the future anyway. > So where’s the pull request, or issue, suggesting to add those alternatives? **This is a collaborative project** (emphasis mine) You've answered your own question. It's a collaborative project. You also misunderstand the nature of volunteer work. Each worker contributes what they want. We aren't paid, so our contributions are a function of our own intrinsic motivation. It's also pretentious and uncooperative to do PRs without a thorough public discussion. Doing a PR before the discussion has run its course is to hastily pre-empt feedback from others. > But you clearly haven’t looked that hard at Villages.io. This is a cooperative effort. Please stop tasking volunteers. If you want dirt on villages.io, task yourself. I wouldn't want to stop you. I actually welcome it. The more facts on the table the better decision that can be made. > Just for starters, it’s using the .io TLD, which (according to some reports) directly financially rewards the British Government for the expulsion of the Chagossians from the Chagos Archipelago… This is why it's a cooperative effort. This is exactly why it's a bad idea to rely on one person to find problems. I did not know that about the .io TLD issues. So if you rely on me some things will be overlooked. > Liberapay has one thing wrong with it: Cloudflare. First of all, that's Nonsense. There is plenty wrong with LP. I'll elaborate more in the next post. Not to mention CloudFlare alone is quite evil enough to condemn it as unethical and privacy-abusing. This project should not be endorsing any CF sites - it's contrary to the stated purpose. > And others? Please, please open another issue, so we can consider adding them. They were [listed](https://codeberg.org/swiso/website/issues/111) in the very first post. I've not vetted that list and in fact LP and OC are listed there. Feel free to open new issues if you feel compeled. I'm not comfortable opening an issue to recommend a particular service until I reach a certain degree of confidence that each particular service is at least superficially worthy.
xr_rider commented 3 years ago
Poster
centralized service
The most unethical CDN in the world: CloudFlare
The most unethical hosting provider in the world: Amazon AWS
The most unethical payment processor in the world: Paypal
The most unethical credit card network in the world: American Express
The 2nd most unethical credit card network in the world: Visa
The 2nd most unethical git hoster in the world: Microsoft Github (second to gitlab.com)
Liberapay is a CloudFlare website

Liberapay is centralized in the private walled-garden of CloudFlare. CloudFlare is a vigilante extremist organization that takes the decentralized web and centralizes it under one corporate power who dictates terms in the worlds largest walled-garden. A very large portion of the web (10%+) were once freely open to all but are now controlled and monitored by a single central authority who decides for everyone who may access what web content. This does serious damage to net neutrality, privacy, and has immediate serious consequences:

  1. CloudFlare mounts mutlifaceted attacks on privacy
    1. CloudFlare is a man-in-the-middle who sees all traffic including usernames, unhashed passwords, and financial data within the HTTPS tunnel. This is done surreptitiously. Liberapay neglects to warn users and even has the nerve to threaten users with accountability in the event of a breach. From the ToS: "The organization cannot be held responsible for the consequences of negligence by the user, notably of failure by the user to secure their password." This clause is written without telling users that CloudFlare automatically sees their passwords. This means when Liberapay writes in their privacy policy "We do our best to protect everyone's privacy", it's a false statement. And when they say "we strive to collect only the personal information we actually need, and we don't sell it to anyone", it's a deception because CloudFlare sees all the traffic (note that CloudFlare charges nothing to Liberapay for their service).
    2. Cloudflare has a policy to block all Tor users by default. It's a crude, reckless and unsophisticated (but cheap) way to create the illusion of security. Collateral damage is high. Privacy takes a global hit because Cloudflare has decided what best suits their business to the detriment of everyone else.
    3. CloudFlare helps spy orgs conduct illegal surveillance two ways:
      • damage to anonymity: CF deployed an anonymity compromising Google reCAPTCHA from 2009 to mid-2020. Apart from the direct compromise by the CAPTCHA, Tor users are also driven off Tor in droves as a consequence of access inequality of Tor/non-Tor users (which constitutes a network neutrality abuse as access equality is central to net neutrality).
      • centralization of copious data on this immeasurable scale within reach of any spy org will cause that spy org to foam at the mouth -- and they will get access to it one way or another.
    4. ISPs collect data on their own customers and exploit it for profit in the US. Under Obama it became illegal for an ISP to sell data collected on their customers without express consent. Trump reversed Obama's policy in 2017. In the absence of legal protections, Tor serves as a technical protection from ISP snooping. CloudFlare's attack on Tor users facilitates privacy abuse by ISPs.
    5. The gratis service also raises the question about how CF is monetizing all that data that's exposed to them (which Liberapay recklessly increases). They do not disclose to the public how they monetize that data, but what CF cannot hide is that they seek to hire a machine learning data scientist with big data expertise for their marketing department.
    6. A CF customer who became increasingly concerned with CF's unchecked power deleted their account. Two months after CF confirmed that the account was deleted, the customer received an email from CF, proving the account had not been deleted.
    7. CF imposes execution of javascript, and javascript cannot be generally trusted. E.g., eBay has been caught sending javascript that snoops on their own customers by port scanning the LAN and reporting back to eBay. Streetwise users disable j/s. Yet it's impossible to solve CF's CAPTCHA with j/s disabled. So people are forced into vulnerability by CloudFlare (who has proven to be untrustworthy).
    8. When a user solves a CAPTCHA, CF is paid a cash reward via Paypal, a privacy abuser who shares customer data with 600 companies.
  2. CloudFlare takes away software freedom
    1. CF imposes CAPTCHAs that require the user to execute non-free javascript.
      • CF restricts how users may use their software by rendering the web dysfunctional for some browsers.
  3. CloudFlare diminishes network neutrality -- Access Equality is the centerpiece of net neutrality, while CF yields widespread access inequality.
    1. CloudFlare took a seat on the FCC's Open Internet Advisory Committee, and serves its own interest (to influence legislation against net neutrality).
    2. CloudFlare discriminates against connections coming from developing countries.
    3. CloudFlare discriminates unfairly against Tor users, those who use non-graphical browsers, and those who deploy beneficial robots.
    4. CloudFlare also discriminates against people with impairments and disabilities (details in the human rights section)
  4. CloudFlare's detriment to human rights
    1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. The labor violates the 13th amendment of the US Constitution due to involuntary servitude. The most perverse manifestation is when a citizens attempts to access a government service such as voter registration, and they're forced to solve a puzzle, the labor of which compensates CloudFlare instead of the laborer.
    2. CF discriminates against people with impairments and disabilities by imposing a proprietary "hCAPTCHA," which violates several WCAG 2.0 principles:
      • "1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language." <= hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle.
      • "1.2: Time-based media: Provide alternatives for time-based media." <= hCAPTCHA has an invisible timer that the user cannot control.
      • "1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure." <= When a user attempts to use lynx, w3m, wget, cURL, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible.
      • "2.1: Make all functionality available from a keyboard." <= The hCAPTCHA does not accept answers from the keyboard.
      • "2.2: Provide users enough time to read and use content." <= If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit.
      • "3.1: Make text content readable and understandable." <= When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand.
      • "3.2: Make web pages appear and operate in predictable ways." <= It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable.
      • "4.1.: Maximize compatibility with current and future user
        agents, including assistive technologies.        " <= When a user attempts to use lynx, w3m, wget, cURL or any other text-based tool, the blockade imposes tooling limitations on the user.
  5. CloudFlare inflicts customers and web users with excessive vulnerabilty to exploits. Liberapay claims: "We will investigate legitimate reports and make every effort to quickly resolve any vulnerability." Of course the absurdity is LP's use of CloudFlare and Amazon which grows the attack surface out of control.
    1. CloudFlare's immense centralization becomes catastrophic when a single bug emerges. The degree of damage is acutely heightened when over 10% of the web is subject to vulnerabilities on CloudFlare. The enticement for malicious hackers to find a zero-day is also greatly heightened as a result of the widespread scale of impact. Cloudbleed was a vulnerability that had serious widespread consequences. Even a simple accident at CloudFlare like a one-line erroneous regular expression brought down a huge segment of the web on July 17th, 2020.
    2. A tragedy of the commons has manifested. Website owners are baited to act independantly in their own self interest by using CloudFlare at no charge-- but each website that becomes part of CloudFlare shrinks the ethical decentralized web while incrementing the size of the centralized walled-garden which inflicts harm to everyone collectively. Each website owner only perceives CloudFlare as solving their problem but unwittingly they create a host of new problems for everyone else. It's a selfish move that occurs on a much larger scale than the quantity of selfish personalities because most of CloudFlare's patrons are kept in the dark as to the harm they're contributing to.
  6. CloudFlare's detriment to availability
    1. The CAPTCHAs are often broken.
      1. E.g.1: some browsers that block j/s always report errors communicating with the captcha server on all CF-pushed CAPTCHAs
      2. E.g.2: the CAPTCHA server itself refuses to give the puzzle saying there is too much activity.
    2. The CAPTCHAs are often unsolvable.
      1. E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?)
      2. E.g.2: the puzzle is expressed in a language the viewer doesn't understand.
    3. The CAPTCHAs block all robots indiscriminately causing collateral damage to beneficial (non-malicious) robots.
    4. GUI CAPTCHAs deny service to users of text-based web browsers. E.g. CloudFlare's GUI CAPTCHA breaks torsocks lynx 'https://www.simplyrecipes.com/recipes/buffalo_wings'. CloudFlare effectively dictates that all Tor users must use a GUI browser and in many cases it must also be javascript capable.
    5. CloudFlare uses punitive collective judgement as a consequence of mislabeling Tor traffic.
      1. "Experts say that group punishment is ineffective, counterproductive, lazy and unethical"
      2. CloudFlare's use of this technique is acutely and perversely abusive because they harm potentially as many as 70,000 users in the course of countering just one single bad actor. And worse, unlike typical uses of collective punishment this is not in the slightest a situation where the other 70,000 have any shred of influence over the one malicious user.
      3. A study finds that collective punishment is strictly counterproductive.
  7. CloudFlare's detriment to democracy
    1. CF impedes petition signing on change.org, moveon.org, and actionnetwork.org. Voters who are blocked by CF's access restrictions are effectively denied participation in democratic processes.
    2. Voter suppression: CF impedes voter registration in 8 US states (16% of voter registration sites).
  8. CloudFlare's censorship
    1. CloudFlare attacks freedom of expression.
    2. When a review exposed CloudFlare's doxxing of whistle blowers, CF censored the review.
  9. CloudFlare is a burden on the environment
    1. Images account for the most significant burden on Internet bandwidth. Naturally the most ecological web users are those who do not download images (robots, users of text browsers, and users who disable image retrieval). Because robots tend not to download images, anti-robot algorithms target all image-free sessions as robotic. CloudFlare consequently attacks the most ecological users on the web.
    2. CF forces transmission of copious bandwidth-wasting images in order to supply CAPTCHAs.
    3. hCAPTCHA uses 4 levels of nested javascript. So users with j/s disabled are often forced to reload the CAPTCHA page 4 times just to see the puzzle.
  10. False statements, deceptive practices, and poor character of CloudFlare
    1. No transparency: as Cloudflare performs a DoS attack on Tor users they obviously do not inform web owners. Web owners are usually unaware that legitimate patrons are being blocked from accessing their site. These businesses are all damaged so that one business can profit.
    2. False errors when j/s is disabled.
    3. CloudFlare deceives website visitors into believing their connection is secure (HTTPS & browser padlock) when in fact the user is MitMd.
    4. CloudFlare has been caught making false statements to the public. CF said in their FaQ: "Why should I trust Cloudflare? You don’t need to. The Cloudflare Onion Service presents the exact same certificate that we would have used for direct requests to our servers," the first part of which is incorrect. CloudFlare sees all traffic traversing their servers in the clear, regardless of how secure the tunnel to them is. So of course CloudFlare requires your trust. The second statement about certificates is non-sequitur and irrelevant to the question of trust.
    5. CloudFlare deceives users about what the problem is, causing users to blame Tor or their browser. CloudFlare suggests to Tor users who reach the CAPTCHA "If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware."
    6. Lack of human decency -- CF's mean-spirited CEO displays schadenfreude amid the grief his company has caused innovative people who use the web non-maliciously.
    7. CloudFlare asks those who anonymously report illegal conduct on their websites to reveal their true identity. Yet CF has a history of doxxing whistle blowers and making them into victims. Instead of apologizing in the child porn case, the CEO (Matthew Prince) said the whistle blowers should have used fake names. (see "CloudFlare shelters criminals")
    8. Ironically, CloudFlare spams people (despite their spam-mitigation purpose). Customers (former and current) as well as people who never used CF are receiving spam from CloudFlare. Customers receive spam from CF without express consent and possibly contrary to privacy policies.
    9. When a large profit-driven tech giant uses a non-profit fund raising
      platform to solicit donations to feed their own staff at events, it's clear that professionalism is in short supply at CloudFlare Inc.
  11. CloudFlare shelters criminals
    1. CF protects pro-ISIS websites from attack.
    2. CF protected a website that distributed child pornography. When a whistle blower reported the illegal content to CF, CF actually doxxed the people who reported it. CloudFlare revealed the whistle blowers identities directly to the website owner, who then published their names and email addresses to provoke retaliatory attacks on the whistle blowers! Instead of apologizing, the CEO (Matthew Prince) said the whistle blowers should have used fake names.
Liberapay is hosted by Amazon

