The #FSD purpose is to help people “find freedom-respecting programs”. Browsing the directory reveals copious freedom-disrespecting resources. For example:

FSF has no tags for these anti-features. It suggests a problem with integrity and credibility. People expect to be able to trust FSF as an org that prioritizes user freedom. Presenting this directory with unmarked freedom pitfalls sends the wrong message & risks compromising trust and transparency. Transparency is critical to the FOSS ideology. Why not clearly mark the freedom pitfalls?

UPDATE

The idea of having exclusive clubs with gatekeepers is inconsistent with FSF’s most basic principles, specifically:

  • All important site functionality that's enabled for use with that package works correctly (though it need not look as nice) in free browsers, including IceCat, without running any nonfree software sent by the site. (C0)
  • Does not discriminate against classes of users, or against any country. (C2)
  • Permits access via Tor (we consider this an important site function). (C3)

Failing any of those earns an “F” grade (Github & gitlab·com both fail).

If Cloudflare links in the #FSF FSD are replaced with archive.org mirrors, that avoids a bulk of the exclusivity. #InternetArchive’s #ALA membership automatically invokes the Library Bill of Rights (LBR), which includes:

  • V. A person’s right to use a library should not be denied or abridged because of origin, age, background, or views.
  • VI. Libraries which make exhibit spaces and meeting rooms available to the public they serve should make such facilities available on an equitable basis, regardless of the beliefs or affiliations of individuals or groups requesting their use.
  • VII. All people, regardless of origin, age, background, or views, possess a right to privacy and confidentiality in their library use. Libraries should advocate for, educate about, and protect people’s privacy, safeguarding all library use data, including personally identifiable information.

The LBR is consistent with FSF’s principles so this is a naturally fitting solution. The Universal Declaration of Human Rights is also noteworthy. Even if the FSD is technically not a public service, the public uses it and FSF is an IRS-qualified 501(c)(3) public charity, making it public enough to observe these UDHR clauses:

  • art.212. Everyone has the right of equal access to public service in his country.
  • art.271. Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.

These fundamental egalitarian principles & rights are a minimum low bar to set that cannot be construed as “unreasonable” or “purist” or “extremist”.

  • samwise@beehaw.org
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Many, many sites and services block Tor, and for good reason. It’s a massive attack vector. Yes, there are legit uses for it. But the legit users pale in comparison. If you run a financial institution, for example, or anything that houses sensitive personal information, are you willing to allow an entire threat model to attack, just to let the handful of legit users from that model? No. You wouldn’t.

    • debanqued@beehaw.orgOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Many, many sites and services block Tor

      30% at most. Cloudflare compromises ~20—30% of the web and non-CF tor blocking is almost insignificant (likely in the 5—10% of non-CF sites range).

      and for good reason

      Most of the above-mentioned CF portion blocks Tor out of naïvety. They’re just blindly running with the shitty CF defaults not knowing they can whitelist Tor. Most don’t even know they’re blocking Tor & many don’t even know what Tor is.

      But the legit users pale in comparison.

      Nonsense. Most Tor users are legit. You’ve apparently been reading Cloudflare’s propaganda where they claim irrationally Tor users are mostly bad actors. It’s a false claim.

      If you run a financial institution, for example, or anything that houses sensitive personal information, are you willing to allow an entire threat model to attack, just to let the handful of legit users from that model? No. You wouldn’t.

      I insist on using Tor to access my bank account. Banks admit in their ToS that they use customer’s IP address for the express purpose of tracking & logging their realtime location. Some banks are more competent than others. If a bank’s security relies on arbitrary pre-emptive blocking based IP reputation, their security is not up to scratch.

      Likewise, there are FOSS projects that also demonstrate ability to serve Tor users. This will stand out when anti-feature tags are applied.