It's not just Google BTW, all USA-based web corporations including the Amazon Cloud Storage, Microsoft Hotmail, etc. Time to try and find some EU-based alternatives to my favourite services, I guess.
Google Admits Handing over European User Data to US Intelligence Agencies (http://news.softpedia.com/news/Google-Admits-Handing-over-European-User-Data-to-US-Intelligence-Agencies-215740.shtml)
Google has admitted complying with requests from US intelligence agencies for data stored in its European data centers, most likely in violation of European Union data protection laws.
Gordon Frazer, Microsoft UK's managing director, made news headlines some weeks ago when he admitted that Microsoft can be compelled to share data with the US government regardless of where it is hosted in the world.
At the center of this problem is the USA PATRIOT ACT, which states that companies incorporated in the United States must hand over data administered by their foreign subsidiaries if requested.
Not only that, but they can be forced to keep quiet about it in order to avoid exposing active investigations and alert those targeted by the probes.
This situation poses a serious problem for companies like Microsoft, Google or Amazon, which offer cloud services around the world, because their subsidiaries must also respect local laws.
For example, European Union legislation requires companies to protect the personal information of EU citizens and this is clearly not something that Microsoft, Google, Amazon, or any of their EU customers can do.
This is not only a theoretical problem. According to German-language magazine WirtschaftsWoche [Google translate (http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=de&tl=en&u=http://www.wiwo.de/politik-weltwirtschaft/google-server-in-europa-vor-us-regierung-nicht-sicher-476338/)], a Google spokesperson confirmed that the company has complied with requests from US intelligence agencies for data stored in its European data centers.
The situation is likely to spark an official inquiry from the European Commission, with some members of the European Parliament already reacting to the stories. It's hard to foresee what kind of solution can be found at this point, but one thing's clear - US-based cloud providers operating in EU can be forced to break the law. European companies and government agencies that are using their services are also in a tough position.
Extra funny details:
1- this is in violation of EU data protection laws.
2- so perhaps Google would need to stop operating in the EU? ... except that not being able to perform their Irish-Dutch "sandwich" tax evasion "trick" would cost them about 20% of their ad revenue.
(I'm not even going to mention "Don't be evil" anymore ... :lulz:)
If you find a good EU based alternative, let me know. I am utterly unsurprised that this is the case, I have to say.
Disgusting.
Quote from: Cain on August 11, 2011, 04:57:40 PM
If you find a good EU based alternative, let me know. I am utterly unsurprised that this is the case, I have to say.
As an alternative to say, a web search service, you can use DuckDuckGo (https://duckduckgo.com/about.html). It's based in the US, so they could be forced to give all the personal information they have on you to the authorities, but it doesn't matter because they don't collect any personal information in the first place.
I don't really know a good alternative for cloud storage and e-mail, though. Those @principiadiscordia.com addresses are gmail based, right?
That sounds good, thanks.
As for the emails, they are, but if you're passing on sensitive information via email and not using PGP encryption, you deserve to get caught.
Sweet fucking fuck.
I mean, I'm not SURPRISED, but still. Fuck.
(And yeah, "don't be evil", lol)
DuckDuckGo was also my first thought for an alternative, even though it's also US-based :) But I heard a lot of good stuff about it, and the guy that's running it (I think it's just one??) been really responsive to any and all suggestions from the tech/blog/hacker crowds, both privacy and usability related.
Yep. Feeling safer by the day. Also, recordedfuture.com
Quote from: Cain on August 11, 2011, 04:57:40 PM
If you find a good EU based alternative, let me know. I am utterly unsurprised that this is the case, I have to say.
THIS.
...and I hear PGP is easily gotten around, but that's hackerish muck that I doubt I'll ever have to worry about, IR terms.
Quote from: Jenne on August 12, 2011, 02:01:58 AM
...and I hear PGP is easily gotten around, but that's hackerish muck that I doubt I'll ever have to worry about, IR terms.
I somehow doubt that is from an accurate source. Italian, American and British police have all been unable to break into computers which used PGP encryptions, and while early methods did have theoretical vulnerabilities, current versions are, for all intents and purposes, unbreakable. It's effectively military grade.
I've been using GMX.com for troll emails, because they allow you to easily register up to ten addresses for the same account, which is pretty handy.
