Commenting from my alt to avoid doxxing myself. Have spent over a decade in various 'large' streaming video companies, the ones you absolutely know about today.
DTAG is bar none the worst ISP to work with. Everything they do is politics, they may decide to 'forget' to increase the bandwidth on a PNI until you take a meeting with german regulators. Almost every other ISP views PNI as the best way to uphold customer satisfaction without breaking the bank over a more expensive IX and will happily add ports when needed, DTAG on the other hand often requires concessions and selective agreements with a lot of strings attached.
I don't think Germans realize just how much DTAG is holding the experience back for end users (given it's partially state-owned)
[deleted]
>I don't think Germans realize just how much DTAG is holding the experience back for end users
The ones not on HN probably just notice that their internet is getting slow after 5 p.m
Trust me, I know how much they suck and I still had to enter a 2-year contract just to get fiber optics in my house.
They tried to install it to our home too, but our landlord just didn't do anything to help them to open doors and now we've been soon waiting two years for the connection.
The more I read about DTAG the happier I feel like using our cable connection which, upstream excluded, works quite well.
We're about to buy our apartment in Berlin and that changes things. I hope we have soonpre choice on the fiber operator.
[deleted]
ISPs are the worst.
Currently I use Telekom's 5G for my home internet connection in Hungary as Telekom is the only company who has a cable in my street, but they refused to sell me wired internet due to the hole they use to take their underground cable up to the houses being already over capacity (it turns out this "hole" serves like the entire street with cables being run across everyone's attic...).
I previously used yettel/telenor's 4G (basically as fast as Telekom's 5G because their 5G is a scam, although Yettel's 5G is even more scammy, it is slower than their 4G) but they broke their routers, I had comical packet loss and they refused to fix it (technically, when you pay for a cellular connection, the required uptime in the contract is zero). They also started CGNAT-ing in order to supposedly "improve security" (wtf..) just before I switched (this now means that their "internet-focused" plans have just CGNAT-ed IPv4, while their "non-internet focused" cellular plans have CGNAT-ed IPv4 AND IPv6 (makes sense).
In any case, I now use Telekom's 5G with CGNAT-ed IPv4, just a single /64 IPv6 and forced separation (it is illegal to have a stable internet connection, they disconnect you just before reaching 24h of uptime).
> ISPs are the worst.
DTAG is not just a run-of-the-mill consumer ISP. They are a global Tier-1 carrier.
Which of course makes their behavior all that much worse.
You don't want a tier 1 carrier as your ISP because they are severely limited in connectivity — they only connect to paying customers and other tier 1s. They are to be used as a last resort by the tier 2 ISPs, who provide good packet routing by selecting the best routes from among several backbones.
Never thought I'd see this play out in practice, especially with a consumer ISP. Normally this comes up with server hosting, not consumer ISPs.
The day when T-Mobile NL (nowadays known as 'Odido') started routing all traffic via DTAG to 'save costs', and latency increased because in NL you were routed via Frankfurt. And after complaints they actually insisted on this. Then the company got bought by investors, who immediately changed this back, and also changed the name of the company.
> You don't want a tier 1 carrier as your ISP
The best part about ISPs, is that usually who have very few choices, sometimes only one! Where I grew up, we had the choice of "broadband" (via antennas between an island and mainland) with one ISP, or modem with any telephone company. Eventually, proper cables where put, and we had a choice between 6 different operators.
Where I live now, I only have 3 options for ISPs with fiber, even though I live right outside a huge metropolitan area.
ISP “choice” is mostly a meme, yeah.
But depending on local rules, you can sometimes route around the monopoly: trench your own last-mile (at least on private land), do a neighborhood co-op, connect buildings, etc. It’s sometimes expensive and you’ll hit permits/right-of-way bureaucracy, but it’s totally doable if you’ve got a few (rich) friends or a business willing to back it.
“the conduit is full” is often just BS and a super convenient excuse for incumbents to block competition indefinitely.
Romania is a good example of what happens when lots of small operators aggressively wire dense apartment blocks: brutal competition, low barrier to entry, and suddenly everyone has insane internet.
If digging is blocked, wireless works too. Point-to-point links, WISP stuff, even satellite. The main thing is: you don’t necessarily need your local ISP as your upstream, you just need a path out.
> ISP “choice” is mostly a meme, yeah.
I think Australia's model works really well – the last mile is (with occasional exceptions) owned by a government-owned ISP, NBNCo. But NBNCo is purely a wholesaler, and they only provide service from the premises to the local telephone exchange. There are dozens of competing retail ISPs, and they own the connection from the local exchange onwards. So if one of them is screwing you over, you can switch to another. And if you have a fibre connection, you can even split your fibre connection over multiple retail ISPs–you can sign up for new one as a trial without cancelling the old one, and then reverting back is literally just swapping an Ethernet cable to a different port.
I'm surprised more countries haven't copied it.
> Romania is a good example of what happens when lots of small operators aggressively wire dense apartment blocks: brutal competition, low barrier to entry, and suddenly everyone has insane internet.
And it propagated to Spain thanks to the Romanian DIGI playing their strong bets for a while. I've had the access to the cheapest while also best-uptime-service option because of them on the two places I've lived in the city. They're still deploying as much as they can and meanwhile they offer VULA access where they don't have (In Spain thanks to the NEBA regulation, biggest ISPs are obligated to ease local access for any other operator) own infrastucture.
So it's available also at my parents' as well since a few months ago (Internet access still contracted with another company which honoured the low price offered back then which was subject to some conditions, and even having risen prices as much as three or four times, they've respected them for staying clients). I didn't see the need for the switch, but wouldn't had given much thought to it.
I think Germany has something equivalent to local loop unbundling, but obviously, DT still provides shitty loops because they are shitty at all aspects of their business.
Local loop unbundling is only mandatory for large ISPs. There are many regional or otherwise smaller carriers that have a local monopoly. Fortunately, they tend to be OK (with some exceptions like Deutsche Glasfaser, they are basically bankrupt and behaving quite erratically).
They are a tier-1-wannabe. Tier 1 in prices, tier 3 in connectivity. No international peering to speak of, negligible international cables and presence compared to real tier 1.
I think this is also relevant, after finding out Telekom, in Hungary, has the worst routes possible for some game servers:
Maybe get some Star link if you can... (Cringe worthy because of some musky husky guy, but at least it works for now).
Telekom is a bunch of strange folks.
I lately was not able to send mails, from my private mail servrr to my fathers telekom mail. After investigation I found out my server got blocked. After a decade of working.
I mailed them, and they told me to register my mailserver with them. I shall tell them what mails I will send from there and about what content. I couldn’t believe my eyes.
Sure, thats how mail was supposed to work. Register with every mail server in the world, before you can send mail.
Their mail excerpt:
This system has not sent any e-mail to our customers for a long time.
For security reasons our systems will only accept e-mails from such IP
addresses after a check of setup and information about these systems.
Please give us details about this system and the company using it,
tell us all about the sending domain, what type of e-mail will be sent
and especially if you or your customer want to send newsletter give us
detailed information on how recipients e-mail addresses had been
acquired. Who in person is responsible for e-mail sent from this
system (MTA)?
Please be advised that only technically proper configured and very well
maintained systems are qualified for a reset of reputation and please
see our FAQ section 4.1 (Requirements for smooth access to our e-mail
exchanges <https://postmaster.t-online.de/index.en.html#t4.1>):
"There must be a domain and website with direct contact information
easily deducible from the delivering IP's hostname (FQDN)."
That policy of theirs has existed for a long time now. It's a really odd one at that.
They also don't enforce DMARC, nor do DKIM. It's stuck nearly four decades in the past.
That's Germany in a nutshell.
2026 - 40 = 1986 was right before more mainstream internet adoption. Yep checks out, Germany today.
Were the trains running on time in Germany back then? They certainly were 20 years ago, so I assume they were in the 80's.
Maybe "strictly worse than 40 years ago"?
Microsoft has a similar policy on their consumer domains though. If they have not received mail from you for a month or so you are insta blocked. It's infuriating for personal mail server owners.
Microsoft and google seems hellbent on destroying classical email, by doing this crap. Their interoperability is also pretty bad.
Yes. It's the last phase of embrace, extend, extinguish. Typical big tech move.
When I ran my own mail server Microsoft was the only company I encountered that would black hole my messages - no SMTP error for my own server to bounce back to me, no bounce back from their server, nothing. I vaguely recall having to do a dance with them a few times to fix this and the last time I tried I received no response. I don't frequently interact with Office 365 users so this didn't matter much to me.
I did end up later moving to Proton primarily out of laziness. I thought these issues would be a thing of the past until I applied to work at a company that administered their own Exchange server that also black holed my messages from Proton's servers. Their reasoning? "We geo-block Switzerland for security reasons." Needless to say I turned them down.
Oh when I ran my own mailserver I did get SMTP errors back.
Every month or so I had this issue and I had to contact them through a form somewhere and I would get emails back from someone in india who reset my 'reputation'. They have some stupid made-up reputation system which means they need to see significant volume from you that is not marked as spam for them to accept your mailserver.
And yeah proton has similar issues. A lot of companies blackhole even confirmation emails there. So you can't confirm accounts with a proton email and they give zero indication as to why. Tinder and the internet archive (archive.org) come to mind.
I think this is standard. It applies to domains as well. I experienced government services blocks as well -- they send me an email, yet block my reply. I complain every time and rarely does anyone care, the support person does not escalate, so my email remains blocked, sometimes I'm told system is working as configured, completely ignoring that I am a real person and system is hostile towards me.
It's just general fragility of tech and lack of care from the creators/maintainers. These systems are steampunk, fragile contraptions that no one cares to actually make human friendly or are built on crappy foundations.
We call it the email mafia.
To send emails we need to pay for a mail service. Or get ads of course Gmail is part of the ring.
Like most things it start with good intentions, to fight spam. As if it even worked, I guess we would get far more without they will say.
