ciferecaNinjo

ciferecaNinjo, 6 months ago

Not sure what Grafana is but I can’t even visit the site because they block Tor (403). Gotta love how easy it is to see-and-avoid some privacy-hostile venues. If you were using Tor you might not have wasted 1 minute with that site.

ciferecaNinjo, 6 months ago (edited 6 months ago)

Banks are gradually removing features from their websites in a progression toward complete elimination of the website. Some banks have already taken that step. They impose an app whilst also closing their over-the-counter service.

Unlike the US, 1-factor authentication by banks is illegal in Belgium. So for web access banks typically hand out devices for 2FA. Some banks avoid that cost by imposing a smartphone app in lieu of a card reader or RSA token (BYO smartphone).

There are many problems with bank apps in Belgium:

1. You must buy smartphone hardware (the apps detect when they are executed inside a virtual machine & deny service [tested with Ing’s app])
2. You must patronize a surveillance capitalist (create a Google or Apple account)
   2.1. You must subscribe to mobile phone service in order to satisfy Google’s unreasonable demand for a mobile phone number as a precondition to obtaining an account
   2.2. You must trust Google with your mobile phone number, IMEI number, and inventory of apps & versions you download (thus a reconnaissance risk)
   2.3. When Google records your place of banking, you must trust Google not to share that info (with debt collectors, for example)
3. All bank apps in Belgium are closed-source, so you must trust the apps not to carry spyware and to work in your interests
   3.1. The bank’s privacy policies are written to allow your realtime location to be tracked via the app.
4. You must chronically upgrade your hardware every few years because the bank apps are upgraded with reckless disregard to the lockstep-coupling of hardware to software on all phone platforms that are supported by Belgian banks. You cannot run a VM to prevent irresponsible electronic waste (see point 1)

The #GDPR possibly (and only symbolically¹) protects from some of that, such as Google sharing your place of banking with debt collectors. But the GDPR does not prevent criminal exfiltration of data that cavalier consumers trustingly agree to the collection of.

Footnotes:

1. I say “symbolically” because consumers only have two pathways for remedy under the GDPR: article 77 & direct lawsuit. Article 77 has no teeth. When the DPA ignores/mothballs an art.77 complaint, there is no mechanism for action against the DPA. So DPAs are largely neglecting to treat art.77 reports. That leaves direct lawsuits. The EU has decided that GDPR plaintiffs are not entitled to compensation for legal fees. So that kills that option. You can get a symbolic win in court but you still lose because lawsuits are costly and the damages you can prove are negligable. So the GDPR boils down to an honor system.

ciferecaNinjo, 6 months ago (edited 6 months ago)

No. There are a couple unpublished phone numbers but they’re a disaster. I’ve not encountered a Belgian bank that gives automated account info over the phone. Last time I called I think it was just a greeting saying “contact us through the app or email” or something like that, IIRC.

ciferecaNinjo, 6 months ago (edited 6 months ago)

It’s more about ethics than security. I’m an ethical consumer, which means I will not patronize unethical companies. Feeding data to Google is as good as feeding money to Google. Google is part of the fossil fuel industry (they are in partnership with Totaal oil and use AI to help Totaal find places to drill for oil). My objection to Google collecting data on me is less about cyberattack and more about not supporting a harmful force in the world.

I’m also ethically opposed closed-source software because I think it misplaces power. The worst kind of misplacement of power is to give it to tech giants who abuse their power and use it against consumers.

I’m also ethically opposed to software designs that make phones disposable and force the disposal of perfectly good hardware. I’ll buy a smartphone after that problem is fixed. #RightToRepair is still insufficient. There needs to be a rule that the moment a phone maker decides to stop supporting a device, they must do whatever necessary to ensure the platform (kernel + drivers + gui) are FOSS at that point of dropped support. I’ll wait for it. I can hold out as long as needed.

W.r.t. paranoia, street wise people and those with some infosec background always seem “paranoid” to normal people. And to us, normal people are cavalier because they needlessly share information without applying the rule of least privilege. Privilege should only be granted on an as-needed basis and that includes access to information. It’s unreasonable for banks to snoop on people arbitrarily without a warrant. It’s not just that the banks abuse the info, but the overcollection exposes everyone to exfiltration by criminals. That’s not fiction - it has happened. (Captial One via Amazon contractor, Equifax, several other banks including a bank breach I recently detected but have not reported yet). I have already been the victim of multiple data breaches even with some diligence to not be completely reckless.

