92 comments

[ 2.5 ms ] story [ 166 ms ] thread
(comment deleted)
They've been lying and ripping off customers while obstructing the German internet infrastructure for profit since they've been privatized.

It's a very popular business model here, see DB.

> It's a very popular business model here, see DB.

DB is a bad example, fake-privatized and controlled by the government. It gets you the worst of both worlds.

Their lobbying and squeezing every single cent they could get out of legacy copper infrastructure which was too be replaced in the early eighties until today held back Germany's internet infrastructure and competition for decades.
DTAG and the Kohl government set our country's infrastructure back decades.
Don't forget the DTAG peering controversy.

I once worked for them, imagine my face when i had to call the internal IT to reset a password and ended up in a Callcenter in Bulgaria.

(comment deleted)
DB isn't a private company
GP did say that it got privatized, not that its a private company. Privatization has a range of meanings, which also include things that do not end up in a privately-owned company.
It is run as a private company despite being state owned. Some EU regulations require that all European train networks compete like commercial entities which ads limitations to financing the DB and creates a lot of bad incentives. Like letting infrastructure rot, because complete renewals and replacements are paid by the government while upkeep isn't.
Internet infrastructure is pretty dysfunctional in Germany. I lived in Germany for five years and the only alternative for Telekom’s mediocre VDSL infrastructure was UnityMedia’s almost equally bad connectivity. UnityMedia rarely delivered the promised bandwidth and would regularly have connectivity issues for hours. (And don’t get me started in DS-Lite.)

I was recently discussing the mediocre German internet infrastructure with a colleague and suggested that they’d probably be better off with 5G, only to find out that ‘unlimited’ 5G in Germany has insane prices (3-4 times that of neighboring countries)

This is true. I am from Germany, you are spot on in your observations. I live in the Netherlands now and the difference is mind-boggling. I have 1Gbit/s fiber (that actually delivers 1Gbit/s) and truly unlimited 5G (that is actually available in every corner of the country) for a combined 50 bucks or so.
Similar here in France, for around 50€/month i get 2Gbps down/~1Gbps up fiber, and 200GB of 5G (after that it downgrades to 4G which is unlimited). Plus TV and cheaper Netflix, one year of Disney+ free.
Don't forget the multi-month lead times to even get connected to the internet. I lived without the internet for 3 months when I first moved to Germany. I read over 30 books that year.
3 months certainly happens, and there are horror stories of it taking much longer, but the last two times I moved it was closer to one month. And by now some providers give you a free 4G connection to your WIFI router until you get connected, so at least they realized it's an issue worth competing over.
Just to have a dissenting voice, I’ve been with Kabel Deutschland, Vodafone nowadays, for years, and while I don’t have 1GBit/s, I get my 200 MBit/s without issues, and rarely have connectivity issues (maybe 1-2 hours every few months).

Both the new connection and when I last moved (2 years ago) did not take months, but 1-2 weeks instead.

Oh, and I’m not behind CGNAT, though I don’t have IPv6 either.

> I get my 200 MBit/s without issues, and rarely have connectivity issues (maybe 1-2 hours every few months).

This is not good for US standards, never mind European ones. It's been quite a few years since I had an hour long outage.

Being heavily into online gaming in the mid-2000's, I recall being baffled at how consistently bad connections almost all German players had. Their ping wouldn't be too bad, 30ish ms most of the time, but it almost invariably felt like they had 300+ ms ping.
Is there at some point a link to the claim that DT policies apply to their subsidiaries? I wouldn’t assume they do, but at least I’d like to read about that.

edit: Found it way down the page: https://www.telekom.com/resource/blob/323318/ce2bab699cb8cb2...

edit2: Fascinating, the term "independent stock corporation" seems to be exclusively used by German-speaking companies: https://duckduckgo.com/?q=%22independent+stock+corporation%2...

It doesn't support his case.

"Data collected in Europe shall be processed generally in accordance with the legal provisions of the country in which the data was collected, regardless of where the data is processed, but at the very least in accordance with the requirements of these Binding Corporate Rules Privacy."

His data wasn't collected in Europe.

" For Deutsche Telekom AG from July 01, 2014 in accordance with approval by the Board of Management on June 10, 2014. In the domestic Group companies, as per board approval or decision of the responsible board member."