It's one of the downsides of decentralized networks. Trust is built or pay-your-way-into'd.
This has nothing to do with decentralized networks. It's simple incompetence.
If you haven't received any mail from a mail system before (or in a long time) and then it sends you one message, it probably isn't spam, because spammers are typically going to send you a large number of messages. You also typically want to let the first few messages through so the recipient can see them and then classify it as spam or not, so that you get some data on how to treat future messages from that sender.
This is the same thing a centralized system should be doing with individual users. You impose some reputation on accounts (e.g. by sender/registration IP address) and then if that address starts spamming people it gets blocked, and otherwise it doesn't.
Is there a government requirement to be reachable by its citizens? That would seem to violate it.
I mean, yes? But that's by sending a letter, or a fax. Email is not part of this...
This is one of the things that E-Delivery (something which Europe is now implementing[1,2,3]) is going to fix.
It's sort of like email, but based on the XML stack (SOAP / WSDL / XML Crypto / XML Sig), with proper citizen authentication and cryptographically-signed proof of sending and delivery.
This should have been updated decades ago to include email. Is it possible for any government to function properly?
The main issue is that who is supposed to implement it? The gov has 2 possibilities: hire a contractor, or do it themself. DIY has the issue that nobody wants to work for the gov because as any IT specialist you'd earn 1/3 or 1/4 of what you would earn in a private company. Stateworkers here cannot be fired. So you trade money for extreme "stability" (read: laziness). Hiring a contractor requires money they also don't see the necessity to spend. And that's how you end up in this situation. There are also other issues like no national wide implementation plan. Every state, every commune has to figure out and build stuff themself.
We are repeating obvious things here aren't we? I moved to Germany from a very pro IT country Finland. I've been here now for 15 years, and while I still disagree with their idea of dismissing email, I kind of got used to it. A couple more decades and it'll happen...
Well, I don't know if that is better or worse than my experience with Comcast. They will usually unblock my emails within a day of my sending an unblock request, no questions asked... and then block me again after a few days, with no explanation as to why. I've had this IP for years, I have spf, dkim, and dmarc all property configured, I'm not on any blocklists, and I only send a very small volume of personal emails from the server.
but the fun thing about them is, they allow you to impersonate any mail address you want with their smtp server.
Aka, when you are a customer of them you get a @t-online.de address and login data for their smtp server.
You can just login into that server and set the From: Header to anything, they don't check.
Isn't that fairly common? You could then put in some other address, but you could do the same thing by setting up your own mail server, and in the former case you're not even really anonymous because the headers are going to show it was sent through their mail server and their mail server's logs will show which account was used to send the message.
The email sent from your own separate server will fail basic dmarc/SPF/dkim validation the email sent by their own servers likely will appear legitimate
In Germany I'd be surprised if the police didn't come to your house when you did that, and take all your computers to find evidence you sent it, and you're not getting them back even if you're proven innocent.
At least they respond quickly to such inquiries. I have given up on T-Online Mail. I refuse to follow ridiculous rules like these.
Well, we have to "register" every new IP or new mail server with them as well. It's annoying and a weird system, but they respond quickly and it's just one todo we have to think about.
Been there, done that. After a bit of back and forth, Telekom basically recommended that I go and use one of the big SMTP servers and stop bothering them. While I hated myself for doing it, I eventually switched to Gmail for peace of mind.
Does Fastmail have any clout in Europe? I've been a customer for the better part of a decade (with my own domain name) and I've never had a mail delivery issue.
Nope, but there are various good and cheap e-mail providers in EU, such as Soverin, Posteo, Mailbox, Migadu, Tuta, ...
I was going to suggest Fastmail too. I don't know about Europe in particular but have been a very happy Fastmail customer for several years, running mail for 2 small corporations plus personal, zero problems ever.
Unfortunately some inbound servers will block emails if the originating server does not match the From: address.
If you control the domain, you can use SPF to designate Google as an authorized sender for your domain.
This is one of the reasons why I'm not planning to host my own e-mail server. It's not that I can't do it, but I don't want to sink time into investigating and working around/solving things like that.
The small boutique mail hosts are also much more tedious to deal with than any of the big players. So it depends on your recipients how much effort self-hosting is.
They just want to make sure you're not a spammer.
fwiw t-online.de hasn't been owned by Deutsche Telekom since 2015
[deleted]
Does anyone self host email anymore successfully? I'm honestly asking. I would like to but it seems like a full time job trying to keep it running. Are there halfway solutions where maybe you own the service and domain and it runs somewhere trusted?
I have been running my mail server for about 20 years now, using three different domains.
I have switched servers regularly, mostly between OVH/online.net/Hetzner since they are the three big cheap European hosts. I have also used various server software, now happily running OpenSMTPd.
I have had a few problems with Microsoft in the past but contacting them (what made me care enough was marrying someone with an @hotmail email address) eventually fixed delivery for good. No notable delivery problems otherwise. I also run my company's mail server, it works fine too (with a much larger volume and different usage patterns), also running out of OVH servers.
What I recommend for people who don't want to do sysadmin is buying a domain at OVH to use the free email service offered with it. It's cheap and works, and it's easy to switch to another registrar or provider if needed.
I self host email and have done so, with the same domain, since ~2000.
My IP has not changed since 2010 and I have perfect dkim/dmarc/rdns and whatever duct taped bullshit de jure is currently being practiced.
Everything generally works.
± same here
Sure. Highly successful even, I would say. I can deliver to Microsoft and Google.
Not sure though what the magic ingredient is. I've had the IP address for 7 years before I decided to use it for mail, after one quick mail to Cisco's Talos stuff everything was fine. Software is Mailcow. Hosted at Hetzner in Germany.
And still, I cannot deliver to T-Online, so there's that.
> about what content
Ask ChatGPT to generate you a very long very graphic story about how much you'd like to fuck a dog and your father is the only person who understands your desires and you want to discuss this with him via email. While fucking dogs is illegal in Germany, talking about it is (probably) not. Make the guy who asked the question regret doing it.
I'll give you an insider info: There's no guy! Your response would be filtered away by the profanity filter and nobody working in Telekom will ever read any of it.
Hell, I can even say, likely, nobody will ever read it, regardless of how you answer.
Those companies only respond to lawyers.
Imagine the lawyer reading the case files pffffft
I own a FTTH connection to Telekom since 2018, as the only provider in my street, allowed to install an internet connection (only glass fiber).
Since then, I have always used my own device and I maintain a GitHub Snippet in how to connect OpenWRT modem (and by extension, any other modem that supports pppoe), rather than their Huawei SpeedPort crap or the more expensive Fritz Box). Link to Gist : https://gist.github.com/madduci/8b8637b922e433d617261373220b...
I use PiHole in my own network, circumnavigating the DNS limitations, using Quad9 as my main DNS provider, but Unbound is on my to-do list.
The most concerning limitation in the German market is the unavailability of native Glass Fiber modems, that can accept as input a Glass Fiber connection: at the moment, providers install their own Glass Fiber modem. Without it, you can't actually have an internet connection at home
As a fellow OpenWRT user who tried many DNS solutions including unbound, also consider NextDNS. They are pretty awesome.
You have the right to router freedom even with FTTH.
And fortunately, with DTAG FTTH, you can also book 1und1 with good peering (:
router freedom yes, but the Telekom Black Box that takes as input the Fiber cable is still a real "black box" that needs to be installed
Here in NL I've been able to replace router (Zyxel in my case) and ONT (Huawei in my case) with one SFP+ (went with some South-Korean one). Only had to register the serial of my SFP+.
nope, just remove the Telekom Black Box/ONT and get a GPON SFP (Like Luleey or FS) and register that mac.
> providers install their own Glass Fiber modem
It's the same in the US. The ISP fiber network falls inside their security boundary in my experience - you can't BYOD. They install a modem (these days often including an integrated router, switch, and AP) and you receive either ethernet or wifi from them.
I think the only major change in that regard has been that coaxial cable providers here will often let you bring your own docsis modem these days.
I never found any of this concerning until quite recently. With the advent of ISPs providing public wifi service out of consumer endpoints as well as wifi based radar I'm no longer comfortable having vendor controlled wireless equipment in my home.
I don’t have fiber access, but at least for cable, my provider (formerly Kabel Deutschland, now Vodafone) allows me to put the modem/router into "modem only" mode, which then allows me to use my own router. Outside of Fritzbox (which is again a whole integrated thing; with questionable features) there aren’t many DOCSIS modems freely available, and the no-name china devices don’t seem much better than my Vodafone Box.
> allows me to put the modem/router into "modem only" mode, which then allows me to use my own router.
Telekom Speedports also have a modem only mode (the ones for non-fiber, dunno about the ones for fiber, but it looked like those are only modems and not a router as well). I don't make use of it since I manage the wifi for my family, but I do know it exists.
US ftth in my experience (att + gfiber) are ONT and router/wap as separate boxes and you are free to byo routerbox but have to use their ONT.
In the U.K. you get a PON which gives you a cat5 gig or mgig port, you then connect your router and pppoe to your ISP. Most ISPs offer a managed router but the ISPs I’ve chosen have always allowed the pppoe option.
Same thing here except when they last upgraded the ONT I had to turn PPPoE off - it's just plain old ethernet service now. But the ONT seems to be performing the equivalent authentication role from what I was able to gather by shoulder surfing the tech.
They had to start offering routers that integrate the ONT because the common consumer gear is 1G or 2.5G ethernet but they sell up to 10G service here.
I have fiber in the US with just a plain ONT. Still CGNAT but I control my network. My former cable ISP permitted customer modems. It is becoming a challenge to find cable modems without router+wifi.
Faraday fabric is inexpensive, you can use ethernet to your own router and wrap the isp's in it.
You might be able to switch to a different ISP, e. g. 1&1. They rent the line from Telekom but you still get their peering.
