TPC 37: Unsecure Restaurant Contact Tracing Lists

In Germany, a large cloud service provider for restaurants was revealed to be horribly unsecure, possibly leaking tens of thousands of addresses, collected for mandatory coronavirus contact tracing, to the public.

This will be the last episode of The Private Citizen that follows the usual Wednesday release schedule for a while. I am moving house soon and after that, I’m taking some well-deserved time off with my wife. I plan to release a few more episodes over the next week or two, but after that there’ll probably be a break in releases until the start of October. I hope everyone understands that there is no alternative to this disruption in service, as a 400 km move is quite an undertaking. On top of that, there are some issues with my internet connection in the new flat in Düsseldorf that I still have to work through as well. Don’t worry though, things will eventually get back to normal!

#GastroFail

Germany’s friendly hacker collective, the Chaos Computer Club, has announced that members have found a security vulnerability in a cloud platform that provides services to restaurant owners . This cloud service, run by a company called Gastronovi, was being used to store contact tracing data of the mandatory registrations that people have to undergo in German restaurants for months now. The CCC hackers managed to access 87,313 entries in this database. They’ve also managed to access 5.4 million reservations by 4.8 million restaurant guests; among other data.

Of course, this is not surprising, as cloud services like that are notoriously unsecure and features like the SARS-CoV2-specific contact tracing option are often sloppily added without much concern for privacy or security. This shows that at the very least it’s a bad idea to store such data in digital systems. But if you ask me, it also shows why this whole mandatory registration business is dangerous and should never have been allowed to happen.

Just a bit under a year ago, at OggCamp 19, I said that I thought privacy was the new battleground and that after becoming famous for doing a Linux podcast, this would be my new focus. I knew then that privacy would get more and more important, going forward. But I could never have forseen just how important it would get.

Producer Feedback

Matt writes in with some nice sentiments:

First I gotta say discovering you and Dan during the last six months of Linux Outlaws, the ultra awesome Geek News Radio and now the timely Private Citizen (like really fuckin’ timely). You have kept me from going nuts at my janitorial job while I try to finish college (at age 41 mind you). Two things, first I just discovered you put GNR on Spotify (which you probably mentioned a long time ago but my brain is frazzled at the best of times) will you keep it there please? And second your privacy podcast about privacy seems a bit light on Warhammer content LOL. Well that’s all for now and as always “Aim to misbehave!” Later Dude.

Michael Mullan-Jensen, as expected, is amused about episode 36:

Ha ha, I’m only 10 mins in on Episode 36 and I’m already in absolute bits of laughter from Fab’s total destruction of my language. ROFL. The subject is no laughing matter, though, so really looking forward to listening to the show.

If you also have thoughts on the topics discussed in this or previous episodes, please feel free to contact me.

Toss a Coin to Your Podcaster

I am a freelance journalist and writer, volunteering my free time because I love digging into stories and because I love podcasting. If you want to help keep The Private Citizen on the air, consider becoming one of my Patreon supporters.

You can also support the show by sending money to via PayPal, if you prefer.

This is entirely optional. This show operates under the value-for-value model, meaning I want you to give back only what you feel this show is worth to you. If that comes down to nothing, that’s OK with me, pard. But if you help out, it’s more likely that I’ll be able to keep doing this indefinitely.

Thanks and Credits

I like to credit everyone who’s helped with any aspect of this production and thus became a part of the show.

Aside from the people who have provided feedback and research and are credited as such above, I’m thankful to Raúl Cabezalí, who composed and recorded the show’s theme, a song called Acoustic Routes. I am also thankful to Bytemark, who are providing the hosting for this episode’s audio file.

But above all, I’d like to thank the following people, who have supported this episode through Patreon or PayPal and thus keep this show on the air: Michael Mullan-Jensen, Jonathan M. Hethey, Georges Walther, Dave, Niall Donegan, Butterbeans, Shelby Cruver, Kai Siers, Vlad, Mark Holland, Steve Hoos, 1i11g, Philip Klostermann, Jackie Plage, Fadi Mansour, Jaroslav Lichtblau, Joe Poser, ikn, Matt Jelliman, Dirk Dede, David Potter, Dave Umrysh, Mika, Martin, Vytautas Sadauskas, RikyM, drivezero, Barry Williams, Silviu Vulcan, Jonathan Edwards, S.J. and Richard Gilson.