I think you need to sign up for gmx.co.uk if you want to use their EU-based servers.
Anyone know more about GMX?
Quote from: Cain on August 12, 2011, 07:52:21 AM
Quote from: Jenne on August 12, 2011, 02:01:58 AM
...and I hear PGP is easily gotten around, but that's hackerish muck that I doubt I'll ever have to worry about, IR terms.
I somehow doubt that is from an accurate source. Italian, American and British police have all been unable to break into computers which used PGP encryptions, and while early methods did have theoretical vulnerabilities, current versions are, for all intents and purposes, unbreakable. It's effectively military grade.
Yes. The only way PGP can be gotten around is if you're doin it wrong. The crypto itself is secure as fuck, but maybe the key is not, maybe you exchanged it with the other party in an insecure way, maybe your computer is keylogged, or maybe there's a bunch of guys with rubber hoses waiting in a black van outside (or, as Russian hackers tend to call it, "Thermo-rectal Analysis").
Quote from: Signor Paesior on August 12, 2011, 08:10:13 AMI've been using GMX.com for troll emails, because they allow you to easily register up to ten addresses for the same account, which is pretty handy.
I think you need to sign up for gmx.co.uk if you want to use their EU-based servers.
Anyone know more about GMX?
GMX exists for a very long time, I always thought it was originally German. A lot of Germans I know from earlier Internet days have an @gmx.de email.
Also realize that technically the USA considers the .com (and .org and .net) domains to be theirs as well. Meaning that 1 they can shut them down (as they've recently done with lots of sites that smelled remotely like torrents) and 2 can probably grab whatever data that passes through their domain name servers because of that.
Quote from: Triple Zero on August 12, 2011, 08:57:21 AM
Quote from: Cain on August 12, 2011, 07:52:21 AM
Quote from: Jenne on August 12, 2011, 02:01:58 AM
...and I hear PGP is easily gotten around, but that's hackerish muck that I doubt I'll ever have to worry about, IR terms.
I somehow doubt that is from an accurate source. Italian, American and British police have all been unable to break into computers which used PGP encryptions, and while early methods did have theoretical vulnerabilities, current versions are, for all intents and purposes, unbreakable. It's effectively military grade.
Yes. The only way PGP can be gotten around is if you're doin it wrong. The crypto itself is secure as fuck, but maybe the key is not, maybe you exchanged it with the other party in an insecure way, maybe your computer is keylogged, or maybe there's a bunch of guys with rubber hoses waiting in a black van outside (or, as Russian hackers tend to call it, "Thermo-rectal Analysis").
Quote from: Signor Paesior on August 12, 2011, 08:10:13 AMI've been using GMX.com for troll emails, because they allow you to easily register up to ten addresses for the same account, which is pretty handy.
I think you need to sign up for gmx.co.uk if you want to use their EU-based servers.
Anyone know more about GMX?
GMX exists for a very long time, I always thought it was originally German. A lot of Germans I know from earlier Internet days have an @gmx.de email.
Also realize that technically the USA considers the .com (and .org and .net) domains to be theirs as well. Meaning that 1 they can shut them down (as they've recently done with lots of sites that smelled remotely like torrents) and 2 can probably grab whatever data that passes through their domain name servers because of that.
From what I understand the best defense against rubber hose cryptography is to have two keys or two log ins, one that lets them into something that looks like you might want to hide it, but isn;t really what you want to hide.
Is anyone here even remotely surprised that the government would ask and that Google would comply?
Not really.
No, but not being surprised doesn't mean it shouldn't be exposed or gotten angry about.
Also if you're rubberhosed you're probably fucked whether you give them the data or not. Just possibly slightly less unpleasantly tediously fucked if you do.
I wonder how this will affect people signing up for G+.
I'm still finding it hard to blame Google for this. As a company CEO, faced with the choice of complying with a hysterical draconian government or explaining to their shareholders why profits are down to almost fuck all and telling their american workforce "hey guys sorry but you're out of a job cos we wanted to make a hollow gesture of resistance, knowing full well that it wouldn't make a damn bit of difference in the long run.
But, yeah, blame a friggin software company for the actions of the fourth reich. I'm pretty sure the Europeans will do the same thing, given that - who the fuck is going to call the real criminals on their bullshit?