> The most concerning limitation in the German market is the unavailability of native Glass Fiber modems, that can accept as input a Glass Fiber connection: at the moment, providers install their own Glass Fiber modem.
Im actually quite okay with that. Why should I have to pay for specialized hardware that won't be usable if I move and the new apartment uses DSL or docsis.
Give me an rj45 (or sfp for some fiber connections) and let me put whatever Router I want behind it.
You say "why should I have to pay", but they really haven't said or suggested anything about how they'd rather you paid for anything. They're talking about having an option to supply one's own device, not about requiring so.
The common rationale behind this I'm aware of is that an ONT device is technically a computer with persistence, hosting arbitrary code and data that you cannot (or at least not supposed to) audit or alter, despite being on your premises, operated on your cost (electricity, cooling, storage), and specifically deployed for your use. These properties hold for SFP modules too in general, not just SFP ONTs (they're all computers with persistence).
The catch is that this is further true for all of these kinds of modems.
The counter-catch is that despite that, for DSL specifically, you could absolutely bring your own modem, hw and sw both.
The counter-counter-catch is that with DSL, you were not connecting to a shared media, but point-to-point. This is unlike DOCSIS and GPON, where a misconfigured endpoint can disrupt service for other people, and possibly damage their or the provider's devices and lines.
That's all the lore I'm aware of at least.
Very much indeed, a 'rogue ONT' can screw another nearly 63 users' acess in my area. Oversubscription is very noticeable, but just not problematic. 10G FTTH delivering 60~70% of the bandwidth is enough I guess. And latencies or jitter aren't a thing either.
The "glass fiber modem" is an inherent part of the GPON network. These are complicated. The "P" stands for "passive". Yours and and up to 127 other houses are all on the same "light domain" i.e. the downstream is passively split, and the upstream is passively combined, in optical boxes that don't even have electrical parts.
This needs crazy accurate timing for the upstream. The head end needs to know the exact delay to your particular box to give it a "grant" to transmit at exactly the right time so transmit bandwidth is not wasted by idle time or multiple boxes transmitting at the same time and corrupting each other.
You don't want brand X modems with dodgy configurations in this. Of course as a consumer you'd want "as little modem as possible" i.e. just give me an ethernet port running DHCP or PPPOE and let me do the rest.
They are complicated, but standardised and commoditised. Ubiquiti, for example, sells an ONT (fibre modem) in a SFP form factor for US$39 [1], or a little standalone unit with an Ethernet port for US$49 [2].
Not that I had the need or anything, but it's similarly priced to the example in 2. Seems to me like maybe they're phasing it out soon?
For comparison: you can bring your own DOCSIS modem to a cable network, even though all the houses on the street are connected to the same cable and you could jam it, or send a voltage spike to break everyone's modem.
Not very familiar with DOCSIS and cable; the story I'm getting from my nearest friendly LLM is that while you could bring your cable modem, it'd have to be a pre-approved model, and that the firmware and configuration would be under ISP control, unlike with DSL modems. Is that wrong?
In Germany it's wrong.
How does it work in Germany?
You may either rent/buy a device from your ISP, or you may bring your own, at your discretion. ISPs are required to accept all devices, of course if your device kills the network segment, they will kill your connectivity. But they can't refuse to let you connect.
Your by law allowed to chose your own hardware.
And do they exert any control over the software and configuration on it? That was kinda the crux of it after all.
I cloned mine into an SFP+ for a handful of microseconds of latency improvement.
Less W usage as well.
Is it possible to use a media converter from glass fiber to RJ45/Ethernet? Those are commonly available and then you can use whatever modem/router you like.
I don't know if it's the case in Germany, but here in France consumer FTTH networks are of the GPON persuasion. These need to handle encryption and be able to properly register on the tree, so I'm not completely shocked they require some form of ISP-provided device to terminate the fiber connection.
There's also a EU law which says that users should be able to bring their own modems / routers, so AFAIK providers say that this particular terminal device is still "on their side of the network".
I've seen such devices come in two varieties.
One is a separate device which plugs on the optical network, does the encryption and stuff, and then exposes an ethernet port which is connected to the actual router which does wifi, etc. With SFR and Bouygues, it was trivial [0] to replace the ISP-provided router with one of your choosing. You get the normal external IPs and you do your thing. The ISP router sleeps in its box in storage. This was my setup up until a few years ago, with both these providers. Now SFR has moved to CGNAT, but the setup is the same, so I expect users to still be able to switch routers (but I haven't tested, since I'm not a client anymore).
Then there's Free, who provides a single device that connects to the fiber, does routing, wifi, etc. In this case, it's possible to flip a switch in its settings for it to act as a bridge (don't know how wifi behaves in this case, if it stays on). It then only accepts a single downstream client, which gets the external IP. SFR had a similar setup for DOCSIS.
I'm not familiar with how Orange, the biggest operator, functions. But I understand they have a general tendency to be a PITA so YMMV with them.
---
[0] For Bouygues, this device only talked on a tagged VLAN100 for some reason. On the SFR, the network expected you to send a client id in the DHCP request.
> I'm not familiar with how Orange, the biggest operator, functions. But I understand they have a general tendency to be a PITA so YMMV with them.
This is the physical boundary of a network, in telecommunications. This is the junction where the service provider can point and say "that's our equipment on this side". So it helps to narrow down the troubleshooting.
Often, if you have a telephone landline, you will see your demarc take the form of a gray RJ11 box with a small self-plug in it. It would be common practice to plug a phone into that box directly, then you've eliminated the "inside wiring" in the house.
The 8311 discord is a great source of technical info and help on using your own PON equipment of various sorts with providers
I've seen things about this, but I'm not convinced there's enough value in going to great lengths to replace that particular piece of equipment.
In the case where the terminating equipment is a small box that exposes ethernet, with no routing or otherwise interfering the function of my own router, I think it's good enough. An argument could be made for the all-in-one devices, like saving some power.
I get the geek factor, and it's one of the reasons why I run my own router, but for this specific bit, which needs to be fairly well integrated with the ISP's network, combined with their usual abysmal support, I think it's a better bet to just leave it alone.
For me the issue would be that they mandate the user traffic to be vlan tagged but their modem only exports 1000BASE-T so it's physically impossible for me to get the full gigabit of Internet they sold me.
They most probably sold you 'up to 1 Gb' bandwidth, not just '1 Gb'. Overhead is about the same in these cases. Your losses are negligible. It's more painful having 4-5 (on worst time periods/peers) or 6-7 (on best) of the 'up to 10 Gb' (clearly sold as such) fiber access I have.
You’d need to be able to replicate whatever configuration the ISP provided device has, and they won’t give you that.
FTTH here in Australia is the same, you’re stuck using the network providers device, which just provides an Ethernet port, and a POTS port if you’re in to that sort of thing, with your LAN device connected behind it.
There was fierce lobbying back in the day (shout out to Simon Hackett / Internode) for our national broadband network to be simple dark fibre and that ISPs could build on top of that to provide innovation and differentiation.
Instead what we got was a bunch of ISPs that resell the National Broadband Network’s expensive wholesale plans with little in the way of either differentiation or innovation.
Edit to add: what the sibling comments said too.
FWIW, the incumbent ISP in Switzerland, Swisscom, tried to roll out XGS-PON but our "Internode", Init7, fought them in court on the grounds that it was anticompetitive, since it locks every provider into a single technology. They won.
Now customers can choose. Nearly every ISP chooses the easy way and has the customer connect through Swisscom's XGS-PON but Init7 in particular has instead built out their own routers in POPs around Switzerland so that customers can have a physical fibre directly to their network. It's just plain ethernet with DHCP so you can use whatever equipment you want. It's also allowed Init7 to do something none of the other providers can do: offer 25Gbps symmetric service at no extra cost (beyond a one-off installation cost for the more expensive SFP modules).
Thanks. I have an ISP provided media converter with my own router behind that, using the correct VLAN was enough to get it working. I thought those media converters were pretty dumb devices but it seems they are not.
They are not dumb but are very standardized. Unless they are issuing and verifying device certs you can almost certainly use your own PON equipment with very little effort.
If they are using certs youd have to extract it. The vast majority of ISPs don't bother or care.
They most likely use GPON so the optic is going to see return traffic for your neighbors. So they make it hard (but not impossible) to bring your own optic or media converter.
AFAIK GPON uses encryption, so you actually get the traffic intended for all your neighbors but can't do anything with it. If you bring your own converter, you wouldn't be able to handle your own traffic either.
Also the authentication might rely on weak secrets. I know my ISP provided FTTH router has a six letter password and a guessable username (derived from my last name), and I can't change either.
Though the research is quite old now. Couldn't find anything recent specifically for DT.
You can bring your own modem. You just have to register it.
But how? There is no information about it, which means, it can't be done without any form of reverse engineering
At least for Germany, you can buy the Digitalisierungsbox Glasfasermodem or any other modem. You just have to register it with the DTAG via their hotline.
If I recall, for something like GPON or XGS-PON, you end up having to clone the various attributes of the original for it to work properly. This typically includes serial number, hardware id, firmware identifiers, etc.
For most it is just serial number. The 8311 folks have scripts that will fully automate the cloning for most common devices. This is not like a "break open your hardware and attach wires" type thing.
There are some ISPs issuing and verifying certs for GPON, which are more annoying to extract. I'm not aware of anyone (even those same ISPs) doing it for XGS-PON. It seems they all decided maintainimg their own CA infrastructure for millions of customers was not worth it ;)
Question out of curiosity. I once swapped a TPLink media converter between two homes, both using the same ISP, to debug internet issues and to see if that would improve the situation. Did I do something incredibly illegal? And did my ISP get confused seeing my media converter on the other side of town?
When I was a kid I used to pack my house's cable modem in a backback and bring it to my friend's house a couple miles away when I'd visit to play Xbox Live. My dad had a back-up dial-up connection for emails and mom didn't use the internet very much so usually wouldn't mind unless he needed to work. I remember this working at greater distances in other places occasionally too.