Liberapay pays Amazon for hosting, which puts LP's own customers at a proven risk of a data breach and ultimately finances copious abuses of privacy, human rights, civil liberties, the environment, etc:

  1. Amazon mounts mutlifaceted attacks on privacy
    1. Amazon is making an astronomical investment in facial recognition to exploit a market worth $8 billion which will destroy physical travel privacy worldwide. Amazon's innaccurate technology erroneously matched 100 US and UK politicians to criminals. Amazon also developed the technology by unlawfully using people's images without consent to train facial recognition products.
    2. Amazon deploys Ring and Alexa to surveil neighborhoods and surveil the inside of homes.
      1. Amazon keeps Alexa recordings and transcripts indefinitely
    3. Amazon’s Echo and the smart TVs monitor everything you do
    4. Amazon paid $195k to fight privacy in CA. by lobbying against the CCPA.
    5. Amazon supported CISA.
    6. War on cash is war on privacy: Amazon's grocery stores do not accept cash. They impose the same surveillance as ordering online from Amazon. Cashless shops discriminate against the 6.5% of the US population that does not have a bank account.
    7. Amazon spent $30 million and ranked in the top 5 promoters of Facebook ads in 2012 (thus substantially feeding a privacy abuser).
    8. Facebook and Amazon made a secret deal with to give Amazon access to Facebook's data about users.
    9. The Kindle Swindle informs Amazon when the user reads books that didn't come from Amazon. It also tells Amazon which pages each user reads.
    10. Amazon distributes NRAtv which promotes a privacy-hostile political party and the resulting policies. Also sells the Trump line of suits in their webshop.
    11. Sensitive data for 100 million people banking at Capital One was leaked by an Amazon worker. Amazon refuses blame for it and Liberapay agrees.
  2. Amazon is responsible for human rights and civil liberties abuses
    1. Amazon supplies unlawfully developed facial recognition to law enforcement who use it to abuse civil liberties, despite protest by Amazon employees, 40 civil rights organizations, and 150,000 petitioners.
    2. Amazon supplies AWS to ICE and Palantir, a database firm that exploits social media to facilitate ICE and CBP to enforce Trump's inhumane zero tolerance immigration policy that entails child-parent separation. Palantir was also co-founded by a notorious xenophobic and billionaire backer of Donald Trump: Peter Thiel. Peter Thiel founded Palantir to help ICE deploy algorithms that find people to deport. Peter Thiel called Google "unpatriotic" for "not embracing opportunities to work with federal agencies" thinking that Google appeased employees who opposed inhumane treatment of immigrants (he was unaware that Google's announcement and action differed).
    3. Amazon supports Breitbart (the right-wing extremist site) by advertising there.
    4. Amazon uses FedEx (an NRA-supporting ALEC member who feeds republican warchests via ALEC and NRA [republican policy is xenophobic and detrimental to gun control and individual privacy]).
    5. Amazon in Germany hired "security" guards from a company of Nazi sympathizers to intimidate and repress foreign workers. Reporters came to cover this, and the guards tried to arrest them and take their cameras. (2013)
  3. Amazon is detrimental to consumer rights
    1. Amazon distributes ebooks in a way that strips users of many freedoms.
    2. The Amazon Kindle has a back door that can erase books. Amazon was caught remotely erasing thousands of copies of 1984.
    3. Amazon rents textbooks to students with a requirement not to take them across state lines.
  4. Amazon is notorious for mistreating employees despite its wealth and growth.
    1. Amazon runs an extreme sweatshop that diminishes quality of life. The consequential mental health crisis is evidenced by 189 calls from Amazon warehouses to 911 in five years.
      1. Amazon drug tests its employees, thus intruding on their privacy outside the workplace and also harming their healthcare.
    2. oppressive and callous attitude toward staff.
    3. 55-hour work weeks
    4. 90,000+ warehouse employees treated like cattle (7 examples)
  5. Amazon proliferates censorship
    1. Amazon has partnered with the MPAA to campaign for repression of sharing on the net.
    2. Amazon cut off service to Wikileaks, claiming that whistle-blowing violates its terms of service.
  6. Amazon is detrimental to the environment
    1. Amazon powers 50% of their servers with unclean energy.
    2. Amazon's excessive packaging destroys 1 billion trees annually. (examples)
    3. Amazon retaliates against employees who seek climate action.
    4. Amazon works for BP and Shell to deliver a machine learning service to discover locations to drill for oil and gas.
    5. Amazon has been caught financing climate deniers.
Liberapay accepts Paypal
  1. Paypal is a privacy abuser.
    1. PayPal shares customers' data with 600 companies
    2. PayPal goes overboard on the KYC, blocking accounts on KYC grounds when enough info is known to legally service an account. So PayPal is a privacy abuser.
  2. Paypal is detrimental to civil liberties
    1. PayPal has a history littered with power-abusing payment blockades that are often politically motivated to benefit right-wing agendas. E.g.:
      1. PayPal blocked Iraq War resisters.
      2. PayPal blocked Wikileaks.
      3. PayPal blocked an account intended to raise money for the distribution of Boris Nemtsov's report "Putin. War", which details Russia's intervention in Ukraine.
  3. Paypal's greed cheats people out of money they're entitled to.
    1. PayPal declined to pay a reward offered in its Bug Bounty Program to a 17-year-old German student who had reported a cross-site scripting flaw on its site.
    2. PayPal is often reported to simply take customers' money or deny them access as they arbitrarily freeze the accounts of many people.
  4. Paypal is detrimental to consumer rights.
    1. Hundreds of consumers complain about PayPal annually on the Consumer Affairs website. By 2016, there were over 1200 complaints.
    2. Staff becomes unreachable and website becomes inoperable when trying to unfreeze accounts.
    3. PayPal algorithmically uses money laundering triggers that are so arbitrary that PayPal's customer service don't know themselves why accounts get frozen.
  5. PayPal neglects to adhere to banking regulations by claiming PayPal is not a bank.
Liberapay accepts American Express

(reference)

  1. Amex is a member of the American Enterprise Institute (AEI). The AEI for Public Policy Research is a non-profit influential right-wing think tank that advocates for lower taxes, fewer protections for consumers and the environment, and cuts to the social safety net. Specifically, AEI finances climate denial propaganda and was caught bribing climate change scientists and economists $10k ea. to undermine climate change reporting.
  2. Amex is a member of American Legislative Exchange Council (ALEC). ALEC doubles as a superPAC and bill mill that lobbies and writes policy for U.S. republicans to:
    1. fight affirmative action
    2. fight public healthcare
    3. fight public education
    4. fight immigration
    5. fight gun control
    6. fight environmental protection
    7. fight worker's rights
    8. fight consumer protections
    9. support voter suppression policy
    10. finance republicans
  3. Amex favors US republican candidates with politican contributions (55% R/41% D)
  4. American Express blocks Wikileaks
  5. Amex supported CISPA
  6. Amex was the 9th highest patron of Facebook advertising in 2015
Liberapay accepts Visa and Mastercard
  1. War on cash is war on privacy. Visa and Mastercard are both members of the Better than Cash Alliance, and organization bent on eliminating cash. Visa also offered $10k to merchants who agree to refuse cash.
  2. Visa blocked payments to Wikileaks, thus proactively intervening to suppress whistle-blowing while undermining peoples' control over their own charitable donations.
  3. Visa and Mastercard blocked payments to Wikileaks -- but they're okay with serving the KKK.
  4. Visa and Mastercard supported CISPA
  5. Visa spends millions annually on Facebook advertising ($15M in 2012 alone)
  6. Visa and Mastercard sell customer data to data brokers unless they opt-out. Mastercard's opt-out page blocks Tor, thus forcing privacy seekers to reveal their IP address to Mastercard, which can be traced back to their identity.
  7. Visa sponsored the NFL during the "Take A Knee" protest, thus taking a speech-chilling stand against athletes who protested police brutality.
  8. Mastercard is partnered with Microsoft.
Liberapay uses Microsoft for development

(reference)

  1. Microsoft harms the environment by serving the two most destructive oil companies in the world: ExxonMobil and Chevron.
    1. #ExxonKnew: Exxon notoriously knew about climate change since 1977. They not only kept it secret from the public, but they also financed a disinformation campaign.
    2. Microsoft and Chevron were caught each paying $100k to "the Cloakroom", a project to hide bribes going from large corporations to republican politicians.
    3. Chevron's right-leaning stance is further pushed through its membership with ALEC, which doubles as a superPAC and bill mill that lobbies and writes policy for U.S. republicans.
  2. Microsoft is a notorious privacy abuser:
    1. Microsoft supported CISPA and collaborates with the NSA.
    2. Microsoft paid $195k to fight the California Consumer Privacy Act (CCPA).
    3. In 2012 Microsoft spent $35 million on Facebook ads and in 2015 Microsoft was the third biggest spender on Facebook ads in the world.
    4. Microsoft proxies through Accenture to make Sweden cashless. The war on cash is war on privacy.
    5. Microsoft owns and operates Outlook Email and the LinkedIn social media site, both of which are exclusive walled-gardens that limit participation to those who have a phone number and the will to share it with Microsoft.
    6. MS failed to secure Github, which was breached to the tune of 500gb of private projects. Security incompetence is further showcased by an MS-imposed requirement to create and account and sign in to report an MS security bug. And for those not discouraged by that, the sign-in page is also broken. Then security was breached again in July 2020 when OAuth tokens were stolen from both Github and Gitlab.com.
    7. MS unlawfully used people's images without consent to train their facial recognition products
    8. Microsoft distributes a nonfree operating system, Microsoft Windows, which is jam-packed with malicious functionalities, including surveillance of users, DRM, censorship and a universal back door.
    9. MS was caught surreptitiously recording Xbox users and paying contractors to listen to the recordings.
    10. Dutch government commissioned a study which found Microsoft to have several GDPR violations. E.g. Office 365 violates GDPR article 51.c, GDPR article 17, and stores the data outside the EEA (may also be a GDPR breach).
  3. Microsoft is detrimental to human rights and democracy
    1. MS suppresses democracy by blocking Github access to a project that facilitates protests in Catalonia.
    2. Microsoft finances AnyVision to produce facial recognition technology that the Israeli military uses as a weapon against the Palestinian people who they oppress in their occupation. Note that Israeli snipers murdered an unarmed civilian Palestinian medic (in breach of the Geneva Convention) then edited the video to deceive the public for PR damage control.
    3. Microsoft supports ICE in a variety of ways in the course of ICE's implementation of Trump's xenophobic border policies. Microsoft services an ICE contract worth $19.4 million dollars despite protest from employees. In addition to MS Office products, Microsoft has renewed a Github contract and also supplies cloud computing through its Azure platform.
    4. MS partnered with FedEx, an NRA-supporting ALEC member as well as JP Morgan Chase, the most evil bank in the world.
    5. MS conceals US military contracts to bias PR and dodge social accountablity. They have a much bigger piece these contracts than the rest of MACFANG, they lack Googles AI principles, and unlike Google they ignore employee protest and petitions.
  4. MS is among the top 15 recipients of Trump's corporate tax breaks, a benefit of $128 billion. Microsoft sacked hundreds of employees immediately after receiving the tax breaks in February 2018.
  5. MS is anti-consumer and anti-competitive
    1. MS tricked users into "upgrading" to Windows 10, which sabotages users in a variety of ways, one of which is to prevent cloud-free accounts.
    2. MS strong-armed nearly all PC manufacturers charge every buyer for an MS Windows license regardless of whether the user actually wants Windows.
    3. MS hoards software patents and uses them to fight free software.

Click the arrows above to expand ethical issues behind rationale with supporting facts cited.

