You have the right to seek out and eat an orange for your immune system and survival, and no government should have the right to interfere with that, at any time.
This law is a fundamental attack on basic quality of life and basic human rights for all Germans. Whoever proposed it should be ashamed of themselves. I hope the parliament outright rejects it for what it is.
The very fact it has been proposed is Orwellian and chilling. Internet giants like Google should resist this technology and tell us when a government has just tampered with our web browsing.
Name and shame: Interior Minister Horst Seehofer of the conservative-authoritarian CSU. He and his party friends are who want this.
We have the chance to kick them out of office in 2021, it's time for the stranglehold of Conservative internet-printers (Internetausdrucker, a German word for tech illiterates) as Interior Ministers to end once and for all.
Let me guess, this word describes people who print out their emails?
By association Otto Schily wasn't a conservative and yet...
I agree on that one. There aren't many progressives in interior politics aside from Left and Greens, the rest is all authoritarian/law-and-order hardliners. Frankly, it's disgusting.
As for calling them Nazis... well, when one looks at the events regarding former Verfassungsschutz chef Maaßen, instituted by HP Friedrich and protected by successor Seehofer until it was no longer tenable, who is accused of having protected the AfD during his term: it's not that far to at least imply ideological support or tolerance toward far right political positions.
Yet more proof that "Conservatism is progressivism driving the speed limit". And the speed limit seems to be rather generous in this case. But for some it's never high enough, they'd pull down all of Chesterton's fences at the merest whim.
Unfortunately, there's not much hope for this. As the article states: "The proposed law is already the result of lots of back and forth within the government and many expect it to pass when it is presented to Germany’s congressional body, the Bundestag, after next week."
I know for a fact that Chrome and Firefox have implemented this as standard behavior specifically to prevent this kind of man in the middle attack, and have explicitly come out against previous government attempts to subvert this guarantee of privacy.
The biggest problem isn't that your own government might swap that orange you wanted for an apple, it's that by making it possible they also make it possible for a foreign government to do so, and they're likely to replace the orange with cyanide.
The US government has tried and failed to push this kind of idiocy through every other year for the last 2 decades. Every major tech company tells them they will flat out refuse to compromise everyone's safety to accommodate idiocy and the attempt is ultimately dropped.
I am not quite sure how mandatory CT is at the moment though.
Our current government doesn't even know what that means.
This is why a VPN is indeed helpful, because now ISP are the primary attack vector.
> Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say
Humour aside, analogies are really important and I have never understood the disparagement of comparing one group or situation to another. Analogising is a tool to help understand one other and promote diversity.
And it’s all inevitably followed by an argument about the analogy itself.
I think there is a common false belief that only technical people can understand some concepts. I believe it’s more the case that as a society we often don’t have good pedagogical tools available to us in the public domain to help people become the critical thinkers our democratic society needs them to be.
I say this with the hope for a shift towards social production/Commons-based peer production, and a re-imagining of the (currently) rentier and extractive business models on digital assets, which make no sense anymore in a digital society where information is light.
Design global, make local.
Favorite authors on this: Aaron Swartz('s manifesto), Kevin Carson and Yochai Benkler.
Of course, you could always argue “for the gallery”, i.e. not try to persuade your opponent, but to merely use the debate as a platform to reach an audience. But this is not persuasion; this is rhetoric. Analogies can be used as rhetorical tools. But analogies won’t persuade your opponent.
Therefore, if you’re arguing with someone else one-on-one, and there is no one else to win over by rhetorical tricks, you should avoid using analogies, since analogies aren’t persuasive.
As for my reasoning why:
Analogies and other figurative speech is important, not just as conversational tools, but also in thinking.
Language is a metaphorical tool we place on reality to manage and interpret it. This is true for human languages and programming languages. Take Python. This is a high level language which an interpreter uses to help a computer parse it into the needed lower language for its understanding. The language alone though does little on its own without the multiple layers computers use to apply given instructions.
Human language is multiple levels higher than computer languages when it comes to interpreting reality. Pretty much all human language is a metaphor because it doesn't directly mean what we are referring to. It instead refers to our mental conception of what we are attempting to relate to in reality.