Earlier, in the dial-up era, my dad didn't feel like paying for internet at home and work, so after school I would call his office and ask his secretary if he had left for his evening meetings yet. If so, she'd disconnect his dial-up connection and I'd get a couple hours to myself after school.
We didn't have two phone lines at home so I'm not sure what happened if he needed it unexpectedly. I think he also had a by-the-minute service as a backup or maybe his partner in the office had a separate plan? This was all done under agreed rules I only vaguely remember so must not have been a frequent problem.
Always funny to think back to that era when internet wasn't assumed to be a 24/7 thing and losing internet for a day wasn't the end of the world...
Illegal? No, at least not in any sane jurisdiction. It's no different than moving a SIM card between phones.
Confused? Maybe but probably not. It depends on how they track things. An ISP I had in the past tagged subscriber accounts on the OLT side.
This wouldn't be criminally illegal anywhere unless done with some sort of fraudulent intent, but maybe in some places the ISP could make you swap them back.
Yes, with right kind of PON SFP stick this is possible.
Most kinds of PON sticks are still in the $150-300 range though for XGS-PON
(I use an XGS-PON stick with AT&T instead of their modem)
For PONs you can get a programmable SFP+ and clone the manuif, devid, and password into it.
Sorry to say but how you are framing things is simply not true anymore.
You are not required to buy their "Glasfaser Modem 2" you can buy any ONT Modem.
You are not required to use any of their equipment, they give you the data to connect via PPPOE directly.
I bought a house with FTTH in 2023 and never used any Telekom hardware. Nobody forces you to use the peer DNS. The telekom DNS isn't complying to https://cuii.info/anordnungen/ because they want to but to avoid being sued everytime some company wants to block an illegal streaming site.
> Nobody forces you to use the peer DNS.
For practical purposes there's the problem (at least a few years ago?) though that Akamai in particular uses DNS to steer you to the correct portion of its CDN and the default IPs returned by independent DNS resolvers tended to have relatively abysmal peering with the Telekom network that was getting completely overloaded at peak times.
Unfortunately "use <insert favourite DNS provider here> everywhere except for Akamai CDN, for which use the Telekom DNS" isn't something that consumer routers support, so you'd have to start running your own custom DNS resolver to work around that problem…
Don't you have the small black glass fiber box that takes as input the fiber glass cable and outputs a rj45 port?
> I use PiHole in my own network, circumnavigating the DNS limitations, using Quad9 as my main DNS provider, but Unbound is on my to-do list.
Why is PiHole necessary to dodge DNS limitations: can't you just put Quad9 as the DNS in your router/FritzBox?
Now I switched from PiHole to running unbound on a... Pi! I did that years ago: do it, you won't be disappointed.
I don't have the shiny PiHole UI anymore but I don't care: unbound supports wildcards to blacklist domains and that's what I care the most about.
So a Pi with unbound then dnsmasq on my Linux desktop: this makes for very speedy lookups (as most queries are hitting the cache).
>The most concerning limitation in the German market is the unavailability of native Glass Fiber modems,
This is not true for everwhere.
You can totally use your own ONT or fiber modem with DTAG.
Not sure it’s the same issue but in Hungary they (DT) refuse to use/pay Cloudflare so in peak hours every single site outside the country loads incredibly slow because of the constant re-routing. Everything has to go through Frankfurt even though CF would have alternate direct routes
At least they are cheap. 25€ a month for 2gbps/1gbps so I can’t complain about that
They also offer 4gbps/2gbps for 40€ but at this point I’m not even sure what to use that for (besides torrent seeding)
It's similar.
The DT is not doing cost neutral peeing with Cloudflare. Also the DT has no (or only one 10G NIC) at the DE-CIX.
I pay 80 EUR for 1Gbps/300mbps and it's behind GPON or if you can get more XGS-PON. Not even real ethernet. It's a shame.
[deleted]
Slovenian ISP T-2.net also violates local network neutrality laws here by requiring customers to pay extra to unblock some special TCP ports, like 25 and 53, meaning they block selfhosting email and dns servers without additional payment. I filed a complaint to the national regulator AKOS. They first responded with agreeing with me, but nothing was fixed for many months, and upon emailing the regulator again, I received a different response from another employee claiming that charging more for unblocking special applications is legal (it's not).
Another T-2 customer here. I never ran into issues with port blocking (but didn't try 25/53), even more, I had a "free" static IPv4 on DSL before we got the fiber line, but I've lately been noticing random connection slowdowns. Never had significant slowdowns with DSL.
I've talked to a few people (Telemach customers) who told me it happens every now and then, they call the support center that tells them to restart the modem (even if they'd done it before) and then the connection magically works at full speed again.
Could it just be that it all goes through Telekom Slovenije who does some weird load balancing? Definitely worth an investigation, but ZPS might be a better address for this than AKOS.
> Naročnik se obvezuje, da po priključitvi na omrežje izvajalca:
> ...
> * ne bo postavljal strežnikov na svoji lokaciji, razen v primeru sklenitve ustreznega dogovora z izvajalcem,
> ...
It states that customers are bound not to setup servers on their internet connection point without prior aproval by the ISP. It sounds against the law to forbid this, albeit ianal.
Calling this "paying to unlock ports" is disingenuous. I'm also a T-2 customer and have run into this before. They block ports on dynamic IPs, but if you pay +2€/mo for static, this is unlocked. This seems reasonable. If you're not paying for static IPv4, you're paying for "internet access", whether that's a rarely chaning dynamic IPv4, a constantly changing IPv4 or full CGNAT.
Would you also say your mobile phone operator is violating net neutrality by putting you behind CGNAT that you can't forward arbitrary ports through? You can pay a bunch of money to get a private APN and get public IPv4 addresses. Would you call that an unblock fee?
I've been told there's a law that my mobile phone operator has to turn off all firewalling on my connection if I ask.
I don't know about that law, but GP's point was that you don't get a public IP anyway, firewall or not. And with this NAT in place, you can't ask them to forward specific ports to your equipment.
In France, CG-NAT is getting widespread even for fixed, FTTH links. I'm typing this connected to SFR, which provides a static IPv6 /56, but IPv4 is behind CG-NAT. I can't host anything on IPv4. I think there's an option to get a fixed, internet routable address, but not on the "discount" plan I'm on. I hear you maybe can ask support to get you out of CG-NAT, but that doesn't seem very reliable.
Free (local ISP), by default, doesn't give a static IP for fiber, but you can ask for one for free through your online account page (you just need to tick a box).
Blocking port 25 is perfectly reasonable.
There are no sane and legitimate reasons for running an SMTP server on a residential connection. Even most server providers will block it unless you give them some very good reasons.
Blocking 53 is just weird though.
Define "residential connection".
There is no such thing. A connection to the internet should be equal to any other connection to the internet, modulo BGP peering. Noone has a right to dictate what services I run or don't run, what protocols I speak or don't speak, what traffic I accept or deny, but *me*. That's the whole point of being on the internet rather than Prodigy or Compuserve or something.
The physical location of that connection is irrelevant. Maybe I feel my servers are safer in a datacenter. Maybe I feel they're safer in my basement. In my case, it is very much the latter, and again, you don't get to make that call. I do.
I'm not sure you read the OP's comment in full. They are talking about inbound traffic from the Internet. It's certainly a lot more common a case to self-host an MX than running an open DNS resolver or authorative name server.
You may be surprised to learn that there are many types of botnets out there, and many use DNS queries for the C&C.
Although the GP wrote "53/tcp" that is a weird situation, because most (not all) DNS is over UDP.
One day I suddenly found my DNS resolver logs were very active with veritable gibberish. And it seems that my router had been pwned and joined some sort of nefarious botnet.
I only found this out because I was using NextDNS at the time, and my router's own resolver was pointed there, and NextDNS was keeping meticulous, detailed logs of every query.
So I nipped it in the bud, by determining which device it was, by ruling out other devices, and by replacing the infected demon router with a safe one.
But yeah, if your 53/udp or 25/tcp is open, you can pretty much expect to join a botnet of the DNS or SMTP-spam varieties.
That's none of the business of my ISP to care about. If a botnet abuses my connection to send excessive traffic, that's going to be limited by the bandwidth limit I'm paying for.
Restricting ports also doesn't mitigate it, as a port scanner can easily find out I'm running this or that vulnerable server software on a non-standard port.
It's none of the ISP's business to restrict the ports I should be using.
Just like the parent, you too have gotten your ins and outs mixed up.
Whether or not I have a sane reason to use port 25 is none of their business.
Telekom is well known for the crappy service - but they have a de facto monopoly. For example, when it rains, the line goes down where I live.
Solution: I got my Starlink. 3x speed. No crappy service. Weather independent. And surprinsingly cheaper ( 40 euros vs 45 ) .
[ as much as I do not like Musk & co, this is a real useful thing he build for the mankind - internet everywere from sattelite ]
> And surprinsingly cheaper ( 40 euros vs 45 ) .
> [ as much as I do not like Musk & co, this is a real useful thing he build for the mankind - internet everywere from sattelite ]
Right - but then you also depend on an US service here. And the USA changed policy where Europeans became enemies ("we won't give you arms to defend against Russian invaders! Greenland will be occupied by our military soon!").
It's a bad situation, lose-lose here. I don't think the price difference is the primary problem though; the behaviour of Telekom is the problem. That must change. The state has to ensure fairness rather than allow monopolies to milk The People.
> he behaviour of Telekom is the problem. That must change. The state has to ensure fairness rather than allow monopolies to milk The People.
The state is the monopoly here.