Trusting banks with sensitive info is the least of the problems I describe & possibly not a show-stopper in itself. But taking everything together I remain baffled at the zombie masses endorsing & supporting all of it. A basic information security class should perhaps become part of the mandatory secondary school cirriculums at this point.

ciferecaNinjo, 6 months ago

You are not getting around the tracking. It’s never going to happen.

I do. I only access banks electronically if they accommodate Tor. The bank only gets to know my physical location when I do a transaction where that’s unavoidable. Even if I were to carry a mobile phone on standby wherever I go, the bank would get nothing from it if I don’t run their app.

ciferecaNinjo, 6 months ago

Dutch ATMs give a balance.

ciferecaNinjo, 6 months ago (edited 6 months ago)

I figured you were trolling but gave you the benefit of the doubt right up until you mentioned “all credit reporting agencies”, in Belgium. There are no credit bureaus in Belgium, only a central bank which (unlike US credit bureaus) is public sector and not interested in grabbing data for profit, or in obtaining any data it’s not legally required to obtain.

Nice try though.

But FYI, your assumption would be wrong even in the US as well. Request your credit report from whichever credit bureau you believe is buying location data from your mobile phone provider. Notice the realtime location data is not on that report. Then go to your local small claims court and spend ~$100 to open a lawsuit against them for $1k (+~100 in court costs). Bring to court proof that they acquired your realtime CDMA/GSM location data, a copy of your credit report showing it’s not there, and a copy of the federal law requiring that consumer credit reports are complete when sent to the subject of the report (yourself). It might be the easiest $1k you’ve earned. You don’t have to prove actual damages either because the statute specifies $1k per violation. If you can catch all three credit bureaus doing what you claim, that’s an easy $3k. You can even hit all 3 in one case. Good luck!

BTW, I don’t put much stock into what you’re saying at this point but I am curious about the claim that phone providers are sharing sensitive personal info with Visa and Mastercard. Cardholders are just a number to visa & mc. Visa & MC do not even typically know the names of card holders. Exceptionally, if you buy airfare using a credit card, then the airline reveals the name of the passenger to the credit card company. Though to store that name as the account holder is ad hoc because they would have to make the assumption that the passenger and the buyer are the same person.

ciferecaNinjo, 6 months ago

oh, that’s interesting. I wonder if card-issuing banks are blocking balance inquiries even if ATMs offer it. I don’t think I saw Ing ATMs in Netherlands, only the conglomerate they are partnered with (geldmaat). The Geldmaat ATMs print “credit limit” on the receipt.

ciferecaNinjo, 6 months ago (edited 6 months ago)

If you search, you’ll learn several privacy-abusing ways to do that via enshitified exclusive walled gardens which share the site you’re asking about with US tech giants and treat users of VPNs, Tor, and CGNAT with hostility.

• ❌https://downdetector.com/ ← avoid (Cloudflare)
• ❌https://downforeveryoneorjustme.com/ ← avoid (Cloudflare); I think #downforeveryoneorjustme was one of the 1st of this kind but then it got greedy and became exclusive
• 🤷https://www.isitdownrightnow.com/ ← meh (inclusive of everyone for the moment, but uses CF DNS so could spontaneously proxy through CF; broken on lynx because 1st party js req’d)
• ✓#downinspector ← decent, lesser of evils (CF-free & always inclusive of everyone, but does not work on lynx and requires JS; it pushes CF JS but still works if you only run 1st party js)

I only listed 2 bad ones (the 1st two) but when you search the first dozen results are shit. What could be more shitty than being directed to CAPTCHAs and other exclusive bullshit in the course of trying to troubleshoot a problem?

Also, the community we’re in here is “nostupidquestions”.

There’s also an onion one but I lost track of it.

ciferecaNinjo, 6 months ago

Was there any data loss? The comments tab of my profile only shows 11 comments which only go back 1 week (perhaps to around this “we’re back” thread). I should have much more than that.

ciferecaNinjo, 7 months ago (edited 7 months ago)

Is that link tor-hostile? I just get a blank page (which is expected since I have images disabled). But then I ran:
torsocks curl -I https://midwest.social/pictrs/image/4f02113b-f999-4992-bb9c-93ecc9470bd8.png
to get the image size, and got zero:

HTTP/2 405
server: nginx
date: Sun, 08 Oct 2023 12:43:23 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET
access-control-expose-headers: allow

ciferecaNinjo, 7 months ago

What happens if you use cURL? The link you just posted has the same problem for me (same host).

ciferecaNinjo, 7 months ago (edited 7 months ago)

all taxes on the rich are good. Controversial, I know.

