"In reality, the German government has a double standard when it comes to the right to privacy. They will fully support that right if it's company's violating your privacy (especially, if they are American because protectionism) but in contrast, the German will give itself as many powers as it can to spy on its own citizens and those abroad." This.
That's only double standards if one considers states and companies as being in the same position.
A state and a company have vastly different goals. A state should care for its citizens, this includes protections against threats to public safety (terror, organized crime) and surveillance is a tool in the box for that.
A company on the other hand, would have no issues fleecing people and abusing their power for profit if they only could. States are the entities actually powerful enough to keep companies in check and I'm pretty happy when they do that.
I admit that this is a, I guess, pretty european view of things (i.e. govs are good, since they keep greedy companies in check), while the american view might rather be that govs are bad because they get into the way of companies (which are considered good).
In many places in the world, the government is corrupt and there is no transparency.
I’d be surprised if people trust their governments in Poland, Bulgaria etc.
Government officials have more power to abuse people than companies. At least Germany has an established constitutional court that can still resist the politicians to some degree.
I think the american view is that governments are bad because they can be used to establish tyranny. Every citizen’s right to be judged by their own peers, their right to carry firearms and freedom of speech are the things that allow people to fight against corrupt governments.
This is my view being someone living in Turkey. I am even afraid of posting this comment.
Maybe this generation in Europe trusts their government and thinks that its good. But I bet people having experienced autocratic regimes can never trust their government.
> I’d be surprised if people trust their governments in Poland, Bulgaria etc.
> But I bet people having experienced autocratic regimes can never trust their government.
If there is a lack of trust within the Polish public toward the state, then it stems in large part from a history of oppressive foreign or foreign-controlled governments over the course of the last 200 years. Of course, prior to that, the Polish republican tradition generally took a somewhat skeptical view of government and government power, introducing a system of checks and balances that ultimately tipped in favor of the nobility via the Sejm. But recent attitudes are IMO influenced by a kind of habit of viewing government as a foreign intruder dominated by foreign interests (which, frankly, continues to this day in the form of competing German, American, and Russian influence often represented by competing parties). The end of the Cold War did not, of course, lead to the expulsion of the entrenched interests and power networks formed during the years of the Soviet-dominated People's Republic which also contributes to the antipathies Poles have toward government.
Rulings of the constitutional court have almost no real life consequences. If there is a negative ruling the parliament is given ample time before the unconstitutional law must be replaced. If there is any replacement within that time, the same law, formulated differently, is passed.
That's not true at all. The rulings of the German Constitutional Court are extremely important (at the very least compared to almost all other Constitutional Courts in the world) and have very real consequences. Just one example: The recent PSPP Judgement had the potential to end the Euro. It didn't but if the Court had ruled in a slightly different way (which would have been within it's Constitutional Powers) the Bundesbank wouldn't have followed the orders of the ECB anymore which would have had unbelievable consequences for the Eurozone.
The fact that the Court tries not to do something like that is because it is also a political actor searching for stability.
> The fact that the Court tries not to do something like that is because it is also a political actor searching for stability.
This sounds to me like someone saying that the Queen of England has the power to dissolve parliament - and just doesn't for political concerns. (Those political concerns being that if she ever exercises that power, it'll be removed)
At some point you have to recognize that if you can only use power in ways that don't interfere with another governmental body, that power might not really exist.
I can see where you're coming from but this analogy does not hold up. The German Constitutional Court (GCC) does exercise its powers, but it tries not to break anything, therefore it gives the responsible actors some time to change the law/their behavior. Maybe another example: The Court decided that the (specific calculation of the) German property tax was unconstitutional. But if they just declared the whole tax void, this would have been an enormous problem for the state financing. Therefore they decided that the Government had roughly one year to set up a new system that would follow the constitutional requirements as laid out by the Court. This is what the government has done and now the requirements are fulfilled.
> Rulings of the constitutional court have almost no real life consequences. If there is a negative ruling the parliament is given ample time before the unconstitutional law must be replaced. If there is any replacement within that time, the same law, formulated differently, is passed.
To say that the court does have power. But your example is an example of exactly what the OP was saying happens!
The process is long and yes, sometimes parliament iterates on laws to bring them into compliance with the constitution (and sometimes those changes get struck down again) but it's patently false to claim that the constitutional court doesn't have consequences. (real life is tough a claim to argue against - what is a real life consequence?)
Some consequential decision that come to my mind (without judging whether these were good or bad decision):
- they derived the right to privacy (Informationelle Selbstbestimmung) based on other rights. This is now firmly established in the judicial process.