Where's the board approval of the US board?

How about the GDPR?

" The whole point of the GDPR is to protect data belonging to EU citizens and residents. The law, therefore, applies to organizations that handle such data whether they are EU-based organizations or not, known as “extra-territorial effect.”" (gdpr.eu)

Is he an EU citizen?

> Is he an EU citizen?

Based on his biography (hasbrouck.org/bio/whoami.html) I believe he is an American citizen. I see records about him being born in the USA and nothing about any moves to a European country (other than his world travels for activism and other short-term purposes). If he were a European citizen, I'd expect his complaints to be directed at his local DPA rather than at DT/T-Mobile directly.

I'm no lawyer so I'm not sure how legally binding his communication with T-Mobile/DT about the exact use of his data really is.

I'm a citizen and resident of the USA. But I have travelled often in Germany, roaming on Deutshce Telekom cell towers using a cellphone with a T-Mobile USA SIM and a US phone number. DT has collected data about my roaming in Germany, and has transferred that data to T-Mobile USA for billing and other purposes. So some of the data about me held by T-Mobile USA, which T-Mobile USA has refused to allow me to see, was collected in Germany by Deutsche Telekom.
(I could be wrong but) GDPR does not grant rights to American tourists visiting Europe unless they are residing there (e.g. established residency, not just traveling through)
Probably also a distinction to make but T-Mobile USA's international roaming isn't meant for long-term usage and they'll terminate the account if more than half a year or so is outside the US.

I always thought of the cost implication for T-Mobile before this thread, not that they are probably more concerned with legal exposure of people changing residency and trying to remain as customers.

tldr; but is this an American complaining that a US-based company is collecting lots of data and does not want to tell him which exactly, so he starts pulling out the GDPR because the mother company is EU-based? That contains quite some irony.
Nah, it’s more that DT has a statement "Binding Corporate Rules Privacy" which could apply to T-Mobile US as it has language about subsidiaries.

And this is a user who specifically tries to choose EU companies for privacy reasons. So no irony either.

As a European person, I would support US people seeking to have something like the GDPR. I'd be very happy if the US adopted something like this.
I would _totally_ support that, too, yes. But that actual law in the US is just so far away from that, don't see how that would be possible.
I don't recognize any irony. It's just a observation that T-Mobile doesn't believe in German law. It's at least useful information for Germans, in case they're ever tempted to get rid of the laws and let T-Mobile "self-regulate."
It does believe in German law, but the author is neither German nor an European citizen, but a customer of a US company. GDPR does not apply to him.
This is a reminder that when you find yourself in abusive relationships with companies, and all of your options are:

- similarly abusive

- nationwide

- limited in number

- similar in price

You are almost always dealing with a case of government corruption. The high prices you pay for bad service are going to friends of the regulatory authority, just like a tax you never voted on.

You can see this in the US with retail banking, internet access, cell service, etc.

"We don’t care. We don’t have to. We’re the Phone Company."

(comment deleted)
No, you're dealing with an oligopoly. Sometimes it's a "natural" one, where the characteristics of the segment make competition hard or impossible (e.g. infrastructure, utilities due to capital costs and physical limitations involved) - in that case government regulation is mandatory to enforce some sort of decent consumer protections (like forced interoperability/mobility, limit abusive contracts, etc.). Sometimes it's regulatory capture (where regulations are so heavy very few competitors can afford to be present). Sometimes it's just the market that consolidates (e.g. multiple entertainment markets like video games, movie studios) even though they shouldn't be allowed to this point.

Government corruption is rarely the main, or even among the main causes of oligopolies (in developed countries, YMMV elsewhere).

What other thing do you think continuing lack of regulation or regulatory capture (which costs companies plenty to do) are the result of? That's what you're paying people for. That is the corruption.

You're saying that the flu is a result of sneezing.

For what it's worth, I think you are both right. It is an oligopoly and it is heavily colluding with governments. When I was in the wireless industry I saw multiple facets of this. We could do literally anything as we were beset-of-friends with many of the three letter agencies. We had unlimited lobbyists and could kick any law down the road. One prime example would be the hands-free law that was going into effect in the late 90's. We kicked that can far down the road because the phone tech just wasn't ready for it. We were also able to silence what today are called security researchers. I was also required to give agencies unfettered and un-logged access into the mainframes PBX telco switches that routed calls and controlled the cell sites.