Telekom is still partially state-owned (~27%), since they were, back in the 90s, privatized from the former total monopoly "Deutsche Bundespost" and the related ministry "Bundespostministerium". Nowadays, the parts of the ministry that were back then regulating EM spectrum, allowable phones (basically phone police, you had to rent from Bundespost or go to jail) and generally being corrupt (relations of the former ministry to copper manufacturers is why they botched the first fibre rollouts in '95 and then ignored the topic for 20 years). Nowadays, the "Regulierungsbehoerde", staffed with the same people, is supposed to regulate their former colleagues at Telekom. Telekom got all the networks and was never split up, so it still has a (~85%?) monopoly on everything copper basically, as well as on customers, using this monopoly to bully other ISPs as well as it's own customers and extending this monopoly into future tech. And the state has a financial interest in this regulation being as lax as possible. So you can imagine how this goes...
The best solution here would probably be the EU launching its own internet constellation. China and the US both have them. How is this any different than the issues surrounding GPS?
A better solution is guaranteed broadband internet for all people living in Germany. With heavy fines if ISPs can't deliver that.
Well there is one : Eutelsat OneWeb
For the curious:
2022 Russia controversy
In March 2022, media reported that OneWeb was scheduled to launch a batch of 36 satellites from Baikonur cosmodrome days after Russia's invasion of Ukraine. There were calls for the UK to cancel the launch. Russia said the launch had already been paid for and would not be refunded, and would be cancelled from the Russian side unless OneWeb provided additional assurance that the satellites would never be used for military purposes and the British Government disposed of its shares in the company. The British government refused this demand and the launch was cancelled, along with other Russian launches. OneWeb tried through negotiations to get the stack of 36 satellites back, stranded in Kazakhstan due to political reasons. However, these negotiations never progressed. As OneWeb was on the verge of completing its 1st generation satellite network, they gave up hope in March 2023 on further attempts to get their satellites back, potentially scrapping the batch. The satellites were insured for $50 million, and OneWeb received the insurance money for them.
Huh TIL. What a troubled history. Bankruptcy shortly following launch of the initial batch, then in 2022 Russia stole the launch fee and a stack of 36 satellites from them.
They're online but unfortunately it seems they don't sell directly to consumers? So you have to find a local reseller. Sounds needlessly complicated.
Apparently Amazon's constellation should be available for consumers within the next 6 months as well. Qianfan not until next year (I didn't realize they had hit delays). So there should be direct-to-consumer Starlink alternatives SOON™.
But honestly is like a movie or what? we have Musk, Bezos and Xi. Hard to choose.
We need netral or less controversial player.
The EU did do that, decades ago. The problem is that it requires constant investment. It's not profitable. The governments helped build it, abandoned the companies until they went bankrupt, rescued them (they're not actually insane enough to just abandon working satellites), privatized them, they went bankrupt, ...
Obviously the satellites were never modernized. But it does work, for a few thousand terminals for all of Europe with 2x to 10x the ping Starlink provides.
It's like a lot of things in the EU: on the one hand the EU absolutely requires this infrastructure, or they become dependent on foreign nations for critical infrastructure. But they won't pay. It's not even that expensive. Starlink was built with budgets that would be double-digit millions per year per EU country. But the main problem always repeats: they can't agree who gets the money/business.
If you calculate the lifespan and cost of a Starlink satellite you will come to the obvious conclusion: it will be very hard for Starlink to break even. Of course, the same can be said for most of Musk's businesses (perhaps all. I'm not actually aware of any exceptions)
Well, you have a point but on the other side since about 20 years the Telekom does not even think about improving the internet connection in the place I live. At some point you're just fed up. To me it seems like they just do not care about providing a good service and even if they would now provide a good service I would be more willing to give my money someone else.
are all starlink connections routed through the US?
don't they do local downlinks? at least for countries they have an agreement with or where the infrastructure is available?
What does it matter where they are routed through? You think your Starlink service in Germany is beyond the control of Musk or the US government?
i misread the parent. i read it as depending on the US internet but they meant depending on US regulations. so yes, it doesn't matter for the latter.
I think Musk cares about revenue more than pissing off some random customer in Germany. As long as you don't stand out from the crowd, he'd rather have your $40. Use a VPN to be sure.
Until the us government says to withhold service or to tap the line.
Musk is a subject of the US president. Like all American CEO’s he has to pay his tribute and jump when the president’s law enforcement says to.
If you don't stand out, and use a VPN, they can get nothing. If they cut your service, well, you can switch back to DT, crap as it is.
No. My endpoint is in Berlin. Which implies there is a EU based major downlink somewhere.
Who owns and controls starlink? A local downlink dish or a US defense contractor?
[flagged]
It was hilarious when I checked the movie listings for this week and found Greenland 2 in its opening run.
I wrote "it's the second funniest rom-com I've ever seen". But seriously, it was filmed in close collaboration with the United States Air Force. (Much like Mission: Impossible was a collab between US Gov and US Mil units.)
It is kind of a fun ride if you're willing to suspend that much disbelief.
But I just found it hilarious that a pair of films named and set in Greenland should be produced in this way, while the actual country is in our news cycle now. I almost feel like it's a "PR buzz campaign".
> Telekom is well known for the crappy service - but they have a de facto monopoly. For example, when it rains, the line goes down where I live.
Haha, I used to have that as well when tech swapped from ADSL2 to VDSL2 (IIRC skipped out on VDSL1), except then the line wasn't down, I'd have severe packet loss (which resulted in lag in gaming, and disconnects). So they blamed our inner house's phone lines. Then some dude came, checked everything in the house, and couldn't find the issue. I said of course not, it isn't raining.
After it got escalated further it turned out it was rotten equipment at the DSLAM. They replaced it and boom, problem was gone.
No hair on my head (and I ain't bald knock on wood) wants to have all my internet traffic first routed through an American neonazi, but if the choice is nothing (or something severely broken) or that, I can see where you are coming from. Whereas I can pick between FttH (XGS-PON), DSL (VDSL2), or cable. With the latter two being fiber up till a few hunderd meters to my house (I know where both PoPs physically are in the neighborhood, as I have seen technicians on both places). The fiber one is further away, and larger (for more households), but that is OK. It can handle that much distance. Technician showed me a photo from his smartphone when my fiber got down due to specifically my fiber connectivity destroyed at the PoP. That was a lot of fiber I saw. Good cable management though.
It was a busines decision for me: being in customer meetings and suddenly dropping out was unacceptable. Or not being able to access critical data. Vodafone LTA coverage is average at best and data is severily limited ( 15 GBs ). Really out of options here!!
While I chuckled at "American neonazi", the company SpaceX is doing great things.
My experience was slightly different. I mean, yes, there pretty much no 'non crappy' German internet providers, but nothing was as bad as Vodafone.
I didn't say there are none at all. And I've heard that internet from small internet providers can actually be good.
But after living in 3 different apartments there, I never had a luxury to be able to connect the internet from a small provider. Their coverage is very, very limited. So it always was Telekom/Vodafone/o2.
Thats cool and all but the majority of the country still has one, or at most two choices :/
same as https://www.m-net.de/
Advantage over telekom: they own the city and the can lay fiber whereever they want without state intervention.
Telefonica enters the chat.w
I'm glad Vodafone is available where I live. They're not better but at least they're an alternative. Also Telekom manages only to deliver 250mbit/s while Vodafone gets 1gbit/s.
Last apartment I rented Telekom was the only option and that was one of the reasons why I decided to move.
Starlink I would love to try but as there's building and trees blocking the horizon it's not an option here sadly.
Not an alternative anymore. Vodafone started doing the same shit with their peering at the end of last year.
Both throttle in my area unless we vpn so I just share a vpn with a friend to fix it.
Vodafone seems also terrible, but maybe better than DT?
How can a satellite connection be more weather independent than a landline? Not questioning your statement. Just wondering what could be the reason. A segment with a long distance directional antenna?
With ADSL: broken waterproofing somewhere along the line, water gets into the cables or connections == broken while it's raining.
Then you call their customer support, tech comes out, it's not raining anymore and everything works, and the problem doesn't get fixed.
Exactly what I am suspecting! I called so many times: nothing found all works as expected.
As for the starlink: I noticed that clouds or weather ( rain snow ) does not have a true effect. Must be the frequency is not absorbed by the water in the air or similar effects. Only hard blocking with construction or big canopies of trees is struggling.
I don't have think this is sustainable. There can physically be only so many satellites before we reach Kessler syndrome. The costs will rise as the quality of service falls, and there market for alternative land-based ISPs will not have developed.
Depending on the age of Starlink you could add 10-30 to the bill for its power consumption.
>For example, when it rains, the line goes down where I live.
Sounds like an access line issue with DSL (lol)
DSL is so old you can't even order it in Sweden anymore.
Also, the post above would be a core issue not access.
Excuse me, I remember when DSL was the latest and greatest, it can't possibly be this old. :')
That would be ~25 years ago. I remember getting my first ADSL connection around 2000 in the Netherlands when that stuff was still very new.
KPN MXstream! Thanks for making me feel old. I got flashbacks of spending multiple evenings configuring PPTP in Linux without being able to access the internet just to get internet access.
I remember having to walk to a buddies home just to check the tutorial:
I mean yes me too, but that was in 2005. I feel like "everyone" got fibre here 10 years ago and if not there is 4/5G mobile broadband.
Except that with Telekom they answer to the German courts which might eventually force them to stop doing this but with Starlink you're at the mercy of some dudes halfway across the globe. If/when Starlink reaches the enshittification phase, there will be very little in the way.
The bright side of this is that there is at least some sort of competition, since they operate on very different infrastucture. This is the free market premise on how quality and price should improve. Reality is often different though, because most customers are not really comparing and/or voting with their feet.
Meh, the threat vector to me as a resident of Germany is the German government - not some dude at the other end of the world. What is Musk going to do? Ban me from Twitter? Not sell me a Tesla?
That's nothing compared to what German authorities can do to me. Germany is a country where you get police searching your home for torrenting movies or making stupid jokes on Facebook. So yeah.
Also about enshittification - one could argue that our local ISPs never left that phase to begin with.
He could just turn off Starlink in Germany.
