This article is in German. Link found in a popular, censored r/privacy Reddit post, a common occurrence.
Machine-translated article below:
Switzerland has an international reputation for being a safe haven for data – outside the EU, with political stability and a modernized data protection law. But this reputation is deceptive when you take a closer look at that Intelligence Act (NDG) throws. It has allowed this since 2017 Federal Intelligence Service (NDB) far-reaching interventions: cable reconnaissance, state Trojans, data retention and the exchange with foreign secret services are possible – sometimes even without concrete suspicion. Particularly explosive: In the run-up to the 2016 vote, the Federal Council assured that no nationwide surveillance was planned and that only data traffic abroad would be affected. In fact, it later became known that national traffic is also recorded. Terms such as »filtering « or »monitoring « have never been clearly defined politically – a breeding ground for lack of transparency and loss of trust.
Approval and control mechanisms exist, but their effectiveness is limited. Legally legitimized access to large amounts of data raises serious questions: How much surveillance can a democracy take? Where does security end, where does control begin? And what does this mean for companies that advertise their services based in Switzerland as particularly safe?
Also popular Swiss providers like Threema or ProtonVPN are fundamentally subject to Swiss law – and thus also to the NDG. This means that in certain cases, state access can also be legally possible here. Both companies advertise with technical end-to-end encryption or No-log policy, but technical security alone does not protect against legal access powers. Trust is good – but a critical look at the legal framework remains essential.
Yes, Swiss laws also allow official access to existing data. Switzerland is not a data protection paradise – even if it is often represented or advertised in the same way. At first glance, the location seems trustworthy, but the NDG allows extensive, sometimes suspicious monitoring. The reality of government access options contrasts sharply with the image that many providers and users paint. Those who hope for real digital sovereignty should not be blinded by the myth of the safe Swiss data port.
At the same time, in many other countries it doesn't look any better –, often even significantly worse. In the United States, for example, laws like the Patriot Act, the Cloud Act or FISA §702 (here is an overview) extensive access to data, including from providers operating outside the USA. In the United Kingdom and France there are also legal bases for tamper-free mass surveillance.
Germany does a little better in comparison –, above all thanks to the basic legal anchoring in the Basic Law, the independent case law of the Federal Constitutional Court and a lively public debate about data protection. But here, too, not everything is in the green: the use of state Trojans (Source TKÜ), the often opaque cooperation between secret services and the recurring political pressure on the long-failed Data retention show that fundamental rights are also under constant pressure in Germany. Nowhere is there absolute certainty – but how transparently and critically a society deals with surveillance makes the decisive difference.
Same thing here. If I don't see a source code repository, the result is an obvious no-go. Especially because I'm pretty sure there are others, similar projects that either exist in the wider closed source space.
Accountability is an important thing for these kinds of apps. Unfortunately, if you don't have a reputation online, that's about as bad as having a bad reputation. No offense intended, it's just inevitable.