Companies now block older browser versions

Now? This has been happening since the dawn of the web. At least the screenshot you pasted represents all of the big three rendering engines - it used to be common to see “Internet Explorer version XYZ required”, sometimes with javascript to prevent you from using the site with any other browser (even if in some cases it would actually work fine if you simply spoofed your user agent string).

I have used kinda retro devices to surf the web at times

Most websites became HTTPS-only sometime after the snowden disclosures in 2013.

Over time old versions of TLS have been deprecated and eventually support for them is dropped from browsers and web servers alike. So, a browser from even 15 years ago literally cannot connect to most webservers today.

Planned obsolescence is terrible but it’s a minor factor here: it’s actually dangerous to use even (especially?) a slightly-out-of-date web browser because every new release fixes vulnerabilities which can be exploited to run malicious code on your computer. The planned obsolescence which prevents people from being able to have an up-to-date browser comes mostly from proprietary operating system vendors; to have up-to-date software while continuing to use somewhat older computers you need to use free/libre software.

The 2021 paper OSRM-CCTV: Open-source CCTV-aware routing and navigation system for privacy, anonymity and safety says they published source code at https://github.com/Fuziih but I don’t see it there now (though there is a related project called cctv-exposure).

The final published version of the paper seems to be paywalled; it’s probably on scihub but there is also a preprint of it here on arxiv.

https://github.com/FNBIP/ghost-route (just 3 commits, from February this year) says it is inspired by the paper and “extended to a production-grade multi-mode threat routing system”. It’s a node app you run locally (there doesn’t appear to be a public instance currently) which would be nice if it could work offline but unfortunately “Offline mode with pre-downloaded OSM tiles” is still on the roadmap and it currently lists “A Mapbox GL JS token (free tier works)” as a requirement (which is probably why there isn’t a public instance - someone would need to pay mapbox if they wanted to run it for other people).

I have not tried it; if anyone reading this has or does please post here about how it works!

The visual option is the normal reCAPTCHA (eg) and the audio option is the (quite difficult) thing they’ve been subjecting blind people to for years. Presumably they will keep offering desktop users these options (at least in many/most cases) for a long time still; this new phone-required extra-invasive CAPTCHA is just a hint of where they’re heading. (But already it is apparently actually required for Android users in some cases: https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users …)

Is this something that websites opt into and add to their own site?

Yes.

reCAPTCHA is google’s “anti-abuse” service which many websites use to prevent slightly increase the cost of operating automated crawlers (which somewhat ironically google operates one of the largest of itself, for their search engine).

Before neural networks could solve CAPTCHAs reliably, spammers were solving them with human labor; solving services like anti-captcha.com (intentionally not a clickable link…) today use a mixture of automated and human solvers.

In the future google is apparently building, solving services will need farms of able-to-run-a-recent-android-release mobile devices with some kind of trusted computing hardware, each one of which they’ll have to use sparingly enough to keep usage of its unique ID under some plausibly-human threshold.

And even if you do have a phone and are willing to identify yourself with it, if it is too old to run a recent enough Android you also will sometimes be denied services for being unable to pass a robots’ “human” test.

🤮

Any website using this will simply cease to exist in my eyes.

as i wrote in another recent thread on this topic:

for some reCaptcha-using websites there actually aren’t alternatives. eg many governments, healthcare providers, public utilities, etc are using it :(

I would guess not, given the other recent news about degoogled Android devices also being unable to pass reCAPTCHA.

i generally agree, although for some reCaptcha-using websites there actually aren’t alternatives. eg many governments, healthcare providers, public utilities, etc are using it :(

A Motorola phone soon shipping with GrapheneOS isn’t just a rumor but it doesn’t help with the problem of Google making their very popular robot detection service classify deGoogled Android users as non-human.

more info here: https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users

signal’s “sealed sender” feature has an incoherent threat model

Regarding TVs, WikiLeaks’ Vault 7 publication in 2017 included “Weeping Angel”, CIA malware for Samsung TVs which streams audio from them while they’re in “fake off” mode.

https://mashable.com/article/cia-samsung-tv-hack-weeping-angel

signal’s claimed inability to collect metadata being an obvious albeit elaborate lie is a strong indicator

Why do you think Proton stores the association between accounts and payment identity?

Many privacy-oriented companies actually accept credit card payments and simply don’t store that information.

article in case you can’t read it: https://lemmy.ml/post/44086795

that link only has two paragraphs of the article; there are 8 more in the full article here on archive.org

They may get off. But I highly doubt Kristy Noem and Stephen Miller will. Or even Greg Bovino. The people responsible for the policies that led to those murders will be held accountable.

Not sure if you’re doing a bit, but i’ll bite: Can you recall any historical examples of US public officials being held accountable for their obviously-criminal policy decisions? Eg, remind me who from the Bush administration went to prison due to the fact that they (as Obama put it) “tortured some folks”? And who from the Obama administration went to prison for any of their war crimes (eg)? What makes you think it will be different for people like Noem and Miller? 🤔

Why not just use proton?

A few of the many reasons not to use Proton:

• their e2ee is snakeoil (see my comment here about why - but tldr it requires completely trusting them and if you completely trust them you wouldn’t need e2ee, the point of e2ee is to avoid needing to trust the service provider)
• their server-side code is closed-source
• they’re a freemium service which can and does arbitrarily decide to start charging for previously-free features
• they’ve suspended a number of users who they should not have
• their CEO is a trump fanboy.

…

Its Swiss based.

You know who else was Swiss based? 🙄

Not sure about purism but I think its US so avoid it like a plague.

I don’t know enough about Purism to endorse them but afaict they don’t have any of the above problems.

Purism’s e2ee is PGP; you can use their service via their client software or whatever other client you want, and can communicate with people who are using different implementations with different mail providers. I don’t see any mention of them even offering webmail but I expect that if they do they would probably offer PGP there using a browser extension instead of having extremely-impractical-to-verify-before-running-it js code being sent anew from the server every time you load the page (which is how Proton’s webmail works, and also what they offer for non-Proton users to receive mail encrypted using their nonstandard encryption).

I’d rather have US legal jurisdiction and credible e2ee which doesn’t allow the operator to trivially circumvent it for targeted users than to have Swiss jurisdiction and snake oil.

what could go wrong

the fact that they know your plate number is different than knowing if you (or someone) queried a website about which police queried flock about it

reposting my comment from the thread yesterday:

reposting my comment in a thread last month about this:

in b4 haveibeenhaveibeenflocked.

they have a list of their current collection of 239 .csv files but sadly don’t appear to let you actually download them to query offline

they now have 519 sources, some of which are downloadable from muckrock but many aren’t.

i still don’t understand why this website isn’t open source and open data, and i strongly recommend thinking carefully about it (eg, thinking about if you’d mind if the existence of your query becomes known to police and/or the public) before deciding if you want to type a given plate number in to it.