And yes, German ISPs suck donkey ass.
He could sell information about which websites you visit.
So can every website with a tracking cookie
Only for that website.
German courts are expected to be much more hostile towards German citizens than any foreign powers or individuals.
[flagged]
This person just wants internet that doesn't frequently cut out.
Don't blame them for their choices. Blame Telekom and its shareholders for not being able to reliably supply broadband internet in 2026. Blame the government for not having consumer protection regarding right to internet access. But don't blame this person for just doing what is necessary for having basic internet access.
Come on... He survived before and now he supports a democracy killer
Small tangent, but I feel like it is a good time to drop the term "net neutrality", which covers way too much ground. In the past in political discussions, the term "violation of net neutrality" was used to protest multiple different issues:
* Traffic shaping (e.g. slowing down Bittorrent traffic)
* Traffic fast lanes (pay for priority access to some content providers)
* Selective zero-rating (exclude some providers from counting towards a traffic limit)
* Artificial peering restriction (what Telekom is doing, usually via forcing content providers into paid peering agreements)
I think people should start using more specific terms that are understandable for non-technical people, because otherwise the discussion becomes confused, which helps the providers.
Lots of semi-technical people think that "violating net neutrality" refers to traffic fast lanes, because the last time this discussion entered the public was when the US social media was in uproar about FCC rules 10 years ago.
What Telekom is doing looks similar to the outside (some content providers are fast, some are not), but they can just deflect by saying that they do not intentionally throttle traffic, which is pretty much true, as they hit their physical bottlenecks. If you are knowledgable enough as a lawmaker to press them on the peering issue, they could argue that forcing peering would force them to pay rent at Internet Exchanges, just so other providers have good access. Where they also kind of have a point.
And even lots of technical people have no clue about peering, transit etc. and treat their uplink as a blackbox, a cloud in their network chart where the Internet comes out.
For the Telekom case, we would need a different legislation, for example make paid peering agreements between providers illegal or at least regulated, which would then be an incentive to be generally well-connected (free mutual peering is usually considered a win-win scenario unless you are Deutsche Telekom and can use your market power to bully other market participants into another form of rent extraction). And that means that lawmakers and the public need to understand first the specific problem we are fighting.
> For the Telekom case, we would need a different legislation, for example make paid peering agreements between providers illegal or at least regulated, which would then be an incentive to be generally well-connected (free mutual peering is usually considered a win-win scenario unless you are Deutsche Telekom and can use your market power to bully other market participants into another form of rent extraction). And that means that lawmakers and the public need to understand first the specific problem we are fighting.
Realistically not going to happen, as the effort would need to be global. Like, Cogent STILL refuses to transit-free IPv6 peer with HE. https://bgp.tools/kb/partitions.
T1s are very happy where they are, and it's an exclusive club. Any attempts to tame this behavior from DTAG will also face backlash from basically all the other T1s.
Regulating peering within the EU would already be a win.
The providers are then free to either move out of the EU market, or let their non-EU traffic flow via the (then likely larger) unrestricted pipes at DECIX and AMSIX. If they think that routing everything via EU is cheaper instead of just peering better in the other parts of the world to deliver traffic locally, then be it, that is their own economic freedom to decide so.
But they will realistically not do that. Also, SDNs will likely never go back to serving content in Europe from e.g. the US. Good connectivity is just generally the economically better option.
That being said, T1 companies like Deutsche Telekom who also serve a large consumer base via broadband and mobile and not just other large business networks are probably more vulnerable to such legislation than an exclusive transit provider.
> Regulating peering within the EU would already be a win.
Regulating peering how? Freedom of commerce is one of the core pillars of the EU. Forcing a company to do business with another company is insanity.
If DTAG doesn't want to peer with CloudFlare, you can't force them.
DTAG are also a consumer ISP. A consumer ISP should be considered a utility, and utilities can also be forced to provide certain services. In addition, Internet Exchanges have become so critical for the Internet architecture that they should also have some privileged status.
Legislation could focus on the following general rules, without favoring some providers over the others:
* If you participate on an IX node, there is no reasonable technical or financial reason not to peer with the other participants at that node. Of course this would also mean that participants have to be protected against price-gouging of IXs when they need to scale up their uplink for that reason.
* Alternatively, you could conditionally allow paid peering, but in that case require certain availability guarantees on your general transit connection.
* If you do not want to do business with a certain party, it should be all or nothing. Blacklist them organization-wide. No misleading to consumers that a content provider just appears slow, announce that you do not want to play with e.g. Netflix anymore and if your customers do not like it, they will switch.
* If you want to opt out of all of this regulation, you are free to run fiber yourself and just directly connect with everybody you are interested in. That is expensive? Too bad.
Letting the government regulate peering will be the death of the internet as we know it.
I don't believe that there's a single lawmaker, anywhere in the world, who understands anything about the fundamentals of IP transit. But no doubt they have ISP buddies who understand everything about it, and no doubt they'll be the ones actually writing the legislation.
Well, there is always a regulatory measure that would be a lot easier to implement: Lawmakers could just disallow Tier 1 carriers to provide consumer Internet access. (This forced separation of business domain already has precedent in other sectors, e.g. energy companies having to separate network upkeep from energy trading or banks having to split their investment branch from the credit branch)
And I have a feeling that as soon as that is seriously discussed, the current exploitation of market power will stop rather quickly, without any need for actual regulation.
> Lawmakers could just disallow Tier 1 carriers to provide consumer Internet access.
This one I actually agree with.
Governments successfully managed this before. It was called Local Loop Unbundling.
They recognised where the monopoly was: the incumbent telcos with millions of customers that had to go through them to get anywhere else.
So the government insisted that such incumbents make available space in their exchanges for third parties (not for free!), and to allow their customers to use the third parties for telephone and/or internet service, rather than themselves.
A similar argument and regulation could be made today. It could only apply to ISPs with a significant number of endpoint customers. It could require that the ISP make peering available to third parties, at the third party's cost, but the resulting transit should be settlement-free. It could require that if a peer asks the ISP to upgrade, because the ISP is deliberately underprovisioning, the ISP is compelled to allow the third party to pay reasonable costs to upgrade both sides (so the ISP can't sit on its hands, can't brazen it out, and can't set an impossible price)
WhatsApp has been required to provide an open API, Apple has been required to provide alternative app stores. Neither one has actually done it because the EU is too pussy to enforce the law, but the legislators clearly had no huge principle disagreement when writing these laws.
Mobile networks have been forced to allow roaming in other countries for a certain low fee, and that is actually enforced and has happened. It's clear the EU has no qualms about forcing companies to do business a certain way when it serves some greater interest.
The difference between WhatsApp open API, alternative App Stores and forcing peering is that it costs virtually nothing for WhatsApp to provide an open API, and for Apple to allow alternative App Stores.
Roam-like-at-home is also not a particularly good comparison here, because the the roaming fees were basically a price gouging scheme.
Don't like DTAG? You're free to switch to another ISP.
It costs DTAG virtually nothing to have good peering, certainly compared to their income. It costs Apple a very high percentage of their revenue to allow alternative app stores, since their main revenue source is the 30% tax on all in-app purchases through the Apple store.
What's your estimation for how much more expensive it would be for DTAG to peer at Decix instead of only doing dedicated private peerings that they get paid for?
Because I don't believe it's about any additional cost -- it's only about additional revenue that could be extracted. That's a behavior you don't like to see from a state-owned ex-"Only Offer Allowed" monopolist that is still dominating the market while the government entities tasked with regulating the market are closing both eyes.
> Forcing a company to do business with another company is insanity.
This already happens all the time, and especially in telecommunications. Interconnection is a core of telecommunications law everywhere.
People use the same word because all of those actions have the same result for an end user.
Replacing net neutrality with a bunch of smaller issues means you have to educate and lobby N times as much. And every time ISPs find a new loophole you'd have to start from scratch.
Looking at this case specifically, "fast lane" is not a technical term so maybe in your mind it only means packet scheduling not refusal to upgrade capacity but that's not a universal definition.
There's no such thing as paid peering, is there? There's only being a customer. DT wants you to buy transit to get access to their customers.
Peering just means that two AS physically connect to each other directly. Whether this peering is paid or not is independent from the technical implementation.
Just nearly everybody except Telekom is doing this on a liberal and informal not-even-handshake basis. On ISP scale, you either invest in infrastructure, or pay rent for network ports or cross-links, and you generally want your traffic usage to be smooth without spikes, and also go to the destination without going through your expensive ports more than once. So general connectivity is more important than any kind of traffic metering.
> peering just means that ...
This also describes transit and describes getting internet service at home. I wouldn't say my cellphone peers with my provider. My cellphone is very much subordinate to my provider, not a peer.
DT thinks it's important enough that it can extort everyone.
A good policy for ISPs is to peer as many places and networks as possible, and carry traffic between your peers and customers, and customers and customers, and transit and customers, but not between peers and peers, or peers and transit. This way one end is paying for all traffic you carry. If you are a bully, you can try to make both ends pay.
> This also describes transit and describes getting internet service at home.
Well no. Transit means that you use another AS (usually by a larger ISP) to get connectivity to a certain AS. And as for your internet service at home, unless you announce an AS, you are not peering with anyone.
Peering has everything to do with the physical interconnect and nothing to do with the ID numbers used to describe that interconnect, IMO.
Then we are just talking about two different things.
On ISP level, routing tables are built via BGP. BGP needs Autonomous Systems (AS) as organization unit to work. If you are not an AS you are never a peer as you are not on equal footing.
As a rule of thumb, if your edge router has a default route set, we are very likely talking about different scales.
All the points you list contribute to the Internet being neutral or not, therefore of course these items come up in discussions.
I know about this issue so it's great that something is being done about it, but the page really needs a text explainer instead of the just a video.
Reading a couple of pages of the full complaint, starting from page 15 is surprisingly accessible (assuming German is accessible at all to the reader).