I think what may be more controversial is who you are grouping in as “the rich”. Does home ownership put someone on the /rich/ side of the line?

People with more than $10k USD worth of non-USD in the bank must report the account. I would move that line at least to $100k if the idea is to not harass & intrude on non-rich people.

ciferecaNinjo, 7 months ago

Not sure where you are or what that amounts to but In the US I would consider double the median income middle class or upper middle class, still far from rich.

I think of “rich” as someone who can quit working right now and be able to live comfortably on their savings for the rest of their life. If they still need to work, that’s below the “rich” line.

I kinda like Chris Rock’s definition as well.. something like: “you can lose rich if you pick up a drug habit… but if you’re wealthy, you can’t lose wealth.. you can afford to do cocaine for the rest of your life if you’re wealthy”.

ciferecaNinjo, 7 months ago (edited 7 months ago)

I agree with your 1st paragraph. But IIUC the exit tax is not on wage income - it’s on their global wealth. I don’t see how the rich can escape that without cheating. But the problem is that non-rich middle class workers have homes and they’re being targeted.

It’s a tax on workers who don’t even live in the country.

Yeah indeed that’s the shame of the US tax policy. But to be clear that tax impacts citizens living abroad, not those who renounce. Renouncing actually escapes that.

ciferecaNinjo, 7 months ago (edited 7 months ago)

You seem unaware of the population of accidental Americans. When a Dutch couple gives birth on US soil before returning to Europe, that child automatically a birthright citizen of the US. They can grow up having never set foot in the US (apart from birth), and for the rest of their life they have a legal obligation to file US tax and declare to the US all their Dutch income & bank accounts even if they are below that $120,000 line. They also get targeted for discrimination along with all other Americans by banks who don’t accept Americans (even if they are also Dutch). They have to pay a US accountant upwards of $300/year for the rest of their life just to file that zero.

It’s also worth noting that an income of $120k goes much further in the US than it does in Europe (where they might be living).

So obviously a lot of accidental Americans have become motivated to renounce. But if they already own a home, you can see the problem. I would not say owning a home makes someone “rich”. They still need to work to eat and to maintain the home.

ciferecaNinjo, 7 months ago

If how I’m saying it doesn’t make sense, use the IRS website I’ve provided numerous times.

You cannot expect people to use the irs.gov website. That’s not open to the public. It’s exclusive. Try going there over tor - you will get a 403. Indeed it’s shitty that access to legal information is restricted. It should be open to all.

ciferecaNinjo, 7 months ago

It depends on where you are. If you live in Moscow or Geneva, that cut-off is still $120k USD worth of your local currency. That threshhold neglects the COL of where you are and also neglects the forex rate.

ciferecaNinjo, 7 months ago (edited 7 months ago)

It’s not just about money. It’s a labor burden and a privacy intrusion. And even if iceblade02 could renounce for free, they then must carry the renounciation cert for the rest of their life and show it to every bank they deal with and hope that no data entry errors trigger data oversharing anyway.

They must renounce to get their human rights back. Because without renouncing, they lose their human right to non-discriminatory treatment on the basis of national origin (article 1 of the Universal Declaration of Human Rights).

But back to money, that annual tax filing accidental Americans must file costs them $300+/year -- accountants do not work for free. It’s effectively a tax on the poor.

ciferecaNinjo, 7 months ago

You think Americans do t pay property tax?

That tax is irrelevant. That just muddies the waters to bring up property tax because every real estate property is subject to local property tax. It’s a wash. When you buy a house, you implicitly agree to property tax wherever that house is located.

ciferecaNinjo, 7 months ago (edited 7 months ago)

Those EU lobbyists have less capability. They cannot finance a campaign for a politician, can they?

The US has #CitizensUnited.

