
Data Privacy Protection: Why Tutanota Is in Germany - lisper
https://tutanota.com/blog/posts/data-privacy-germany
======
LoSboccacc
"In Germany there is no law that could force us to submit to a gag order or to
implement a backdoor."

meanwhile

"Cock.li e-mail server seized by German authorities, admin announces"

[http://arstechnica.com/tech-policy/2015/12/cock-li-e-mail-
se...](http://arstechnica.com/tech-policy/2015/12/cock-li-e-mail-server-
seized-by-german-authorities-admin-announces/)

-edit- to: all

yes I realize seizure is not a gag order nor a backdoor. but the whole article
spends thousand word praising how privacy is so much more safe in Germany and
how all the other states surveillance operations are so bad , which was kinda
ironic.

~~~
nabla9
Seizure can be made public and email server provider take actions to protect
against seizure. This is how it should work.

Ability to force gag order or implement a backdoor is really disgrace in
democratic society.

~~~
gruez
>email server provider take actions to protect against seizure

And how might that be done. The obvious answer would be encrypt the hard drive
but what's preventing law enforcement from doing a cold boot attack?

~~~
vox_mollis
_but what 's preventing law enforcement from doing a cold boot attack?_

Not using ancient DRAM would be a great start. Remanance characteristics of
DDR3 makes cold boot attacks extremely unlikely to be successful.

ref:
[https://www1.cs.fau.de/filepool/projects/coldboot/fares_cold...](https://www1.cs.fau.de/filepool/projects/coldboot/fares_coldboot.pdf)

------
slowmotiony
Aaah, Germany - the leader of privacy across the globe, the country where
you're legally required to give up all your personal information in order to
call someone from a prepaid phone card you just bought for 5 euro. And where
you're not allowed to open up your wifi hotspot because someone might download
an mp3 with it.

~~~
prodmerc
> give up all your personal information in order to call someone from a
> prepaid phone card you just bought for 5 euro.

That is flat out untrue. I actually was surprised how easy it was to get
prepaid SIM cards (just buy them at any shop/gas station, no info/ID
required), load and use them however and whenever I want (also 15 Euros for
5GB 3G and works in USB data sticks, pretty nice).

Illegal to have open Wifi, that is true :-) (I think it's a 125 Euro fine)

~~~
thesimon
>(just buy them at any shop/gas station, no info/ID required

By law, they have to request your name, adress and DOB before you can activate
the card (usually not done in store, but online at home). They don't need to
validate them though (no ID required) and it's not illegal to make false
statements :).

~~~
prodmerc
Huh, they didn't ask me for anything, I just bought the card and it worked as
soon as I inserted it into the phone...

~~~
thesimon
The shop might've activated the card with their details for you. There are
also a lot of preactivated cards for sale on ebay. But _some_ details were
given to the provider, just not yours.

------
kriro
I would not bet on German data privacy laws. Historically Germany was ok in
that regard (not exceptional but I'd say squarely in the "one of the better
places to keep your data" camp). However "Vorratsdatenspeicherung" was
recently voted into action so ISPs have to keep personal information of their
customers on file just in case some agency might need them. The law passed
relatively smoothly and that's pretty much all you need to know about the
general trend (less privacy, more state power).

~~~
MatthiasP
As always in history it's about the question where do your rights get violated
the least and Germany is among those places at the moment. Long time data
retention is unfortunately very common in Europe.

------
temp
> In Germany there is no law that could force us to submit to a gag order or
> to implement a backdoor.

Meanwhile, Germany's largest ISP (Deutsche Telekom) is handing over all data
of its daughter companies in neighboring countries (in many of which Deutsche
Telekom is in a monopoly position - handling most of the Internet traffic) to
Germany's intelligence agencies and has supposedly been doing so for about a
decade already.

Germany is doing a lot of the things its politicians have criticized the US
for.

------
sarciszewski
Tutanota?

[https://tutanota.uservoice.com/forums/237921-general/suggest...](https://tutanota.uservoice.com/forums/237921-general/suggestions/7858974-tutanota-
is-using-unauthenticated-aes-cbc-encrypti)

[http://seclists.org/fulldisclosure/2015/Jun/58](http://seclists.org/fulldisclosure/2015/Jun/58)

Emphasis on the "no".

------
epimenov
I guess this is relevant:
[https://twitter.com/evacide/status/679117565411610625](https://twitter.com/evacide/status/679117565411610625)

------
aaronem
> In Germany we have learned our lesson, and we will fight for our privacy
> online on all ends.

Except dick jokes, of course.

~~~
nothrabannosir
I haven't been following German news, lately; what did I miss?

~~~
aaronem
See
[https://news.ycombinator.com/item?id=10774152](https://news.ycombinator.com/item?id=10774152)
for details and analysis.

~~~
a_bonobo
>Cock.li was reportedly used last week to send a bogus bomb threat e-mail from
"madbomber@cock.li" to several school districts nationwide, which led to the
closure of all schools in the Los Angeles Unified School District.

I don't see what that has to do with dick-jokes being the reason

~~~
aaronem
Concern over privacy, which has been severely compromised by the confiscation
of ~65k users' data (including stored email) in an investigation into the
actions of one, seems not particularly on offer in this case, where the only
significant departure from the norm is that the service is named after a
shameless dick joke.