They claim Telekom keeps their transit access points intentionally underdimensioned. In order to be reachable at decent speed by Telekom customers, internet services need a direct, paid contract with Telekom.
Edit: The section numbering is weird. Why does 2.2.0 come after 2.3? On my phone, don't have a good overview.
Isn't that exactly what is below the video in the "What is this about?" section?
That's only a very vague description.
Fun fact: Deutsche Telekom just started their ad campaign "being better in the best network" (https://www.telekom.com/de/medien/medieninformationen/detail...). While they have the worst network of all, especially when it comes to peering (30% of the internet is just slow over Telekom but fast over Telekom + any VPN).
Yeah, but they're the only network when you want to have cellphone reception outside of dense cities.
You can completely forget O2 and Vodafone if you go hiking/skiing in the Black Forest, or on the Beach at the German Islands.
Also Vodafone outsourced their peering to a subcontractor, and doesn't do any public peering at all anymore. So I guess Telekom still isn't the worst Network at all
So they should re-label the ad campaign as "Could be worse" :-)
That is sadly the truth.
They also charge the most per GB, but you can use any of their resellers like Congstar.
Just checkout DTAG's 5G network coverage on Breitbandatlas.
It's not that bad, I pay 8.60€ per month for 30GB, and they also threw in a cheap Android Phone in the 12 Month Contract.
Also Switzerland being included is at least for me a nice perk that O2/Vodafone don't offer.
But compared to other European Countries offerings it's obviously shit.
Also Fraenk is even cheaper than Congstar
8.60€ per month? Certainly not from DTAG themselves, right?
I unfortunetely have Deutsche Telekom as my ISP and I can confirm that in the evening websites that use Cloudflare have a latency of one minute or simply do not load at all.
I don’t understand why anyone that serves the German market would use Cloudflare. Regardless of who is at fault, you are losing a lot of customers that way.
>Regardless of who is at fault, you are losing a lot of customers that way.
Don't know. Germans are stingy. I'm German, I live in Germany yet I don't even localize my software to German anymore because German downloads wouldn't convert in any meaningful way. (Even when I had German localization).
It's just anecdotal of course but every other dev I talked to would confirm this unless they had some very germany-specific product.
One minute latency? Sound like worse experience than dial-up.
Just switch to 1und1 with good peering (:
Do 1&1 customers get CGNAT or a native v4 address? I have had issues with the AFTR's port mapping tables running full when I was on Unitymedia coax.
They switched me to CGNAT in my last speed upgrade, but I wrote to them about it and they moved me to native v4 straight away.
Their service is good on a technical level but they have the most aggressive and obnoxious sales reps. They scammed me twice with open lies on the phone (probably abusing also the fact that german is not my mother tongue) and had to fight for ages with their customer service later to get the issue resolved.
If you wanna go with them, buy on their website and hang up if anyone from 1und1 ever calls. They are official 1und1 reps and they will prove it you yet behave like scammers.
I get proper IPV4 and IPV6 addresses with Easybell on VDSL. I've been with them a long time and they've been pretty good.
My offhand impression is that when I was in Germany, consumers were oddly suspicious of the Internet in general and very suspicious of social media in particular. That suspicion was somewhat translated into a lackadaisical attitude about service quality. Perhaps that attitude is finally changing because DT simply won't care unless there is a sufficiently large enough vocal public to force the issue.
I just ended my contract with them. I could not reach my own raspberry pi Homepage which uses cloudflare. They called me and asked why I ended the contract, I told them about cloudflare, but that my cancellation is final, and magically my Homepage now works again!
I literally could not ssh into several of my servers since last week, and could only do so through my berlin server.
Yes, I have to rent a local server to proxy all my home network through it, otherwise it is unreliable or outright does not work. It is absurd.
I have a contract with a smaller German ISP (Pyur), they do throttling too, uploading to Backblaze quickly gets capped to a few hundred bytes, sometimes the connection gets aborted. Using Mullvad or Tor gets around that. I considered switching to Telekom or Vodafone, gave up because they are even more expensive and now this.
DT owned for a long time what remained of the former state phone operator in Romania.
They were the only provider that hijacked DNS lookup failures to redirect to their own page.
They're gone out of this market now, fortunately.
Glad to hear again, that Romania is living in the future of the Internet.
It looks good still, but we're down to 3 major providers. The future may bring entshitification yet...
The only ISP I have access to is Deutsche Telekom and I often have problems with websites loading slowly. A few more years before other ISPs can provide internet in my new development area. I can't understand, why they are allowed to have a monopoly in some areas.
>why they are allowed to have a monopoly in some areas
because no other ISP can enter for a reasonable price.
Germany should have made the infrastructure open-access for all providers, just like they did in Switzerland.
I like the subtle bit of trolling they did with the page color: DT had registered that shade of magenta as a trademark, made it a core part of their brand and generally was VERY vocal in public about "owning" that color. [1, 2]
Though more recently they seem to have lost that protection. [3]
So if that page now deliberately uses the "Telekom color" to call out their bad behavior, that's a statement on its own.
That's the first thing I saw too. dataJAR (an Apple MDM service company in the UK) were targetted in the UK for using a different shade of pink in a different industry.
I’m on Comcast and I strongly believe they’re selling my data to brokers from the targeted ads I see. I paid for WARP+ from cloudflare and the targeted ads dropped noticeably.
Their standard plan offerings could be already be considered throttling. I moved to Spain and I have 1gbit up/down.
Germany always surprise me with continuous contradiction in their society.
Largest economy in eu but very unstable and riddled with wierd burocracy.
Strongest worker protection, but very large amount of lobbysm.
Most advanced railway system in eu, transformed into a joke by interdiction from said lobbies.
You have to pay a "radio tax" to help funding press and keep it independent, but then fuck net neutrality.
And I could continue with more point, but I don't want to get too political.
Some of these contradictions are fractal - i.e. contradictions all the way down :)
For example the independent Radio and TV isn't that independent actually but in practice is. Partially this is because of the insecurities of the times these institutions were setup in making people in power unsure about true independence - so they wanted a control mechanism. The end result is an institution that is deeply coupled into the government but that has at the same time to pretend to be independent to such a degree most people inside it just act that way and its output is sorta neutral except in very slight tonal shift ways and in some individual cases. instances that are very German-culturally local? This is very hard to explain correctly but easy to just explain it wrongly - Let me do that now and translate it to American.
Imagine an institution being dependent and biased in exactly the opposite way that fox news is independent and balanced. Imagine a government-independent institution where you join a controlling organ and after sworn in you are invited to 2 after-meetings at the same time. One invitation comes in a red letter the other in a blue letter. Yet everybody has to be independent because that is what it is supposed to be. Germans can be very very stubborn about that.
this is sorta incomplete and wrong but I think gets you the taste for the setup? If not complain in the replies :)
It is independent in the sense of not being partial to any specific political party. Still the media is very biased towards the status quo and the state. For example you will not find any serious criticism of Israel in any public or private mainstream media in Germany.
The one that always gets me is security and privacy paranoid and lecture me on the Stasi and using Apple phones and how they aren't repairable but then goes and uses unpatched rotten old Android they can't fix anyway and sticks fingers in ears. Nearly every German I know does this and I know a lot of Germans as half my family is German and my ex-partner is German.
I'll bite (I'm not German but I'm close culturally):
* Old Androids are not repairable because they're shit, not because a megacorp works hard to make repair impossible
* Old Androids may be hacked by a pegasus-like software (just like most new smartphones anyway), but at least the operating system does not lock you into its own closed ecosystem.
You may disagree, and correctly, because it's in part irrational, but many Europeans just dislike Apple and consider Android a more open/free ecosystem.
I have bought an Android phone and I couldn’t even change the font used or use an ad blocker on the browser it comes with. It comes with advertisements on the home screen and if I disable them half of the system functions stop working. Seems it’s not open at all. Sent it back the next week. </rant>
Buy a Samsung not the cheapest possible device from a random Chinese seller
I'd believe there was some truth in that if they used any open apps but they just lock themselves into Google's ecosystem instead. All their data is siloed in some US cloud.
If you run like that it doesn't matter what phone you use and your privacy and openness arguments are moot.
>unpatched rotten old Android
Based.
Fsk Apple. Soy aah
[deleted]
Do you know similarly large, democratic societies without contradictions?
my impression is that other countries like Italy or France are much more consistent in what they are bad or good at.
But it's possible it's just my personal bias.
I have the same (possibly mistaken) impression of Germany as an outsider. The US is also remarkably contradictory in its supposed values. I think it would be interesting if there were a semi-objective measure of this quality.
Maybe that is the point. The contradiction about what you expect, and reality. Like in Italy is expected to go and find out this or that is messy. But Germany has a strong image of responsibility, seriousness, efficiency, etc. And when you see closer, is not.
Also, what I'm not sure, I'm trying to find out, if there was a change in the last 1 or 2 decades, or was always like that. Like now, except for things like you here a siren and cars open like Moises opened the water, in many other things, seems to be not more organized that any other country. Hell, sometimes compared with Bangladesh seems to be lagging behind (point example: birth certificates)
> Most advanced railway system in eu
France is certainly better
Certainly not. Nobody wants to book his train 2 weeks in advance to reserve a seat, because otherwise it's "sold out".
Also Commuter Rail (TER) is a total Joke outside of Ile-de-France. Sometimes also even with mandatory reservation.
I think SNCF confuses itself with an Airline
I believe Germany's is much more interconnected while France's mostly goes from Paris to other places. Mesh versus star topology.
That’s be a use Germany economy is far more distributed (5 or so economic centres) across the country where as counties like France and U.K. have one centre, and places like Spain and Italy two (Madrid/Barca and Rome/Milan)
Yes, as a German I can agree.
However, I remember the anecdote of how France has two different companies for the trains and trainstations. The first ordered trains which were a little bit to wide for the trainstations, due to a miss communication.