- They struck down the law allowing the government to shoot down hijacked planes (no replacement)
- Secret paternity test are illegal and hold no value as evidence
- mass deployment of automatic number-plate recognition is illegal
- they set the barrier for voting machines so high it's de facto impossible to use them
- they've struck down the data mention laws multiple times since 2007. The government keeps trying but to this day there's no law in force
- struck down the law requiring a cross in every classroom
And these are just the bigger ones that made the press. There are a huge amount of cases that narrow down and define things like when apartments can be searched, when people can be wiretapped, what are the rights and responsilties of people living in a civil partnerships (before marriage for everyone was enacted), when and when not it's allowed to use the armed forces abroad and what restrictions on the right to assemble are allowed.
The reason you might have this impression are three-fold:
- sometimes a law that is unconstitutional can be made constitutional by adding some exceptions. For example a surveillance law might only be unconstitutional because it didn't have adequate measures to protect priests, therapists, lawyers and other professions with certain privileges. The law is then often revised and passes muster.
- some ruling a purely procedural. The decision itself is valid but either it didn't come to be in a valid way (e.g. proper parlimentary procedure wasn't maintained) or it exceeded authority (the government acted but it would have to be a law). These are often easily fixed by going through the process again or turning a decree into a law
- Lastly, the constitution might just be changed. The Constitutional Court doesn't have any higher authority than the parliament. If the parliament, following proper procedure, changes the constitution a lot of things are possible. This does require a big majority in both parliaments. Note there are some basic principles that can't be changed but they're quite limited.
It sounds different than something like the US, where if a law is unconstitutional it's struck down immediately (rather than giving time for the legislature to fix it), and the defendant acquitted (not sure what happens in germany).
> where if a law is unconstitutional it's struck down immediately
What? Cases take years or decades to make their way through the court system. You might be thinking of the fact that some laws get an injunction on their enforcement until they are ruled on, but that is not mandatory. More important, they are not struck down, only enjoined. And of course if the legislature changes the law, the case becomes moot by the time it reaches the court (this happens semi-regularly, where the court refuses to rule on the constitutionality of a law that is no longer on the books).
>What? Cases take years or decades to make their way through the court system. You might be thinking of the fact that some laws get an injunction on their enforcement until they are ruled on, but that is not mandatory.
It's implied that we're talking about what happens after it's decided. We obviously can't talk about the action of the court before it's been decided. What matters is what happens after a decision has been made. The grandparent comment gave me the impression that in germany, after a law has been found to be unconstitutional by the courts, it doesn't get struck down. Instead, it gets sent back to the legislature for revision, while remaining valid in the meantime.
>And of course if the legislature changes the law, the case becomes moot by the time it reaches the court (this happens semi-regularly, where the court refuses to rule on the constitutionality of a law that is no longer on the books).
I'm not sure what you're trying to say here. Is this supposed to be a flaw? What purpose does it serve to rule on laws that have already been revoked? To throw some shade on the legislative branch? To punish them somehow? Moreover, is this something that doesn't happen in germany?
I think I did not understand GGP the way you did, leading to me not making sense of your response. And of course it makes perfect sense not to rule on laws that have been repealed. :-)
It depends on the law. Often the law (usually just the specific provisions found unconstitutional) are immediately struck down. If there are wide decision to be made instead of the the status quo with the unconstitutional law, then the court will give parliament time to make the rules. This is currently the case with the election law where it's considered unconstitutional but there a multiple legal ways to design a legal one. The choice, how the law should look like, was passed back to parliament.
> Maybe this generation in Europe trusts their government and thinks that its good.
Which is strange, since there are people alive today who's relatives were executed in camps by the democratically elected government of Germany. People who think that democratic government is somehow a panacea against tyranny are constantly being proven wrong by history. The modern example is Venezuela and the fact that Maduro's predecessor, Chávez was elected by the majority of the population.
You can be certain that nobody in Germany has forgotten the Third Reich. The German constitution is a direct response to the experience of the collapse of the Weimar Republic and has been very carefully designed to avoid the same sorts of mistakes. There are consitutionally guaranteed, inviolable rights and principles that can never ever, legally, be changed ("Ewigkeitsklausel"). Nazi Germany can't ever happen again in any sort of legal way, nor whatever happened in Venezuela.
No system is flawless and if shit really hits the fan and somebody makes a coup, who knows what may happen, but the German system is probably the most stable in the world, so I think some amount of trust in it is not misplaced.
And the European, or at least Western European, perspective is that governments are elected and certainly more representative than any large companies that are incentivised only to maximise profit above everything, so having an oligopoly of companies dictating the rules of society is seen as a problem. This is a perspective I largely agree with.
(NB: I'm not saying you should fully trust the government, I certainly don't always do that, but I do trust that the system generally works to keep the government in check.)