We also had very little competition due to written and unwritten agreements that allowed us to focus on specific regions.

> Government corruption is rarely the main, or even among the main causes of oligopolies

I really think you're going to have to support this claim, because in my (admittedly US-centric) experience it is the only cause of them.

Sibling comment describing the US telco oligopoly talks about corrupt government behavior directly.

(comment deleted)
Flagged for vague title.

"T Mobile US refuses to apply GDPR".

Editorialising the title is against the guidelines.
And funnily the GDPR doesn't apply just because T-Mobile is owned by EU company. The person making queries must be in EU.
Not sure if you're saying that GDPR only applies if a person from EU files an information request or not. Anyway, here's the relevant article that states that GDPR applies if the Data Processor/Controller is based in the EU:

"This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not."

https://gdpr.eu/article-3-requirements-of-handling-personal-...

GDPR applies to EU citizens and residents only:

" The whole point of the GDPR is to protect data belonging to EU citizens and residents. The law, therefore, applies to organizations that handle such data whether they are EU-based organizations or not, known as “extra-territorial effect.”" (gdpr.eu)

Your quote verifies that the GDPR applies to the personal data of _all_ people, processed by organizations subject to the GDPR.
Deutsche Telekom is in the Union, so GDPR applies to its processing of personal data. Article 3 section 1 states "This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not".

I don't see anything in GDPR or the recitals that limits that only to their processing of data of people in the Union. The recital for Article 3 section 1, recital 22, says:

> Any processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union should be carried out in accordance with this Regulation, regardless of whether the processing itself takes place within the Union. Establishment implies the effective and real exercise of activity through stable arrangements. The legal form of such arrangements, whether through a branch or a subsidiary with a legal personality, is not the determining factor in that respect.

Note it says "Any processing".

If what is being done with his data counts as Deutsche Telekom processing the data, then GDPR will apply regardless of his citizenship or location.

Note also that recital 22 says that it woulds still apply even if Deutsche Telekom were doing the processing through a subsidiary and even if the processing were not taking place in the Union. But I think that is only relevant if the processing is being done for Deutsche Telekom or under their direction, which doesn't sound like it is the case here.

For controllers and processors not established in the Union (which is what I think T-Mobile would count as) is covered by Article 3 section 2. That one is limited to data subjects who are in the Union, and applies when either of the following conditions hold:

a. the processing activities are related to the offering of goods or services (including free goods and services) to data subjects in the Union, or

b. the processing activities are related to the monitoring of data subject behavior as far as their behavior takes place within the Union.

The first requires some level of targeting data subjects in the Union. The mere fact that someone in the EU can reach your website and buy your goods or services is not sufficient. The way the relevant recital puts it they need to envisage offering goods and services in the Union.

In summary then, GDPR can apply to the processing of data of data subjects outside the Union, but only in the context of the activities of a processor or controller established in the Union (even if the processor of controller is having an entity not established in the Union do the processing). I don't think that is the case here though, so I don't think he's got much of a GDPR argument.

My subject access request was not made pursuant to the GDPR. It was made pursuant to T-Mobile's contractually binding promises to act as a subsidiary of Deutsche Telekom, and DTAG's promises that all subsidiaries it is able to control would adopt and comply with its "binding corporate rules" on privacy.
Being a DTAG customer is not that great in Germany either.
You need to pick your poison though. I don't like defending them but unlike mnet and Vodafone they deliver a working product.
Ive very much been happy with O2 for the last three years. For mobile phone as well as DSL access.

For mobile they gave me a new 100% unlimited (data&speed) contract for 25€ a month. Cant really complain about that. For home internet its been rock-solid and I cant think of even one disconnection in the last years. Peering is better than Telekom as well.

Just step out of the city, and boom no mobile connection with O2.
I am out of the city.(close to Dutch border) O2 is best here. Even better than Telekom.

I do understand that its not universal.

But O2 is a pretty good alternative. Especially if I consider than I pay one third of the price that a similar contract would cost me with Telekom.

