
New German law would force ISPs to allow secret service to install trojans - corty
https://www.privateinternetaccess.com/blog/new-german-law-would-force-isps-to-allow-secret-service-to-install-trojans-on-user-devices/
======
mindfulhack
To not even be sure whether a website you visit, or a file you download is
actually what its creator says it is, is like picking up an orange but the
government secretly replaces it with an apple that contains almost no vitamin
C in it at all.

You have the right to seek out and eat an orange for your immune system and
survival, and no government should have the right to interfere with that, at
any time.

This law is a fundamental attack on basic quality of life and basic human
rights for all Germans. Whoever proposed it should be ashamed of themselves. I
hope the parliament outright rejects it for what it is.

The very fact it has been proposed is Orwellian and chilling. Internet giants
like Google should resist this technology and tell us when a government has
just tampered with our web browsing.

~~~
mschuster91
> Whoever proposed it should be ashamed of themselves

Name and shame: Interior Minister Horst Seehofer of the conservative-
authoritarian CSU. He and his party friends are who want this.

We have the chance to kick them out of office in 2021, it's time for the
stranglehold of Conservative internet-printers (Internetausdrucker, a German
word for tech illiterates) as Interior Ministers to end _once and for all_.

~~~
pgeorgi
> Conservative internet-printers

By association Otto Schily wasn't a conservative and yet...

~~~
mschuster91
Otto Schily exited office in 2005, fifteen years ago. While he is a law-and-
order hardliner himself, he's not relevant for any recent discussions. Since
then the office was filled by hardline authoritarians (Schäuble, Maiziere, HP
Friedrich, Maiziere, Seehofer).

~~~
pgeorgi
But if Schily is any indication (and why not?) it doesn't help to have a
different party fill that position. Just like it took Nixon to go to China
(because he wasn't at risk of being mistaken for a friend of communism) other
partys can't afford to look much "weaker" than the current folks - and then
have _anything_ go wrong.

~~~
mschuster91
> But if Schily is any indication (and why not?) it doesn't help to have a
> different party fill that position.

I agree on that one. There aren't many progressives in interior politics aside
from Left and Greens, the rest is all authoritarian/law-and-order hardliners.
Frankly, it's disgusting.

------
1cvmask
The German surveillance state is very capable and often understated. They even
“ran” Crypto AG with the NSA for decades and even profited from it.

[https://en.wikipedia.org/wiki/Crypto_AG](https://en.wikipedia.org/wiki/Crypto_AG)

~~~
cpach
TIL. Didn’t know Germany was involved in that.

~~~
est31
It's funny as the Germans had different priorities from the US. The US mainly
wanted to use it to extract information, while the Germans also wanted to
increase profits so that they have funds outside of parliamentary control and
supervision. So they looked more at the business side of things.

~~~
cpach
I guess funding was not a big issue for the CIA...

~~~
tick_tock_tick
They are still flush with cash from decades of running cocaine.

~~~
est31
Yeah I doubt the CIA has objected because they got all their needs met from
congressional funding. They just already had built plenty of dark money
reserves.

------
detaro
"will" = "according to a proposed law", but sadly par for the course for our
governments to push this kind of thing through, even if a good chunk of their
surveillance laws get eaten by the constitutional court. (Maybe we should have
a rule that you can't be in politics anymore if multiple of the laws you
supported were found to be unconstitutional? ...)

~~~
johannes1234321
Well in theory that's what elections are for. But majority of the population
doesn't seem to bother that much about those things and elects conservatives
again and again. Need to raise awareness on these topics ... but unfortunately
our opposition is split between crazy wannabe populists, a green party trying
hard not to loose momentum by bringing up "critical" topics and a weak liberal
party with a leader who's mostly there for being joked about. (Yeah, yeah,
ignorant and simplified classification)

------
opqpo
What does "trojans at ISPs" even mean? TLS works end-to-end and ISPs can do
absolutely nothing to see the plaintext. It's unless the CAs at users-side are
manually replaced with fake ones nothing can be done. I've never used Windows
since I was a kid but I am sure this is pretty much impossible on Linux for
example since adding CAs require root privilege.

~~~
lazaroclapp
Presumably, Germany would have little trouble compelling at least one root CA
to sign any TLS certificates they wanted. Just a cursory search shows that
Google Chrome, on Linux, trusts, e.g.