It's complicated. I doubt that the right to bare firearms is effective deterrent against the abuse of power by the US federal government. It does enable use of force. I don't know any other country with the right to bare firearms protected by its constitution. Switzerland does have regulation in this regard.
You would think the Germans of all people would know better than to view the state with this kind of naivety.
I don’t think the state is dangerous because it gets in the way of profit (though it can do that) but because it can directly oppress its people in all kinds of violent ways. The mitigating factor is supposed to be that people can hold their government accountable, but allow the government to snoop on everyone’s private communications and they’ll take care of that.
I can't really bring myself to agree with this view of the world. To me it sounds like saying that parents are dangerous because they can mistreat children or that employers are dangerous because they can oppress employees.
Obviously those are true statements, but they are also horrible first approximations. Parents are supposed to be caregivers, employers are supposed to be source of opportunities, and governments are supposed to protect and safeguard the state and its people.
To me this looks like a self fulfilling prophecy, if you treat parents as primarily evil oppressors you are in part forcing them in that position, same with governments. Some parents and some governments are evil and should be treated as such, but having an a priori predisposition that they will become evil seems inefficient
Employers will be good to you if you have bargaining power, but employees who have none are often mistreated. That is why we need a competing source of power (the government!) to regulate employers. The government, like an employer, needs to be checked by something if it isn’t going to grow abusive.
Parents are somewhat different in that they tend to actually know and love their children. But even then we don’t give parents unchecked rights over their kids.
I completely agree, what I wanted to say is that in all those cases relationship work better when the basic nature of the connection is trust, not distrust. In a sense societies puts limitation on the power of governments/employers/parents so that they can be safely trusted even more (specifically so that those deserving of trust are allowed to have it), not because they are inherently untrustworthy.
>Parents are supposed to be caregivers, employers are supposed to be source of opportunities, and governments are supposed to protect and safeguard the state and its people.
This is a bizarrely naive worldview. In democratic countries the government's role is to implement a system of governance decided on by the people. The whole idea behind having a system of "checks and balances" is to prevent the government from unilaterally deciding what constitutes "safety and protection" and what measures it deems necessary to do so. Every despotic regime in history has claimed to be "protecting and safeguarding the state and its people" while stifling the freedom of its people. Ceding rights and freedoms to the government because you perceive them as benevolent overseers with pure motives is incredibly dangerous and absurd to anyone with any knowledge of history.
I never said this, what I said is that is that societal figures of power exist with a benevolent purpose and should not be perceived as evil.
The system of checks and balances on the power of the state can be seen in two lights: 1) as a way to prevent tyrannies from arising or 2) as a way to let the good actors freely act within well defined boundaries.
I simply believe the second point of view to be much more fruitful and stable.
There is a significant difference in the relationship between parent-to-child and The State-to-Citizen. Children mature and achieve autonomy from parental control and can escape violence if present.
When am I ever allowed my autonomy from The State? According to its laws I am always subject to its rule regardless of my vote, intentions, ethics, personal values, or will. My only defense is the system itself and I have been given good evidence to not trust its outcomes or intentions regardless of how it is advertised.
There are many different answer depending on the situation. For once you can leave the state. You can take a boat and live off fishing in the middle of the pacific ocean.
If what you are saying is that you want to secede your person from the state then you are as free from your state as other states are free from each other influences.
> My only defense is the system itself and I have been given good evidence to not trust its outcomes or intentions regardless of how it is advertised.
This is essentially the prisoner's dilemma; my philosophical stance is that the only way to improve the world is by mutual trust, even if that means being betrayed.
Yes, it's based on binary thinking. Can governments be trusted (yes/no)? But we can't correct for this by taking the opposite stance because that's also binary thinking.
We should be able to say that some institution are useful and necessary, and also that we need to guard against corruption and abuse, looking at the possible threats and how to mitigate them.
It also helps to make distinctions between different governments and different employers.
Here is the fundamental flaw with the parent analogy:
Both the government and the citizens are adults. Don't treat me like a child. Government is not supposed to keep us safe from ourselves but protect our god given freedoms.
In the US the government is of the people, by the people, for the people.
The other argument that people in government are smarter is laughable, at best.
Government is a necessary evil, but it needs to be limited.
Everything is a necessary evil, if you want to see it that way.
> Government is not supposed to keep us safe from ourselves but protect our god given freedoms.
A lot of the job of the state is to keep us safe from other individuals and other states. History proved that one of the best way to do that is to respect individual freedom in a very strong way.
Personally I am not convinced that personal freedom is an end to itself, I see it as the only stable principle that is able to fuel a civil and fair society. More freedom is good only insofar as it produces healthier societies.
I think we have quite different world views on this.