It's actually the opposite: go inside a city, boom, no mobile data.

Luckily, things have improved and network cells aren't overloaded all the time.

In the countryside, all networks are hit and miss.

I had mnet for a couple years and no problems whatsoever. They even had IPv6 much earlier than the competition. Also had Vodafone for a while and it was fine (but just as with DTAG one has to be lucky that the local segment is not overloaded).

However unlike mnet and Vodafone, DTAG never works, since they overload their peering links to other internet providers on purpose. This means that accessing any website or service that isn't explicitly paying DTAG to get unrestricted access to their customers, performs very poorly. See for example Youtube being barely usable in evenings for years. None of the other internet providers had that issue.

Regarding the second point: Back when they still owned T-Mobile NL, they tried to change over the routing for residential (fixed line) users to their own DE-CIX exchange in Germany. The outrage over their bad peering there was so big that it made the national evening news. Within 2 days they reverted to their previous peerings.
I think you mean they switched to using the DTAG network as upstream - essentially giving them the same treatment as their customers in Germany. And also disconnecting from local internet exchanges in the process. DE-CIX is an internet exchange that is unrelated to DTAG (DTAG do have a port on DE-CIX, which they mostly use to sell some services across it I would guess, but not for settlement-free peering like mostly everyone else). As

Sadly people in Germany will just blame the site being bad/slow, instead of having a closer look at their internet provider.

> I think you mean they switched to using the DTAG network as upstream - essentially giving them the same treatment as their customers in Germany. And also disconnecting from local internet exchanges in the process.

Yes, this is what I was trying to say. It's a while ago, so perhaps I remembered the details incorrectly.

I guess we all have a line we draw where we do the right thing on this side and "I want a hassle free life" on the other, and my line is having a stable internet connection at home. Everything I've experienced in ~20 years of Telekom pales in comparison to everything else I tried.
That they deserve some good legal troubles for their behavior is another discussion entirely (Swisscom, which was doing the same thing as DTAG and running a collab with DTAG for a while, actually lost a few court cases over things like that).

However that's not my point. My point is that the service DTAG offers is just inferior and people that were never exposed to something better (be it never tried or just got unlucky with the alternatives when they tried), just stick with it. I would never get internet from them in Germany simply because I value having good internet connectivity (not just germany-net) and want data to flow a little bit faster than during the isdn-dialup days. The mafia-like behavior (of requiring payment from hosting providers to get usable connectivity to their customers) is just the cherry on top.

The three worst (large) companies in Germany:

1. Deutsche Bahn (former state railroad)

2. Deutsche Telekom (former state telecom)

3. Deutsche Post (former state postal service)

What a coincidence.

Im going to disagree quite a lot.

Deutsche Bank is massively worse than any of them for society and to most customers. Vonovia is a stain on society. No doubt there are many many worse companies for various reasons than the three you listed.

Deutsche Bahn is inefficient. But I have no idea why you consider them all that terrible. Deutsche Post isnt even all that bad. Theyre one of the best companies in the public package delivery space.

I'm no longer a Deutsche Bank customer as they were so bad, so I don't know ;-)

DHL is bad because they underpay their employees so in a large city, employees will dump their packages at the first door, very annoying if you life in a large house with many flats, you have to search for the person who took the parcel - even if you're there they will not ring the bell, just dump everything.

Deutsche Post next to me you usually wait 30+ minutes in a long line (dozens of people) with the unfriendliest employees possible, it has a 1.9 (!) rating on Google.

(I have no car) Deutsche Bahn is incompetent, trains cancelled, too late, wrong car order, non working climate control, 1st class car missing, restaurant closed and much much more.

Deutsche Telekom wouldn't activate fiber for nearly a year although everything was build and finished. Computer said no, no one wanted to come and see that everything is ready (they installed everything) because the computer was in an inconsistent state (20+ calls plus a lot of escalation worked after nearly a year of me paying 99EUR/month 5G for my remote work).

> DHL is bad because they underpay their employees so in a large city

The others pay worse, then. DHL has by far the best delivery for me, closely followed by Amazon, then it’s UPS (though they are used so rarely, my samplesize is tiny), and finally DPD and GLS. Oh, and of course there is "roll the dice delivery" aka Hermes.