> CN = D-TRUST Root CA 3 2013 > O = D-Trust GmbH > C = DE

There is certificate transparency and pinning and so on, and they would be
caught (probably, maybe) if they abused this carelessly and at scale, but in
practice, for a small number of targets, it would be trivial to wait for users
to connect to a less secured TLS site or even a plain-HTTP site (plenty still
exist), and then use a browser exploit as the stage 1, followed by whatever
escalation of privilege exploit and rootkit is needed. TLS is really good at
preventing always-on dragnet surveillance of everyone's internet traffic, but
not a counter measure against targeted nation state level attacks.

~~~
akersten
Google, Mozilla, et al. should make a commitment to revoke the trust of any CA
that is found to partake in behavior like that. Even retroactive revocation of
existing certificates shouldn't be off the table if the offense is egregious
enough.

It's actually pretty scary seeing just how many CAs are in the list of trusted
CAs on any given device. While no government is beyond reproach, I do wish
there were a way for me as a user to say "don't trust anything signed by CAs
outside of these few countries, since it's most likely a hijack, phishing, or
in the rare case that I did try to visit some random site, I can approve it
manually."

~~~
vbezhenar
Browsers blacklisted Kazakhstan government certificate used for MITM which was
not even trusted. It is absurd to expect anything less than blacklisting such
a CA immediately. Certificate transparency is required for all certificates
since April, 2018, so you can't really issue rogue certificate.

~~~
razakel
Here's the Bugzilla report where they actually request their root be added to
Firefox:

[https://bugzilla.mozilla.org/show_bug.cgi?id=1232689](https://bugzilla.mozilla.org/show_bug.cgi?id=1232689)

The answer is basically "no".

~~~
vbezhenar
AFAIK they used different certificate for MITM. Currently they are using
certificate mentioned in that bug to issue certificates for government
websites (like [https://elicense.kz/](https://elicense.kz/) ), so actually a
lot of citizens who need to use government services have to install that
certificate as a root anyway.

I don't think that they would use that certificate for MITM. They're not fools
and they understand that it would lead to blacklisting it which would halt a
lot of operations in the country.

------
azinman2
Pretty shocking in a state that has such strict privacy laws. Not sure how the
two can come from the same mouth, and even be in public view.

My understanding is that the privacy restrictions are largely the result of
half the country having lived under the Statsi, and thus being extremely weary
of government eyes. Here it’s out in the open!

~~~
durnygbur
There is something hilarious and schizoid in how Germany is perceived and the
realities about this country.

They have strict privacy laws? First Nazi personel in the first half then
Stasi personel in the second half of the 20th century were simply requalified
and rehired, each bloody time. How do you think?

They are top environmentally-friendly country? Highest polluting coal power
plants in EU are located in Germany.

~~~
kleiba
_< redacted>_

Obviously, the OP was talking about the perception of Germany _today_ and I
think we can safely assume that no Ex-Nazi personnel is currently working at
the German secret service. And coming to think of it, why _wouldn 't_ someone
whose qualified to spy on others be rehired to do the same job in Germany
after the end of GDR? What do you think secret services do?

Regarding "environmentally friendly", this point is correct but you're
omitting that Germany just recently passed a law to get out of coal until
2038. The energy produced in Germany will then be pretty much exclusively
renewable which is not a small feat for a country with such a large
population.

~~~
durnygbur
> Hilarious and schizoid are adjectives that I would assign to your post.

Sorry but you are rude.

> I think we can safely assume that no Ex-Nazi personnel is currently working
> at the German secret service

Stasi personel though?

Are you expecting that people using such nuanced and subtle techniques like
_Zersetzung_ against domestic population [1] will suddently become ethical
towards anyone they perceive as threat? or as undesirable?

On the facade Germans get some show off initiatives (no Street View!), behind
the scenes is business as usual.

[1]
[https://en.wikipedia.org/wiki/Zersetzung](https://en.wikipedia.org/wiki/Zersetzung)

~~~
kleiba
> Sorry but you are rude.

Yes, you are right. I apologize, I clearly went overboard.

> Stasi personel though? [...]

