New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
New German law would force ISPs to redirect traffic to intelligence services for trojan install
It looks like germany is planning a new law that would require ISPs including backbone providers to redirect traffic in order to inject state-backed Trojans.
Edit: Native english article by PIA https://www.privateinternetaccess.com/blog/new-german-law-would-force-isps-to-allow-secret-service-to-install-trojans-on-user-devices/
Comments
Looks in line to what they are forcing Tutanota to do.
Germany and fascism. Name a more iconic duo.
Francisco
Time to ditch hetzner..
@Hetzner_OL Any comment on whether Hetzner will challenge this?
Yeah @Hetzner_OL we need your input on this please.
Lawl. Not like NSA and similar already reading all your data anyway.
I highly doubt the law will pass and would chill till it is really in effect.
Honestly at this point I laugh at the idea that people think their traffic is safe from the big agencies just because their servers sit in certain borders. Yeah the CIA covertly overthrows governments but we promise, the NSA respects borders
My bad!
Honestly I could not care less if its FIB, NSA, CIA, SecretService or whatever...
Providers in germany are already considering legal steps, as this law would cause an outrage. Additionally different organisations are preparing a constitutional complaint, which has a high chance of killing the law. So.... yeah.
Further it might be interesting to know that the "trojan" only targets specific high priority targest and the rest won't even notice a difference, as the intelligence is already getting a "copy" of the data-streams anyway.
Best way to protect your data in germany is to be a member of press or the judiciary, as those have special regulations.
This is what, 3 decades & counting now?
BND has been doing this publicly since ~2018, GCHQ & others as well - the only difference is the legality behind it.
2010 - https://i.imgur.com/IKNjvmx.png
2007 - https://i.imgur.com/vZnNdCy.png
2004 to date - https://i.imgur.com/OHexElp.png
You'll truly feel better once you accept that both you and your crimes are mundane and of no interest.
The way I see it they simply want to do legally now what they - just like many other regimes in other countries - have been doing since years anyway.
As for "f_ck [country X]!" ... NO.
The enemy, if you want to see an enemy, is not "the USA", "the Germans", "the Chinese" or ...
The enemy is the 0.1% who de facto rule all the countries and who don't care at all about democracy or "their" citizens (the 99.9%), no matter how much nice blabla they talk about democracy, citizens, and their rights every day.
Long live Tor and encrypted VPN traffic. Privacy online is no longer a right, it's a privilege you have to fight for nowadays.
I'll have you know I've taken all kinds of measures to encrypt my traffic!
This is a fun project that plays a part:
https://github.com/slackhq/nebula
I'm sure the smart folks up top can beat me at the end of the day, I just hope to slide through some cracks so I can sleep at night
Would this be applied to everything that transits via Germany (to a foreign country) or just to IP addresses that terminates in Germany?
Non-Germans are afforded next to no protection, a comprehensive law regulating the scope of the BND is only expected towards the end of 2021 as per the Bundesverfassungsgericht.
"Nebula uses elliptic curve Diffie-Hellman key exchange"...that's the backdoored NSA one. nice job slack
e2e all the pipes. We do what we can.
They do what they can.
Where's the source that they are using NIST/NSA curves?
Please avoid posting fake news.
The DH functions of The Noise Framework are utilizing ECC DH based on Curve25519 and Curve447.
I'll definitely be looking into this.. it's enough to spark some paranoia
(also, hey dfroe - sorry I've been terrible about answering PMs - I tend to read them and forget. My project plans fell through and it'll probably be a while before I need IPs
)
Have you used this? I'm actually testing Zerotier and Tailscale right now and all three of them seem to take the same approach, with the first two being easier to setup and manage.
I have indeed, I've been working on a set of Ansible roles to simplify setup. Once I iron out all of the kinks I'll probably be providing it upstream for others to use, assuming they accept it.
The most tedious things are certificate generation, and firewall/zone config.
With that said, I haven't tried many alternatives in the same area. I can't really speak to how it fares by comparison
i am from Germany
German always becomes china
01.07.2017 A-Simcard - now Internet tracking
2019 upload filter
Developed by...
People. It's open-source.
That's just ignorant. Also you should maybe read up on fascism a little.
LOL
Sent you a PM on that matter since I won't flood this post with more questions.
"We need a network to hide when our spies need to report back to us and not be found by our enemies".
...
"Hey, there's a network out there full of spies and criminals, we better be listening on that shit".
No, it's only Dual_EC_DRBG that's been compromised by the NSA. The rest of the elliptic curve family of standards are highly regarded.
I remember the fury over PGP back in the 90s...the open question was how much ahead of open research the NSA and other intelligence services are. The fact that DES was protected against differential encryption 20-odd years before that concept even existed in the open literature strikes me as highly informative.
Of course, most spy agencies would prefer to exploit vulnerabilities, implementation and protocol flaws, etc. or place their own covert hardware/software to get around the technological burden of cracking ciphers. Or just get out the occasional rubber hose.
Regardless, I think it's folly to assume that we really know how secure our encryption technology is. I'm pretty confident that some Dropbox junior admin is not going to be able to crack the AES-256-encrypted backups I have stored there. But intelligence agencies will either subvert the software I'm using to make the backups or have next-level research that may allow them to break encryption. You just don't know.
Quantum has the possibility to blow everything up though mercifully the best and the brightest seem to be having problems scaling it up.