Oh don't get me started with Amazon, they want to deliver 20:00 to a business address.
Not an issue for me, for home deliveries they are (mostly) great for me.
I don't know how Deutsche Post ended up on this list, I've rarely had issues with them, certainly much less than with any of the private delivery services (Hermes and DPD are absolutely terrible).

When complaining about the quality of the "former state railroad", the emphasis is on "former". The Deutsche Bahn offered much better services, more efficiently and at higher reliability, when it was still state-operated.

Telekom has always been bad, of course. To be fair, some of it is due to bad regulation, but they also just seem shockingly mismanaged.

I think its not a coincidence, but rather they are/were all monopolies. Yes, technically there are minor competitors, but except for Deutsche Telekom, there is no serious competition. And Deutsche Telekom seriously exploits their copper network that was handed them for free with taxpayer money.
Deutsche Post isn't great, but in the consumer space they are vastly better than any of their competitors, both for the sender and the receiver. Compared to their competition they are a clear success story.
Here DPD is best, they give you a 2h slot several days ahead and then a 1h slot on the day of delivery.
> Here DPD is best, they give you a 2h slot several days ahead and then a 1h slot on the day of delivery.

This must be a joke! DPD (DPDgroup, or whatever) is borderline incompetent.

I'm on vacation, and I needed a laptop. It was shipped from Germany ... after sitting somewhere for days. Then no information for 4 days on their tracking site. Then more information but I never had even an approximate day they would attempt delivery (let alone a 2h slot).

Said laptop is now returning to Germany, because DPD couldn't be assed to inform me they had a local partner in the country I'm visiting, or collection points, and because their local partner (owned by DPD, so corporate separation is no excuse) didn't feel like attempting delivery more than once.

It's not like they couldn't contact me: they had my email + phone + cellphone. They just didn't try (no, there's no mail in the spam folder).

I left them message on their website multiple time - it never had any effect on the "ballad of the laptop".

I've heard it from other people before, but now that I've seen it myself, DPDgroup is so utterly efficient that in comparison even USPS is a paragon of virtue at every level.

immigrant to Germany here. Can you help me understand what's so bad about the deutsche bahn? I've heard transport infrastructure experts refer to the rail infrastructure here as competitive to Japan's, i.e. one of the best in the world. I have to say that's my experience too, despite some irregularities in service.

also deutsche post... what's so bad about it?

It's a shit experience travelling with them. Most trains don't have wifi and the reception cuts off all the time. Also many of trains are late, way more than the few competitors like Nordwest Bahn (run by a French company).

And lastly, it's way, way, way too expensive. They are seriously charging 100 € for a 2 hour trip through one state when you don't book weeks in avance.

Well when I was in Japan, all trains were on time, all trains clean, all trains arrived in the correct order, all employees friendly and competent.

I'm using Deutsche Bahn for 45+ years now. Before privatization trains were on time but employees thought they are managing a prision. Since privatization there are always problems. Late (they say 5min which means 10, they say 10 which means 15, they say 15 which means 30, they say 30 - it will never arrive). Trains are dirty, lots of ICE trains are old, you're very lucky when you get a new gen 4 train. Two weeks ago they had to vacate a railway car because the air conditioning broke down - everyone had to go to another railway car in an already full train. Which was a replacement ICE, because the the train I had a reservation for was cancelled. I was very lucky to be able to make another reservation in the next train, which was very full because of the cancelled train, and people were angry because they couldn't sit although they had paid for a reservation.

And they own the tracks so do everything to kneecap the competition. Some competitors that exist are much much better (e.g. ODEG).

The also had a legal monopoly on bus travel in Germany (fell after 70 years). And did everything bus travel was as unattractive as possible so people would use trains.

They have an app where you can check in. But only if you're going alone, if you travelling as a couple, you can't check in. We tried the app for some time and thought it was an UI problem or our stupidity, when a Deutsche Bahn employee confirmed that it's not possible to check in with two people sharing a ticket in one app. You need to buy two tickets - beware if you travel with two persons. As we say in Germany, #neuland.