This is only a flaw insofar as the child-protective services are effective in detecting abuse and the state is a monolithic entity.
My point is that trying to guarantee recursive watchmen does not work. It almost invites looking at that structure as a puzzle to be solved, as a game to played.
A power balance based on mutual trust and mutual responsibility is more susceptible to individual overreach, but also more stable in identifying them.
No, we do not. Problem is we have a lot of people that are a bit too critical and think everyone is out there to get them. In a most reactionary manner to those, we now have large groups that want to strengthen the state. In some cases that is justified as states loose out against companies when it comes to influence. But certainly a bad idea if you want it to control information.
A stereotype is that there is no gray in Germany and I start to believe there is some truth to that.
> A company on the other hand, would have no issues fleecing people and abusing their power for profit if they only could.
Governments often abuse their power. They have absolutely no problem with that either. It's precisely because they do this that total population surveillance should be impossible rather than a standard government tool.
Abuse of surveillance powers could manifest in any number of ways. For example:
> Governments often abuse their power. They have absolutely no problem with that either.
The way I think about it is this. Governments and companies are both organizations made up of people. Governments have additional powers (for instance, military force, police power, etc.) over companies. The checks and balances for gov't abuse of power depend on the type i.e. representative democracy, republic, etc. And the checks and balances for company abuse of power are however the markets are configured.
There are different incentives at an organizational and people level both in gov't and companies. But in general, I tend to think its easier to prevent "company abuse" of power b/c ultimately they have to deliver a product which people can choose to buy or not - in this sense we all have a direct democracy with companies, unlike Gov't.
For instance, if I choose to not buy any more Google products, then however small and insignificant it may be Google is going to notice my change of preference on the bottom line of financial statements just as will the other company whom I deem better aligned to my preferences.
This type of direct control is currently not possible with governmental institutions unfortunately.
The difference is often referred to as 'voice vs. exit'. You have a 'voice' (your say/vote) with the government, but no right to 'exit'. In contrast, with a private party, you only have a right not to transact with them (exit), but no right to tell them what to do (voice).
Your desired scope of government usually reflects how much you believe in exit and voice. For practical purposes, this usually translates to how efficient you think competition is, and how effective you think democracy is.
> I admit that this is a, I guess, pretty european view of things (i.e. govs are good, since they keep greedy companies in check), while the american view might rather be that govs are bad because they get into the way of companies (which are considered good).
Here's another way of looking at it: Germany is adopting an incredibly hypocritical position on privacy. It's so hypocritical it's nearly identical to the American government's position that many here on HN rightly decry.
I don't think it is a fair point to say that the American view that govs are bad because they get into the way of companies.
The view is more along the lines of they are corruptible and frequently serve the interest of the business and political elite at the expense of the median citizen. Moreover, the government will use its power to thwart attempts at fixing the government. Therefore we should limit the power of the government.
I think we had enough evidence lately that the German government is corrupt and they all have their snouts in the trough, almost regardless of party. Talking about fleecing.
Corruption is relative. Something can be more corrupt than something else.
Saying whether something is corrupt isn't helpful because most things are corrupt to a certain extent.=
he's probably talking about the wirecard scandal, where the german SEC equivalent didn't bother investigating wirecard despite the warnings, and instead went after journalists and short sellers.
I think most Americans agree with a more middle of the road approach: that both companies and govt can be evil and shouldn't be given too much power. Most disagree on where the lines should be drawn with both entities, but the root contention is that power can corrupt anyone, from a profit-seeking CEO to a power-seeking politician, and so the leash on power should be short and the barriers around it should be tall.
The idea that Facebook and other companies have so much data is often a bi-partisan point of concern, likewise the dramatic govt surveillance power of the Patriot Act is a pretty bi-partisan concern on the civilian level (as opposed to politicians, who are inclined to tow institutional lines even in disagreement with the current constituent sentiment.
A state has coercive power over you, a company doesn't.
From my point of view, the government can do (and does) 100 more damage to me than any single company could do.
A company can sell my personal data if I'm not careful. The state can send me to jail for saying things they don't like or doing things they don't like, even when those things don't do any harm to other people (e.g. using LSD). The state also steals a big portion of people's money, usually for no good reason.
The problem starts if the state wants to save money and skills in intelligence to work around common challenges of anonymous services. The real criminals attacking the constitution often can invest time and money into unbreakable anonymization, such things mostly hinder easy access to privacy by the normal citizen like me.
The german government has really a long record of distrusting anonymization starting with ISDN mixes and denouncing their users. But also little things like one time credit cards seem to be restricted only because it would take an extra step to link the data in a real criminal case.