The US also has corporate lobbyists who use fraudulent techniques such as writing thousands of letters from fake people (they got caught doing this on the #netneutrality issue whereby Congress got thousands of letters appearing to be from individual human beings who all opposed network neutrality -- LOL). Are EU corporate lobbyists willing to partake in such blatant fraud?

Biggest lobby in the US → #NRA. The NRA owns about ½ the politicians. And since the NRA are right-wing extremists who work with #ALEC (right-wing lobby & bill mill), they push everything in favor of big corps and against human beings. They block progress.

ciferecaNinjo, 7 months ago

Indeed Europe makes a lot more progress from the point of view of human beings (as opposed to the point of view of corps). But it’s worth noting that Europe can’t actually make effective use of their legislation. No teeth.

Take the #GDPR for example. EU courts are weak, so when your GDPR rights are violated in Europe you have no recourse. You can file a complaint with the DPA under article 77, but the DPA just sits on these complaints because there is no law that forces DPAs to act on article 77 complaints. The GDPR says you can take direct action in court, but the Austrians have neutered that option. Someone sued a GDPR offender, an Austrian court sided with the victim, but then the victim was still forced to eat his own legal costs! That precedent-setting decision killed the only means for remedy.

A courtroom victory in Europe is purely symbolic. The winner still loses from a cost standpoint.

The US is much better w.r.t court actions. Court cases are cheap & easy to open. When you win, the loser pays the legal costs. it works really well. But the problem is there are no decent laws in the US to empower people to take legal action.

What we need is EU legislation with a US court system.

ciferecaNinjo, 7 months ago (edited 7 months ago)

I’m aware of enforcementtracker.com which is used to show that some cases are cherry picked for enforcement. 2000 cases is an embarrassment. I would love to see an “unenforcement·com” service where we can all publish our reports that get irrationally dismissed or mothballed. I’ve filed reports on dozens of #GDPR violations over the years and not a single act of enforcement resulted. One report was dismissed instantly by a 1st tier office worker on bogus rationale.

To worsen matters and exacerbate the problem, some member state’s DPAs operate in a non-transparent fashion so your report is concealed even from yourself and you get zero progress information or interaction. You only get notified in the end if an enforcement action was taken. They’ve never contacted me to provide more info on any of my reports either, which suggests no slight amount progress either.

How do Austrian court proceedings affect what is happening in other countries?
Afaik the only court that would directly affect the legal situation of other countries ist the ECJ.

That’s beyond me. I recall reading about that decision that came out of some high court in Austria and the report said that it set a precedence for the whole EU.

What I’ve seen in the US is that any lawyer can use any other case as a precedent for the court to consider even if the case happened in a different state, but there are varying degrees of utility. The lower the court, the less weight the result carries. And when a result from a different jurisdiction is used, it still has merit but less so than cases in the same jurisdiction.

I know in Europe it’s the same as far as highness of a court & proportional weight. The lowest of court decisions are used in aggregate. But I’m a bit fuzzy on crossing jurisdictional boundaries on EU-wide law.

Note that the GDPR has a specific consistency clause. Outcomes in different member states must be consistent for similar violations. Perhaps the Austrian decision is relevant EU-wide because of this consistency requirement.

ciferecaNinjo, 7 months ago (edited 7 months ago)

Nonsense. Of course it is. I’ve sued several corporations in the US. It’s trivially easy. Fill out a form, submit with $50—90 in fees, get those fees back when you win (and you win by default if the other party does not show up). I even sued a major bank for under $70 once. Won, got awarded court fees, and got paid. It was simple. It’s even standard on the court complaint form to ask for interest compensation for the duration of the dispute & that’s typically awarded as well. No case is too small or too big to get a remedy in the US. I’ve tested this in two different states.

Getting remedies like this is impossible in Europe. European courts are useless for any case under €10k. I’ve been ripped off by rogue contractors & others in amounts of ~€3k-7k. Had solid evidence but the court system is designed to penalize everyone involved. If you have a case worth less than €10k in Europe, your best move is to eat the loss and forget about court. Take it on the chin because you’ll lose even more if you chase it. Under €10k you can get what Europeans call a “cerimonial win”, where the judge says your right, but your costs still match or exceed the amount of the dispute.

There’s also an upper limit in Europe. Class action lawsuits→ non-existent.