You can say the same here in the UK about the same ex-state rail/mail/telecom and I assume basically. How to actually handle natural monopolies is an open/unsolved issue in the west I think.
I doubt that any company can provide GDPR like data protection in the US to US citizens if it's not provided by US law.

They must comply to US law no matter if they are a subsidiary or not.

It's pretty naive to think otherwise

And my understanding is that GDRP applies to persons in EU. So just using company owned by European entity doesn't make you a subject. You would need to be in EU when transaction happens.
GDPR should be covering EU citizen's data, anywhere.
How does that work with an EU citizen living outside the EU? Every business would either have to apply GPDR universally, or they’d have to know which customers are citizens, even in their local jurisdiction. Most just look at your IP address, which is not accurate.
Yes, that is basically the idea. it can only be enforced for european citizens, but everyone must comply.
> everyone must comply.

Enforcement is going to be difficult for companies owned and operating entirely outside the EU. Of course that doesn’t apply to T-Mobile.

Imagine a local store with a simple website but purchasing is done all in-store. They ask for your email address and record your credit card information at an in-person sale. They'd be in non-compliance if you were an EU citizen (if they didn't conform to GDPR), or? Or does this not apply being not in reach of EU laws?
> Or does this not apply being not in reach of EU laws?

It does apply as GDPR has no geographical limit according to the EU but they have to catch you and be able to prosecute which isn't going to be a straight pathway unless the business operates in the EU somehow.

Once you've complied, why not apply it to every user?

I've always wondered that about GDPR compliance. Once your company has gone through all the effort and expense to comply with GDPR, why take on the additional expense and complexity trying to conditionally apply all this new business logic only to EU people? Wouldn't it be simpler to just use your GDPR-compliant business logic for everyone? Why maintain EU and non-EU silos?

Sometimes it's not possible, just look at the CloudAct. It's incompatible with GDPR and still they try it with useless agreements like Privacy Shield and Safe Harbor.

It's like squaring the circle.

I don't know if it should, but it certainly does not.
I think this is a big part of the problem with the philosophy of GDPR.
It's kind of funny how colonial the mindset is, the sheer arrogance of telling foreign countries that they must treat EU citizens in a special manner.
You mean like the US who claims that all international subsidiaries must comply with US laws (even if it violates local law)?
More than that -- the person must be in the EEA and the company must either (1) be in the EEA, or (2) be targeting the EEA.

Targeting: say you are sitting in Paris and buy from a book store in the US. If that book store does not have a site in French, show prices in euros, or advertise in the EU; the fact that it is willing to, on a limited basis, ship to France almost certainly means it is not subject to GDPR.

Even the fact of offering prices in Euros is the subject of an active court case as to whether that counts as targeting.

Whether or not the whole gdpr direction will work or not for this guy doesn’t matter much because it’s only gonna work in the same context.

The USA desperately needs some law that says you can see what data a company has on you at anytime for free and request all of that data to be deleted as well. Anything less is just a loophole to be closed someday.

>The USA desperately needs some law that says you can see what data a company has on you at anytime for free and request all of that data to be deleted as well. Anything less is just a loophole to be closed someday.

Correct me if I'm wrong, but California has some subset of this law already in place with CCPA. Unlike EU, it's theoretically possible a California judge could extend jurisdiction to my company in another state and drag my ass over there, so I have to care about it. EU has no such power over me unless I choose to operate over there and locate servers there.

what is the point of sending that much message, to an entity that clearly communicate in lawyer. Usually if I am not happy after the first round of message, I immediatly lawyer up.
auf deutsch: "Fast 50 Millionen US-Konten betroffen: Telekom-Gruppe verschweigt Informationen über gehackte Personendaten", Matthias Monroy, Netspolitik.org, 16.08.2022:

Fast die Hälfte der Millionen Kund:innen von T-Mobile in den USA waren vor einem Jahr Opfer eines riesigen Datenverlustes. Die Deutsche Telekom als Mutterkonzern verletzt seitdem ihre selbst auferlegten Verpflichtungen zum Datenschutz.

https://netzpolitik.org/2022/fast-50-millionen-us-konten-bet...

T-Mobile USA is not a subidiary of Deutche Telekom, but an independent US company which is mostly owned by them. It is subject to the laws of the US and Washington state, not Germany.