And regarding data protection: it was big on paper in germany for a long time but only because nearly nobody was actually sued. Now everyone shits their pants here about the GDPR because you at least there are fines ( the rules did not change much). At the same time even with the GDPR we only trusted other german corps with data as corrupt or leaky they may be and not other Europeans.
I agree with the OP that there are double standards here. But mostly it is just a history great theoretical ethics combined with technical incompetence and the deep national feeling of moral superiority...
When the government wants to charge you for the "non-tax" obligatory TV fee they get your data automatically from your local citizens' office. You cannot protect your data from that.
But when you want to claim unemployment, suddenly you need to physically pass printed pages of paper between different offices because they cannot exchange data due to data protection rules.
These sort of idiosyncrasies are a commonplace in the Federal Republic.
Of course, in a democratic country where the judicial system is separated from the legislative powers one should wait for the law (or the lawsuit) to know how it is enforced in reality.
>one should wait for the law (or the lawsuit) to know how it is enforced in reality.
Of course, as we discovered that the NSA was gamboling, if you're doing it in secret, and the secret that you're doing it is protected by law, then if you do something illegal, it won't be legal to take you to court...
This assumption (i. e. that everything bad is done anyway, only in secret) is a truism. People who buy into this sort of cynicism will rely on the non-existence of evidence as evidence of their theory of all-powerful government able to suppress all evidence.
The idea is also destructive for any effort to improve matters: if everything and everyone is corrupt, there's no point in trying to hold anyone to account. And if those in power continually get hit with the wildest accusations people can think of, they will at some point abandon the idea of trying to do a good job and/or being honest because there are no incentives whatsoever when the discourse is dominated by narratives that are no longer in any way tied to their actual behaviour.
Assumption? I was describing a historical anecdote.
>if everything and everyone is corrupt, there's no point in trying to hold anyone to account.
What's your plan for holding anyone to account without limiting secrecy? Seriously, there are zero ways to have accountability to the public without the public knowing what they're judging. The authority knowing the facts is the absolute most basic element of decision-making, and it precedes all other organizational or procedural designs.
>if those in power continually get hit with the wildest accusations people can think of,
No accusation was made. I am merely pointing out that there is no system of accountability. Zero accountability plus human nature plus power always leads to the same thing - and although we don't know the details, we can be sure there's some kind of mold growing under the counter so to speak.
Germany doesn't "give itself as many powers as it can". Just recently, the courts affirmed that even foreigners have a right to privacy that intelligence agencies have to respect.
Privacy regulation in Europe is the mot stringent anywhere, and contrary to popular myth it applies to governments just as it does to corporations and citizens.
Conservatives have been clamoring for metadata retention requirements afor communication companies for about a decade or so, but all of their ideas failed either in parliament or in the courts.
Video surveillance is illegal by default, and is only done in sensitive areas such as airports. Even as a private citizen, you can get fined for installing a camera that points at public spaces. Some landlord was even fined for installing a fake camera in the public staircase, because the possiblity of surveillance was considered harmful.
That is the definition of government, a power monopoly, to avoid chaos. To obtain legitimacy to exercise that monopoly, we vote every couple of years. To avoid abuse, we split the power in three independent parts: legislative, executive, and judicial.
Sure, relocate to Russia - you know, a country that doesn't even have free internet anymore and just like China pushes for totally state-controlled national network...
Yeah, right.
To point a finger at Germany while recommending Switzerland or Russia of all places as alternatives is just beyond retarded.
So there have been a few (two, apparently) raids/seizing of documents in past 15 years, so what? Why no mention of other illegal raids or seizing of documents?
Ah, right - bias. You know THESE raids were different, because they affected the radical left instead of kiddie porn, drug dealers, neo nazis, or religiously motivated terrorists.
So we now know were the author draws the line, since apparently it's more important WHO does the spying than that there's spying at all. And of course a country where illegal raids can actually be brought before a judge and ruled illegal are much worse than regimes that don't even give you the option...
I'm not a fan of the German government, but I'm even less a fan of political extremists with a "the enemy of my enemy is my friend"-attitude.
Can you please make your substantive points without ranting or calling names? We want curious conversation here, and those things destroy curiosity like firebombs on a city park. Especially when the topic is in charged territory as with national themes.
Well, most people these days cannot grasp what anonymity means. Anonymity doesn't exist, therefore you have to wear a mask to blend in.
I mean, TOR browser is great and all... But the traffic will be suspiciously obvious for outside actors that look for statistical behaviours before they take a deeper look.
I hear a lot of (even CS people) that say things like "oh it's encrypted via TOR so nobody can listen" ...which is just such a wrong statement and makes people careless about everything else, including starttls email and http requests by default with their web browser.