A diagram of Liberapay's detrimental relationships is attached.

| | centralized service | |----|----| | The most unethical **CDN** in the world: | CloudFlare | | The most unethical **hosting provider** in the world: | Amazon AWS | | The most unethical **payment processor** in the world: | Paypal | | The most unethical **credit card network** in the world: | American Express | | The 2nd most unethical **credit card network** in the world: | Visa | | The 2nd most unethical **git hoster** in the world: | Microsoft Github (second to gitlab.com) | <details> <summary>Liberapay is a CloudFlare website</summary> Liberapay is centralized in the private walled-garden of **CloudFlare**. CloudFlare is a vigilante extremist organization that takes the decentralized web and centralizes it under one corporate power who dictates terms in the worlds largest walled-garden. A very large portion of the web (10%+) were once freely open to all but are now controlled and monitored by a single central authority who decides for everyone who may access what web content. This does serious damage to net neutrality, privacy, and has immediate serious consequences: 1. CloudFlare mounts mutlifaceted attacks on **privacy** 1. CloudFlare is a man-in-the-middle who [sees all traffic](http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem) including usernames, unhashed passwords, and financial data within the HTTPS tunnel. This is done surreptitiously. Liberapay neglects to warn users and even has the nerve to threaten users with accountability in the event of a breach. From the [ToS](https://liberapay.com/about/legal): "*The organization cannot be held responsible for the consequences of negligence by the user, notably of failure by the user to secure their password.*" This clause is written without telling users that CloudFlare automatically sees their passwords. This means when Liberapay writes in their [privacy policy](https://liberapay.com/about/privacy) "*We do our best to protect everyone's privacy*", it's a false statement. And when they say "*we strive to collect only the personal information we actually need, and we don't sell it to anyone*", it's a deception because CloudFlare sees [all the traffic](https://cypherpunk.is/2015/04/02/why-cloudflare-is-probably-a-honeypot) (note that CloudFlare charges nothing to Liberapay for their service). 1. Cloudflare has a policy to block all Tor users by default. It's a crude, reckless and unsophisticated (but cheap) way to create the illusion of security. [Collateral damage is high](https://blog.torproject.org/trouble-cloudflare). Privacy takes a global hit because Cloudflare has decided what best suits their business to the detriment of everyone else. 1. CloudFlare helps spy orgs conduct illegal surveillance two ways: * damage to anonymity: CF deployed an [anonymity compromising](https://cryptome.org/2016/07/cloudflare-de-anons-tor.htm) Google reCAPTCHA from 2009 to mid-2020. Apart from the direct compromise by the CAPTCHA, Tor users are also [driven off](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf) Tor in droves as a consequence of access inequality of Tor/non-Tor users (which constitutes a network neutrality abuse as access equality is central to net neutrality). * centralization of copious data on this immeasurable scale within reach of any spy org will cause that spy org to [foam at the mouth](https://www.reddit.com/r/privacy/comments/b8dptl/another_landmark_day_in_the_war_to_control/ejxmmhq) -- and they will get access to it one way or another. 1. ISPs collect data on their own customers and exploit it for profit in the US. Under Obama it became illegal for an ISP to sell data collected on their customers without express consent. Trump [reversed](https://www.nbcnews.com/news/us-news/trump-signs-measure-let-isps-sell-your-data-without-consent-n742316) Obama's policy in 2017. In the absence of legal protections, Tor serves as a technical protection from ISP snooping. CloudFlare's attack on Tor users facilitates privacy abuse by ISPs. 1. The gratis service also raises the question about how CF is monetizing all that data that's exposed to them (which Liberapay recklessly increases). They do not disclose to the public how they monetize that data, but what CF cannot hide is that they [seek to hire](https://web.archive.org/web/20200704235401/www.datayoshi.com/offer/595856/data-scientist-cloudflare) a machine learning data scientist with *big data* expertise for their marketing department. 1. A CF customer who became increasingly concerned with CF's unchecked power deleted their account. Two months after CF confirmed that the account was deleted, the customer [received an email](https://shkspr.mobi/blog/2019/11/can-you-trust-cloudflare-with-your-personal-data) from CF, proving the account had not been deleted. 1. CF imposes execution of javascript, and javascript cannot be generally trusted. E.g., eBay has [been caught](http://web.archive.org/web/20200526092506/blog.nem.ec/2020/05/24/ebay-port-scanning) sending javascript that snoops on their own customers by port scanning the LAN and reporting back to eBay. Streetwise users disable j/s. Yet it's impossible to solve CF's CAPTCHA with j/s disabled. So people are forced into vulnerability by CloudFlare (who has proven to be untrustworthy). 1. When a user solves a CAPTCHA, CF is [paid](https://docs.hcaptcha.com/faq) a cash reward via Paypal, a privacy abuser who shares customer data with [600 companies](https://www.schneier.com/blog/archives/2018/03/the_600_compani.html). 1. CloudFlare takes away **software freedom** 1. CF imposes CAPTCHAs that require the user to execute non-free javascript. * CF restricts how users may use their software by rendering the web dysfunctional for some browsers. 1. CloudFlare diminishes **network neutrality** -- *Access Equality* is the centerpiece of net neutrality, while CF yields widespread access *inequality*. 1. CloudFlare took a seat on the FCC's [Open Internet Advisory Committee](https://web.archive.org/web/20190203014215/https://www.fcc.gov/about-fcc/advisory-committees/general/open-internet-advisory-committee), and serves its own interest (to influence legislation against net neutrality). 1. CloudFlare [discriminates](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf#page=6) against connections coming from developing countries. 1. CloudFlare discriminates unfairly against Tor users, those who use non-graphical browsers, and those who deploy beneficial robots. 1. CloudFlare also discriminates against people with impairments and disabilities (details in the human rights section) 1. CloudFlare's detriment to **human rights** 1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. The labor violates the 13th amendment of the US Constitution due to involuntary servitude. The most perverse manifestation is when a citizens attempts to access a government service such as voter registration, and they're forced to solve a puzzle, the labor of which compensates CloudFlare instead of the laborer. 1. CF discriminates against people with impairments and disabilities by imposing a proprietary "hCAPTCHA," which violates several [WCAG 2.0 principles](https://en.wikipedia.org/wiki/Web_Content_Accessibility_Guidelines): * "*1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.*" <= hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle. * "*1.2: Time-based media: Provide alternatives for time-based media.*" <= hCAPTCHA has an invisible timer that the user cannot control. * "*1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.*" <= When a user attempts to use `lynx`, `w3m`, `wget`, `cURL`, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible. * "*2.1: Make all functionality available from a keyboard.*" <= The hCAPTCHA does not accept answers from the keyboard. * "*2.2: Provide users enough time to read and use content.*" <= If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit. * "*3.1: Make text content readable and understandable.*" <= When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand. * "*3.2: Make web pages appear and operate in predictable ways.*" <= It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable. * "*4.1.: Maximize compatibility with current and future user agents, including assistive technologies.*" <= When a user attempts to use `lynx`, `w3m`, `wget`, `cURL` or any other text-based tool, the blockade imposes tooling limitations on the user. 1. CloudFlare inflicts customers and web users with excessive **vulnerabilty** to exploits. Liberapay [claims](https://hackerone.com/liberapay?type=team): "*We will investigate legitimate reports and make every effort to quickly resolve any vulnerability.*" Of course the absurdity is LP's use of CloudFlare and Amazon which grows the attack surface out of control. 1. CloudFlare's immense centralization becomes catastrophic when a single bug emerges. The degree of damage is acutely heightened when over 10% of the web is subject to vulnerabilities on CloudFlare. The enticement for malicious hackers to find a zero-day is also greatly heightened as a result of the widespread scale of impact. *Cloudbleed* was a vulnerability that had serious widespread consequences. Even a simple accident at CloudFlare like a one-line erroneous regular expression brought down a huge segment of the web on July 17th, 2020. 1. A *tragedy of the commons* has manifested. Website owners are baited to act independantly in their own self interest by using CloudFlare at no charge-- but each website that becomes part of CloudFlare shrinks the ethical decentralized web while incrementing the size of the centralized walled-garden which inflicts harm to everyone collectively. Each website owner only perceives CloudFlare as solving their problem but unwittingly they create a host of new problems for everyone else. It's a selfish move that occurs on a much larger scale than the quantity of selfish personalities because most of CloudFlare's patrons are kept in the dark as to the harm they're contributing to. 1. CloudFlare's detriment to **availability** 1. The CAPTCHAs are often broken. 1. E.g.1: some browsers that block j/s always report errors communicating with the captcha server on all CF-pushed CAPTCHAs 1. E.g.2: the CAPTCHA server itself refuses to give the puzzle saying there is too much activity. 1. The CAPTCHAs are often unsolvable. 1. E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?) 1. E.g.2: the puzzle is expressed in a language the viewer doesn't understand. 1. The CAPTCHAs block all robots indiscriminately causing collateral damage to beneficial (non-malicious) robots. 1. GUI CAPTCHAs deny service to users of text-based web browsers. E.g. CloudFlare's GUI CAPTCHA breaks `torsocks lynx 'https://www.simplyrecipes.com/recipes/buffalo_wings'`. CloudFlare effectively dictates that all Tor users must use a GUI browser and in many cases it must also be javascript capable. 1. CloudFlare uses punitive collective judgement as a consequence of mislabeling Tor traffic. 1. "[Experts say that group punishment is ineffective, counterproductive, lazy and unethical](https://mypointexactly.wordpress.com/2009/07/21/group-punishment-ineffective-unethical)" 1. CloudFlare's use of this technique is acutely and perversely abusive because they harm potentially as many as 70,000 users in the course of countering just one single bad actor. And worse, unlike typical uses of collective punishment this is not in the slightest a situation where the other 70,000 have any shred of influence over the one malicious user. 1. A study [finds](http://www.nyu.edu/gsas/dept/politics/faculty/dickson/dickson_collectivepunishment.pdf) that collective punishment is strictly counterproductive. 1. CloudFlare's detriment to **democracy** 1. CF impedes petition signing on change.org, moveon.org, and actionnetwork.org. Voters who are blocked by CF's access restrictions are effectively denied participation in democratic processes. 1. Voter suppression: CF impedes voter registration in 8 US states (16% of voter registration sites). 1. CloudFlare's **censorship** 1. CloudFlare [attacks freedom of expression](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf#page=2). 1. When a review exposed CloudFlare's doxxing of whistle blowers, CF [censored](https://nitter.net/phyzonloop/status/1178836176985366529) the review. 1. CloudFlare is a burden on the **environment** 1. Images account for the [most significant](http://www.aptivate.org/webguidelines/Images.html) burden on Internet bandwidth. Naturally the most ecological web users are those who do not download images (robots, users of text browsers, and users who disable image retrieval). Because robots tend not to download images, anti-robot algorithms target all image-free sessions as robotic. CloudFlare consequently attacks the most ecological users on the web. 1. CF forces transmission of copious bandwidth-wasting images in order to supply CAPTCHAs. 1. hCAPTCHA uses 4 levels of nested javascript. So users with j/s disabled are often forced to reload the CAPTCHA page 4 times just to see the puzzle. 1. **False statements, deceptive practices, and poor character of CloudFlare** 1. No transparency: as Cloudflare performs a DoS attack on Tor users they obviously do not inform web owners. Web owners are usually unaware that legitimate patrons are being blocked from accessing their site. These businesses are all damaged so that one business can profit. 1. False errors when j/s is disabled. 1. CloudFlare [deceives](http://cryto.net/~joepie91/blog/2016/07/14/cloudflare-we-have-a-problem/) website visitors into believing their connection is secure (HTTPS & browser padlock) when in fact the user is MitMd. 