I think it's just an over-generalization. Just because you worked for the
Stasi automatically makes you a bad fit for a certain job. It really depends.

~~~
levleontiev
>Just because you worked for the Stasi automatically makes you a bad fit for a
certain job.

I am sorry, I am from Russia initially, the KGB-land. No, it's not an over-
generalization.

------
worldofmatthew
My guess is that Germany will lose its web hosts as no one will trust to host
anything in that country if this passes.

~~~
devalgo
Snowden uncovered astonishing breaches of Trust in the US, has there been a
major loss of Hosts here?

~~~
sneak
Nope, everyone happily shovels all of their data, as well as all of the data
their customers provide them, into AWS, which is very cosy with the US
military.

You can be reasonably certain that anything in AWS is available to US military
intelligence without judicial oversight.

~~~
throwawayway9
Every American service and product needs to be treated as compromised, it
really comes down to that.

Individual companies now need to earn back basic trust.

This doesn't mean you have to completely abandon your favourite service, just
have to modify the way you utilize it.

For example, if you absolutely have to use Google Drive, be sure to encrypt
your files with appropriate strength first and assume they are actively trying
to decrypt and build a file on you.

~~~
devalgo
>American

Why single out America, Snowden's leaks showed the entire Anglo-sphere is
compromised(Five Eyes). Is there any reason to think this isn't the case in
any NATO/OECD/etc. country?

------
wmf
Based on the headline I hoped they were _fixing_ trojans by redirecting C&C
traffic to the government, but no, the government is installing trojans. :-(

~~~
hkt
I laughed. You may well be the most optimistic person on HN. Bravo.

------
rbecker
It's worrying how government spies are getting legal cover to impersonate
legitimate entities. Like spoofing a phone number and faking the voice of a
loved one. You don't need to be able to compel speech, when you can employ
doppelgangers.

> There's even a promotional video of how FinFly ISP sends a fake iTunes
> update and infects the target system with FinSpy

Does Apple not sign iTunes updates?

~~~
wyattjoh
From the promo video of it running an ancient version of iTunes on Windows
Vista and the brochures it seems they inject their malware via software
updates in general, not just iTunes.

~~~
kevingadd
I wouldn't be surprised if they force the installation of a certificate root
they can use to serve malicious updates (for German OS X users, at least).
That's a tactic used by agencies in other countries. Apple et al could
probably mitigate this with certificate pinning in their updaters but I'm not
sure they can get away with that without running into trouble with other
countries that expect to be able to MITM updates.

~~~
hobofan
I would be surprised. IIRC those "other countries" are countries like Iran
that have also just shut off access to the internet for the country. I still
think we have a few more years of internet freedom in Germany before that
happens.

~~~
s9w
Internet freedom in Germany?

[https://stadt-nachrichten.de/fahndungen/hasskommentare-im-
in...](https://stadt-nachrichten.de/fahndungen/hasskommentare-im-internet-bka-
durchsucht-wohnungen-in-mehreren-bundeslaendern/)

[https://www.bild.de/news/inland/news-inland/hass-
kommentare-...](https://www.bild.de/news/inland/news-inland/hass-kommentare-
im-internet-polizei-rueckt-bundesweit-zu-razzien-aus-62450840.bild.html)

[https://www.bundesregierung.de/breg-de/aktuelles/gesetz-
gege...](https://www.bundesregierung.de/breg-de/aktuelles/gesetz-gegen-
hasskriminalitaet-1722896)

Boy China is childs play compared to us.

~~~
obmelvin
uh, if you actually read the links you posted...from the second article one of
the people visited by law enforcement said "In my opinion, gasify everyone"
[google translate I must admit, but there were plenty of quotes like this that
I think its safe to say this is the intended tone]

I don't see how there is any justifiable grounds to talk about killing people
with gas in any context, particularly not in this context.

~~~
s9w
That's the examples they put in press releases. Just for a sanity check on
what tiny harmless things are punished by those laws:

[https://www.vice.com/de/article/8xe7jg/kuchen-tv-
volksverhet...](https://www.vice.com/de/article/8xe7jg/kuchen-tv-
volksverhetzung-geldstrafe-rostocker-gericht)

A Youtuber made a video about an incidents between students where one made a
racist joke. He [the Youtuber] said about that joke "that wasn't a bad joke"
and got convicted for Volksverhetzung - one of the harshest crimes we have. If
you get convicted for that as a non-VIP, your life is effectively over in
Germany. That's socially worse than a rape conviction.