> CN = D-TRUST Root CA 3 2013
> O = D-Trust GmbH
> C = DE
There is certificate transparency and pinning and so on, and they would be caught (probably, maybe) if they abused this carelessly and at scale, but in practice, for a small number of targets, it would be trivial to wait for users to connect to a less secured TLS site or even a plain-HTTP site (plenty still exist), and then use a browser exploit as the stage 1, followed by whatever escalation of privilege exploit and rootkit is needed. TLS is really good at preventing always-on dragnet surveillance of everyone's internet traffic, but not a counter measure against targeted nation state level attacks.
It's actually pretty scary seeing just how many CAs are in the list of trusted CAs on any given device. While no government is beyond reproach, I do wish there were a way for me as a user to say "don't trust anything signed by CAs outside of these few countries, since it's most likely a hijack, phishing, or in the rare case that I did try to visit some random site, I can approve it manually."
The answer is basically "no".
I don't think that they would use that certificate for MITM. They're not fools and they understand that it would lead to blacklisting it which would halt a lot of operations in the country.
Is it, though? Germany has a lot more economic leverage than Kazakhstan. Suppose they pass a law requiring any browser sold or otherwise offered on the German market to have the government certificate in the chain of trust... how many large companies would cave?
Or is cert pinning something different than HPKP?
- : https://security.stackexchange.com/questions/213410/did-goog...
"What can you learn from an IP?" https://irtf.org/anrw/2019/slides-anrw19-final44.pdf
Looking at some of Citizen Lab’s excellent reporting on FinFisher shows that victims were redirected to regular unencrypted http downloads when the malware was installed.
One of the examples given was when a user tried to download Avast antivirus from a well-known software hosting site and the download was done over http.
There are several security sites that have downloadable packet captures of malware infections where you can see in Wireshark that redirects are commonly used.
They should maybe give bigger warnings, but lets not break all of the old web just to protect a few more people against themselves.
No-frills data means a lot nowadays.
My understanding is that the privacy restrictions are largely the result of half the country having lived under the Statsi, and thus being extremely weary of government eyes. Here it’s out in the open!
Because they're not necessarily contradictory. This doesn't just give secret services a blank cheque to spy on everyone, it just provides intelligence agencies with a tool.
I'm German and I don't object in principle to the fact that intelligence, under supervision of the government, has the ability to say, infiltrate criminal networks using software like this. Under certain circumstances the police was always able to wiretap a phone, I don't see the difference here other than this taking into account the changing circumstances of internet communication.
Also from a cultural standpoint if anything people in Germany are more sceptic of erosion of privacy by private power than by the state, we're not the US. The former is pretty much unconstrained, the latter is so tightly limited in scope by law it's not really a practical issue. The scary thing about the Stasi wasn't that they were inteliigence, every country has intelligence officers who can bug someone's home, it was that the GDR was an autocratic regime.
I totally get the appeal of that argument, but it completely breaks down once I ask myself how much that autocratic bogeyman regime, once it got into power, would feel bound by privacy protections put in place by their predecessors.
It's also really hard to establish or continue without the surveillance to detect rebellion and corruption.
Other countries were somehow aware of that weakness of telegrams, and the practice of attempting to use some code for telegram messages existed even then.
It's a trope that "sounds good" but IMHO doesn't get one more knowledge.
a) It was de facto an empire, but with an emperor allowing huge independence to the local rulers. So he was an emperor, even if he couldn't do "anything anytime".
"The power of the emperor was limited, and while the various princes, lords, bishops, and cities of the empire were vassals who owed the emperor their allegiance, they also possessed an extent of privileges that gave them de facto independence within their territories. " (1)
b) It was "holy" in the sense of "Christian" and in the sense of getting weaker due to the "holy wars" raging even between the parts of the empire.
c) the "roman" could be the most disputed, but it reflects the millenniums-long belief of what the "real" empire is supposed to be, namely, the one that is the successor of the rulers by which we name two months in a year even today.
The trope's origin is Voltaire. His influence on the beliefs of the western world must be acknowledged, but it must be recognized that he wrote a lot with the intention of changing them (and some changes were even bigger than he accepted).