1. CloudFlare has been caught making false statements to the public. CF said in their [FaQ](https://web.archive.org/web/20180926003344/https://blog.cloudflare.com/cloudflare-onion-service/#why-should-i-trust-cloudflare): "*Why should I trust Cloudflare? You don’t need to. The Cloudflare Onion Service presents the exact same certificate that we would have used for direct requests to our servers,*" the first part of which is incorrect. CloudFlare sees all traffic traversing their servers in the clear, regardless of how secure the tunnel to them is. So of course CloudFlare requires your trust. The second statement about certificates is non-sequitur and irrelevant to the question of trust. 1. CloudFlare [deceives](https://people.torproject.org/~lunar/20160331-CloudFlare_Fact_Sheet.pdf#page=4) users about what the problem is, causing users to blame Tor or their browser. CloudFlare suggests to Tor users who reach the CAPTCHA "If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware." 1. Lack of human decency -- CF's mean-spirited CEO [displays](https://nitter.net/eastdakota/status/1273277839102656515) [schadenfreude](https://en.wikipedia.org/wiki/Schadenfreude) amid the grief his company has caused innovative people who use the web non-maliciously. 1. CloudFlare asks those who anonymously report illegal conduct on their websites to reveal their true identity. Yet CF has a history of doxxing whistle blowers and making them into victims. Instead of apologizing in the child porn case, the CEO (Matthew Prince) said the whistle blowers [should have used fake names](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5). (see "CloudFlare shelters criminals") 1. Ironically, CloudFlare spams people (despite their spam-mitigation purpose). Customers (former and current) as well as people who never used CF are receiving spam from CloudFlare. Customers [receive spam](https://nitter.net/thexpaw/status/1108424723233419264) from CF without express consent and possibly contrary to privacy policies. 1. When a large profit-driven tech giant uses a non-profit fund raising platform to [solicit donations](https://web.archive.org/web/20191112033605/https://opencollective.com/cloudflarecollective#section-about) to feed their own staff at events, it's clear that professionalism is in short supply at CloudFlare Inc. 1. CloudFlare **shelters criminals** 1. CF [protects](https://www.theguardian.com/technology/2015/nov/19/cloudflare-accused-by-anonymous-helping-isis) pro-ISIS websites from attack. 1. CF protected a website that distributed child pornography. When a whistle blower reported the illegal content to CF, CF actually [doxxed](https://boingboing.net/2015/01/19/invasion-boards-set-out-to-rui.html) the people who reported it. CloudFlare revealed the whistle blowers identities directly to the website owner, who then published their names and email addresses to provoke retaliatory attacks on the whistle blowers! Instead of apologizing, the CEO (Matthew Prince) said the whistle blowers [should have used fake names](https://web.archive.org/web/20171024040313/http://www.businessinsider.com/cloudflare-ceo-suggests-people-who-report-online-abuse-use-fake-names-2017-5). </details> <details> <summary>Liberapay is hosted by Amazon</summary> Liberapay pays **Amazon** [for hosting](https://liberapay.com/about/legal), which puts LP's own customers at a [proven](https://www.forbes.com/sites/rachelsandler/2019/07/29/capital-one-says-hacker-breached-accounts-of-100-million-people-ex-amazon-employee-arrested) risk of a data breach and ultimately finances copious abuses of privacy, human rights, civil liberties, the environment, etc: 12. Amazon mounts mutlifaceted attacks on **privacy** 1. Amazon is making an astronomical investment in facial recognition to exploit a market worth [$8 billion](https://www.forbes.com/sites/korihale/2020/06/15/amazon-microsoft--ibm-slightly-social-distancing-from-the-8-billion-facial-recognition-market) which will destroy physical travel privacy worldwide. Amazon's innaccurate technology [erroneously matched](https://www.independent.co.uk/life-style/gadgets-and-tech/news/amazon-facial-recognition-false-positives-recognition-congress-criminals-a9536351.html) 100 US and UK politicians to criminals. Amazon also developed the technology by [unlawfully](https://www.cnet.com/news/amazon-google-and-microsoft-sued-over-photos-in-facial-recognition-database) using people's images without consent to train facial recognition products. 1. Amazon deploys Ring and Alexa to surveil neighborhoods and surveil the inside of homes. 1. Amazon keeps Alexa recordings and transcripts [indefinitely](https://arstechnica.com/tech-policy/2019/07/amazon-confirms-it-keeps-your-alexa-recordings-basically-forever/) 1. [Amazon’s Echo and the smart TVs monitor everything you do](https://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance) 1. Amazon [paid](http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1) $195k to fight privacy in CA. by lobbying [against the CCPA](https://arstechnica.com/tech-policy/2018/04/facebook-donated-200000-to-kill-a-privacy-law-but-now-its-backtracking/). 1. Amazon supported CISA. 1. *War on cash* is war on privacy: Amazon's grocery stores [do not accept cash](http://motherboard.vice.com/read/amazon-go-isnt-trying-to-kill-cashier-jobs-its-after-something-bigger). They impose the same surveillance as ordering online from Amazon. Cashless shops discriminate against the [6.5% of the US population](https://www.fastcompany.com/90389594/aclu-cash-free-retail-amazon-sweetgreen-privacy) that does not have a bank account. 1. Amazon spent $30 million and ranked in the top 5 promoters of Facebook ads in 2012 (thus substantially feeding a privacy abuser). 1. Facebook and Amazon made [a secret deal](https://gizmodo.com/amazon-and-facebook-reportedly-had-a-secret-data-sharin-1831192148) with to give Amazon access to Facebook's data about users. 1. The Kindle Swindle informs Amazon when the user reads books that didn't come from Amazon. It also tells Amazon which pages each user reads. 1. Amazon distributes NRAtv which promotes a privacy-hostile political party and the resulting policies. Also sells the Trump line of suits in their webshop. 1. Sensitive data for 100 million people banking at Capital One was [leaked](https://www.forbes.com/sites/rachelsandler/2019/07/29/capital-one-says-hacker-breached-accounts-of-100-million-people-ex-amazon-employee-arrested) by an Amazon worker. Amazon [refuses blame](https://web.archive.org/web/20200618091312/https://www.newsweek.com/amazon-capital-one-hack-data-leak-breach-paige-thompson-cybercrime-1451665) for it and [Liberapay agrees](https://mastodon.xyz/@Liberapay/104417896428193223). 1. Amazon is responsible for **human rights** and **civil liberties** abuses 1. Amazon [supplies](https://www.seattletimes.com/business/amazon-employees-demand-company-cut-ties-with-ice/) [unlawfully developed](https://www.cnet.com/news/amazon-google-and-microsoft-sued-over-photos-in-facial-recognition-database) facial recognition to law enforcement who use it to abuse civil liberties, despite [protest](https://thehill.com/business-a-lobbying/393583-amazon-employees-protest-sale-of-facial-recognition-tech-to-law) by Amazon employees, 40 civil rights organizations, and [150,000 petitioners](https://www.zdnet.com/article/now-amazon-employees-rebel-end-police-facial-recognition-contracts-ice-support). 1. Amazon [supplies](https://thehill.com/business-a-lobbying/393583-amazon-employees-protest-sale-of-facial-recognition-tech-to-law) AWS [to ICE](https://www.usaspending.gov/#/award/62522780) and Palantir, a database firm that exploits social media to [facilitate](https://www.govtech.com/biz/Documents-Reveal-ICE-Used-Palantir-for-Deportations.html) ICE and CBP to enforce Trump's inhumane *zero tolerance* immigration policy that entails child-parent separation. Palantir was also co-founded by a notorious xenophobic and billionaire backer of Donald Trump: Peter Thiel. Peter Thiel founded Palantir to [help ICE](https://www.businessinsider.com/us-customs-border-protection-testing-google-cloud-anthos-2019-8?international=true&r=US&IR=T) deploy algorithms that find people to deport. Peter Thiel called Google "unpatriotic" for "[not embracing opportunities](https://www.businessinsider.com/us-customs-border-protection-testing-google-cloud-anthos-2019-8?international=true&r=US&IR=T) to work with federal agencies" thinking that Google appeased employees who opposed inhumane treatment of immigrants (he was unaware that Google's announcement and action differed). 1. Amazon supports Breitbart (the right-wing extremist site) by [advertising](http://www.valuewalk.com/2017/02/337k-amazon-ceo-jeff-bezos-stop-advertising-breitbart) there. 1. Amazon uses FedEx (an NRA-supporting ALEC member who feeds republican warchests via ALEC and NRA [republican policy is xenophobic and detrimental to gun control and individual privacy]). 1. Amazon in Germany [hired](https://www.independent.co.uk/news/world/europe/amazon-used-neo-nazi-guards-to-keep-immigrant-workforce-under-control-in-germany-8495843.html) "security" guards from a company of Nazi sympathizers to intimidate and repress foreign workers. Reporters came to cover this, and the guards tried to arrest them and take their cameras. (2013) 1. Amazon is detrimental to **consumer rights** 1. Amazon distributes ebooks in a way that [strips](http://gnu.org/philosophy/the-danger-of-ebooks.html) users of many freedoms. 1. The Amazon Kindle has a back door that can erase books. Amazon was [caught](http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others) remotely erasing thousands of copies of 1984. 1. Amazon rents textbooks to students with a requirement not to take them [across state lines](http://www.insidehighered.com/news/2013/08/16/amazon-restricts-students-bringing-certain-textbook-rentals-across-state-lines). 1. Amazon is notorious for **mistreating employees** despite its wealth and growth. 1. Amazon runs an extreme sweatshop that diminishes quality of life. The consequential mental health crisis is [evidenced](https://gizmodo.com/report-amazon-warehouses-called-911-for-mental-health-1833220938) by 189 calls from Amazon warehouses to 911 in five years. 1. Amazon drug tests its employees, thus intruding on their privacy outside the workplace and also harming their healthcare. 1. [oppressive and callous attitude](https://www.independent.co.uk/news/business/news/amazon-devastating-expose-accuses-internet-retailer-of-oppressive-and-callous-attitude-to-staff-10458159.html) toward staff. 1. [55-hour work weeks](https://www.independent.co.uk/news/uk/home-news/amazon-workers-working-hours-weeks-conditions-targets-online-shopping-delivery-a8079111.html) 1. 90,000+ warehouse employees treated like cattle ([7 examples](https://www.pastemagazine.com/articles/2017/12/7-examples-how-amazon-treats-their-90000-warehouse.html)) 1. Amazon proliferates **censorship** 1. Amazon has [partnered with the MPAA](https://torrentfreak.com/inside-the-mpaa-netflix-amazon-global-anti-piracy-alliance-170918/) to campaign for repression of sharing on the net. 1. Amazon cut off service to Wikileaks, claiming that [whistle-blowing violates its terms of service](http://www.guardian.co.uk/media/blog/2010/dec/03/wikileaks-knocked-off-net-dns-everydns). 1. Amazon is detrimental to the **environment** 1. Amazon [powers](https://www.greenamerica.org/blog/10-reasons-not-shop-amazon-prime) 50% of their servers with unclean energy. 1. Amazon's excessive packaging [destroys](https://www.forbes.com/sites/jonbird1/2018/07/29/what-a-waste-online-retails-big-packaging-problem) 1 billion trees annually. ([examples](https://www.buzzfeed.com/morenikeadebayo/amazon-packaging-needs-to-chill-the-fuck-out)) 1. Amazon [retaliates](https://www.tbray.org/ongoing/When/202x/2020/04/29/Leaving-Amazon) against employees who seek climate action. 1. Amazon works for BP and Shell to deliver a [machine learning service](http://qklhadlycap4cnod.onion/watch?v=v3n8txX3144) to discover locations to drill for oil and gas. 1. Amazon has [been caught](https://www.theguardian.com/environment/2019/oct/11/google-contributions-climate-change-deniers) financing climate deniers. </details> <details> <summary>Liberapay accepts Paypal</summary> 18. Paypal is a **privacy** abuser. 1. PayPal shares customers' data with [600 companies](https://www.schneier.com/blog/archives/2018/03/the_600_compani.html) 1. PayPal goes overboard on the KYC, blocking accounts on KYC grounds when enough info is known to legally service an account. So PayPal is a privacy abuser. 1. Paypal is detrimental to civil liberties 1. PayPal has a history [littered](https://en.wikipedia.org/wiki/PayPal#Criticism) with power-abusing payment blockades that are often politically motivated to benefit right-wing agendas. E.g.: 1. PayPal [blocked Iraq War resisters](https://en.wikipedia.org/wiki/PayPal#Criticism). 1. PayPal [blocked Wikileaks](https://www.forbes.com/sites/andygreenberg/2010/12/07/visa-mastercard-move-to-choke-wikileaks). 1. PayPal [blocked](https://www.economist.com/europe/2015/05/13/boris-nemtsovs-parting-shot) an account intended to raise money for the distribution of Boris Nemtsov's report "Putin. War", which details Russia's intervention in Ukraine. 1. Paypal's greed cheats people out of money they're entitled to. 1. PayPal [declined](https://www.pcworld.com/article/2039940/paypal-denies-teenager-reward-for-finding-website-bug.html) to pay a reward offered in its [Bug Bounty Program](https://hackerone.com/paypal) to a 17-year-old German student who had reported a cross-site scripting flaw on its site. 1. PayPal is often reported to simply take customers' money or deny them access as they [arbitrarily freeze](https://www.globes.co.il/news/article.aspx?did=1000998078) the accounts of [many people](https://mywifequitherjob.com/why-paypal-freezes-or-limits-accounts-and-how-to-prevent-this-from-happening-to-you). 