https://consumerrights.wiki/api.php?action=feedcontributions&feedformat=atom&user=MrClawConsumer Rights Wiki - User contributions [en]2026-04-29T03:54:14ZUser contributionsMediaWiki 1.44.0https://consumerrights.wiki/index.php?title=Cloudflare&diff=11979Cloudflare2025-03-18T18:39:05Z<p>MrClaw: Added password scanning incident</p>
<hr />
<div>{{Incomplete}}<br />
<br />
{{InfoboxCompany<br />
|Name=Cloudflare, Inc|Type=Public|Founded=2009|Industry=Web Services|Official Website=https://www.cloudflare.com/|Logo=Cloudflare Logo.svg}}<br />
<br />
[https://en.wikipedia.org/wiki/Cloudflare Cloudflare, Inc.] is an American company that offers a wide range of web services. Due to its widespread adoption, Cloudflare's services play a critical role in the modern web infrastructure.<br />
<br />
==Consumer impact summary==<br />
{{Placeholder box|Overview of concerns that arise from the company's conduct regarding (if applicable):<br />
* User Freedom<br />
* User Privacy<br />
* Business Model<br />
* Market Control}}<br />
<br />
==Anti-consumer practices==<br />
<br />
===Forced ID theft and face recognition<!-- NEEDS more refs covering this incident -->===<br />
A full day after the sale of domain names, Cloudflare sends the customer a demand to present an ID card and their face in an automated video call with the third party Stripe within 24 hours to be analyzed by a face recognition system, threatening to cancel the sale unless the customer fulfills this requirement that the customer was not informed about before the sale, thereby making the domain names available for squatters to grab. The customer can lose their domain names either by simply not checking their email for 24 hours, which is likely as the sale has already completed and the customer has no reason to check their email again, or by the customer not agreeing to the procedure, which the customer should not, as ID cards are not made for use online. The customer's bank already has a procedure for verifying online purchases by popping up the bank app that has already been verified by visiting the bank in person, showing an ID card to a real person and signing a paper by hand. Stripe could have done like everyone else and delegate the procedure to the bank instead of inventing their own.<br />
<br />
Cloudflare claims that any images used for verification will be deleted afterwards. This is an unverifiable claim. If Stripe for any reason does not delete the images, Stripe would surely not allow employees to disclose that this has happened. Deleting the images also makes the process ineffective, as anyone could present a fake ID card good enough to look real in the low quality of a web camera and then have the evidence deleted.<br />
<br />
In the case documented, the second response from “Trust & Safety” is an unhelpful repetition of the first response, coming near the end of the 24 hour window, ignoring any details added by the customer in response to the first one. It asks the customer to confirm that the customer prefers not to proceed with the verification so that steps can be taken, but time is already running out, and the account was suspended before “Trust & Safety” could respond. A month later, “Trust & Safety” has still not responded. The notice that the account was suspended states that the suspension does not impact, disable, or remove current services, contradicting the initial demand. In reality, the domain names belonging to the account were cancelled, and available for strangers to register with other registrars.<br />
<br />
<gallery><br />
Image:Cloudflare_email_1.png<br />
Image:Cloudflare_email_2.png<br />
Image:Cloudflare_email_3.png<br />
Image:Cloudflare_email_4.png<br />
</gallery><br />
<br />
=== Password scanning of website visitors ===<br />
From September to November 2024 Cloudflare was scanning the passwords users entered on websites without obtaining the users' consent<ref>https://blog.cloudflare.com/password-reuse-rampant-half-user-logins-compromised/</ref><br />
<br />
==References==<br />
<references /><br />
[[Category:Cloudflare]]</div>MrClawhttps://consumerrights.wiki/index.php?title=Entities_refusing_to_distribute_copyleft_licensed_software_under_license_terms&diff=6176Entities refusing to distribute copyleft licensed software under license terms2025-01-28T07:30:39Z<p>MrClaw: Added references, links and a list of closed-source phones</p>
<hr />
<div>{{StubNotice}}<br />
<br />
<br />
[[Xiaomi]]'s devices are running Android, which is built on top of the [https://kernel.org Linux kernel]. The Linux kernel is licensed under the [https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html GPLv2]<ref>https://github.com/torvalds/linux/blob/master/COPYING</ref>, which requires the source code of derivative works to be made available<ref>https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html (Clause 3a)</ref>. Xiaomi does release the kernel sources for a lot of their devices in their [https://github.com/MiCode/Xiaomi_Kernel_OpenSource GitHub repository], but not all.<br />
<br />
The kernel sources for some Xiaomi devices are unavailable, they include:<br />
<br />
* Redmi Note 13 4G/NFC<br />
* Redmi 13C 4G<br />
* Poco M5<br />
* TODO: add more items<br />
<br />
This, along with [[Xiaomi Phone unlock requirements and procedure]] prevents custom ROMs from being made for these devices. <br />
<br />
<references /></div>MrClawhttps://consumerrights.wiki/index.php?title=Entities_refusing_to_distribute_copyleft_licensed_software_under_license_terms&diff=6049Entities refusing to distribute copyleft licensed software under license terms2025-01-27T21:03:13Z<p>MrClaw: Created article</p>
<hr />
<div>{{StubNotice}}<br />
<br />
<br />
Xiaomi's devices are running Android, which is built on top of the Linux kernel. The Linux kernel is licensed under the GPLv2, which requires the source code of derivative works to be made available. Xiaomi does release the kernel sources for a lot of their devices, but not all.<br />
<br />
The kernel sources for some Xiaomi devices are unavailable, they include:<br />
<br />
TODO: add list<br />
<br />
This, along with [[Xiaomi Phone unlock requirements and procedure]] prevents custom ROMs from being made for these devices. <br />
<br />
TODO: add references and links</div>MrClawhttps://consumerrights.wiki/index.php?title=Xiaomi_Phone_unlock_requirements_and_procedure&diff=5762Xiaomi Phone unlock requirements and procedure2025-01-27T10:03:23Z<p>MrClaw: Added references and expanded the article a little</p>
<hr />
<div>{{Incomplete}}<br />
<br />
[[Xiaomi]] phones come with a bootloader that can be unlocked, but unlike the [https://source.android.com/docs/core/architecture/bootloader/locking_unlocking Android's default unlocking procedure], Xiaomi has the following requirements:<ref>https://new.c.mi.com/global/post/101245</ref><br />
<br />
*The user must create and link a Xiaomi account to their phone<br />
**This requires accepting the [https://static.account.xiaomi.com/html/agreement/user/global/en_US.html EULA] for creating an account<br />
***Stated directly in the EULA is the following<ref>https://static.account.xiaomi.com/html/agreement/user/global/en_US.html</ref><blockquote>6. Modification of this Agreement Xiaomi may need to revise this Agreement and various rules from time to time in accordance with the promulgation of laws and regulations, the development of the Internet, and the adjustment of the company's operating conditions and business strategies. We will notify you of the new agreement in an appropriate manner, and you may view the latest version of the terms of the agreement on the relevant service page. **Once the revised agreement and rules are announced, they will take effect immediately and become an integral part of this Agreement. If you do not agree to the modified terms, you shall immediately discontinue your use of our services.** Your continued access or use of our services shall be deemed as your acceptance of the modified agreement.</blockquote><br />
*The user must use the [https://en.miui.com/unlock/download_en.html official Mi Unlock app] (only available for [[Windows]])<br />
*For certain devices, Xiaomi requires users to attempt an unlock and wait a week before attempting again<ref>https://new.c.mi.com/global/post/101245</ref> <blockquote>Click on Unlock » Unlock anyway. On your first attempt, Mi Unlock will flash the message _Couldn’t unlock. Please unlock 168 hours later._ Follow the timer / waiting period to unlock successfully.</blockquote><br />
<references /><br />
[[Category:Xiaomi]]</div>MrClawhttps://consumerrights.wiki/index.php?title=FUTO&diff=5760FUTO2025-01-27T09:47:30Z<p>MrClaw: Added a paragraph about "open source"</p>
<hr />
<div>{{StubNotice}}{{InfoboxCompany<br />
| Name = FUTO<br />
| Type = Private<br />
| Founded = 2021<br />
| Industry = Technology<br />
| Official Website = https://www.futo.org/<br />
| Logo = Futo header logo.svg<br />
}}<br />
FUTO, founded in 2021 by [[Eron Wolf]], is an organization that develops applications and sponsors free software projects.<ref>https://futo.org/about/what-is-futo/</ref><ref>https://futo.org/grants/</ref> FUTO has enabled the development of notable apps, such as [[Immich]], FUTO Keyboard, and [[GrayJay]]. <br />
<br />
[https://keyboard.futo.org/ FUTO Keyboard] is a keyboard app for [[Android]]-based operating systems which offers many modern typing features like localized voice input, swipe typing, and autocorrect, while respecting the purchaser's rights.<br />
<br />
FUTO has been criticized for using their own definition of the term "open source"<ref>https://danb.me/blog/futo-open-source-definition/</ref> and claiming their applications are "open source", when their license does not meet the [https://opensource.org/osd OSI's definition of the term]. FUTO has since changed their wording.<ref>https://www.futo.org/about/futo-statement-on-opensource/</ref><br />
<br />
==References==<br />
{{reflist}}<br />
<br />
[[Category:Organizations]]</div>MrClaw