As I write this I still haven't read
but I'd expect that it worth a read for those interested in more details:
"For the historian, Voltaire's famous quip has three aspects: 1) What did Voltaire mean by it in 1756 when he wrote the line in his Essay on Customs? 2) How did contemporaries, including the Austrian Habsburgs, understand it? 3) Does the quote accurately describe the events the Philosophe is discussing (Charles IV of Bohemia and the Golden Bull of 1356)? Voltaire in fact exaggerates the weakness of the Empire in both 1356 and 1756, and uses an anachronistic standard to evaluate both: the quasi nation states of the 1750s. The three parts of the imperial title had changed in meaning during the four centuries after 1356. The jibe nonetheless reflects something of the thought of Voltaire and the French Enlightenment."
I think the idea that communication ought to be categorically out of reach of intelligence is very novel. I don't think it was even conceivable decades ago that, with legal justification, intelligence could not hack or be completely locked out of the communication of some network. For criminals who are savy enough, tech has made it much harder, not easier for the government to do their job.
I think there is also a very paradoxical side-effect. A harmstrung government may resort to outsourcing its intelligence work. I read a story about private firms in the US collecting license plate information and selling it back to the police. Clearview AI is certainly another example. If the agencies are limited, there is a real chance of both ineffective policing and a huge unregulated surveillance grey market. I would rather equip the government with enough capacity, but strong legal checks.
They have strict privacy laws? First Nazi personel in the first half then Stasi personel in the second half of the 20th century were simply requalified and rehired, each bloody time. How do you think?
They are top environmentally-friendly country? Highest polluting coal power plants in EU are located in Germany.
Obviously, the OP was talking about the perception of Germany today and I think we can safely assume that no Ex-Nazi personnel is currently working at the German secret service. And coming to think of it, why wouldn't someone whose qualified to spy on others be rehired to do the same job in Germany after the end of GDR? What do you think secret services do?
Regarding "environmentally friendly", this point is correct but you're omitting that Germany just recently passed a law to get out of coal until 2038. The energy produced in Germany will then be pretty much exclusively renewable which is not a small feat for a country with such a large population.
Sorry but you are rude.
> I think we can safely assume that no Ex-Nazi personnel is currently working at the German secret service
Stasi personel though?
Are you expecting that people using such nuanced and subtle techniques like Zersetzung against domestic population  will suddently become ethical towards anyone they perceive as threat? or as undesirable?
On the facade Germans get some show off initiatives (no Street View!), behind the scenes is business as usual.
Yes, you are right. I apologize, I clearly went overboard.
> Stasi personel though? [...]
I think it's just an over-generalization. Just because you worked for the Stasi automatically makes you a bad fit for a certain job. It really depends.
I am sorry, I am from Russia initially, the KGB-land. No, it's not an over-generalization.
This predates the wall, but the wall only confirmed what was going on beforehand.
If viewed from the different perspective of government intrusion on tech, it can appear less shocking. A government encouraged by its citizenry to use its leverage over tech companies will continue to do so, and not always in the same ways.
Someone said that's a result of constant under-funding and treating your military with no respect - when it's only seen as a choice for those who can't "do any better", you'll get extremists among the ranks.
Sounds plausible, at least in the US soldiers seem to be highly respected and in turn, they respect the country and its people.
You can be reasonably certain that anything in AWS is available to US military intelligence without judicial oversight.
Individual companies now need to earn back basic trust.
This doesn't mean you have to completely abandon your favourite service, just have to modify the way you utilize it.
For example, if you absolutely have to use Google Drive, be sure to encrypt your files with appropriate strength first and assume they are actively trying to decrypt and build a file on you.
Why single out America, Snowden's leaks showed the entire Anglo-sphere is compromised(Five Eyes). Is there any reason to think this isn't the case in any NATO/OECD/etc. country?
Raise your hand if you use TLS between your database server and your web frontend. Keep your hand up if you rotated that certificate in the last month. Keep your hand up if you know whether your database's certificate has been tampered with. (i.e. do you check that it's signed by your internal CA? Then who is signing it? Who maintains the ca-certs package? What does the certificate verification code even look like?)
No hands up? Good! The government thanks you for your service. Keep doing what you're doing, they'll keep you safe.
I believe that these changes target ISPs and providers like mailbox.org, posteo etc, that have been "privacy first" and not too friendly. These laws aren't for wholesale data intake, they are more like phone surveillance with the added bonus that they (the ISPs and service providers) will be not only required to let them listen in, but to also allow them to inject trojans into the traffic that is being transported. These are very closely related to our laws for mailing services that contain similar things (the wording is very similar as well). They're not for the intelligence services to just walk in and say "Hi, we'll take everything, please", they still require a court order and target specific individuals.
