cross-posted from: https://sopuli.xyz/post/5888507

Cloudflare blocking medical information

I was having some medical problems involving increasing pain coupled with a somewhat terrifying symptom. I did a web search to work out what I might be dealing with & whether going to the ER was essential or whether it was just a matter of pain tolerance. I use Tor for everything – but especially for healthcare matters. It would be foolish to step outside of Tor and compromise sensitive medical data. Most of the search hits that looked useful were sites giving medical information from behind anti-tor firewalls, many of which are Cloudflare. My usual circumvention of using archive.org was broken. For some reason archive.org simply gives a “cannot connect” msg, lately. I get the impression archive.org has started blacklisting fingerprints of frequent users because changing browsers and window geometry often solves the problem.

I found one article saying the need for ER is really just a matter of pain but I would have liked to see more articles saying the same thing. During my search which was mostly thwarted by an enshitified tor-hostile web, the pain intensified to a point where I simply had to go to the ER.

Security nannying interferes with family comms

I’m only connected to my family over Wire & XMPP. The iPhone version of the xmpp app my family uses drops the ball on notifications, so #XMPP was effectively a black hole. (This is possibly a defect in the iPhone system and may not even be an app-specific issue… an honest bug regardless)

The #Wire app developers decided at some point that my AOS version was unacceptable so they coded a self-destruction mechanism in the app. The incompetence of their nannying manifested into a mostly broken app. If someone msgs me on Wire, the app shows just as much text of each msg that fits on the notifications screen in one line. Effectively, the first 5 or so words on inbound msgs and no way to see the whole msg and no way to send an outbound msg of any kind.

So I could not notify my family due to #securityNannying. There are often cases where a developer appoints themselves as an authority on security and decides for everyone (who they effectively perceive as children) whether the user’s unknown security model is compatible with the level of security the app gives. E.g. a typical manifestation of security nannying is when a project removes an encryption algorithm because they arbitrarily think it’s too old. Too weak for what use-case? They cannot know all the ways the tool is used. Sometimes the two endpoints are both on the LAN (or potentially over a sufficiently secure VPN tunnel), in which case app-level encryption is often not even needed. Yet a project will decide to nix an algo and two differing implementations lose interoperability. Why not have a popup warning and allow adults to make an adult decision as to whether the security circumstances are suitable for the situation?

Hospital staff insist on using Google

Anyway, in ER I’m asked for my email address by someone who handles finances. I supplied it without thinking (mind was elsewhere). When I got out of the hospital I did an MX lookup on her address before she could send a msg. Google! WTF… no, I do not consent to Google having a view of my health records. So before she sent anything I requested erasure of my email address and supplied my snail mail address (which she likely already had). She was supposed to followup with financial aid information. But she never did. I can only guess that her take was apparently that if I’m unwilling to make it easy on her by allowing her to use Gmail, then she’s not willing to cooperate on the financing situation.

Human rights

Healthcare and privacy (esp. privacy OF heath data) are both human rights. When we are forced to choose between two obviously human rights are not being protected.