I'm not convinced, and I'm a swiss citizen. Germany frankly seems to do better.
Germans go out on the streets, while swiss people are way more content with whatever shady surveillance shit the government does.
E.g. We have the mandatory data retention bullshit, I'm not sure if this is covered by this law, but if it is they'd have to save all logs for 6 months. Iirc the germans successfully fought this. Btw. these records can be stored outside of switzerland.
The recently discussed Quantum Terra AG has its HQ in CH even only 3 out of the claimed 80 people are based in CH. It seems companies think that the location-reputation will rub off on the product. Also ProtonMail is another company which until today benefits from having a letter-box presence so they can profit from the "data-center inside the Swiss mountain meme".
Security made in <foo> is always a PR stunt. Deutsche Telecom, 1&1 and others tried it by pouring huge sums into an "Email made in Germany" campaign that only benefited a particular consulting company. It utterly failed because their geo-fencing idea was technically unenforcable.
CH is more dangerous because the same idiotic ideas brought to Switzerland will often take off. Most EU security companies I know would not easily consider CH as a great location unless it has something to do with business strategy: 1) tax, 2) location of a holding company see #1, or 3) sell into the CH market.
On the other hand many non EU based security start-up CEO's often talk about it as it had some security benefit. But as you say this is a huge lie since data protection has nothing to do with banking secrecy and even when the latter is in question a New Mexico LLC is a much more secretive vehicle than a Swiss GmbH/Srl
I mean to a degree. There's other talk about some countries wanting to require backdoors in end to end encryption products. If you're in a country that doesn't have that and offer an E2E product, i mean yeah, that can be a selling point. And you should probably point out that your regulated in a country that doesn't require backdoors.
But in this case, the laws in Switzerland are frankly just... shit between the mandatory data retention (BÜPF) and DNS censorship under the guise of preventing gambling (Glücksspielgesetz). Yeah, it's a negative for me if my DNS is regulated here.
Thanks, I don't see a link to that from the submitted Press release. I don't think it's fair to ask me if I haven't actually looked when I did in fact read the press release.
No, I did not spend extra time to click around, because I simply didn't care that much.
In any case I'm glad this doesn't fall under these shit laws (yet).
Emoji packs often take artistic license with the ideas they are trying to represent, including flags. It is fairly rare for flag emojis to be vexillologicaly accurate. For example, the Twitter emoji for the US flag is missing 32 stars, and the corners should not be rounded. I doubt ProtonMail made their own emoji pack anyway.
As a Swiss, I never got the insistence on the square thingie... A lot of Swiss flags that people fly on their poles aren't a square either, and nobody cares. Actually, I'd prefer it if it weren't square, it always gives me this odd-one-out impression in lists of flags
Protonmail do not have a letter-box presence in CH... They have real employees there. That's quite a misinformed comment. (I said that knowing multiple ex colleague working there in CH).
I was unaware they had any meaningful presence. according to their PR/marketing they do stress since now a few years that they're a globally distributed workforce which happens to be HQ'ed in CH. Looking at their LinkedIn this seems to be correct.
The fact that they call it "Security made in <foo>" is what justifies the generalization. If their security was any good, they'd be explaining how and why (and how they plan to remain incapable of backdooring it), not invoking cognitive biases of innocence-by-association.
In what was was today's announcement not exactly what you're saying it should have been? It explained exactly how and why the data isn't being collected, no?
Poor phrasing, I suppose - I was using the generic "they" (changed from generic "you", actually) - I wasn't making any claims about whether the current announcement was a "Security made in <foo>" claim, just that all such such claims are (at best) PR stunts.
Google has the main-hub for Europe located in Zurich, EFL and ETH are one of the best University's, it's not a big secret where zoepfli und broetli where developed.
>CH is more dangerous because
Well opposed to germany we don't have a Staatstroyaner (i hope), and we don't force company's to break encryption -> tutanota
I've talked to a mail admin from one of the companies involved in "Email made in Germany" once about it, and his reply was basically that of course it was marketing, and of course the techs had the idea to enable TLS in the drawer for years.
But at their scaling, enabling TLS means a lot of additional compute power, and due to that marketing campaign they now finally got the budget to install the additional hardware and enable it. Before, there was no business value that justified to spend that much more to get an - to the outside observer - unchanged product.