People assume they are safe, but nobody mentions how they should use their own biggest piece of spyware correctly: the web browser.
If ungoogled-chromium dies, there'll be pretty much no safe alternative available.
PS to avoid potential errands: And no, recommending Firefox is just as uninformed as recommending Switzerland. Use mitmproxy to verify.
From what I've heard, the Nordic countries like Netherlands, Norway, Finland, etc. and some Eastern European countries like Romania are people friendly (at least for now).
I quickly checked for the Netherlands and it seems there's no big practical difference.
The 2017 Act on Intelligence and Security Services allows Dutch intelligence and security services to tap into internet traffic without giving clear reasons or oversight.
Doesn't sound all that "people friendly" to me.
There's a difference between privacy laws concerning companies and public institutions (where the countries you mentioned score indeed very high) and access to internet traffic by certain government agencies.
The latter is legally possible (often without requiring strict legitimisation) in all of them. Officially there might be differences when it comes to legal requirements, but in practise government intelligence and security services have full access to internet traffic anyway.
Also, Netherlands is part of nine-eyes (and so are Denmark and Norway for that matter)
And it's not a Nordic country neither geographically nor in spirit. It has an economic system that's much closer than that of the UK and US than the Nordics.
Keep in mind that government IT jobs in Germany are almost comically underpaid. People competent enough to perform timing correlation attacks usually choose the >2x salary industry jobs. The running gag was that this is the greatest protection for citizens privacy.
Unfortunately, an unintended consequence is that the government looks to shady companies like Gamma to do its job. This leads to FinFisher, which is normally used by the most contemptible dictatorships against their dissidents, to be used against German law enforcement. It also creates incentives not to prosecute Gamma for helping to violate human rights all over the world by helping to throw bloggers into torture jails.
Against, or by? I'm not trying to nitpick, just make sense of this. You imply that the German government hired Gamma to gain access to FinFisher, and then talk about it being used against German law enforcement. This seems internally inconsistent.
I'd suspect a writing/editing mistake here. But nobody is spying on our law enforcement.
In fact, they seem to be so confident that anytime someone does look into their affairs for whatever reason, unconstitutional attitudes and practices just show up all over the place.
While I don't want to defend the german state, i think it should be mentioned that germany does have a pretty active pro-privacy movement. The chaos-computer club is big, with local chapters in nearly every city, very well connected and closely follows any movement from our government (and industry). While the german state itself may want as much control as possible, its attempts are always attacked by those groups.
These aren't attacks, just protests that are sometimes big enough to be mentioned in mainstream media to then be summarily dimissed by politicians, sometimes in very condescending tones or even derogatory language. The actual impact on the lawmaking process is negligible. Politicians have figured out that ignoring protests of privacy advocates is "safe", that is, it won't affect their reelection.
Suing against the legislation in the constitutional court is somewhat more effective, but it takes somewhere between 5 to 10 years to obtain a ruling againt a law that must be in effect before the process can even start.
If those attacks are completely negligable, was it the progressiveness and open mindedness of politicians that brought us to this point in history in terms of civil rights etc?
It was Hitler and Stalin. The Federal Republic of Germany was set up to have a constitution with very strong protections of individual freedom and democracy in response to the highjacking of the Weimar Republic constitution by the NSDAP. That state then evolved into a counterexample to German Democratic Republic while slowly gaining more and more independence from the Allied oversight that was put in place initially. There is a strong framework of rights and freedoms into the constitution as a legacy of these formation years. The main power that keeps that in place is the constitutional court with its long history of landmark decisions and a general tendency to overturn the steady trickle of new legislation that seeks to limit personal rights, mostly in the guise of better prosecution of crimes. For example, the right to control the use of one's own data is a result of ruling of that court. No lawmaker would have come up with that.
Best example IMO: for the last ~20 years, government after government has tried to push the essentially same data retention legislation. And everytime they do pass it, it gets shot down in a court. It's not even always the same people pushing it (although Merkel was chancellor for most of that time, but she never seemed to get involved directly, not her style) but at this point it's quite clear that "the government" simply wants these laws, constitutional or not.
Recommending to host an exit node in Switzerland in the context of TOR feels like reading an article of someone who thinks they are anonymous by using TOR.
Switzerland is even more privacy invasive than German laws, and that is the case since 2010 when automated connection tagging was introduced for VND and VÜPF.
There are no shades of grey here - state actors have access to every internet node, fibre optic cables, operating systems and hardware.
So unless you take your time to build your own CPU, main board and modem and only use our own private direct fibre connection, you're a potential target for being spied on.
It's as simple as that. You can make things harder by encrypting your traffic, but that's possible regardless of were your Tor relay is located at. And even then some crypto algos are known to have been deliberately weakened by intelligence agencies so you best be a crypto expert as well if you're really that paranoid.
