43 comments

[ 2.6 ms ] story [ 89.5 ms ] thread
> In Germany we have learned our lesson, and we will fight for our privacy online on all ends.

Except dick jokes, of course.

I haven't been following German news, lately; what did I miss?
See https://news.ycombinator.com/item?id=10774152 for details and analysis.
>Cock.li was reportedly used last week to send a bogus bomb threat e-mail from "madbomber@cock.li" to several school districts nationwide, which led to the closure of all schools in the Los Angeles Unified School District.

I don't see what that has to do with dick-jokes being the reason

Concern over privacy, which has been severely compromised by the confiscation of ~65k users' data (including stored email) in an investigation into the actions of one, seems not particularly on offer in this case, where the only significant departure from the norm is that the service is named after a shameless dick joke.
Aaah, Germany - the leader of privacy across the globe, the country where you're legally required to give up all your personal information in order to call someone from a prepaid phone card you just bought for 5 euro. And where you're not allowed to open up your wifi hotspot because someone might download an mp3 with it.
> give up all your personal information in order to call someone from a prepaid phone card you just bought for 5 euro.

That is flat out untrue. I actually was surprised how easy it was to get prepaid SIM cards (just buy them at any shop/gas station, no info/ID required), load and use them however and whenever I want (also 15 Euros for 5GB 3G and works in USB data sticks, pretty nice).

Illegal to have open Wifi, that is true :-) (I think it's a 125 Euro fine)

Yea, this works. However, with some providers like Congstar you actually need to give all your details using online form before SIM gets activated.
> However, with some providers

slowmotion made assertions about germany's legal requirements, not the corporate policy of specific ISPs.

But...isn't that also helping with privacy? I think the difference is personal liberty versus privacy...
well no, having a closed wifi is for most people not going to help with privacy because that wifi traffic is all going through some big telecom that also has some good governmental connections. Now that the wifi is closed the company and whoever uses the company's data feels more secure in assuming that data was used by you.

An increase in the certainty of the data source is also damaging to privacy.

"15 Euros for 5GB 3G" can you please provide more details on this? Travelsim is 5gb but is like 40eur.
https://www.alditalk.de/surfen/

Aldi Talk. Coverage is good, speed is okay. 4G is supported in the main cities.

Delivery is only possible within Germany, but you can grab the SIM card at any Aldi for 12.99€ including 10€ credit. Top up with a 5€ voucher brought at Aldi (ask at the register).

Last time I used them, I had to register it. I did through phone with a fake address but they disabled the card some weeks later...
Most providers activate the cards and send out a welcome letter via snail mail. If it bounces, the card get's deactivated. Doubt there are any providers who allow fake details forever.
Check out the prepaid card from Ay Yildiz, which is operated by Eplus. 15 Euros per 5 GB and 10 Euros for any subsequent 5GB in the same 30 day period. The cheapest prepaid 3G I found :-). Worked without problems in a USB stick, 14/5 Mbps download/upload speed.
>(just buy them at any shop/gas station, no info/ID required

By law, they have to request your name, adress and DOB before you can activate the card (usually not done in store, but online at home). They don't need to validate them though (no ID required) and it's not illegal to make false statements :).

Huh, they didn't ask me for anything, I just bought the card and it worked as soon as I inserted it into the phone...
The shop might've activated the card with their details for you. There are also a lot of preactivated cards for sale on ebay. But some details were given to the provider, just not yours.
I'm guessing there's a few "Seymour Butts" living at the Prime Minister's residence.
> Illegal to have open Wifi, that is true :-) (I think it's a 125 Euro fine)

No, it is not illegal per se to have an open Wifi, but there is the dreaded paragraph of "Mitstörerhaftung" - that means in lots of cases if someone does something illegal over your open Wifi (say copyright violation), the person who runs the open Wifi will be liable for it.

Störerhaftung (§1004 BGB) does not make you liable; it only means that you can be sued for injunctive relief [1]. Of course, under Germany's "loser pays" rules this means that you can be responsible for the cost of the proceedings. More importantly, in certain situation courts may consider the fact that a tort was committed using your IP as prima facie evidence that you were responsible (this is rebuttable, but can be difficult to prove).