I heavily doubt that. Could you receive 25k plus from an unknown source without rising a red flag somewhere in germany? Could you withdraw these 25k on the same day without questions asked? Could you essentially hide the money from taxes and everything on your personal bank account?
What I was saying is that bank secrecy in Switzerland, today, is the same as in, say, France or Germany. It means that in any of these countries the operations you mention would raise red flags immediately (in France for instance a bank must inform Tracfin about any cash transaction above 10k per month, and any other that they see as suspicious (including wire transfers, typically any above 10K that is not typical gets flagged)).
In other words, Swiss banking is not anymore the one described in movies where you could come with 1M€ in cash, open an anonymous account and be done.
Even in the past it was not that simple, but it was at least possible.
EDIT : there are also many misunderstandings regarding how some accounts work. The most typical one is the "compte à numéro", a type of account where the owner is identified with a number, instead of their name. It is seen as a way to make your account anonymous but this is not the case. The bank has the mapping of the number <-> name and they have the obligation te release it like for any other account. The difference is that this information not known outside the bank. You get account statements for the name 7636536536 and not "John Brown", same for wire transfers. It is just to protect the privacy of the account owner, not to make it anonymous.
> In other words, Swiss banking is not anymore the one described in movies where you could come with 1M€ in cash, open an anonymous account and be done.
what you say reflects what I've read in the past few years on offshore tax crimes[0][1]. the OECD white/black/grey-list regulations are in reality a way to shift power from existing jurisdictions to US.
I cannot stop thinking that the US have become a real global bully.
They are using their financial power to force other nations their way, or to apply extraterritorial jurisdiction.
For that they are using either the fact that there are foreign companies that do business on the US ground and they will be punished if their country does not follow the US decisions (EU presence in Iran is an example), or they will block their USD transactions.
The EU is to weak to be a counterweight, China is probably the real competitor. All in all, I prefer to be under US rules than China, but this is still infuriating.
Exactly my point. National wire transfers around 10k would bother no bank around here. And international ones nether. There are no exact threesholds but receiving 100k over 3 months or so would rise no eyebrow. And no tax agency would ever know. I dont know the exacts in the EU however its not that.
Also yeah that movie thing is and was obviously wrong. But for locals there is a secrecy that you dont get anywhere nearby
Yes this is indeed true for Swiss citizens (or companies incorporated in Switzerland).
But not for the EU citizens/companies with accounts in Switzerland, and several other countries in the world (including Singapore - another ex money heaven).
I agree that this announcement is mostly a PR stunt. I find it more likely that the truth is more along the lines that the Quad9 foundation found themselves with a lack of funding from the original founders and SWITCH agreed to provide additional funding but required them to relocate to Switzerland to do so.
Nope, SWITCH was engaged after the country decision was made. The country selection process took the better part of five years. SWITCH was engaged in July of 2019. SWITCH has contributed labor, but has put up no money. Quad9 is, as always, a starving non-profit, because when money comes in, it gets spent to provide service, but it's more comfortable now than at any point in the past.
So essentially every single assertion in your post is false, no? Did I miss something?
I love the Swiss, I really do, but their reputation has been in tatters since the Crypto AG fiasco. Crypto AG basically sold backdoored crypto hardware to foreign governments, at the behest of CIA and BND (German foreign intelligence agency). It recently came to light that the Swiss knew and let it happen.
In fact, the Swiss government also bought machines from them, on a wink wink nudge nudge sort of understanding that they would get the non-compromised ones.
Now this company could still be excellent, but that would not be because it is Swiss. I have no reason to distrust their claims.
However I would like to point out that they give you censored DNS data, with supposed malware sites being removed. Be aware of this when you use them. Their web site is very up front about it.
"I love the Swiss, I really do, but their reputation has been in tatters since the Crypto AG fiasco."
Crypto AG is certainly an awful event but this seems like an impossible standard to hold a nation of millions to. Which country doesn't have some equivalent scandal?
I agree that wasn't a good way to put it but it might not be entirely irrelevent to mention Crypto AG considering Quad9 is sponsored by the Manhattan DA and City of London Police.
B) That's a straw-man, as we have not asked for anyone's trust; quite the opposite.
C) We serve the public, everyone. Is your argument that the US and UK governments are excluded from the definition of the whole? Or that because they, like everyone else, are members of the set of the whole, that this somehow reflects upon us?
With that kind of logic every single country is a fail. Which is also a valid viewpoint, as they can be one-eyed amongst the blind.