1. Paypal is detrimental to consumer rights. 1. Hundreds of consumers complain about PayPal annually on the [Consumer Affairs website](https://www.consumeraffairs.com/online/paypal_02.html). By 2016, there were over 1200 complaints. 1. Staff becomes unreachable and website becomes inoperable when trying to [unfreeze](https://mirasee.com/blog/paypal) accounts. 1. PayPal algorithmically uses money laundering triggers that are so arbitrary that PayPal's customer service [don't know themselves](https://www.computerweekly.com/blog/Cliff-Sarans-Enterprise-blog/PayPal-money-laundering-nonsense) why accounts get frozen. 1. PayPal neglects to adhere to banking regulations by [claiming](https://www.cnet.com/news/feds-paypal-not-a-bank) PayPal is not a bank. </details> <details> <summary>Liberapay accepts American Express</summary> ([reference](https://liberapay.com/about/faq)) 23. Amex is a member of the American Enterprise Institute (AEI). The AEI for Public Policy Research is a non-profit influential right-wing think tank that advocates for lower taxes, **fewer protections for consumers and the environment**, and **cuts to the social safety net**. Specifically, AEI finances **climate denial propaganda** and was caught bribing climate change scientists and economists $10k ea. to undermine climate change reporting. 1. Amex is a member of American Legislative Exchange Council (ALEC). ALEC doubles as a superPAC and bill mill that lobbies and writes policy for U.S. republicans to: 1. fight affirmative action 1. [fight public healthcare](https://www.alecexposed.org/wiki/Health,_Pharmaceuticals,_and_Safety_Net_Programs) 1. [fight public education](https://www.alecexposed.org/wiki/Privatizing_Public_Education,_Higher_Ed_Policy,_and_Teachers) 1. [fight immigration](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration) 1. [fight gun control](https://www.alecexposed.org/wiki/Guns,_Prisons,_Crime,_and_Immigration) 1. [fight environmental protection](https://www.alecexposed.org/wiki/Environment,_Energy,_and_Agriculture) 1. [fight worker's rights](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights) 1. [fight consumer protections](https://www.alecexposed.org/wiki/Worker_Rights_and_Consumer_Rights) 1. [support voter suppression policy](https://www.alecexposed.org/wiki/Democracy,_Voter_Rights,_and_Federal_Power) 1. [finance republicans](https://www.sourcewatch.org/index.php?title=ALEC_Civil_Justice_Task_Force#Politicians) 1. Amex [favors](https://www.sourcewatch.org/index.php?title=American_Express#Political_contributions) US republican candidates with politican contributions (55% R/41% D) 1. American Express [blocks Wikileaks](https://www.cio.com/article/2390123/credit-card-blockade-of-wikileaks-donations-likely-to-be-legal--eu-says.html) 1. Amex [supported CISPA](https://www.digitaltrends.com/web/cispa-supporters-list-800-companies-that-could-help-uncle-sam-snag-your-data) 1. Amex was the 9th highest patron of Facebook advertising in 2015 </details> <details> <summary>Liberapay accepts Visa and Mastercard</summary> 29. *War on cash* is war on **privacy**. Visa and Mastercard are both [members](https://www.betterthancash.org/members/page/8) of the Better than Cash Alliance, and organization bent on eliminating cash. Visa also [offered](http://kgg2m7yk5aybusll.onion/watch?v=GbECT1J9bXg&t=622) $10k to merchants who agree to [refuse cash](https://www.nbcnews.com/business/consumer/war-cash-intensifies-visa-offers-restaurants-10-000-go-cashless-n782276). 1. Visa [blocked](https://www.forbes.com/sites/andygreenberg/2010/12/07/visa-mastercard-move-to-choke-wikileaks) payments to Wikileaks, thus proactively intervening to suppress whistle-blowing while undermining peoples' control over their own charitable donations. 1. Visa and Mastercard [blocked](https://www.wikileaks.org/IMG/pdf/WikiLeaks-Banking-Blockade-Information-Pack.pdf) payments to Wikileaks -- but they're okay with [serving the KKK](https://web.archive.org/web/20200422194937/https://www.techdirt.com/articles/20101207/09264812164/visa-mastercard-kkk-is-a-ok-wikileaks-is-wicked.shtml). 1. Visa and Mastercard [supported CISPA](https://www.digitaltrends.com/web/cispa-supporters-list-800-companies-that-could-help-uncle-sam-snag-your-data) 1. Visa spends millions annually on Facebook advertising ([$15M in 2012](https://web.archive.org/web/20181210080400/https://www.businessinsider.com/top-advertisers-on-facebook-2013-11) alone) 1. Visa and Mastercard sell customer data to data brokers unless they [opt-out](https://marketingreportoptout.visa.com/OPTOUT/request.do). Mastercard's [opt-out page](https://www.mastercard.us/en-us/about-mastercard/what-we-do/privacy/data-analytic-opt-out.html) blocks Tor, thus forcing privacy seekers to reveal their IP address to Mastercard, which can be traced back to their identity. 1. Visa [sponsored](https://www.visa.ca/en_CA/about-visa/sponsorships-promotions/nfl-partnership.html) the NFL during the "Take A Knee" protest, thus taking a speech-chilling stand against athletes who protested police brutality. 1. Mastercard is [partnered](https://newsroom.mastercard.com/latin-america/press-releases/mastercard-and-microsoft-announce-partnership-to-promote-technological-innovation-in-msme) with Microsoft. </details> <details> <summary>Liberapay uses Microsoft for development</summary> ([reference](https://github.com/liberapay/liberapay.com)) 37. Microsoft harms the **environment** by serving the two most destructive oil companies in the world: [ExxonMobil](https://corporate.exxonmobil.com/news/newsroom/news-releases/2019/0222_exxonmobil-to-increase-permian-profitability-through-digital-partnership-with-microsoft) and [Chevron](https://news.microsoft.com/2019/09/17/schlumberger-chevron-and-microsoft-announce-collaboration-to-accelerate-digital-transformation). 1. #ExxonKnew: Exxon notoriously [knew](https://www.scientificamerican.com/article/exxon-knew-about-climate-change-almost-40-years-ago) about climate change since 1977. They not only kept it secret from the public, but they also financed a disinformation campaign. 1. Microsoft and Chevron were [caught](http://web.archivecrfip2lpi.onion/web/publicintegrity.org/federal-politics/republican-lawmakers-posh-hideaway-bankrolled-by-secret-corporate-cash) each paying \$100k to "the Cloakroom", a project to hide bribes going from large corporations to republican politicians. 1. Chevron's right-leaning stance is further pushed through its membership with ALEC, which doubles as a superPAC and bill mill that lobbies and writes policy for U.S. republicans. 1. Microsoft is a notorious **privacy** abuser: 1. Microsoft supported CISPA and [collaborates](http://techrights.org/wiki/index.php/Microsoft_and_the_NSA) with the NSA. 1. Microsoft [paid](http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1&session=2017) $195k to [fight](http://web.archivecrfip2lpi.onion/web/20200318144031/www.theverge.com/2018/6/15/17468292/amazon-microsoft-uber-california-consumer-privacy-act) the California Consumer Privacy Act (CCPA). 1. In 2012 Microsoft spent $35 million on Facebook ads and in 2015 Microsoft was the third biggest spender on Facebook ads in the world. 1. Microsoft proxies through Accenture to [make Sweden cashless](https://web.archive.org/web/20200722105800/https://tokenpost.com/Central-Bank-of-Sweden-is-testing-digital-currency-5197). The war on cash is war on privacy. 1. Microsoft owns and operates Outlook Email and the LinkedIn social media site, both of which are exclusive walled-gardens that limit participation to those who have a phone number and the will to share it with Microsoft. 1. MS failed to secure Github, which was [breached to the tune of 500gb of private projects](https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen). Security incompetence is further showcased by an MS-imposed requirement to create and account and sign in to report an MS security bug. And for those not discouraged by that, [the sign-in page](https://msrc.microsoft.com/create-report) is also broken. Then security was breached again in July 2020 when OAuth tokens were [stolen](https://www.zdnet.com/article/hackers-stole-github-and-gitlab-oauth-tokens-from-git-analytics-firm-waydev) from both Github and Gitlab.com. 2. MS [unlawfully](https://www.cnet.com/news/amazon-google-and-microsoft-sued-over-photos-in-facial-recognition-database) used people's images without consent to train their facial recognition products 1. Microsoft distributes a [nonfree operating system](http://gnu.org/philosophy/free-software-even-more-important.html), Microsoft Windows, which is jam-packed with [malicious functionalities](http://gnu.org/proprietary/malware-microsoft.html), including surveillance of users, DRM, censorship and a universal back door. 2. MS was [caught](https://www.vice.com/en_us/article/43kv4q/microsoft-human-contractors-listened-to-xbox-owners-homes-kinect-cortana) surreptitiously recording Xbox users and paying contractors to listen to the recordings. 3. Dutch government commissioned [a study](https://www.rijksoverheid.nl/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office) which found Microsoft to have [several GDPR violations](https://www.zdnet.com/article/dutch-government-report-says-microsoft-office-telemetry-collection-breaks-gdpr). E.g. Office 365 violates [GDPR article 5](https://gdpr-info.eu/art-5-gdpr/) ¶ `1.c`, [GDPR article 17](https://gdpr-info.eu/art-17-gdpr/), and stores the data outside the EEA (may also be a GDPR breach). <!-- to do - incorporate https://www.reddit.com/r/opensource/comments/acwc2b/how_a_danish_university_dependent_on_corporate/eddptey/--> 1. Microsoft is detrimental to **human rights** and **democracy** 1. MS suppresses democracy by [blocking](https://www.bbc.com/news/technology-50232902) Github access to a project that facilitates protests in Catalonia. 1. Microsoft [finances AnyVision](https://www.forbes.com/sites/thomasbrewster/2019/08/01/microsoft-slammed-for-investing-in-israeli-facial-recognition-spying-on-palestinians) to produce facial recognition technology that the Israeli military uses as a weapon against the Palestinian people who they oppress in their occupation. Note that Israeli snipers [murdered](https://edition.cnn.com/2018/06/03/middleeast/razan-al-najjar-gaza-nurse-killed/index.html) an unarmed civilian Palestinian medic (in breach of the Geneva Convention) then [edited](https://www.independent.co.uk/news/world/middle-east/gaza-protests-latest-idf-condemned-edited-video-angel-of-mercy-medic-razan-al-najjar-a8389611.html) the video to deceive the public for PR damage control. 1. Microsoft [supports ICE](https://companies-that-work-with-ice.com) in a variety of ways in the course of ICE's implementation of Trump's xenophobic border policies. Microsoft services an ICE contract worth [$19.4 million dollars](https://thehill.com/policy/technology/393358-microsoft-employees-dissatisfied-by-ceo-response-plan-action-against-ice) despite protest from employees. In addition to MS Office products, Microsoft has renewed a [Github contract](https://www.theverge.com/2019/10/9/20906213/github-ice-microsoft-software-email-contract-immigration-nonprofit-donation) and also supplies cloud computing through its [Azure platform](https://gizmodo.com/microsoft-employees-up-in-arms-over-cloud-contract-with-1826927803). 1. MS [partnered with FedEx](http://fortune.com/2020/05/18/microsoft-fedex-partnership-build), an NRA-supporting ALEC member as well as [JP Morgan Chase](https://www.zdnet.com/article/honeywell-set-to-launch-its-quantum-computer-with-quantum-volume-of-64), the most evil bank in the world. 1. MS [conceals](https://techinquiry.org/SiliconValley-Military) US military contracts to bias PR and dodge social accountablity. They have a much bigger piece these contracts than the rest of MACFANG, they lack Googles [AI principles](https://ai.google/principles), and unlike Google they ignore employee protest and petitions. 1. MS is among the top 15 recipients of Trump's corporate tax breaks, a benefit of $128 billion. Microsoft [sacked hundreds of employees](https://web.archive.org/web/20200529160343/https://www.cheatsheet.com/web/20200529160343mp_/https://www.cheatsheet.com/money-career/these-companies-started-firing-employees-right-after-getting-tax-cuts-from-trump.html) immediately after receiving the tax breaks in February 2018. 1. MS is anti-consumer and anti-competitive 1. MS [tricked](http://www.theguardian.com/technology/2016/feb/02/microsoft-downloading-windows-10-automatic-update) users into "upgrading" to Windows 10, which [sabotages](https://www.cnet.com/news/microsoft-windows-10-forced-updates-auto-restarts-are-the-worst) users in a variety of ways, one of which is to [prevent cloud-free accounts](https://www.howtogeek.com/442609/confirmed-windows-10-setup-now-prevents-local-account-creation). 1. MS [strong-armed](http://www.linfo.org/microsoft_tax.html) nearly all PC manufacturers charge every buyer for an MS Windows license regardless of whether the user actually wants Windows. 1. MS [hoards](http://techrights.org/2017/03/15/still-using-patents-to-coerce) software patents and uses them to [fight free software](http://techrights.org/2017/02/27/microsoft-novell-v2-via-azure). </details> Click the arrows above to expand ethical issues behind rationale with supporting facts cited. A diagram of Liberapay's detrimental relationships is attached.
liberapay_design.png
1.5 MiB
👍 1
wizzwizz4 commented 3 years ago
Collaborator

