I'm frequently reminded how thankful I am to live in a country with a strong, positive international reputation. Even ignoring actual quality-of-life stuff associated with where I live - simply not being from a country with a "dodgy" reputation makes many things so much easier.
I don't have to think about blocked websites. Companies accept my payments. Couriers ship to me. With my passport, I walk straight to the front of the fast lane, past the large queue of people who didn't happen to be born somewhere rich, western and politically stable.
I don't take it for granted, and it makes me sad that this distinction exists.
For half my life I had an Egyptian passport, and for the other a German passport. Having experienced both sides, that bit of paper is without a doubt the most valuable thing I own.
It's hard to quantify the kinds of doors it has opened for me. I was able to get a scholarship to study in the UK that covered home/EU rates (a third of international rates, while I might not have been able to get even a student loan otherwise), get government funding for a PhD that would not have been accessible to me otherwise and other grants, travel to international conferences without thinking twice about visas (unlike many colleagues) meeting people that would impact my career and skipping all sorts of and barriers along the way, and never had to worry about deportation because of the EU settlement scheme, easily become a founder (no visa sponsorship needed), and so much more! Even travelling/business in the the middle East, being German rather than Egyptian is an entirely different life, one that my cousins cannot even begin to imagine.
There's a parallel universe where I'm stuck making ends meet in Cairo where I was born, dreaming of a brighter future, feeling all my potential fade away. I know because my immediate family is that version of me - no less talented or worthy of the opportunities I got because of my nationality!
I see the kind of freedom that I have because of that passport as one of the biggest modern injustices.
> I see the kind of freedom that I have because of that passport as one of the biggest modern injustices.
I think you're confusing a vague and abstract problem of "injustice" with a very concrete and real difference in ways different countries manage their public services and institutions.
You only listed personal benefits that a country like Germany provides to their citizens and the higher education institutions built up by the UK, and how it contrasts with the ones provided by Egypt.
Quite bluntly, this is a discussion over privileges. Not injustice, but privileges. I assure you that countless people from Germany, UK, the EU, or anywhere in the world, would desperately want to have access to the same opportunities. Depicting this as a matter of being granted a passport is at best survivorship bias, and at worse an affront to those who had it but still weren't lucky enough to benefit from the same opportunities.
I live in Russia and I've never experienced most of the things you're describing. And it's become so much worse after 24/02/2022. We even had Spotify for a year! It was starting to genuinely feel like a first-world country.
Now you have to open a bank account in a different country for foreign companies to consider taking your money at all. The internet is utterly broken. The government blocks quite a lot, AND some foreign services block Russian IPs from their side. I even made a thread about running into Cloudflare's "you're blocked" pages randomly throughout the web: https://mastodon.social/@grishka/111934602844613193
I’ve been noticing more and more US state and local government websites blocking traffic from outside the US. (And I’m not talking about traffic from North Korea, I’m talking about traffic from ANZUS/AUKUS/FVEY ally Australia.)
It seems stupid because just because someone is overseas doesn’t mean they can’t have valid business with a US state or local government. Maybe they are an American who is travelling and has to attend to some official business back home while they are away. Foreigners are allowed to purchase US real estate and incorporate companies in the US, which gives them heaps of legitimate reasons for interacting with local and state governments. In part due to these kinds of issues, many use some local agent in the US to handle government interactions for them, but a person can have valid reasons to engage directly.
Are there? I only someones stumble upon some medical website that redirects me to a "tracking free" empty static page[1] if I come from Europe and opt-out of cookies (which I always do anyway). Maybe we visit other parts of the internet, I don't read a lot of non-IT English things.
I have done that exact configuration for several of my clients who didn't realize any/much revenue in the EU. For them it was the obvious best move but I wish there was a better option.
It's more that you are on the right side in a unipolar world. When the world shifts to multipolarity in the next few years, the problem will solve itself.
I'm a globalist and all but when people say "multipolar" doesn't that usually mean "the USA shouldn't rule everyone, I want to also rule over some countries "
I doubt the "next few years", and if the world shifts to multipolar, it won't solve the problem, it will just move everyone to the "bad side" where frictions big and small abound.
This whole issue of blocking Iranian IPs and not allowing them to download Docker containers for ‘legal’ reasons is ridiculous. Additionally, trying to detect and ban VPNs used by Iranians, which will affect the next user of that IP, is equally absurd
1. avoid geoip blocks because geoip is inaccurate 2. When maintaining geoip don’t mark servers physically located in DE but used by a foreign company as located somewhere else because it will quickly go stale and misleading in the first place
This is not limited to Cloudflare. Google has the same issue and it turns out the IPs were being used by the Iranian hosting companies connected to internet surveillance but they keep moving around. So far we only observed this in Hetzner German DCs, which is consistent with the news about illicit activities by Iranian companies in Germany, two years ago during the last uprising against the Iranian government (the Woman, Life, Freedom movement)
Happened to use with GCP too. We had Oracle Cloud instances being flagged as from Iran and had to file forms with them to get them to not block the IPs.
it's pretty absurd that cloudflare can just effectively cripple a cloud provider by tagging part of their IPv4 range as Iranian and not fixing their issues in over a year (and AFIK have no intention to fix them at all)
like I wonder if Hetzner has any way to legally force them to stop misclassifying their IP
What's absurd to me is that Cloudflare gains more and more control over the internet, by people voluntarily submitting to its domination.
My favorite is trying to go someone's random blog with like 5 posts (because they have a singular post about the technical topic I'm trying to figure something out about) and I can't access the site because Cloudflare has decided my locked-down Firefox ("resist fingerprinting" + strict privacy mode etc.) running on OpenBSD is somehow malicious. So much for the open web. (nevermind the audacity that "we can't spy on you sufficiently" is enough to serve a 403 Forbidden response header)
It is extremely hard to stop DDOS attacks without CF; my hoster has DDOS protection, but when there was a very large attack on our site, only CF could remedy it, and did so immediately when we panicked-moved dns and switched on bot fight. Entire attack that my hoster couldn't stop was gone. How do you do this without CF if you are a small company?
I will describe what we do at IPinfo to avoid such a messup. First of all because we do active measurements and our data is usually less prone to errors like this and when it comes to IP location it is as good as it gets.
We have a support team active 247. Then is the issue of update rollout, when things goes wrong (rarely if ever) we can push data updates immediately. We work with our customers and users and try to push immediate fixes.
But the most important thing in my opinion we do is this comment itself. If things go wrong we will address it before you come to our support team.
Maybe this is more of a Europe vs. US observation than a programmer vs. lawyer observation, but I have indeed made the observation that US companies are often satisfied with "identity verification" that would absolutely not fly elsewhere. A PDF of a utility bill as "proof of residency", knowing somebody's SSN as "identity verification"...
Yes, they might be definitionally best practice and accordingly enough from a legal perspective, but I don't see them having any value in actually keeping out bad actors. A fence that surrounds 99% of your pasture indeed has no value if the wolves know where the 1% gap is.
It's not a falsehood though. IP address is a reasonably reliable means of geolocation. Lawyers tend to be more comfortable with gray areas than engineers. Intent counts for a lot in assessing legal compliance.
But it isn't a grey area: it simply doesn't work. It doesn't matter if it correctly identifies most people: it has to correctly identity most terrorists, and it simply doesn't do that, because if you are a terrorist you just keep rotating through IP addresses on cloud providers and VPNs until the entire service is burnt. It isn't that it sometimes doesn't work: it's that it doesn't work at all when it actually needs to work. We could argue that the services shouldn't let you do that in the first place, but the reality is that services currently do work like that, no one is trying to change that, and if they did try to change it we would all be even less happy with the resulting even-more-powerful surveillance state.
But I'm not a lawyer, and looking purely at the outcome of IP blocks (which is usually that regular people are inconvenienced, but the people such policies are actually designed to keep out just shrug and use a $5/month VPN), I can still say that it looks a bit silly.
IP addresses are great for identifying traffic patterns, figuring out where your audience is roughly located etc. as long as you don't use them to selectively block users – since then nobody has a real incentive to "cloak" theirs.
Once you start doing that, you've completely destroyed the measurement, and at the same time you're still not keeping out unintended users – because these will just use a VPN.
To go with an analogy: Imagine a bank enforcing embargo/sanction policies by just asking everyone at the entrance for their name but not checking their ID! You'd get a lot of personal data (since most people won't lie), yet you won't keep any sanction evaders out.
Readit News
I don't have to think about blocked websites. Companies accept my payments. Couriers ship to me. With my passport, I walk straight to the front of the fast lane, past the large queue of people who didn't happen to be born somewhere rich, western and politically stable.
I don't take it for granted, and it makes me sad that this distinction exists.
It's hard to quantify the kinds of doors it has opened for me. I was able to get a scholarship to study in the UK that covered home/EU rates (a third of international rates, while I might not have been able to get even a student loan otherwise), get government funding for a PhD that would not have been accessible to me otherwise and other grants, travel to international conferences without thinking twice about visas (unlike many colleagues) meeting people that would impact my career and skipping all sorts of and barriers along the way, and never had to worry about deportation because of the EU settlement scheme, easily become a founder (no visa sponsorship needed), and so much more! Even travelling/business in the the middle East, being German rather than Egyptian is an entirely different life, one that my cousins cannot even begin to imagine.
There's a parallel universe where I'm stuck making ends meet in Cairo where I was born, dreaming of a brighter future, feeling all my potential fade away. I know because my immediate family is that version of me - no less talented or worthy of the opportunities I got because of my nationality!
I see the kind of freedom that I have because of that passport as one of the biggest modern injustices.
I think you're confusing a vague and abstract problem of "injustice" with a very concrete and real difference in ways different countries manage their public services and institutions.
You only listed personal benefits that a country like Germany provides to their citizens and the higher education institutions built up by the UK, and how it contrasts with the ones provided by Egypt.
Quite bluntly, this is a discussion over privileges. Not injustice, but privileges. I assure you that countless people from Germany, UK, the EU, or anywhere in the world, would desperately want to have access to the same opportunities. Depicting this as a matter of being granted a passport is at best survivorship bias, and at worse an affront to those who had it but still weren't lucky enough to benefit from the same opportunities.
Now you have to open a bank account in a different country for foreign companies to consider taking your money at all. The internet is utterly broken. The government blocks quite a lot, AND some foreign services block Russian IPs from their side. I even made a thread about running into Cloudflare's "you're blocked" pages randomly throughout the web: https://mastodon.social/@grishka/111934602844613193
There are many, many american sites that just block the whole EU IP ranges becaus they don't want to deal with GDPR.
It seems stupid because just because someone is overseas doesn’t mean they can’t have valid business with a US state or local government. Maybe they are an American who is travelling and has to attend to some official business back home while they are away. Foreigners are allowed to purchase US real estate and incorporate companies in the US, which gives them heaps of legitimate reasons for interacting with local and state governments. In part due to these kinds of issues, many use some local agent in the US to handle government interactions for them, but a person can have valid reasons to engage directly.
[1]A big troll that I respect.
or cannot afford to. add in DSA and DMA as additional burdens.
I raised the linked issue internally with the team, and they have reason to suspect this has already been addressed.
That being said, if you (or anyone else here) are still seeing this issue occur, please raise a ticket with our support team (https://developers.cloudflare.com/support/contacting-cloudfl...) so we can investigate further.
Thanks :)
Dead Comment
And cloudflare uses it as well.
https://developers.cloudflare.com/network/ip-geolocation/
Deleted Comment
We also wrote about this https://blog.cloud66.com/hetzner-connectivity-issues-due-to-...
like I wonder if Hetzner has any way to legally force them to stop misclassifying their IP
My favorite is trying to go someone's random blog with like 5 posts (because they have a singular post about the technical topic I'm trying to figure something out about) and I can't access the site because Cloudflare has decided my locked-down Firefox ("resist fingerprinting" + strict privacy mode etc.) running on OpenBSD is somehow malicious. So much for the open web. (nevermind the audacity that "we can't spy on you sufficiently" is enough to serve a 403 Forbidden response header)
Deleted Comment
We have a support team active 247. Then is the issue of update rollout, when things goes wrong (rarely if ever) we can push data updates immediately. We work with our customers and users and try to push immediate fixes.
But the most important thing in my opinion we do is this comment itself. If things go wrong we will address it before you come to our support team.
Yes, they might be definitionally best practice and accordingly enough from a legal perspective, but I don't see them having any value in actually keeping out bad actors. A fence that surrounds 99% of your pasture indeed has no value if the wolves know where the 1% gap is.
But I'm not a lawyer, and looking purely at the outcome of IP blocks (which is usually that regular people are inconvenienced, but the people such policies are actually designed to keep out just shrug and use a $5/month VPN), I can still say that it looks a bit silly.
Once you start doing that, you've completely destroyed the measurement, and at the same time you're still not keeping out unintended users – because these will just use a VPN.
To go with an analogy: Imagine a bank enforcing embargo/sanction policies by just asking everyone at the entrance for their name but not checking their ID! You'd get a lot of personal data (since most people won't lie), yet you won't keep any sanction evaders out.