And back to the point: whether you consider it right to put people in jail for
saying mean things or not - it is absolutely not internet freedom. Not by any
stretch of the imagination.

~~~
hobofan
This has nothing to do with NetzDG. If he would have spewed something of that
caliber openly on the street he would've had to expect the same thing
(depending on where in Germany of course).

That there is no "free speech" in Germany in respect to hatespeech has been
the case pre-internet too. I'm not a big fan of NetzDG, but I also have to say
that I expected much worse censorship-wise when it passed and I haven't heard
of gross misapplications of it so far. If anything Facebook and Twitter show
that you can still post a lot of hatespeech despite its existence.

~~~
s9w
You can do many things: You can pass those laws, put people in jail, make up
the term "hate speech" and condemn everyone who does that. But you can not say
that we have internet (or any other) freedom in Germany. There is some nice
english proverb about a cake and eating it too

~~~
obmelvin
You can try to argue that certain things aren't "hate speech" but I don't
understand how you can claim it to be a made up term. Hate is a real thing and
if you channel that into certain language you get hate speech, plain and
simple.

Germany has an interesting history with regards to what various constituents
view as protected speech. As someone who hasn't lived in Germany I freely
admit that I have a limited view of such things, but as the other poster
mentioned these issues precede the internet.

~~~
s9w
hate itself is real - a word that has a negative connotation, but was never
illegal in itself. You could always hate a person or a football club. That
word was taken, rebranded to include among other things everything critical of
government and made illegal. That's why hate _speech_ is made up. What is
called hate speech today was called a rant, "hot take", an insult or whatever
just a couple of years ago. Today we literally have a law against "hate crime"
\- another doubleplusgood word. These things are not real, they're tools to
oppress a critical population. Also note that even true things fall under
those "crimes". It doesn't matter if what you say is true as long as it's
"insulting" to someone.

------
sneak
FYI: pervasive mass internet surveillance by the US military with the active
cooperation of large US telcos AT&T, Verizon, and others already enables this
capability in the US and much of the rest of the world.

The surveillance allows them to read the TCP sequence numbers or DNS query
IDs, and then spoof valid response packets.

It’s called QUANTUMINSERT.

[https://blog.fox-it.com/2015/04/20/deep-dive-into-quantum-
in...](https://blog.fox-it.com/2015/04/20/deep-dive-into-quantum-insert/)

~~~
gruez
Is this relevant since nearly everything is https these days?

~~~
sneak
DNS usually isn’t, and TLS still runs over TCP, which is vulnerable to this
type of hijacking, so yes, it is indeed still relevant due to both resolution
as well as transport layer.

NSA would be very bad at their job indeed if they couldn’t issue valid TLS
certificates for any domain to themselves.

~~~
gruez
>NSA would be very bad at their job indeed if they couldn’t issue valid TLS
certificates for any domain to themselves.

Is there any evidence of this? With certificate transparency being mandatory a
few years ago, you'd think that the NSA would be caught at least once.

~~~
peterwwillis
There are 270+ CAs out there. All the NSA has to do is compromise the CA cert
keys of _one_ of them and they can then generate their own valid certs,
completely disconnected from CT. All CT tells you is somebody goofed, was
tricked into issuing a cert, or an account was compromised and an attacker
generated a cert. In other words, not-super-advanced attacks.

The NSA have plenty of tricks. They intercept devices being shipped around the
country/world, they tap cables, they dig into airgapped networks, they
compromise satellites, they compromise the internal networks of the world's
biggest corporations. They've been doing this for decades. If we don't believe
they can compromise one organization out of 270...

~~~
cesarb
> and they can then generate their own valid certs, completely disconnected
> from CT

Aren't browsers now requiring that certificates from many CAs (if not all of
them) are submitted to CT before they are accepted as valid by the browser?
That is, a certificate without an attached CT proof, even if it has a valid
signature from the CA, will be treated as invalid.

(However, given what's being talked about (MITM of software update servers),
this might be enough if the libraries being used by the software updater are
not as strict as the browsers, and don't require an attached CT proof.)

------
solarkraft
VPN service providers can expect a pretty good future for them (not only with
this, but also the new EU copyright guidelines).