Users are interacting with a service, not software. As such, only one of the 4 software freedoms is useful to donors: seeing the code.

You can run your own copy of Liberapay if you disagree with what Liberapay does; all you'd need to do is set up a legal entity and a server. I'd say this is useful for the donors. If Liberapay goes evil, a competitor with identical features can appear within months.

This is non-sequitur logic.

No u. I'm not talking about their legal status; I'm talking about the incentive structure. Liberapay cannot be meaningfully compared to the NRA in the way you're trying to; that's a non-sequitur.

It’s also pretentious and uncooperative to do PRs without a thorough public discussion. Doing a PR before the discussion has run its course is to hastily pre-empt feedback from others.

But this thread is about removing Liberapay and Open Collective. That's mostly unrelated to adding additional alternatives.

This is a cooperative effort. Please stop tasking volunteers.

That wasn't my intent; I was merely trying to point out the effects of selection bias with that sentence.

They were listed in the very first post.

Unless I've missed them, they're not. Plus, that's alternatives to BountySource, not to Patreon.

I’m not comfortable opening an issue to recommend a particular service until I reach a certain degree of confidence that each particular service is at least superficially worthy.

That's fine. (An observation, not a granting of permission; it was fine before I said so.)

Microsoft Github (second to gitlab.com)

Bit of a tangent, but could you explain GitLab? Is it because of Cloudflare?

Liberapay accepts Paypal
Liberapay accepts American Express
Liberapay accepts Visa and Mastercard

Wow, how did you get that formatting to work? That's so cool!

Also, Invidious connects to YouTube's servers, giving Google access to information about which videos users are watching via the googlevideo.com domain. (What's your point, here? How can they avoid these things, considering that's where people's money is kept?)

A diagram of Liberapay’s detrimental relationships is attached.

This information seems really useful. Obviously, not everybody will care about everything, but the abstract graph could be used by a system to rank alternatives by people's own ethical standards (e.g. the size of the discounting factor for crimes of a dependency, their view on internal US politics). Is it worth thinking about adding something like that here, or would that be feature creep?

> Users are interacting with a ***service***, not _software_. As such, only one of the 4 software freedoms is useful to donors: seeing the code. You can run your own copy of Liberapay if you disagree with what Liberapay does; all you'd need to do is set up a legal entity and a server. I'd say this is useful for the donors. If Liberapay goes evil, a competitor with identical features can appear within months. > This is non-sequitur logic. No u. I'm not talking about their legal status; I'm talking about the incentive structure. Liberapay cannot be meaningfully compared to the NRA in the way you're trying to; _that's_ a non-sequitur. > It’s also pretentious and uncooperative to do PRs without a thorough public discussion. Doing a PR before the discussion has run its course is to hastily pre-empt feedback from others. But this thread is about removing Liberapay and Open Collective. That's mostly unrelated to adding additional alternatives. > This is a cooperative effort. Please stop tasking volunteers. That wasn't my intent; I was merely trying to point out the effects of selection bias with that sentence. > They were listed in the very first post. Unless I've missed them, they're not. Plus, that's alternatives to BountySource, not to Patreon. > I’m not comfortable opening an issue to recommend a particular service until I reach a certain degree of confidence that each particular service is at least superficially worthy. That's fine. (An observation, not a granting of permission; it was fine before I said so.) > Microsoft Github (second to gitlab.com) Bit of a tangent, but could you explain GitLab? Is it because of Cloudflare? > Liberapay accepts Paypal > Liberapay accepts American Express > Liberapay accepts Visa and Mastercard Wow, how did you get that formatting to work? That's so cool! Also, Invidious connects to YouTube's servers, giving Google access to information about which videos users are watching via the googlevideo.com domain. (What's your point, here? How can they _avoid_ these things, considering that's where people's money is kept?) > A diagram of Liberapay’s detrimental relationships is attached. This information seems really useful. Obviously, not _everybody_ will care about _everything_, but the abstract graph could be used by a system to rank alternatives by people's own ethical standards (e.g. the size of the discounting factor for crimes of a dependency, their view on internal US politics). Is it worth thinking about adding something like that here, or would that be feature creep?
xr_rider commented 3 years ago
Poster

Users are interacting with a service, not software. As such, only one of the 4 software freedoms is useful to donors: seeing the code.

You can run your own copy of Liberapay if you disagree with what Liberapay does;

It doesn't matter. You can run your own copy of Liberapay (or Open Collective) if you disagree with what any of the services do, Patreon included.

You've conflated the Liberapay software with the Liberapay .com service. The Liberapay s/w is not a client. It's strictly a server. It does not facilitate liberapay.com users to run it.

all you'd need to do is set up a legal entity and a server.

So what? If someone does that, it's not Liberapay.com service and it doesn't facilitate liberapay.com. It could only be another service to list as an alternative to Patreon and Liberapay. It's not a feature of those services.

I'd say this is useful for the donors.

It's not. No one publicly runs it apart from the liberapay.com service, and that's an unethical privacy-abusing option.

If Liberapay goes evil,

They already are. They feed the worst of the worst suppliers and threaten users with legal accountability for password leaks -- as they've set up a system that shares their password with an untrustworthy 3rd party (CF).

a competitor with identical features can appear within months.

That would be a good thing, but this is an argument to the future fallacy. It's also irrelevant. That is, endorsing the liberapay.com service is independant of the software. In the absence of a liberapay.com endorsement (or even in the absence of the service), that software can still be used by a crowd funding service.

You're making the same mistake as PRISM Break Project. PBP is sends users to gitlab**.com** (the service, which is unethical and privacy-abusing) when it's only the software that's worthy of endorsement.

This is non-sequitur logic.

No u. I'm not talking about their legal status; I'm talking about the incentive structure. Liberapay cannot be meaningfully compared to the NRA in the way you're trying to; that's a non-sequitur.

Liberapay uses the same "incentive structure" as the NRA, so of course it's meaningful to compare them in this regard. It in fact exposes the non-sequitur logic quite clearly. Your claim that "Liberapay’s structure side-steps these incentives" for growth on the basis that donation-funding is non-sequitur. That is, the NRA has grown to be the biggest lobby in the US using the same "incentive structure" that you're claiming inhibits growth.

It’s also pretentious and uncooperative to do PRs without a thorough public discussion. Doing a PR before the discussion has run its course is to hastily pre-empt feedback from others.

But this thread is about removing Liberapay and Open Collective. That's mostly unrelated to adding additional alternatives.

The alternatives are of course relevant to fend off any objections to having a page with no endorsements. If a lesser of evils is going to be endorsed, then of course it's a comparison.

I personally would be fine with condemning all 3 (Patreon, LP, & OC) until something decent emerges, but some ppl aren't. Hence the comparison.

They were listed in the very first post.

Unless I've missed them, they're not. Plus, that's alternatives to BountySource, not to Patreon.

Sorry, it was in my 2nd post:

https://wiki.snowdrift.coop/market-research/other-crowdfunding

Microsoft Github (second to gitlab.com)

Bit of a tangent, but could you explain GitLab? Is it because of Cloudflare?

CloudFlare is a big component among other issues. See

https://dev.lemmy.ml/post/30312/comment/2239

The ethical problems are substantial enough that serious practical problems arise out of gitlab.com. I can't even get past the CAPTCHA and that's not CF. GL triggers a privacy-abusing Google reCAPTCHA, and for whatever reason the Tor exit nodes don't even get the puzzle because the captcha server itself rejects the IP. Non-Tor users also report problems with the CAPTCHA. In effect, blocking logins blocks bug reports which has serious ethical problems, as the censorship on this scale likely suppresses important bug reports, possibly security critical ones.

Liberapay accepts Paypal
Liberapay accepts American Express
Liberapay accepts Visa and Mastercard

Wow, how did you get that formatting to work? That's so cool!

<details> <summary>yada yada</summary> foo bar baz </details>

Also, Invidious connects to YouTube's servers, giving Google access to information about which videos users are watching via the googlevideo.com domain.

I lost you on this.. i don't recall talking about invidious here, but I will say that I'm more likely to get harassed with CAPTCHAs when using Youtube. Youtube also doesn't give a way to grab a copy of the video last time i checked. Invidious had download options, which means you can share the video with others without those ppl being exposed to Google's servers. And if it's something that you'll watch more than once, it's better for the environment to not do repeated retrievals.

(What's your point, here? How can they avoid these things, considering that's where people's money is kept?)

Villages.io demonstrates how to avoid Paypal and Amex. Bartering accountanting is just one way. If I were running such a service, I would certainly not accommodate a Paypal option, and I would not accept Amex, Visa, or MC. Discovercard is a lesser of evils in the US, if credit card acceptance is warranted. Outside the US there is JCB and UnionPay. Diners Club, perhaps. Checks are still used in some parts of the world, and IBAN is common outside the US. Not to mention cryptocurrency. Safepay. There's a dozen others. LP facilitates the worst options.

A diagram of Liberapay’s detrimental relationships is attached.

This information seems really useful. Obviously, not everybody will care about everything, but the abstract graph could be used by a system to rank alternatives by people's own ethical standards (e.g. the size of the discounting factor for crimes of a dependency, their view on internal US politics). Is it worth thinking about adding something like that here, or would that be feature creep?

If Swiso intends to continue endorsing quite unethical options, then it's critical to expose the issues transparently. Otherwise it's a disservice to endorse something as "privacy respecting and ethical" when it's far from it while also neglecting the anti-features.

The diagram is a brain storm and not complete.. it get's too chaotic if I include everything. The enumerated list of problems is comprehensive -- it incorporates most of my records.