Does that mean I also don't get to blame Nokia-Siemens for developing the Deep Packet Inspection technology for the Iranian Internet filter?
Sure, it doesn't take any blame off the Iranian government, but that doesn't mean some fuckheads at the Nokia-Siemens joint venture didn't damn well know what they were building and who they were building it for.
Similar goes for Google, no it doesn't take blame from the USA doing it or the EU not going after it (just watch), it sure makes them complicit, they had to choose breaking the law in one continent or the other.
As a US citizen my perspective had always been that if any government representative (federal, state, or local) comes along and asks you if you will hand something over to them your answer should be the same as their answer to 'Do you have a warrant?'
It's tricky territory--there's so much more to take away from folks when it comes to privacy...you delve into the minutiae of any "right to privacy," world over, and you'll find *more of an illusion* than anything else or anything concrete. Until incidences line these are brought to light, the illusion holds ground, and you might try believe you have dominion over your own stuff. But unless you work tinfoil-hat hard at it, uh, nah, you don't. You're jet conditioned to not see the restraints and so very used to the constraints. It takes the cloth being whisked away for the machine behind the curtain to be revealed.
Just as the twin tower crash ten years ago revealed a vulnerability that always existed as well as an lack of impregnability we still live with today--I believe we are as safe now as we were then. Unfortunately, thanks to the Patriot Acts, we are certainly less free.
I'm considering checking out BigString, too.
They're US-based, but allow you to delete/edit emails after hitting send, as well as limiting the number of times an email can be read before it self-destructs.
They seem to be claiming that there's no trace of the email after you delete it, except for a placeholder to let you and the sender know that an email was sent. If they really have no other record of the email after you delete it, there's nothing to hand over when the gubbamints ask.
QuoteBigString emails can be destroyed, recalled or changed even after they've been opened!
Quote from: Cain on August 11, 2011, 04:57:40 PM
If you find a good EU based alternative, let me know. I am utterly unsurprised that this is the case, I have to say.
Heyy you can also give your search queries to Russia :D
http://www.yandex.com
I just tried Yandex, Russia's main search engine (or so it claims). I have to say, I kind of like it. It gives results reasonably fast (Duck Duck Go can load a bit slow sometimes in my experience), and it gives good and relevant results.
The capabilities of its search operators are kind of basic, but in return for that you get back the "oldskool" Google behaviour: just search for the fucking keywords please, it doesn't try to be "smart" and come up with all sorts of variations of webpages you might also like that don't quite exactly match your query.
I mean, we're all smart enough to dig through the webs using a traditional "contains keyword A and keyword B" search engine, coming up with additional queries to refine our searches by ourselves, whereas when a search engine tries to be smart and "helpful" it often just serves to thwart and dilute the intended precision of your keyword arrows.
(ok this is not entirely true it does have auto correct features, but it does actually listen if you add a + in front of the keywords, as opposed to Google, who
still tries to be smart about it)
And it seems friendly, look at the cute drawings on their explanation page about image searching: http://company.yandex.com/technologies/duplicate_images.xml
In post-Soviet Russia, government collects information to give to you?
Quote from: Cain on August 22, 2011, 12:46:38 PM
In post-Soviet Russia, government collects information to give to you?
:lulz:
I'm not sure if they're government though. Doesn't seem to be. They also have an additional (probably financial) HQ in the Hague, NL.
Certainly there's no reason to assume they can't be coerced to give up their usage data to the Russian gov, maybe you can tell me whether that's less, more, or equally worrying as the US gov having my data?
The main reason I posted the link was my surprise at how high-quality this search engine is, in addition to its minimalism/simplicity. Most other non-US search engines are a bit of a pain to use. I could almost see myself using this instead of Google.
Another factor is that most big search engines' indexes don't completely overlap, they do mostly on the really popular stuff, but obscure things might be skipped by Google appear in Yandex, Yahoo or Bing.
Oh and if you look in the advanced search screen you'll find it has a filter for just PDF results--Google has this too, just tack
filetype:pdf at the end of your query--but somehow I suspect that a Russian search engine might index a lot of ebooks that Google possibly avoids due to copyright and/or pimping its own Google Books service.