~~~
worldofmatthew
And Tor.

~~~
Forbo
[https://metrics.torproject.org/rs.html#search/country:de](https://metrics.torproject.org/rs.html#search/country:de)

This shows 1,648 relays potentially having their traffic monitored under this
law. Out of 6,432 relays, that makes up more than 25% of all Tor relays.

Unfortunately, Tor's design doesn't really go far enough in protecting against
adversaries with large swaths of visibility. Perhaps it's time for people to
begin shifting to I2P, or some other overlay network with more resilience
against these types of adversaries.

Edit: This page gives you a nice visual representation of how much that
consists of. Germany is the big one.
[https://metrics.torproject.org/bubbles.html#country](https://metrics.torproject.org/bubbles.html#country)

~~~
hkt
Tor might not protect anonymity effectively in that case, but in the case
given it would still offer protection because of the way the relay circuits
are designed.

~~~
Forbo
Unless it's an exit node. 251 of 1,249 exit nodes reside in Germany, or
roughly 20%. Exit nodes aren't supposed to modify traffic, so if the
compromise is happening upon leaving the exit node en route to whatever
destination, that would still trickle back through all the hops.

~~~
hkt
True. I was thinking about recent initiatives like
[https://blog.torproject.org/more-onions-
porfavor](https://blog.torproject.org/more-onions-porfavor) where security is
enhanced by having people put their sites on tor. This is more the i2p model
though.

------
atoav
"Sollen" translates to "should" and not "will"

That means there is a element of uncertainty there whether they actually will.

~~~
brummm
Actually it translated to "have to", not "should" (which would more properly
be "sollten").

~~~
Youden
I'm learning German at a fairly low level so I ask this from the perspective
of wanting to learn, not as a challenge.

Wouldn't "have to" be "müssen"? In what cases would you use "sollen" to have a
similar meaning?

And "sollten" is either Präteritum or Konjunctive II, which as I understand it
would both mean "should have", though in different senses. Why is that a more
proper translation of "should"?

~~~
r6203
Most of the times, "sollen" and "müssen" are interchangeable.

However, there are fine nuances between the words.

In that case, "müssen" is more direct and used as a command which has
consequences when not followed while "sollen" is more of a prompt or demand
that hasn't to be followed.

~~~
kaybe
I think a better translation for 'sollen' would be 'shall'.

~~~
Mirioron
And "müssen" is "must".

------
coldtea
But as a state they forbid sales of Mein Kampf and Nazi paraphernalia, so
they're cool and anti-fascist... /s

(Not invoking the Godwin law, this is an actual comment on an actual
situation, to point the hypocrisy of token anti-totalitarian moves - 70 years
too late - vs actual totalitarian law-making...)

------
netsharc
"will" isn't the exact translation of the headline, the idea is written in an
upcoming law that will be discussed (or rubber-stamped?) next Wednesday...

~~~
corty
Probably rubber-stamped. But you are right, my translation is confusing. I'm
very sorry.

~~~
golem14
Given the recent series of atrocious child porn scandals in Germany, I think
this has a good chance of passing.

------
LockAndLol
Is it possible to modify HTTPS traffic? Wouldn't they have to replace the CA
certs on the target machine first before being able to modify that traffic?

~~~
wmf
They just have to hijack one existing CA that's within their jurisdiction and
force it to issue MITM certs. Key pinning or certificate transparency may
mitigate this.

Or the MITM box could use some kind of HTTP downgrade attack and not worry
about certificates at all.

~~~
cesarb
That would "burn" the CA (it will be removed and/or blacklisted from every
major browser and operating system once it's exposed, and exposing it gets
much easier with the recent push towards certificate transparency), so it can
only be done once per CA.

~~~
dilyevsky
After first try all german CAs may get removed so probably once ever

------
gentleman11
Does this not invalidate the claims by many small companies that data has good
days privacy laws and that your data is safe there? Could we arrange a
petition where users of those services can sign up to say they will change
providers if the law passes?

------
squarefoot
Sound strange to me that they need a law for this, unless it is intended as
leverage to coerce ISPs into collaboration. Secret service agencies do exist
for the purpose of doing nasty things governments cannot afford to put their
names on, or even be associated with; this would include spying on own
citizens. In other words they'd do what they have already done for decades,
but this time since it involves ISPs, ie a third party whose collaboration and
silence are necessary, it is possible that the regulation includes also some
kind of gag order preventing ISPs to tell their users they're under
surveillance.