I’m standing here with my hand up :)
From my experience in a case where a previous version of that tech has been involved (though normal LE, not intelligence), they do take all the available measures to only hit the target, it's not a shot gun approach.
> There's even a promotional video of how FinFly ISP sends a fake iTunes update and infects the target system with FinSpy
Does Apple not sign iTunes updates?
Boy China is childs play compared to us.
I don't see how there is any justifiable grounds to talk about killing people with gas in any context, particularly not in this context.
A Youtuber made a video about an incidents between students where one made a racist joke. He [the Youtuber] said about that joke "that wasn't a bad joke" and got convicted for Volksverhetzung - one of the harshest crimes we have. If you get convicted for that as a non-VIP, your life is effectively over in Germany. That's socially worse than a rape conviction.
And back to the point: whether you consider it right to put people in jail for saying mean things or not - it is absolutely not internet freedom. Not by any stretch of the imagination.
That there is no "free speech" in Germany in respect to hatespeech has been the case pre-internet too. I'm not a big fan of NetzDG, but I also have to say that I expected much worse censorship-wise when it passed and I haven't heard of gross misapplications of it so far. If anything Facebook and Twitter show that you can still post a lot of hatespeech despite its existence.
Germany has an interesting history with regards to what various constituents view as protected speech. As someone who hasn't lived in Germany I freely admit that I have a limited view of such things, but as the other poster mentioned these issues precede the internet.
The surveillance allows them to read the TCP sequence numbers or DNS query IDs, and then spoof valid response packets.
It’s called QUANTUMINSERT.
NSA would be very bad at their job indeed if they couldn’t issue valid TLS certificates for any domain to themselves.
Is there any evidence of this? With certificate transparency being mandatory a few years ago, you'd think that the NSA would be caught at least once.
The NSA have plenty of tricks. They intercept devices being shipped around the country/world, they tap cables, they dig into airgapped networks, they compromise satellites, they compromise the internal networks of the world's biggest corporations. They've been doing this for decades. If we don't believe they can compromise one organization out of 270...
Aren't browsers now requiring that certificates from many CAs (if not all of them) are submitted to CT before they are accepted as valid by the browser? That is, a certificate without an attached CT proof, even if it has a valid signature from the CA, will be treated as invalid.
(However, given what's being talked about (MITM of software update servers), this might be enough if the libraries being used by the software updater are not as strict as the browsers, and don't require an attached CT proof.)
My assumption is that they had it for years and released it for patching the moment they detected anyone else using it.
It’s not TLS, but it’s close. I still think they’d be bad at their job if they didn’t have some method of getting valid certs, and I don’t think they are bad at their job. With bulk collection they may be able to spoof replies to LE DNS verification. There are lots of avenues.
This shows 1,648 relays potentially having their traffic monitored under this law. Out of 6,432 relays, that makes up more than 25% of all Tor relays.
Unfortunately, Tor's design doesn't really go far enough in protecting against adversaries with large swaths of visibility. Perhaps it's time for people to begin shifting to I2P, or some other overlay network with more resilience against these types of adversaries.
Edit: This page gives you a nice visual representation of how much that consists of. Germany is the big one. https://metrics.torproject.org/bubbles.html#country
That means there is a element of uncertainty there whether they actually will.
Wouldn't "have to" be "müssen"? In what cases would you use "sollen" to have a similar meaning?
And "sollten" is either Präteritum or Konjunctive II, which as I understand it would both mean "should have", though in different senses. Why is that a more proper translation of "should"?
However, there are fine nuances between the words.
In that case, "müssen" is more direct and used as a command which has consequences when not followed while "sollen" is more of a prompt or demand that hasn't to be followed.
> Provider sollen Internetverkehr umleiten, damit Geheimdienste hacken können
> Geheimdienste wollen Hardware bei Internet-Providern installieren, um Staatstrojaner in Datenverkehr einzuschleusen. Das steht in einem Gesetzentwurf zum Verfassungsschutzrecht, den die Bundesregierung nächste Woche beschließen will. Die Provider wollen keine Hilfssheriffs sein.
> Konkret müssen Anbieter die Installation des Staatstrojaners „durch Unterstützung bei der Umleitung von Telekommunikation … ermöglichen“.
So it translates to "would have to, if the law goes into effect unchanged".