But in general, yes, it's purely a matter of civil law.

[1] http://www.gesetze-im-internet.de/englisch_bgb/englisch_bgb....

Thanks for the correction.
> That is flat out untrue. I actually was surprised how easy it was to get prepaid SIM cards

The service providers offering anonymous SIM cards operate mostly on o2/BASE network which have very scarce coverage, only some of them use Vodafone network (better coverage), and I'm not aware of any operating on TMobile network. If you want to buy a SIM card directly from network operator (o2, Vodafone, TMobile) prepare your passport/id and document confirming your address.

I'm really tired of this smug German "privacy is very important for us" bullshit - because no, it isn't.

"In Germany there is no law that could force us to submit to a gag order or to implement a backdoor."

meanwhile

"Cock.li e-mail server seized by German authorities, admin announces"

http://arstechnica.com/tech-policy/2015/12/cock-li-e-mail-se...

-edit- to: all

yes I realize seizure is not a gag order nor a backdoor. but the whole article spends thousand word praising how privacy is so much more safe in Germany and how all the other states surveillance operations are so bad , which was kinda ironic.

Yes - seizing isn't a gag order or a back door. It's worse, depending on how you run your stuff. He even mentioned logs... ouch.
> Yes - seizing isn't a gag order or a back door. It's worse

Or better. If your ISP's server have been seized, as a user there's a chance you're aware of it[0]. If your ISP is backdoored or they're subject to a gag order, that's not the case.

[0] and you probably have legal recourses or can appeal to your representatives

cock.li is not a German provider and states that it complies with US laws: "are there any conditions to having a cock.li address? no spam, no content illegal in usa, no getting me abuse complaints, no sending fake abuse complaints. I comply with all federal laws regarding online content hosting and will report any illegal activity to the relevant authorities (FBI, NCMEC, regional authorities)."
Seizure can be made public and email server provider take actions to protect against seizure. This is how it should work.

Ability to force gag order or implement a backdoor is really disgrace in democratic society.

>email server provider take actions to protect against seizure

And how might that be done. The obvious answer would be encrypt the hard drive but what's preventing law enforcement from doing a cold boot attack?

And, well, laws can be changed anyway.
(comment deleted)
> usually - vast majority of devices won't be rooted

Can you upload a new baseband if your device is rooted?

A moderately loose-fitting tinfoil hat would assume that a rooted phone connecting only via wifi would bypass any remote exploit opportunities afforded by the baseband+(gsm|cdma) radio.

But yes, a properly fitted hat would assume the entire device is unusable.

I agree, WiFi firmware is next up in the list of untrusted components.
cock.li is not a German provider and states that it complies with US laws: "are there any conditions to having a cock.li address? no spam, no content illegal in usa, no getting me abuse complaints, no sending fake abuse complaints. I comply with all federal laws regarding online content hosting and will report any illegal activity to the relevant authorities (FBI, NCMEC, regional authorities)."
> 1. Germany just yesterday put the lie to this blog posting by seizing the user data of an email provider pursuant to a crime targeted WELL outside of its borders.

You do realise that it's neither a gag order nor a backdoor right? A legal seizure is not something that's hidden from users of the service, and it's something which can be discussed and fought in the open.

I would not bet on German data privacy laws. Historically Germany was ok in that regard (not exceptional but I'd say squarely in the "one of the better places to keep your data" camp). However "Vorratsdatenspeicherung" was recently voted into action so ISPs have to keep personal information of their customers on file just in case some agency might need them. The law passed relatively smoothly and that's pretty much all you need to know about the general trend (less privacy, more state power).
As always in history it's about the question where do your rights get violated the least and Germany is among those places at the moment. Long time data retention is unfortunately very common in Europe.
> In Germany there is no law that could force us to submit to a gag order or to implement a backdoor.

Meanwhile, Germany's largest ISP (Deutsche Telekom) is handing over all data of its daughter companies in neighboring countries (in many of which Deutsche Telekom is in a monopoly position - handling most of the Internet traffic) to Germany's intelligence agencies and has supposedly been doing so for about a decade already.

Germany is doing a lot of the things its politicians have criticized the US for.