------
Animats
Does that imply that the German intelligence service has the crypto keys for
Windows Update? Otherwise modified Microsoft updates won't work.

~~~
throwawayway9
I would wager that.

------
dontbenebby
When someone wants to legalize something, I wonder how often it was happening
in secret while illegal.

------
fuzzy2
Not exactly as easy as they make it sound, thanks to encryption and especially
signing. Of course there's probably still enough software not using it and/or
users not paying attention.

------
Shared404
> from a company called FinFisher.

Why on earth would somebody think this is an appropriate name for a company
involved with assisting government surveillance.

------
kmfrk
What was that German government malware that was found on regular computers
like ten years ago? Could have sworn there was something like that.

~~~
dngray
Were you thinking of this?

[https://www.ccc.de/en/updates/2011/staatstrojaner](https://www.ccc.de/en/updates/2011/staatstrojaner)

[https://www.ccc.de/en/updates/2015/bkag](https://www.ccc.de/en/updates/2015/bkag)

------
BrandoElFollito
Germany already had a law where any security software on your machine = you
are a hacker.

At least this time is is simply useless. The secret services are not magicians
and the fact that they have access to my home network or the link does not
mean that they can do anything spectacular.

------
jjice
Would a checksum be a good way to ensure that you're getting the correct files
in a situation like this?

~~~
rocqua
How are you going to confirm you got the correct checksum?

Generally the solution is to get signed checksums. This comes with the usual
issues of how you verify the key used to sign.

Alternatively try and distribute the checksums out-of-band. So an attacker
would need to MitM two channels.

------
paulie_a
Is the Trojan based on magic? How will redirecting target computer infect it.
What about out tipping off the suspect when it fails to implant?

This idea is fantasy.

~~~
pbhjpbhj
Well either those advising the legislature, who actually carry out the hacks
for the security services in Germany, are idiots; or they're very clever
people and know exactly what they're doing.

Or I guess it could be security theatre, or a diversion, but neither of those
seems compelling here.

My vote is that, whilst I can't understand how it's accomplished as it seems
contrary to technical possibility, that the people with billions of funding to
make these things possible (Five Eyes, etc.) are probably capable of many
things that look like magic.

?

------
gentleman11
You would think that the country, after recovering from both naziism, and also
a chilling communist rule in the east, would worry more about the surveillance
state growing. What is German public sentiment about that sort of thing? Does
anybody know?

~~~
Dissley
The current law is not yet big in the media. I am not sure if there will be a
big discussion. If public media decides to push this topic, there will be
resistance. I doubt that the average German will notice that this law was
passed, if there is a lack of big media covering this topic.

------
_ink_
Germany hassome weired laws that prohibit the use of "hacker tools". How can
there be a German company creating these tools?

~~~
tastroder
The hacker tool paragraph is pretty toothless. I just checked one of those
legal tech apps and see 12 judgements total that even mention it. There was
quite a bit going on when it passed that effectively clarified that working
on, and with, tools like that is legal when there's an assumption of dual use
for legitimate purposes, e.g. security research (which is like... all of
them). LE use would likely benefit from the same assumption.

------
cuillevel3
There are a lot of insecure updaters. I remember reading the list from
evilgrade a few years back. It was shocking.

------
marcrosoft
This coming from a company that was just acquired by a company with known
affiliation with malware.

------
seph-reed
Germany, the US, and Mexico all in the same week? The oligarchs are getting
worried, it would seem.

~~~
pier25
Huh? What do you mean?

~~~
seph-reed
Well, as far as I know, all of these countries have political systems in which
representatives are supposed to act on the behalf of the people. Basically, we
can't all work full time to understand every political thing, and vote on them
all, so we have someone do it for us: a representative.

Representatives very rarely represent themselves, and are almost always
representing either powerful people ( often through lobbying) or citizens.

Given that an absolute minority of citizens are asking for this, it's fair to
say it's a top down decision. Most citizens are concerned with things that
aren't changing at all, if you'd like further proof on who the representatives
work for.

By virtue of it being a top down decision, it is almost certainly being pushed
by a small group of very powerful people. When a small group of people have
all the power, that's called an oligarchy.

So the question is, why is the oligarchy pushing so hard for control of the
internet right now? Well, it's probably not for fun.. so they are worried, I
suppose.

~~~
DethNinja
Why they are so scared of citizenry though? Anyone that is criminal or really
needs security will just use Faraday Cages with disconnected computers.

Literally there is nothing they can do against big league criminals with this
much mass surveillance, so only logical conclusion is that this is only
intended for use on citizenry.

~~~
arminiusreturns
I've tried to explain my thoughts on this before, so I'll give it the ol
college try again.

I propose that the decentralized anarchistic, freedom of thought nature of the
internet has essentially forced an acceleration the timetables for the
totalitarian dystopian system.

The internet caught the oligarchs off guard, in the big scheme of things (the
oligarchs make plans that their grandchildren execute)... and it took them a
bit to catch up, and they now see it as the primary threat to their otherwise
nearly total control of the mass consciousness. Think of every medium of
communication, and see how it was more or less captured and controlled,
whether it be print, radio, or television, and see that although heavily under
attack, the internet is still very free, at least at it's core.

This creates a sort of arms race where the oligarchs must corrupt, control and
compromise it faster than it can respond in a way that reveals enough of the
truth to the masses that they risk some sort of neo-peasants revolt. In that
goal they will use their already long tendrils into government and corporate
ownership networks et al to accomplish the task. I could get into the nitty
gritty, but that's the meta summary.

Surveillance is about control, not about security, but they have gotten very
good at the Oxford debate posing that it is. (lamentations about the end of
the nation state actor security threat for one)

~~~
seph-reed
It weirds me out that you're probably the first person I've seen in years on
the internet saying something this "bold" and unambiguous.

I often wonder if there's some system in place which separates us. Or perhaps
the combo of logic, intuition, and honesty is just super rare. I don't know,
but I hope you're doing well and having a reasonably fulfilling adventure
amongst this hellishly senseless superstition culture.

Friendly reminder to go out and see the stars from time to time.

~~~
KozmoNau7
Anarchists and other like-minded people have been aware and vocal about this
power structure for decades, centuries even, long before the internet existed.

Why do you think anarchists have generally been tarred as destructive and
dangerous in the media and by the political and corporate establishment for so
long?

The most insidious thing is that the status quo has become so ingrained in
people that they reflexively downvote, censor and ban anarchists, because
their masters tell them to.

Big tech is very much a part of the problem.

------
micpalmia
Has anybody found any credible institutional source on this?

------
thecleaner
I see. So does this relate to German citizens only or is it true for
immigrants as well ? I guess its true for all since the Trojan will be
installed on the ISP servers ?

------
gigatexal
will using a VPN for everything help mitigate this?

------
chanyukai
That's sucks.

------
hobofan
Mods: This is an article about a proposed law, so "will" isn't really an
accurate reflection (yet, or hopefully at all) and the title should be
changed.

My proposal: "New German law would force ISPs to redirect traffic to
intelligence services for trojan install" (if that is not to long).

~~~
corty
Yes, you are right, but the current title is just 2 chars under the limit and
I couldn't think of a shorter one. Sorry for the somewhat misleading "will".

My somewhat lame excuse: The law will most probably pass, current govt is a
coalition of the two largest parties with overwhelming majority and absolutely
no clue about anything digital.

Edit: would "shall" work instead of "will"?

~~~
_bxg1
What about "may"?

------
drummer
In english with more info: [https://www.privateinternetaccess.com/blog/new-
german-law-wo...](https://www.privateinternetaccess.com/blog/new-german-law-
would-force-isps-to-allow-secret-service-to-install-trojans-on-user-devices/)

~~~
dang
Ok, changed to that from [https://netzpolitik.org/2020/staatstrojaner-
provider-sollen-...](https://netzpolitik.org/2020/staatstrojaner-provider-
sollen-internetverkehr-umleiten-damit-geheimdienste-hacken-koennen/). See also
[https://news.ycombinator.com/item?id=23783406](https://news.ycombinator.com/item?id=23783406).
Thanks!

~~~
hobofan
Thank _you_ for the great moderation!

------
dirtylowprofile
Germany is part of the five eyes if I remember correctly.

~~~
fowl2
> The Five Eyes (FVEY) is an intelligence alliance comprising Australia,
> Canada, New Zealand, the United Kingdom and the United States.

[https://en.wikipedia.org/wiki/Five_Eyes](https://en.wikipedia.org/wiki/Five_Eyes)

~~~
dirtylowprofile
Oh it's 14 eyes now. Germany is still in there.