> > Users are interacting with a ***service***, not _software_. As such, only one of the 4 software freedoms is useful to donors: seeing the code. > > You can run your own copy of Liberapay if you disagree with what Liberapay does; It doesn't matter. You can run your own copy of Liberapay (or Open Collective) if you disagree with what ***any*** of the services do, Patreon included. You've conflated the Liberapay ***software*** with the Liberapay **.com** ***service***. The Liberapay s/w is not a client. It's strictly a server. It does not facilitate liberapay.com users to run it. > all you'd need to do is set up a legal entity and a server. So what? If someone does that, it's not Liberapay.com service and it doesn't facilitate liberapay.com. It could only be another service to list as an alternative to Patreon and Liberapay. It's not a feature of those services. > I'd say this is useful for the donors. It's not. No one publicly runs it apart from the liberapay.com *service*, and that's an unethical privacy-abusing option. > If Liberapay goes evil, They already are. They feed the worst of the worst suppliers and threaten users with legal accountability for password leaks -- as they've set up a system that shares their password with an untrustworthy 3rd party (CF). > a competitor with identical features can appear within months. That would be a good thing, but this is an argument to the future fallacy. It's also irrelevant. That is, endorsing the liberapay.com ***service*** is independant of the software. In the absence of a liberapay.com endorsement (or even in the absence of the service), that software can still be used by a crowd funding service. You're making the same mistake as PRISM Break Project. PBP is sends users to gitlab**.com** (the service, which is unethical and privacy-abusing) when it's only the software that's worthy of endorsement. > > This is non-sequitur logic. > > No u. I'm not talking about their legal status; I'm talking about the incentive structure. Liberapay cannot be meaningfully compared to the NRA in the way you're trying to; _that's_ a non-sequitur. Liberapay uses ***the same*** "incentive structure" as the NRA, so of course it's meaningful to compare them in this regard. It in fact exposes the non-sequitur logic quite clearly. Your claim that "Liberapay’s structure side-steps these incentives" for growth on the basis that donation-funding is non-sequitur. That is, the NRA has grown to be the biggest lobby in the US using the same "incentive structure" that you're claiming inhibits growth. > > It’s also pretentious and uncooperative to do PRs without a thorough public discussion. Doing a PR before the discussion has run its course is to hastily pre-empt feedback from others. > > But this thread is about removing Liberapay and Open Collective. That's mostly unrelated to adding additional alternatives. The alternatives are of course relevant to fend off any objections to having a page with no endorsements. If a lesser of evils is going to be endorsed, then of course it's a comparison. I personally would be fine with condemning all 3 (Patreon, LP, & OC) until something decent emerges, but some ppl aren't. Hence the comparison. > > They were listed in the very first post. > > Unless I've missed them, they're not. Plus, that's alternatives to BountySource, not to Patreon. Sorry, it was in my 2nd post: https://wiki.snowdrift.coop/market-research/other-crowdfunding > > Microsoft Github (second to gitlab.com) > > Bit of a tangent, but could you explain GitLab? Is it because of Cloudflare? CloudFlare is a big component among other issues. See https://dev.lemmy.ml/post/30312/comment/2239 The ethical problems are substantial enough that serious practical problems arise out of gitlab.com. I can't even get past the CAPTCHA and that's not CF. GL triggers a privacy-abusing Google reCAPTCHA, and for whatever reason the Tor exit nodes don't even get the puzzle because the captcha server itself rejects the IP. Non-Tor users also report problems with the CAPTCHA. In effect, blocking logins blocks bug reports which has serious ethical problems, as the censorship on this scale likely suppresses important bug reports, possibly security critical ones. > > Liberapay accepts Paypal > > Liberapay accepts American Express > > Liberapay accepts Visa and Mastercard > > Wow, how did you get that formatting to work? That's so cool! \<details> \<summary>yada yada\</summary> foo bar baz \</details> > Also, Invidious connects to YouTube's servers, giving Google access to information about which videos users are watching via the googlevideo.com domain. I lost you on this.. i don't recall talking about invidious here, but I will say that I'm more likely to get harassed with CAPTCHAs when using Youtube. Youtube also doesn't give a way to grab a copy of the video last time i checked. Invidious had download options, which means you can share the video with others without those ppl being exposed to Google's servers. And if it's something that you'll watch more than once, it's better for the environment to not do repeated retrievals. > (What's your point, here? How can they _avoid_ these things, considering that's where people's money is kept?) Villages.io demonstrates how to avoid Paypal and Amex. Bartering accountanting is just one way. If I were running such a service, I would certainly not accommodate a Paypal option, and I would not accept Amex, Visa, or MC. Discovercard is a lesser of evils in the US, if credit card acceptance is warranted. Outside the US there is JCB and UnionPay. Diners Club, perhaps. Checks are still used in some parts of the world, and IBAN is common outside the US. Not to mention cryptocurrency. Safepay. There's a dozen others. LP facilitates the worst options. > > A diagram of Liberapay’s detrimental relationships is attached. > > This information seems really useful. Obviously, not _everybody_ will care about _everything_, but the abstract graph could be used by a system to rank alternatives by people's own ethical standards (e.g. the size of the discounting factor for crimes of a dependency, their view on internal US politics). Is it worth thinking about adding something like that here, or would that be feature creep? If Swiso intends to continue endorsing quite unethical options, then it's critical to expose the issues transparently. Otherwise it's a disservice to endorse something as "privacy respecting and ethical" when it's far from it while also neglecting the anti-features. The diagram is a brain storm and not complete.. it get's too chaotic if I include everything. The enumerated list of problems is comprehensive -- it incorporates most of my records.
wizzwizz4 commented 3 years ago
Collaborator

It does not facilitate liberapay.com users to run it.

Donors, no. Donees? Yes.

It could only be another service to list as an alternative to Patreon and Liberapay. It’s not a feature of those services.

Yeah, okay. Fair enough. I mustn't conflate “the people running the service are great” with “the service is great”.

If Liberapay goes evil,

They already are.

Hanlon's razor. And, besides, even if they did realise all the problems with Cloudflare etc., they can't just drop them without taking Liberapay down entirely for a few months. (Which is of dubious relevance to swiso, but it's just a tangent.)

Your claim that “Liberapay’s structure side-steps these incentives” for growth

I claimed that Liberapay's structure side-steps these incentives for GROWTH GROWTH GROWTH, i.e. Moloch. That isn't to say it is incentivised not to grow; rather, it isn't incentivised to discard its values in pursuit of growth. (But I see where you were coming from with the NRA comparison, and – seeing as how NRA members pay in money, so an increase in members is an increase in money – I hope I've clarified the difference.)

The alternatives are of course relevant to fend off any objections to having a page with no endorsements.

Having the alternatives on the page would be. Declaring them to exist isn't; removing Liberapay and Open Collective would still give us an empty page, even if we could theoretically populate it.

If I were running such a service, I would certainly not accommodate a Paypal option, and I would not accept Amex, Visa, or MC.

And fewer people would donate to the people using it. Ethical injunctions aren't costless; it's pretty bold to expect somebody else to pay the cost. (They could promote ethical payment methods over less ethical ones, but they'd have to do that carefully to make sure they're not breaking any contracts in doing so.)

There’s a dozen others. LP facilitates the worst options.

Because they're the most popular. You can't start these fights half-way through, and while it'd be great to have Liberapay on our side in them, I don't see it as an obligation to meet the list. Cloudflare, perhaps, but not this.

The diagram is a brain storm and not complete.. it get’s too chaotic if I include everything.

I meant the raw data from the lists, put in machine-readable form. Filtering it down to focus on the issues people care about would give them more agency to choose, and I see that as a primary goal of Swiso. This kind of massive filtering system is probably out of scope of our project (plus, since it needs to be kept up to date to prevent it from being libellous, it seems sort of activismy – like something Mozilla or the EFF would do), but I think it should exist.

> It does not facilitate liberapay.com users to run it. Donors, no. Donees? Yes. > It could only be another service to list as an alternative to Patreon and Liberapay. It’s not a feature of those services. Yeah, okay. Fair enough. I mustn't conflate “the people running the service are great” with “the service is great”. > > If Liberapay goes evil, > They already are. Hanlon's razor. And, besides, even if they _did_ realise all the problems with Cloudflare etc., they can't just drop them without taking Liberapay down entirely for a few months. (Which is of dubious relevance to swiso, but it's just a tangent.) > Your claim that “Liberapay’s structure side-steps these incentives” for growth I claimed that Liberapay's structure side-steps these incentives for GROWTH GROWTH GROWTH, i.e. [Moloch](https://slatestarcodex.com/2014/07/30/meditations-on-moloch/). That isn't to say it is incentivised _not to grow_; rather, it isn't incentivised to discard its values in pursuit of growth. (But I see where you were coming from with the NRA comparison, and – seeing as how NRA members pay in money, so an increase in members is an increase in money – I hope I've clarified the difference.) > The alternatives are of course relevant to fend off any objections to having a page with no endorsements. Having the alternatives on the page would be. Declaring them to exist isn't; removing Liberapay and Open Collective would still give us an empty page, even if we _could_ theoretically populate it. > If I were running such a service, I would certainly not accommodate a Paypal option, and I would not accept Amex, Visa, or MC. And fewer people would donate to the people using it. Ethical injunctions aren't costless; it's pretty bold to expect _somebody else_ to pay the cost. (They _could_ promote ethical payment methods over less ethical ones, but they'd have to do that carefully to make sure they're not breaking any contracts in doing so.) > There’s a dozen others. LP facilitates the worst options. Because they're the most popular. You can't start these fights half-way through, and while it'd be great to have Liberapay on our side in them, I don't see it as an obligation to meet the list. Cloudflare, perhaps, but not this. > The diagram is a brain storm and not complete.. it get’s too chaotic if I include everything. I meant the raw data from the lists, put in machine-readable form. Filtering it down to focus on the issues people care about would give them more agency to choose, and I see that as a primary goal of Swiso. This kind of massive filtering system is probably out of scope of our project (plus, since it needs to be kept up to date to prevent it from being libellous, it seems sort of activismy – like something Mozilla or the EFF would do), but I think it should exist.
xr_rider commented 3 years ago
Poster

It does not facilitate liberapay.com users to run it.

Donors, no. Donees? Yes.

Seems unlikely. But if we assume that a donee would run LP software, how do you get from endorsing the Liberapay.com service to users running LP s/w? Self-hosted LP doesn't follow from the LP service endorsement. In fact it's inversely so: endorsing the service actually discourages self-hosting. Why self-host when the service is perceived as ethical?

The analogous Gitlab scenario demonstrates this well. As more and more ppl began to realize the privacy and ethics problems with gitlab.com, more 3rd-party-hosted Gitlab services emerged to fill the need.

PRISM Break project is a good demonstration of how to work against the cause, and promote the least ethical of all options. The PBP staff is vaguely aware of the harms of gitlab.com's, but they neglect in their vague Gitlab endorsement to distinguish the software from the service. The audience understands PBP's endorsement as an endorsement of the gitlab.com service, not the software -- and to perpetuate the misunderstanding PBP links to gitlab.com, not a software repository.

Swiso can maximize efficacy if the LP endorsement is expressed this way:

avoid preferred ethical alternative
liberapay.com service self-hosted Liberapay software

Hanlon's razor. And, besides, even if they did realise all the problems with Cloudflare etc., they can't just drop them without taking Liberapay down entirely for a few months. (Which is of dubious relevance to swiso, but it's just a tangent.)

They could certainly construct an ethical service in parallel to the existing one to minimize downtime. The discussion is irrelevant because LP has no intent to become ethical. And certainly the endorsement can (and should) wait until the ethical alternative is deployed. People expect Swiso's endorsements to reflect the current state not someones prediction of what will be ethical in the future.

If I were running such a service, I would certainly not accommodate a Paypal option, and I would not accept Amex, Visa, or MC.

And fewer people would donate to the people using it.

Only in the absence of a viable alternative. E.g. Privacytools.io gets most of their donations through Paypal, the biggest privacy abuser most contrary to their own cause. They irrationally fear that removing the Paypal option entails giving up that money, which neglects to acknowledge that the same money can take a different path. This irrational fear leads to them selling out their ethics (b/c PTIO is well aware of Paypal's issues).

Ethical injunctions aren't costless;

Of course being ethical is almost always more costly than being unethical. The unethical path exists precisely because it's either cheaper or more convenient as a consequence of not having ethical constraints. If you have a problem with ethical advocacy being less cost effective, then you need to dilute the mission statement and revise from "Ethical, easy-to-use and privacy-conscious alternatives to well-known software" to "Somewhat ethical, easy-to-use and privacy-conscious alternatives to well-known software without compromising money".

it's pretty bold to expect somebody else to pay the cost.

Who's paying what cost for who? You're missing context here.

Swiso's only expectation should be conduct conducive to its mission-- privacy and ethics.

(They could promote ethical payment methods over less ethical ones, but they'd have to do that carefully to make sure they're not breaking any contracts in doing so.)

Their contracts isn't our problem. If they've signed contracts that impose unethical transactions, the problem is those contracts.

Swiso is not here to make excuses for people. When they take an unethical path, they shouldn't get endorsement. Swiso's duty is to the readers looking for better options, not to the vendors who benefit from endorsement.

There’s a dozen others. LP facilitates the worst options.

Because they're the most popular.

I hope you're not saying popularity is cause for endorsement. The whole point to Swiso is to make the ethical options more popular, not to endorse the ethically deficient popular options. Otherwise why not endorse MACFANG services? Those services are as popular as it gets.

You can't start these fights half-way through, and while it'd be great to have Liberapay on our side in them, I don't see it as an obligation to meet the list. Cloudflare, perhaps, but not this.

Of course Swiso should look at the whole picture. You have LP feeding the most evil suppliers, while villages.io (for example) has innovated a way to avoid all the unethical payment options (no paypal, no amex, no visa, etc). In the competition for ethical standing, LP is absolutely "obligated" to do what it takes to come out ahead. That obligation rightly follows from Swiso's duty to its readers to endorse the lesser of evils.

The diagram is a brain storm and not complete.. it get’s too chaotic if I include everything.

I meant the raw data from the lists, put in machine-readable form. Filtering it down to focus on the issues people care about would give them more agency to choose, and I see that as a primary goal of Swiso. This kind of massive filtering system is probably out of scope of our project (plus, since it needs to be kept up to date to prevent it from being libellous, it seems sort of activismy – like something Mozilla or the EFF would do), but I think it should exist.