Its not perfect place, but by huge margin the most free society by quite a few criteria. I've come here 11 years ago just to make quick buck and move back, then I've seen first hand how actually society works here and decided to settle here and raise my kids here. I've traveled quite a bit all around the world, and no other place compares. For somebody who can literally spin the globe and move anywhere, that's quite a recommendation if I may say so.
We give you malware blocking if you want malware blocking, and we give you malware if you want malware. It's completely up to each user which way they want it. Somewhat over 99% of users prefer the malware blocking; a few want the malware. How would you prefer it to be?
In Switzerland, a policeman investigating a criminal offense (délit penal), can simply request all the data about someone without the need of an explicit Juge order... How is it that great?
Not true, a public prosecutor can, not a police officer. A police officer may request the data on behalf of a public prosecutor. Every canton is organized somewhat differently, so it depends on the canton who does the actual work in the end. The letter often states the case number opened by the public prosecutor. Depending on the organization, the public prosecutor will ask the police in writing what to request.
We also though so. The General Prosecutors of several Cantons politely made us understood that we were wrong (in case of criminal offense). All our competitors provide the data without obstruction. We also now comply.
What some people may underestimate is the hands-off approach by the Swiss authorities. In short, in Switzerland you don't land in jail if you don't kill someone or do a bank robbery. If you don't have the data, you don't have it. I prefer to deal with the Swiss authorities than with the German authorities (which take things much more serious).
And Crypto AG was founded by a foreigner who was not even trusted by the Swiss military. Do you really think that in a small town like Baar CIA and BND agents visit and nobody knows who the company belongs to? In serious, you must have watched too many James Bond movies. Yes, what is not ok that nobody stepped in from the military intelligence and kicked them out.
This ive used and abused the swiss flag for my projekts before. Mainly to underline the fact that i do not log and cant easily be forced to. No GDPR conformity but that sweet privacy
I made an open source DoT/DoH app for iOS called PrivateDNS (more lists and turning off on wifi coming soon just submitted for review) that includes Quad9. However from India I get very high latencies accessing some of the DNS (needed for testing my app) especially the adblocking one. NextDNS is good since it has local servers. But otherwise pretty much Google and Cloudflare is the only option that works well with Cloudflare sometimes flaky. At home I can have PiHole + unbound but I would like to have a decent fast adblocking dns while on mobile data (whenever I am outside anyway these days) because wireguard is really high latency for me and my home internet is worse than mobile sometimes.
My next update will get Adguard, Cleanbrowsing with all types of filters that they offer and both DoT and DoH (assuming apple is okay with it). It's not too bad when it comes to latency but they don't have servers here so anything that is outside the country won't be fun to use. But if anyone is using them in the country they have servers in it would be great to know how they work. Using root servers with pihole is usually best of both worlds when it comes to latency and privacy.
Edit: I made the app because I wanted a simple 30 second solution for anyone to improve their privacy without any VPN profiles and using a fast DNS. I tried a few free apps on the App Store but they didn't work well or were not updated in months. So I decided Ill make one.
Nice app! I created configuration profiles for convenience at https://encrypted-dns.party but an app with providers pre-configured is way more convenient. Some smaller providers that come to mind for ad-blocking: Adhole, AhaDNS, BlahDNS, LibreDNS, and Usable Privacy DNS.
Thank you. I have put these in a list I'm creating to add to the app. I only recently learned to make iOS apps and SwiftUI is rather still new. Rather I wanted to learn how make apps so I thought might as well make something people can use. I plan on making it much better UI wise along with region-specific DNS lists or some method of sorting them.
Thanks ill be adding more to the app and look into some local ones possibly add region specific tabs for those interested in using something local for better performance. I just added popular ones to avoid any controversy (not that these DNS aren't without controversy but at least I am not the complete blame). I am looking for adblocking and tracking prevention DNS actually like NextDNS but free and fast. Adguard seems to be the only one globally with the same IPs (since its hardcoded).
Personally I have found Google to work well almost always. The reason I like DNS on iPhone itself is because assuming the iPhone is super optimised for handling https traffic and also an extremely fast device, not to mention a very stable software platform compared to the terrible home networking gear people own that has some outdated linux firmware that can be buggy at dns resolution. For most on HN its probably not the case but I've seen too many people use old hardware for a basic home internet setup and I'm hoping using on device DNS can greatly improve the experience. At the cost of small hit to the battery life of course but I would have to test that which would be a fun test to do.
Have you sent a traceroute and the results of a chaos query to your ISP, so they can fix whatever routing problem you're encountering? There's nowhere in the continental US that's more than 5-6ms away from a Quad9 server cluster.
When i'm on mobile data I can barely get it to send imessage. I have a Pi4 right now on which I plan to install it (diet pi seems to have really easy setup for wire guard since i had trouble on the raspios aarch64 lite image, i think headers were missing) but for now nextdns seems to be okay. NextDNS has their own app for iOS but I sometimes have trouble on that too so i just switch DNS and see what works best. The ISP DNS are definitely worse than anything.
Yes actually I tried it last when the raspios 64 beta was just released and didn't have an SSD for the pi (SD cards are really slow). I plan on adding another pi for building and one for DNS so that if the Pi is compiling it won't slow down any DNS queries (which it shouldn't but you never know).
I found dietpi to offer a very friendly home server setup. RaspiOS is of course great if you want to do things manually but dietpi seems to have taken r/homeserver crowd very seriously.
I'm sure, but for anyone reading these comments thinking that they still need to compile the linux kernel to run wireguard on any debian distro: they don't. For 32-bit, at least. I have not tried 64-bit yet. I'm letting that one marinate.
Quad9, like most global DNS providers uses anycast to provide redundancy and low latency. My connection to them still terminates in Chicago. If my DNS queries are answered in the US, surely they are under some type of US Gov authority and regulation?
I think I agree with others, seems like a publicity stunt with very little real-world impact.
The point is not if Switzerland is better than the US or Saudi Arabia. What is crucial is sovereignty: giving away all EU dns requests to the US by using google public dns or cloudflare is a huge loss of sovereignty for EU countries. The American government would never accept, say, if Chrome were to send American DNS queries to a non-US entity by default. EU countries shouldn’t accept that either.
When it comes to geopolitical spheres of influence, which is what digital sovereignty is about, it doesn’t matter. Switzerland is part of Schengen, the European single market, the EFTA, ... It’s Europe.
Boy, I love their website. It's so fast and snappy when it comes to browsing. A hard to find gem nowadays since most sites are infected with trackers and third-party ad engines.
I'm not sure what you're asking for specifically. The Swiss data protection act is here [0] and is reasonably comprehensive, especially compared to the US, in which data protection is essentially nonexistent.
As for it being tested, I can assure you that it's taken very seriously. One ruling that demonstrates that is [1], in which Switzerland's highest court ruled that an individual's right to privacy has higher precedence than a copyright-owner's right to police copyright infringement.
There's also a constitutional right to privacy [2], though the Swiss constitution is a little different to the American one.
One notable and enormous hole in Switzerland's record however is the BÜPF [3], which, as I understand it, requires ISPs to log DNS requests, among other things. That shouldn't be relevant here though, so long as Quad9 doesn't become a telecommunications provider.
While famous worldwide, the Swiss data protection law only states what is forbidden and what is permitted. It doesn't include any mention on what happens when you break the rules.
It has many "ifs" but not a single "then". It's like a parent threatening a child not to do something in the hope that the child never responds with "or what?"
Authorities have issued several advisories against global actors but whether or not they decide to comply is purely based on political agenda.
In my opinion, the answer to your question (was the resilience of the Swiss data protection law tested) is no, simply because it can't be tested.
Because that's a combination of features that less than a hundred-thousandth of a percent of users have ever expressed an interest in. And we don't have infinite resources.
I'm not sure this will affect my latency here in Zurich. Quad9 is already impressive with a 2ms ping, which is surprisingly a bit faster than Google DNS and a few other major providers from my home.
We did just turn up a third Zurich location two weeks ago, in Equinix ZRH4, so our presence there is pretty robust; on par with New York, London, Singapore, San Jose, and Los Angeles.
While I apreciate this from a perspective of neutrality. I think expecting privacy in a DNS is a pathological expectation, like expecting that all communications be encrypted.
Germans go out on the streets, while swiss people are way more content with whatever shady surveillance shit the government does.
E.g. We have the mandatory data retention bullshit, I'm not sure if this is covered by this law, but if it is they'd have to save all logs for 6 months. Iirc the germans successfully fought this. Btw. these records can be stored outside of switzerland.
Smells like a PR stunt without any substance.