I’ve been ripped off in both continents several times. In the US I always get a remedy via various different channels, some of which work before things even get to court. In Europe I always have to eat the loss. Exceptionally I had one court case in Europe, won, but still had to pay for my own registered letter expenses despite the fact that the wrongdoing by the other party was what forced me to send reg’d letters. Legal advisors told me even though the judge agreed with me in the verbal judgement, I would likely have to pay all the court costs when the written judgement arrives (as a winning defendant!). I got lucky and the plaintiff had to cover the court costs in my case. This is somewhat exceptional.

ciferecaNinjo, 7 months ago (edited 7 months ago)

So it doesn’t exist and you have no statistics to support your claim beyond personal anecdotes.

Trusting the accuracy of my experience is a problem for you, not me. I’ve seen the dysfunctionality many times over 1st hand & I’ve often heard other GDPR complainants say the same. I’ve been to privacy conferences where speakers talk about how their complaint citing many different violations would be acted on on the basis of just one of the violations. Someone from Noyb said a DPA cherry-picked 1 out of 6 or so violations and enforced it. But then the other violations simply got ignored. And their complaint about the ignored complaints was also ignored. I’ve seen the same, where the front desk gave a bogus rationale that (even if correct) could only possibly refute 1 out of my ~8 or so cited violations.

The problem is widespread enough that Digital Courage plans to ask the EU to write a new law that actually forces DPAs to enforce article 77. Watch for it.

Most EU countries have civil law so other courts decisions are not legally binding, only the word of the law is.

The word of law can be very ambiguous. Even in Europe. It still needs interpretation.

This is what happened when a data subject demanded that a data controller list who they share the data with. The letter of the GDPR law says they only have to mention categories of info that’s shared, not who it is shared with. So the data controller refused the request. That clause was recently (this year) “interpretted” such that data controllers actually do have to state who they share with (which contradicts the word of law). It’s a good outcome for consumers, but a contradiction that proves you cannot rely on the word of law in Europe.

It doesn’t seem to mention courts at all.

You can ask the source’s author (Noyb) directly yourself how an Austrian court decision had EU-wide impact.

ciferecaNinjo, 7 months ago (edited 7 months ago)

My European lifestyle differs from that of the US largely because of Europe’s lack of remedies for individuals who are damaged. In the US you can fearlessly enter contracts & loosely buy any product/service you want because consumer protections are far superiour for consumers who are willing to take action.

Europe’s style of consumer protection ignores the individual. If many consumers get burnt/scammed by the same supplier, regulators will take action on behalf of the people if there’s sufficient critical mass of people affected. And when a fine hits, the victims still get no compensation -- just satisfaction of knowing the baddy was corrected. More commonly you get burnt in a one-off transaction in which case you’re a neglegible case.

This means I’m incredibly cautious about who I do business with in Europe. I do not front money to contractors. If a deal seems too good to be true, I walk. When there is no confidence in consumer protection, fewer transactions happen. And now that I see how unenforced the GDPR is, I distrust data controllers with my data and often opt not to transact at all for that reason.

ciferecaNinjo, 7 months ago

Ah, that’s interesting. My cases were pro se so I had no lawyers fees. The costs of filing the court case and serving the defendant were always covered by the loser in my cases.

ciferecaNinjo, 7 months ago

We could all start using search engines that filter out the shitty websites. But then what’s left? Ombrelo¹ filters out the Cloudflare sites which only scratches the surface of web deshitification & results are often less than one screen. So in effect, you’re right. The free world is getting so small we might as well unplug.

1. http://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/

ciferecaNinjo, 7 months ago

Can’t read the article (Cloudflare blockade).

In principle there needs to be pushback on the power of defaults for sure. Yes, all the options are shit anyway, but that’s in part due to the #powerOfDefaults.

ciferecaNinjo, 7 months ago

I would hope it can be done without collateral damage. I spoof my own number (in fact as a self-defense maneuver) and wouldn’t want to lose that option. I subscribe to a voicemail-only number which I give to countless untrusted entities (e.g. banks). Then to make outbound calls to businesses, I use a numberless voip line that spoofs the voicemail number.

ciferecaNinjo, 8 months ago

Just curious- what exactly do you mean by that? Do you mean abandoning/trashing your google account, or do you mean also refusing to send email to gmail recipients?

Personally I’ve gone all the way. Ditching the Google acct was just the 1st step (which implies also ditching Google Playstore). Then I quit sending email to gmail & outlook recipients. Then I went further and do an MX lookup on all email addresses to verify whether a vanity address like [email protected] resolves to google. This has made #email mostly dead to me.

ciferecaNinjo, 8 months ago (edited 8 months ago)

I’m not even willing to visit shields·io¹ because it’s a Cloudflare site.

If so, it might be worth adding the badges to the sidebars.

I would oppose cluttering the sidebar with 100+ stats. Ideally there would be just 1 line:

subscribers: 310/30.6K (local/fed)

If someone wants subscribers per instance detail, that should require some deep clicking around or a dedicated site that keeps track of that.

BTW, #Lemmy has lemmyverse.net (though I think the subscriber counts are misleading there too). What does #Kbin have for finding communities… anyone know? #askFedi

footnotes:

1. note that I raised the dot (.) to (·) so as to discourage visits and so my msg does not add to the search engine rankings of a Cloudflare site.

ciferecaNinjo, 8 months ago

I’m a bit baffled that #Amazon would give up the opportunity to scan faces. If you have a married couple with joint card account, Amazon wouldn’t know which one of them made the purchase without cameras.

Doesn’t this also mean they need a human to monitor for people who don’t scan their payment card?

ciferecaNinjo, 8 months ago

Note as well sometimes these scanners miss things even when not abused. E.g. I checked out at a sporting goods store where you dump all your purchases in a box which is then scanned. Got home and noticed I was not charged for a bicycle lock. It had its packaging but I wonder if someone inadvertenly bent the rfid chip somehow.

We’ll probably see people walking around Amazon shops bending the rfIDs back and forth as they shop to see if they can kill the tag. Some thieves will probably carry around hole punchers as well.

ciferecaNinjo, 8 months ago

If we consider the sick amount of data harvesting Amazon does with cameras-- the fact that they even monitor the mood of Amazon drivers using cameras, it’s just hard to get my head around them giving that up with customers. You would expect cameras to have full coverage for theft and to monitor the mood of the shoppers. IIRC, Walmart had an initiative to monitor the moods of consumers as they looked at various products, signs, promos, etc.

I’m betting this idea blows over and in the end all Amazon shops will be fully video surveilled.

ciferecaNinjo, 8 months ago

I would love to know how much a security audit like that costs.

ciferecaNinjo, 8 months ago

It’s still irrelevant, no? I thought Bill Gates no longer had any role at Microsoft.

ciferecaNinjo, 8 months ago

Dirt on Microsoft

#Microsoft

ciferecaNinjo, 8 months ago

Bill Gates is throwing his resources into the #warOnCash (effectively, war on privacy) via his involvement with the betterthancashalliance.org scumbags.

I’ve heard all the charity expenditure is 100% tax avoidance strategy & not a dime more, unlike William Buffet who gets credit for donating more than tax optimums & also getting other billionaires to give more (just a rumor… that bit is beyond me).

ciferecaNinjo, 8 months ago

The Halloween papers

ciferecaNinjo, 8 months ago

https://fedia.io/m/[email protected]/t/305584/Leaked-Microsoft-documents-detail-an-employee-performance-review-system-where

ciferecaNinjo, 8 months ago

Indeed. What happened with cars in the US is an “arms race” on the road. Everyone wants to be in the bigger car so they just get bigger and bigger and reach a point where that e=mc² equation is pegged.

max selfishness → max energy

As expected, right-wing U.S. republicans disproportionately drive big cars. While liberals tend to favor small cars or bicycles.

ciferecaNinjo, 8 months ago

“The trend of “autobesity” is forcing car park providers to think of new ways to accommodate larger cars, such as introducing wider bays.”

That’s the most disgusting part of this. They are adapting the infrastructure to accommodate the child killers when the sensible approach is #fuckBigCars.

#fuckCars in general.

ciferecaNinjo, 9 months ago

It freezes but I guess I wouldn't expect pressure on the masonry because the chimny seems to be a cast iron tube so I would think the expansion would be forced to happen vertically.

ciferecaNinjo, 9 months ago

Are flues water-tight? When I would close the flue in other homes, I would typically hear the sound of metal hitting something hard, which somewhat implies they don’t have a rubber seal.

There are 3 tubes & none of them have caps, so apparently it’s deliberate. Most of the neighbors have no caps either and I think most fireplaces are blocked off in the region.