The diagram was generated with graphviz, so it'd be easy to machine-generate based on raw data that's organized for that purpose. It would also be possible to generate an SVG and the links and nodes could be clickable, which could direct to a document proving the relationship. Those links would obviate any risk for libel as you're merely giving an abstraction to a publication.

It could be autogenerated with a singled out ethical factor. E.g. user chooses a pull-down with "privacy issues, human rights issues, network neutrality issues, etc" and the infograph could be tailored to the selection.

> > It does not facilitate liberapay.com users to run it. > > Donors, no. Donees? Yes. Seems unlikely. But if we assume that a donee would run LP software, how do you get from endorsing the Liberapay.com *service* to users running LP s/w? Self-hosted LP doesn't follow from the LP service endorsement. In fact it's inversely so: endorsing the service actually discourages self-hosting. Why self-host when the service is perceived as ethical? The analogous Gitlab scenario demonstrates this well. As more and more ppl began to realize the privacy and ethics problems with gitlab.com, more 3rd-party-hosted Gitlab services emerged to fill the need. PRISM Break project is a good demonstration of how to work *against* the cause, and promote the least ethical of all options. The PBP staff is vaguely aware of the harms of gitlab.com's, but they neglect in their [vague Gitlab endorsement](https://prism-break.org/en/all/#collaboration) to distinguish the software from the service. The audience understands PBP's endorsement as an endorsement of the gitlab.com *service*, not the software -- and to perpetuate the misunderstanding PBP links to gitlab.com, not a software repository. Swiso can maximize efficacy if the LP endorsement is expressed this way: | avoid | preferred ethical alternative | |---|---| | liberapay.com *service* | self-hosted Liberapay software | > Hanlon's razor. And, besides, even if they _did_ realise all the problems with Cloudflare etc., they can't just drop them without taking Liberapay down entirely for a few months. (Which is of dubious relevance to swiso, but it's just a tangent.) They could certainly construct an ethical service in parallel to the existing one to minimize downtime. The discussion is irrelevant because LP has no intent to become ethical. And certainly the endorsement can (and should) wait until the ethical alternative is deployed. People expect Swiso's endorsements to reflect the current state not someones prediction of what will be ethical in the future. > > If I were running such a service, I would certainly not accommodate a Paypal option, and I would not accept Amex, Visa, or MC. > > And fewer people would donate to the people using it. Only in the absence of a viable alternative. E.g. Privacytools.io gets most of their donations through Paypal, the biggest privacy abuser most contrary to their own cause. They irrationally fear that removing the Paypal option entails giving up that money, which neglects to acknowledge that the same money can take a different path. This irrational fear leads to them selling out their ethics (b/c PTIO is well aware of Paypal's issues). > Ethical injunctions aren't costless; Of course being ethical is almost always more costly than being unethical. The unethical path exists precisely because it's either cheaper or more convenient as a consequence of not having ethical constraints. If you have a problem with ethical advocacy being less cost effective, then you need to dilute the mission statement and revise from "*Ethical, easy-to-use and privacy-conscious alternatives to well-known software*" to "***Somewhat*** *ethical, easy-to-use and privacy-conscious alternatives to well-known software* ***without compromising money***". > it's pretty bold to expect _somebody else_ to pay the cost. Who's paying what cost for who? You're missing context here. Swiso's only expectation should be conduct conducive to its mission-- privacy and ethics. > (They _could_ promote ethical payment methods over less ethical ones, but they'd have to do that carefully to make sure they're not breaking any contracts in doing so.) Their contracts isn't our problem. If they've signed contracts that impose unethical transactions, the problem is those contracts. Swiso is not here to make excuses for people. When they take an unethical path, they shouldn't get endorsement. Swiso's duty is to the *readers* looking for better options, not to the *vendors* who benefit from endorsement. > > There’s a dozen others. LP facilitates the worst options. > > Because they're the most popular. I hope you're not saying popularity is cause for endorsement. The whole point to Swiso is to make the ethical options more popular, not to endorse the ethically deficient popular options. Otherwise why not endorse MACFANG services? Those services are as popular as it gets. > You can't start these fights half-way through, and while it'd be great to have Liberapay on our side in them, I don't see it as an obligation to meet the list. Cloudflare, perhaps, but not this. Of course Swiso should look at the whole picture. You have LP feeding the most evil suppliers, while villages.io (for example) has innovated a way to avoid all the unethical payment options (no paypal, no amex, no visa, etc). In the competition for ethical standing, LP is absolutely "obligated" to do what it takes to come out ahead. That obligation rightly follows from Swiso's duty to its readers to endorse the lesser of evils. > > The diagram is a brain storm and not complete.. it get’s too chaotic if I include everything. > > I meant the raw data from the lists, put in machine-readable form. Filtering it down to focus on the issues people care about would give them more agency to choose, and I see that as a primary goal of Swiso. This kind of massive filtering system is probably out of scope of our project (plus, since it needs to be kept up to date to prevent it from being libellous, it seems sort of activismy – like something Mozilla or the EFF would do), but I think it should exist. The diagram was generated with graphviz, so it'd be easy to machine-generate based on raw data that's organized for that purpose. It would also be possible to generate an SVG and the links and nodes could be clickable, which could direct to a document proving the relationship. Those links would obviate any risk for libel as you're merely giving an abstraction to a publication. It could be autogenerated with a singled out ethical factor. E.g. user chooses a pull-down with "privacy issues, human rights issues, network neutrality issues, etc" and the infograph could be tailored to the selection.
wizzwizz4 commented 3 years ago
Collaborator

Who’s paying what cost for who? You’re missing context here.

Liberapay donees paying for hypothetical-Liberapay's dropping of the large-but-unethical payment processors. Now, if Liberapay provided the option for donees to disable certain less-than-ethical payment processors… but getting them off Cloudflare and AWS is probably a more urgent thing.

I hope you’re not saying popularity is cause for endorsement.

No, just saying it's cause for accepting a payment processor.

Only in the absence of a viable alternative.

True. Do you know of an awesome list of payment processors, like you had an awesome list of Liberapay-like services? (I know about GNU Taler.)

> Who’s paying what cost for who? You’re missing context here. Liberapay donees paying for hypothetical-Liberapay's dropping of the large-but-unethical payment processors. Now, if Liberapay provided the option for donees to disable certain less-than-ethical payment processors… but getting them off Cloudflare and AWS is probably a more urgent thing. > I hope you’re not saying popularity is cause for endorsement. No, just saying it's cause for accepting a payment processor. > Only in the absence of a viable alternative. True. Do you know of an awesome list of payment processors, like you had an awesome list of Liberapay-like services? (I know about [GNU Taler](https://taler.net/en/).)
xr_rider commented 3 years ago
Poster

Who’s paying what cost for who? You’re missing context here.

Liberapay donees paying for hypothetical-Liberapay's dropping of the large-but-unethical payment processors.

That's not a cost; it's a savings. All credit cards (amex, visa, m/c, discover, jbc, unionpay) charge transaction fees. The fees are hidden from the payer, giving the illusion of being cost-free. The fees are also unreasonably high (2% at the lowest; discover & amex are in the 3-5% range). And when Paypal is in that loop, an additional fee is taken.

Consumers usually don't care about the fees because someone else pays them. So your original comment "it’s pretty bold to expect somebody else to pay the cost" is the pot calling the kettle black. And worse, the kettle isn't even black in this case.

Unlike a point of sale transaction, donors don't want overhead. They care exceptionally because the whole point of donating is to benefit the beneficiary, not the payment processors in the middle. Checks and bank transfers minimize the overhead. Checks are mostly gratis in the US and SEPA transfers are mostly gratis in Europe.

Credit cards are prone to fraud and also come with other protections, so the fees must pad the anti-fraud cost and the cost of cc benefits, even though a donor doesn't need protections like extended warranty and being able to claw back the money with a chargeback.

Rebate credit cards (common in the US) inflict a higher credit card fee on the recipient in order to give miles or cashback to the payer. The merchant agreements with credit card companies all prohibit surcharging card payers to pass the fee back to the payer. So the pricing rules under the credit card contracts result in cash payers subsidizing the vacations of card users. When you make a credit card transaction, you ultimately push costs onto others.

Now, if Liberapay provided the option for donees to disable certain less-than-ethical payment processors…

Beneficiaries already have a choice when it comes to Paypal, AFAIK. If a donee doesn't provide paypal account details then it ceases to be an option to donors. It's my contention that it's unethical for LP to even so much as offer Paypal as an option to donees. Donees shouldn't even be asked for their Paypal account.

Regarding Amex, Visa, MC, I have no idea if donees can limit those options. Probably not. My problem is that they are options to begin with.

but getting them off Cloudflare and AWS is probably a more urgent thing.

Certainly those are the easiest problems to solve.

I hope you’re not saying popularity is cause for endorsement.

No, just saying it's cause for accepting a payment processor.

It's the wrong cause. It's a convenience-driven cause, not an ethics-driven cause. Prioiritizing convenience above ethics is the problem that leads to acceptance of Paypal, Amex, Visa, and MC.

> > Who’s paying what cost for who? You’re missing context here. > > Liberapay donees paying for hypothetical-Liberapay's dropping of the large-but-unethical payment processors. That's not a cost; it's a *savings*. All credit cards (amex, visa, m/c, discover, jbc, unionpay) charge transaction fees. The fees are hidden from the payer, giving the illusion of being cost-free. The fees are also unreasonably high (2% at the lowest; discover & amex are in the 3-5% range). And when Paypal is in that loop, an additional fee is taken. Consumers usually don't care about the fees because *someone else* pays them. So your original comment "*it’s pretty bold to expect somebody else to pay the cost*" is the pot calling the kettle black. And worse, the kettle isn't even black in this case. Unlike a point of sale transaction, donors don't want overhead. They care exceptionally because the whole point of donating is to benefit the beneficiary, not the payment processors in the middle. Checks and bank transfers *minimize* the overhead. Checks are mostly gratis in the US and SEPA transfers are mostly gratis in Europe. Credit cards are prone to fraud and also come with other protections, so the fees must pad the anti-fraud cost and the cost of cc benefits, even though a donor doesn't need protections like extended warranty and being able to claw back the money with a chargeback. Rebate credit cards (common in the US) inflict a higher credit card fee on the recipient in order to give miles or cashback to the payer. The merchant agreements with credit card companies all prohibit surcharging card payers to pass the fee back to the payer. So the pricing rules under the credit card contracts result in cash payers subsidizing the vacations of card users. When you make a credit card transaction, you ultimately push costs onto others. > Now, if Liberapay provided the option for donees to disable certain less-than-ethical payment processors… Beneficiaries already have a choice when it comes to Paypal, AFAIK. If a donee doesn't provide paypal account details then it ceases to be an option to donors. It's my contention that it's unethical for LP to even so much as offer Paypal as an option to donees. Donees shouldn't even be asked for their Paypal account. Regarding Amex, Visa, MC, I have no idea if donees can limit those options. Probably not. My problem is that they are options to begin with. > but getting them off Cloudflare and AWS is probably a more urgent thing. Certainly those are the easiest problems to solve. > > I hope you’re not saying popularity is cause for endorsement. > > No, just saying it's cause for accepting a payment processor. It's the wrong cause. It's a convenience-driven cause, not an ethics-driven cause. Prioiritizing convenience above ethics is the problem that leads to acceptance of Paypal, Amex, Visa, and MC.
👍 2
wizzwizz4 commented 3 years ago
Collaborator

I'm going to nick some of these arguments when convincing Liberapay to change the payment methods. 😉

I'm going to nick some of these arguments when convincing Liberapay to change the payment methods. 😉
👍 1
TheEvilSkeleton commented 3 years ago

As a side note, you guys might want to take a look at this issue: https://github.com/liberapay/liberapay.com/issues/1727

As a side note, you guys might want to take a look at this issue: https://github.com/liberapay/liberapay.com/issues/1727
👀 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
update-kdenlive-entry
develop
main
xmpp-changes
drone-include-submodules
issue-117-improve-mail-list
issue-25-branch-for-ci
issue-91-topic-lists
issue-50-improve-floss-article
language/german
language/french
Labels
Apply labels
Clear labels
bubbling under bug content dev-content discussion documentation duplicate enhancement feedback needed help wanted in progress infrastructure on hold translation wontfix
No Label bubbling under bug content dev-content discussion documentation duplicate enhancement feedback needed help wanted in progress infrastructure on hold translation wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
7 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: swiso/website#141
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(<nil>)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes