This article is in German. Link found in a popular, censored r/privacy Reddit post, a common occurrence.
Machine-translated article below:
Switzerland has an international reputation for being a safe haven for data – outside the EU, with political stability and a modernized data protection law. But this reputation is deceptive when you take a closer look at that Intelligence Act (NDG) throws. It has allowed this since 2017 Federal Intelligence Service (NDB) far-reaching interventions: cable reconnaissance, state Trojans, data retention and the exchange with foreign secret services are possible – sometimes even without concrete suspicion. Particularly explosive: In the run-up to the 2016 vote, the Federal Council assured that no nationwide surveillance was planned and that only data traffic abroad would be affected. In fact, it later became known that national traffic is also recorded. Terms such as »filtering « or »monitoring « have never been clearly defined politically – a breeding ground for lack of transparency and loss of trust.
Approval and control mechanisms exist, but their effectiveness is limited. Legally legitimized access to large amounts of data raises serious questions: How much surveillance can a democracy take? Where does security end, where does control begin? And what does this mean for companies that advertise their services based in Switzerland as particularly safe?
Also popular Swiss providers like Threema or ProtonVPN are fundamentally subject to Swiss law – and thus also to the NDG. This means that in certain cases, state access can also be legally possible here. Both companies advertise with technical end-to-end encryption or No-log policy, but technical security alone does not protect against legal access powers. Trust is good – but a critical look at the legal framework remains essential.
Yes, Swiss laws also allow official access to existing data. Switzerland is not a data protection paradise – even if it is often represented or advertised in the same way. At first glance, the location seems trustworthy, but the NDG allows extensive, sometimes suspicious monitoring. The reality of government access options contrasts sharply with the image that many providers and users paint. Those who hope for real digital sovereignty should not be blinded by the myth of the safe Swiss data port.
At the same time, in many other countries it doesn't look any better –, often even significantly worse. In the United States, for example, laws like the Patriot Act, the Cloud Act or FISA §702 (here is an overview) extensive access to data, including from providers operating outside the USA. In the United Kingdom and France there are also legal bases for tamper-free mass surveillance.
Germany does a little better in comparison –, above all thanks to the basic legal anchoring in the Basic Law, the independent case law of the Federal Constitutional Court and a lively public debate about data protection. But here, too, not everything is in the green: the use of state Trojans (Source TKÜ), the often opaque cooperation between secret services and the recurring political pressure on the long-failed Data retention show that fundamental rights are also under constant pressure in Germany. Nowhere is there absolute certainty – but how transparently and critically a society deals with surveillance makes the decisive difference.
If you trusted a western service to protect you from their own government, then I have some oceanfront property in Missouri to sell you.
If you piss off the Swiss government, they will put their nose into your data, the same way if you piss off the US government, Germany will put their nose into your data for them.
Why the “western” qualifier? Which eastern or southern service would you trust?
Western or eastern are just labels of affiliation, such as in team sports. But in the world of security Teams are irrelevant. Something is either good enough or it isn't. And that measurement is liable to change over time as you gain knowledge and the proverbial landscape changes.
In tech it is best to not trust anyone, zero trust as it is. But that seems imposible so we all make our own compromises. my recommendation would be
a) try to change something in your own (government) structures
b) lay low when using anything where you have to trust someone, be that any google, facebook, microsoft etc. service, yandex, duckduckgo, telegram, threema, any e-mail service (even proton mail, tutanota...), most cheap and easy VPN services, malware services, AI-Services...
c) look for connections in spaces where trust is mininal, such as open-source-software, self-hosted-services, I2P and Tor, torrenting.
lemmy is a special case, where anyone can launch a server and communicate with other servers on a completely tdifferent level as in other places, as such it allows for higher security standarts and will less quickly fall to big-moneyd interests and singular government overview and control.