But at some point to interact with any kind of large company … You could also consider not interacting with large companies at all

Actually the large corps are more likely to hold the data in-house. Small companies cling to outsourcing. E.g. credit unions are the worst… outsource every service they offer to the same giant suppliers. Everyone thinks only a small company has the data (and consequently that the small dataset does not appeal to cyber criminals) but it’s actually worse because they outsource jobs even as small as printing bank statements to the same few giants most other credit unions use. Then they do the same for bill pay with another company. It’s getting hard to find a credit union that does not put Cloudflare in the loop. So in the end a dozen or so big corps have your data and it’s not even disclosed in the privacy statement.

Of course it depends on the nature of the business. A large grocery chain is more likely to make sure your offline store purchase history reaches Amazon and Google than a mom & pop grocer who doesn’t even have a loyalty program.

Whether businesses get copies of information is usually included in a site’s privacy policy,

I have never seen a privacy policy that lists partners and recipients apart from Paypal, who lists the 600+ corps they share data with for some reason. Apart from bizarre exceptions privacy policies are always too vague to be useful. Even in the GDPR region. If you read them you can often find text that does not even make sense for their business because they just copied someone else’s sufficiently vague policy to use as a template.

If you really want to limit your information exposure, you either have to audit everyone you do business with this way (because most large companies do this) or hire someone (or a service) to do it.

The breach happened in a country where companies are not required to respond to audits. No company wants any avg joe’s business badly enough to answer questions about data practices. In the EU, sure, data controllers are obligated to disclose the list of parties they share with (on request, not automatically). And even then, some still refuse. Then you file an article 77 complaint with the DPA where it just sits for years with no enforcement action.

My approach is a combination of avoiding business entirely, or supplying fake info, or less sensitive info (mailing address instead of residential, mission-specific email, phone number that just goes to a v/m or fax). This is where the battle needs to be fought – at data collection time. Countless banks needlessly demand residential address. That should be rejected by consumers. Data minimization is key.

In the case at hand, I’m leaning toward opting out of the class action lawsuit and suing them directly in small claims court. I can usually get better compensation that way.

I’ve been out of the loop on games for a while but ReactOS may be worth a look.

The 1st ½ of your comment sounds accurate. But…

And also in Foss there are highly opinionated software where the devs completely ignore users, ban them from GitHub when they post issues,

Right, but to be clear non-free s/w is worse - you can’t even reach the devs, generally, and there is no public bug tracker. FOSS is an improvement in this regard because at least there is a reasonable nuclear option (forking). The nuclear option for non-free software is writing it yourself from scratch.

That all sounds accurate enough to me… but thought I should comment on this:

However - in larger enterprises there’s so much more, you get the whole SDL maturity thing going - money is invested into raising the quality of the whole development lifecycle and you get things like code reviews, architects, product planning, external security testing etc. Things that cost time, money and resources.

It should be mentioned that many see testing as a cost, but in fact testing is a cost savings. In most situations, you only spend some money on testing in order to dodge a bigger cost: customers getting burnt in a costly way that backfires on the supplier. Apart from safety-critical products, this is the only business justification to test. Yet when budgets get tightened, one of the first cuts many companies make is testing – which is foolish assuming they are doing testing right (in a way that saves money by catching bugs early).

Since the common/general case with FOSS projects is there is no income that’s attached to a quality expectation (thus testing generates no cost savings) - the users are part of the QA process as free labor, in effect :)

Apparently I’m wrong about this… the preview is said to be created by the server:

https://links.hackliberty.org/comment/1068761

So does that mean jlai.lu is blocked by lecho.be? I figured it was more likely that lecho.be was blocking Tor, thus blocking my connection.

Indeed. And it’s a needlessly destructive form of sanitization. That is, sanitizing properly normally means replacing the special characters with an encoding to ensure literals render.

I think this is a regression. IIRC, there was a time when a removal only removed it from the timeline. You could still reach it via the modlog. IIRC. But those days are gone. It’s a shame because it’s important for the community to be able to evaluate the mod’s decision making.

I’ve even seen cases where an over-zealous mod gets embarrassed by the mod log and purges the mod log itself to remove traces of the censorship itself. I suppose that’s only possible if the mod is also an admin.

There are bug reports and then there is user support. There’s some confusion because I filed a bug report in a user support community (because there is no bug reporting community).

Indeed the user support solution is to either request that the admin to change the slur filter config, or change instances. But the purpose of the thread was to report a bug in an in-band way (without interacting with a Microsoft asset [#deleteGithub]).

I can see your point in many situations but when I say I am the one b*tching (myself… in the 1st person), in this context I am not saying I am acting badly myself. So the “women are bad” narrative doesn’t follow. In this case the word merely serves as a more expressive complaint.

If someone were to talk about someone else b*tching, it might well be what you’re saying, as they are complaining about someone else complaining & maybe they oppose that other person complaining or their aggressive style thereof.

Do you know what I should look for? Is it the version number? I recall Lemmy was forked to Lenny, but not sure how to recognize Lenny instances.

(btw, fwiw, I wouldn’t use sh.itjust.works because that’s even more nannied [by Cloudflare]).

I cannot imagine a hairless RMS. He should have insured his beard and hair, just like Tom Jones’ insured his chest hair for $6.8 million.