(Not invoking the Godwin law, this is an actual comment on an actual situation, to point the hypocrisy of token anti-totalitarian moves - 70 years too late - vs actual totalitarian law-making...)
Or the MITM box could use some kind of HTTP downgrade attack and not worry about certificates at all.
As for the new root certificate to a domain for the agencies:
I already pointed out, s.w. in this discussion, that there is a mechanism called Certificate Pinning. Works wonders if the server configured it.
So yes, they are working on the legal framework, but thanks to the foresight of engineers and people concerned with safety for the general non-technical and technical internet-population, it is a hard challenge officials are facing.
Why on earth would somebody think this is an appropriate name for a company involved with assisting government surveillance.
At least this time is is simply useless. The secret services are not magicians and the fact that they have access to my home network or the link does not mean that they can do anything spectacular.
Generally the solution is to get signed checksums.
This comes with the usual issues of how you verify the key used to sign.
Alternatively try and distribute the checksums out-of-band. So an attacker would need to MitM two channels.
This idea is fantasy.
Or I guess it could be security theatre, or a diversion, but neither of those seems compelling here.
My vote is that, whilst I can't understand how it's accomplished as it seems contrary to technical possibility, that the people with billions of funding to make these things possible (Five Eyes, etc.) are probably capable of many things that look like magic.
Representatives very rarely represent themselves, and are almost always representing either powerful people ( often through lobbying) or citizens.
Given that an absolute minority of citizens are asking for this, it's fair to say it's a top down decision. Most citizens are concerned with things that aren't changing at all, if you'd like further proof on who the representatives work for.
By virtue of it being a top down decision, it is almost certainly being pushed by a small group of very powerful people. When a small group of people have all the power, that's called an oligarchy.
So the question is, why is the oligarchy pushing so hard for control of the internet right now? Well, it's probably not for fun.. so they are worried, I suppose.
Literally there is nothing they can do against big league criminals with this much mass surveillance, so only logical conclusion is that this is only intended for use on citizenry.
I propose that the decentralized anarchistic, freedom of thought nature of the internet has essentially forced an acceleration the timetables for the totalitarian dystopian system.
The internet caught the oligarchs off guard, in the big scheme of things (the oligarchs make plans that their grandchildren execute)... and it took them a bit to catch up, and they now see it as the primary threat to their otherwise nearly total control of the mass consciousness. Think of every medium of communication, and see how it was more or less captured and controlled, whether it be print, radio, or television, and see that although heavily under attack, the internet is still very free, at least at it's core.
This creates a sort of arms race where the oligarchs must corrupt, control and compromise it faster than it can respond in a way that reveals enough of the truth to the masses that they risk some sort of neo-peasants revolt. In that goal they will use their already long tendrils into government and corporate ownership networks et al to accomplish the task. I could get into the nitty gritty, but that's the meta summary.
Surveillance is about control, not about security, but they have gotten very good at the Oxford debate posing that it is. (lamentations about the end of the nation state actor security threat for one)
I often wonder if there's some system in place which separates us. Or perhaps the combo of logic, intuition, and honesty is just super rare. I don't know, but I hope you're doing well and having a reasonably fulfilling adventure amongst this hellishly senseless superstition culture.
Friendly reminder to go out and see the stars from time to time.
Why do you think anarchists have generally been tarred as destructive and dangerous in the media and by the political and corporate establishment for so long?
The most insidious thing is that the status quo has become so ingrained in people that they reflexively downvote, censor and ban anarchists, because their masters tell them to.
Big tech is very much a part of the problem.
For what it's worth, the journey to this place was not easy for me, and has taken years of searching and learning. The constant struggle is against giving up, apathy is the glove into which evil slips it's hand and all that.
My proposal: "New German law would force ISPs to redirect traffic to intelligence services for trojan install" (if that is not to long).
The other is that HN is an English-language site. We have deep respect for the German language, but articles on HN need to be in English . I've changed it to https://www.privateinternetaccess.com/blog/new-german-law-wo... for now. If there's a better link, we can change it again.
(Submitted URL was https://netzpolitik.org/2020/staatstrojaner-provider-sollen-...)
My somewhat lame excuse: The law will most probably pass, current govt is a coalition of the two largest parties with overwhelming majority and absolutely no clue about anything digital.
Edit: would "shall" work instead of "will"?