The irony is that most (not all!) people who are ever so concerned about these things still use their smartphones (even though EVERY GSM/UMTS/4G protocol has been hacked at this point and is thus insecure), use cloud computing (either directly or indirectly via 3rd party services like Uber) and post on social networks.
The only computer that is safe from attacks is not connected to any network and only ever used in a windowless room surrounded by reinforced concrete walls.
The only information that is truly private is information you don't share in the first place.
You say "There are no shades of grey here" but then you contradict it by saying "You can make things harder by encrypting your traffic", so obviously you don't mean it.
By dismissing the imperfect possiblities of making yourself safer, you seem to be saying "there only needs to be one gunner to shoot you when you look out the window, so either you never leave your bunker or may as well live in a war zone", while dismissing those who ask "which country is the most peaceful and stable, so that I can settle there?".
People can be well aware of weak crypto, compromised CPUs, TEMPEST, Tor compromises, state actors and legal problems, and yet still choose which of those to defend against, and to what extent. In real life, people take tradeoffs, because it's almost never an all-or-nothing situation.
There is no place in the world that is both technologically capable of reliably hosting servers and at the same time inherently safer with regards to the privacy of your data than others.
If it's not the domestic government that will raid the server or monitor traffic, it's foreign actors or (in case of monitoring) the country that packets are routed through.
Yes, there are possibilities to make yourself safer, but they don't depend on where you place your data.
The question wasn't "can I be safer", the question was "is there a specific place that is safer" and the answer is no, for the reasons I gave.
That's not saying "encryption is useless anyway" or "you might as well give up" - no! I'm saying that if the privacy of your data depends on where your server is located, then you're doing it wrong.
I'm not sure I'm convinced that location doesn't matter at all. The attack routes are different between countries: local culture determines attack surface inside the company, local law determines attack surface due to the local government. There are probably more factors at play due to technical reasons, like the closeness to internet exchanges and the difficulty to sniff packets in secret by foreign spies.
Unless those are uniformly the same everywhere, I don't think your agrument holds.
> The only computer that is safe from attacks is not connected to any network and only ever used in a windowless room surrounded by reinforced concrete walls.
Perhaps such a computer is safe from the types of attacks you contemplate, but through-the-wall surveillance has been happening for decades.
You contradict yourself. If there are no shades of gray, why don't you post a link here to a website with cameras into your home, a direct link to a microphone you carry at all times, passwords to all your accounts and the public "View" link to a dropbox with all you data.
Because you know... Since there is no 100% privacy and safety, there is just none. So why even bother?
That's not at all what I'm saying. What I'm saying is that privacy and security don't depend on where your data is located.
The location of your server or whether third parties have access to that server one way or another should not be part of your security concept.
My point is that if you have end-to-end encryption and don't store or share unencrypted data in the first place, it doesn't matter where your server is.
There is no particular country in the world where you can place your Tor relay or your storage server and be safe against being spied on.
To use the obligatory car allegory since it's Germany we're talking about: an unlocked car with the keys in the ignition isn't any safer against theft if you park it next to a police station. On the other hand you can park a locked car with a live pitbull inside (in the shade!) pretty much anywhere in town and the risk of theft will be equally low.
>Switzerland is even more privacy invasive than German laws
Why even more? Germany also do's connection tagging, and additionally always thinks about to hold the transported data too (vorratsdatenspeicherung). The problem described here is that the possibility to have a entrance node and a exit node in Germany is really high, because Germany is the biggest provider in tor bandwidth.
Why all the hate for Germany specifically? Pretty much no gov out there likes TOR nodes. The fact that there are ton in Germany any seems like something that should be applauded
> The high number of high-speed relays and exits in Germany mean that it is not too uncommon to get both a German guard and exit. This gives the state an easier time if they want to target someone using traffic correlation attacks.
> That also does not take in account the planned German law that will allow authorities to redirect traffic to state-owned servers, to infect users with viruses/Trojans. This is especially a concern for third-world users of Tor who are going to mainly accessing non-HTTPS sites on a computer without the best security.
If your security legislation is often declared partly illegal by the Verfassungsgericht (latest [1]), you leave the impression of reaching too far by default.
If your courts do not declare (too far reaching) laws illegal, you leave the impression to have been right in your demands.
Is your argument that strict controls makes corruption appear more prevalent than it is in reality?
Here is a different way to think about it. You are a police officer and interrogate 100 honest people who never lie and 25 people confess their crimes and the rest are innocent. Then you interrogate 100 people who always lie (75 are innocent) and you can only prove 15 of them guilty. From the outside it looks like honest people have a higher chance to be criminals. Doing the right thing can destroy your reputation.
Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that."
My bad. I chose the wording I used over "Did you even read the article?" to be more polite, but perhaps I should have phrased it in a completely different way altogether. I'll keep it in mind I'm the future.
"Why all the hate for Germany specifically? Pretty much no gov out there likes TOR nodes."
It could be argued that the United States does like TOR nodes ... it was originally a US Navy research and development project and, then, in later years the US state department specifically called out TOR as a useful tool (during the "Arab Spring" protests, IIRC.)
I see that even now, in 2020, the US State Department is a financial backer of TOR.[1]
If I were running TOR nodes in the United States (as I have in the past) I would rely on that current funding as a positive defense against any legal claims against me.
(I would also not do anything stupid like run TOR nodes from my home Internet)
Germany is an interesting case for TOR. I did some statistical analysis on TOR data (they publish a lot of data) from around when Snowden made his revelations, and many countries saw increased TOR activity while German activity went down versus the trend. I don't remember the numbers off the top of my head (have them in a PDF somewhere) but my theory is that Germany doubted the security of TOR at that time. Maybe the intermittent crackdowns on TOR in Germany are based on a mistrust of the project's security/integrity, rather than simply an effort to keep internet traffic out in the open.
Are you certain that what you saw wasn't just the result of traffic being distributed between a higher number of exit nodes? Did the absolute number of available nodes in Germany change?
> The high number of high-speed relays and exits in Germany mean that it is not too uncommon to get both a German guard and exit. This gives the state an easier time if they want to target someone using traffic correlation attacks.
No, it doesn't. They'd need to control those computers, and they don't, do they? Because if they do, then "move your exit node somewhere else" won't help, because "you" are the state. And if they don't, no, I don't believe it's feasible for them to look at raw traffic (e.g. on the datacenter level) for two nodes in Germany and correlate individual data streams that may or may not be from one TOR connection.
> That also does not take in account the planned German law that will allow authorities to redirect traffic to state-owned servers, to infect users with viruses/Trojans.
They'd have to control the server though. They can't just decree that all TOR traffic must now be routed through their malicious endpoint. The laws are targeting ISPs and service providers and are for individual cases (i.e. "we know who's on the line") not for mass-infection, and will require a court order. They could do the individual surveillance with court order previously, what's new is that the provider can be forced to cooperate and proxy the traffic. It's still not applicable to TOR because it's not one large provider, and you can generally not say who's on the line.
> Now you know how the Germans hate privacy, you will almost certainly be asking about alternative locations.
I don't know where this guy comes from but this has to be the most sensationalist sentence in that blog post. It's on par with "non Americans hate freedom". If Germans hated privacy, why would they be the biggest bandwidth contributors to the TOR network?
Not sure the author was using all of his brain when he wrote that blog post.
Devils advocate: if you hate tor you should try to contribute to the network as much as possible. The more you control it, the more you can exploit it when vulnerabilities are found.
That's the equivalent of saying if you want Microsoft to fail, buy all their products in the hope that they get too big and inefficient and therefore fail.
Sure, more control helps, but you need quite a lot and it would be prohibitively expensive at the moment (and also noticeable).
It's not the German government though, it's individuals and private pro-privacy organizations that provide the nodes. Among them are some that the blog post mentioned because they were targeted by law enforcement.
When you use tor you are just another coward and a thief. Or a kiddo ashamed
that he is jerking off to porn. so relax no one cares what you say in politics until you overcome your limitations. this is the right label for tor users.
There are no freedom-fighting journalists in repressed countries using TOR.
There are only pornographers, BitTorrent users, crypto-haxxing "Z3r0cools" who use it to feel like they are doing something crypto-haxxy, and botnet command and controllers.
Countries in which TOR will be useful treat TOR users as de-facto criminals or block it altogether. Using TOR in a totalitarian state (and it is easily detectable) is worse than speaking out against the state.
Countries in which TOR is not needed are full of crypto-haxxing "Z3r0cools" who think they are actually helping someone by promoting TOR.
When you mention that TOR was an experiment-- one that failed-- to shield spies from foreign governments that crypto-haxxing Z3r0cools co-opted you get scorn.
When you point out that TOR fails in its primary purpose: non-attributable access to information or communications in totalitarian regimes you get scorn.
There is no space for criticism of TOR which makes it not a product or technology but a religion-like ideology.
> When you point out that TOR fails in its primary purpose:
non-attributable access to information or communications in totalitarian regimes you get scorn.
It's my understanding that the subjects of totalitarian regimes use software such as Ultrasurf [1], and not TOR. I agree that TOR is not very useful in practice, but it seems misleading to state that without mentioning the success of the alternatives.