When I read about this, I thought „this could have been Germany too.“
In fact German ICEs are limited in speed in Germany because of the rails, when they cross to France go faster.
>You have to pay a "radio tax" to help funding press
I mean, same as in most countries taxpayers effectively sponsor government propaganda.
Nothing will come out of this unless all former state monopolists are targeted at the same time.
Honestly a crappy situation. In Germany, Telekom is a monopolistic bully. In evening hours, any service behind Cloudflare more or less stops working (for instance, before I cancelled my subscription, chess.com web assets were delivered with neck-breaking 5kB/s, which made loading a 20MB wasm for stockfish analysis no fun).. but there are absolutely no viable alternatives that aren’t also crappy: Vodafone -> same peering idiocy, Starlink -> king Elon). VPNs make things complicated, but are often the only alternative.
I am on o2 and didn't have any problems with availability that I would notice.
The laws should be changed. Corporate overlords thinking they
can milk citizens should have mandatory jail times - something
reasonable like a full decade or so. That way their'll behaviour
would quickly change too and they'd have to stop those "we can
slow them down and they can not do anything about it" shenanigans.
237 pages, wow...
??? Yes its called peering agreements
DT famously does not use them. They prefer to shut down their peers to make them become customers or fuck off, and by doing so, deliver crappy service to everyone and lose customers, except they have a monopoly so they don't lose as many customers as they should.
We have many BGP workarounds to avoid interconnection points with some of our tier 1 providers and DT because as our providers tell us, discussions with DT to add capacity are a non-starter. We've been relatively stable through a tier 2 provider through Lumen to DT though... for now. Very similar to Cogent in some regions.
[dead]
[dead]
Complaining about net neutrality in 2026 with yt videos. What a joke by pseudo-"hackers."
It's called being pragmatic, are you going to sponsor the bandwidth needed so it can be hosted on a sustainable indie server?
please. I don't understand how the fuck we still don't have p2p social networks and private sharing groups. The amount of possibilities to f* up any kind of control are massive - it's just that we end up writing some convoluted distributed mainframe when all people need is p2prss.
In life, you have to pick your battles.
Why are you leading your visitors to your channel on a monopolist site? To bring ad revenue? There's no need for video for your type of content in the first place.
I get it - a 2026 "hackers" campaign for binging yt. And in case you haven't noticed: appealing to the net neutrality debate of the last millenium is meaningless with just a bunch of monopolists left on the net profitting of vast public investments. The kind of thing traditionalist "hackers" in it for social recognition would be wasting their time on.
Because they're betting on the video finding its way onto people's feed, thus raising awareness among non-techy people. Hard to do that with a random website.
Commenting from my alt to avoid doxxing myself. Have spent over a decade in various 'large' streaming video companies, the ones you absolutely know about today.
DTAG is bar none the worst ISP to work with. Everything they do is politics, they may decide to 'forget' to increase the bandwidth on a PNI until you take a meeting with german regulators. Almost every other ISP views PNI as the best way to uphold customer satisfaction without breaking the bank over a more expensive IX and will happily add ports when needed, DTAG on the other hand often requires concessions and selective agreements with a lot of strings attached.
I don't think Germans realize just how much DTAG is holding the experience back for end users (given it's partially state-owned)
>I don't think Germans realize just how much DTAG is holding the experience back for end users
The ones not on HN probably just notice that their internet is getting slow after 5 p.m
Trust me, I know how much they suck and I still had to enter a 2-year contract just to get fiber optics in my house.
They tried to install it to our home too, but our landlord just didn't do anything to help them to open doors and now we've been soon waiting two years for the connection.
The more I read about DTAG the happier I feel like using our cable connection which, upstream excluded, works quite well.
We're about to buy our apartment in Berlin and that changes things. I hope we have soonpre choice on the fiber operator.
ISPs are the worst.
Currently I use Telekom's 5G for my home internet connection in Hungary as Telekom is the only company who has a cable in my street, but they refused to sell me wired internet due to the hole they use to take their underground cable up to the houses being already over capacity (it turns out this "hole" serves like the entire street with cables being run across everyone's attic...).
I previously used yettel/telenor's 4G (basically as fast as Telekom's 5G because their 5G is a scam, although Yettel's 5G is even more scammy, it is slower than their 4G) but they broke their routers, I had comical packet loss and they refused to fix it (technically, when you pay for a cellular connection, the required uptime in the contract is zero). They also started CGNAT-ing in order to supposedly "improve security" (wtf..) just before I switched (this now means that their "internet-focused" plans have just CGNAT-ed IPv4, while their "non-internet focused" cellular plans have CGNAT-ed IPv4 AND IPv6 (makes sense).
In any case, I now use Telekom's 5G with CGNAT-ed IPv4, just a single /64 IPv6 and forced separation (it is illegal to have a stable internet connection, they disconnect you just before reaching 24h of uptime).
> ISPs are the worst.
DTAG is not just a run-of-the-mill consumer ISP. They are a global Tier-1 carrier.
Which of course makes their behavior all that much worse.
You don't want a tier 1 carrier as your ISP because they are severely limited in connectivity — they only connect to paying customers and other tier 1s. They are to be used as a last resort by the tier 2 ISPs, who provide good packet routing by selecting the best routes from among several backbones.
Never thought I'd see this play out in practice, especially with a consumer ISP. Normally this comes up with server hosting, not consumer ISPs.
The day when T-Mobile NL (nowadays known as 'Odido') started routing all traffic via DTAG to 'save costs', and latency increased because in NL you were routed via Frankfurt. And after complaints they actually insisted on this. Then the company got bought by investors, who immediately changed this back, and also changed the name of the company.
> You don't want a tier 1 carrier as your ISP
The best part about ISPs, is that usually who have very few choices, sometimes only one! Where I grew up, we had the choice of "broadband" (via antennas between an island and mainland) with one ISP, or modem with any telephone company. Eventually, proper cables where put, and we had a choice between 6 different operators.
Where I live now, I only have 3 options for ISPs with fiber, even though I live right outside a huge metropolitan area.
ISP “choice” is mostly a meme, yeah.
But depending on local rules, you can sometimes route around the monopoly: trench your own last-mile (at least on private land), do a neighborhood co-op, connect buildings, etc. It’s sometimes expensive and you’ll hit permits/right-of-way bureaucracy, but it’s totally doable if you’ve got a few (rich) friends or a business willing to back it.
“the conduit is full” is often just BS and a super convenient excuse for incumbents to block competition indefinitely.
Romania is a good example of what happens when lots of small operators aggressively wire dense apartment blocks: brutal competition, low barrier to entry, and suddenly everyone has insane internet.
If digging is blocked, wireless works too. Point-to-point links, WISP stuff, even satellite. The main thing is: you don’t necessarily need your local ISP as your upstream, you just need a path out.
> ISP “choice” is mostly a meme, yeah.
I think Australia's model works really well – the last mile is (with occasional exceptions) owned by a government-owned ISP, NBNCo. But NBNCo is purely a wholesaler, and they only provide service from the premises to the local telephone exchange. There are dozens of competing retail ISPs, and they own the connection from the local exchange onwards. So if one of them is screwing you over, you can switch to another. And if you have a fibre connection, you can even split your fibre connection over multiple retail ISPs–you can sign up for new one as a trial without cancelling the old one, and then reverting back is literally just swapping an Ethernet cable to a different port.
I'm surprised more countries haven't copied it.
> Romania is a good example of what happens when lots of small operators aggressively wire dense apartment blocks: brutal competition, low barrier to entry, and suddenly everyone has insane internet.
And it propagated to Spain thanks to the Romanian DIGI playing their strong bets for a while. I've had the access to the cheapest while also best-uptime-service option because of them on the two places I've lived in the city. They're still deploying as much as they can and meanwhile they offer VULA access where they don't have (In Spain thanks to the NEBA regulation, biggest ISPs are obligated to ease local access for any other operator) own infrastucture.
So it's available also at my parents' as well since a few months ago (Internet access still contracted with another company which honoured the low price offered back then which was subject to some conditions, and even having risen prices as much as three or four times, they've respected them for staying clients). I didn't see the need for the switch, but wouldn't had given much thought to it.
I think Germany has something equivalent to local loop unbundling, but obviously, DT still provides shitty loops because they are shitty at all aspects of their business.
Local loop unbundling is only mandatory for large ISPs. There are many regional or otherwise smaller carriers that have a local monopoly. Fortunately, they tend to be OK (with some exceptions like Deutsche Glasfaser, they are basically bankrupt and behaving quite erratically).
They are a tier-1-wannabe. Tier 1 in prices, tier 3 in connectivity. No international peering to speak of, negligible international cables and presence compared to real tier 1.
I think this is also relevant, after finding out Telekom, in Hungary, has the worst routes possible for some game servers:
https://mtpeering.pages.dev/
Try Starlink?
Maybe get some Star link if you can... (Cringe worthy because of some musky husky guy, but at least it works for now).
Telekom is a bunch of strange folks. I lately was not able to send mails, from my private mail servrr to my fathers telekom mail. After investigation I found out my server got blocked. After a decade of working. I mailed them, and they told me to register my mailserver with them. I shall tell them what mails I will send from there and about what content. I couldn’t believe my eyes. Sure, thats how mail was supposed to work. Register with every mail server in the world, before you can send mail.
Their mail excerpt: This system has not sent any e-mail to our customers for a long time. For security reasons our systems will only accept e-mails from such IP addresses after a check of setup and information about these systems.
Please give us details about this system and the company using it, tell us all about the sending domain, what type of e-mail will be sent and especially if you or your customer want to send newsletter give us detailed information on how recipients e-mail addresses had been acquired. Who in person is responsible for e-mail sent from this system (MTA)?
Please be advised that only technically proper configured and very well maintained systems are qualified for a reset of reputation and please see our FAQ section 4.1 (Requirements for smooth access to our e-mail exchanges <https://postmaster.t-online.de/index.en.html#t4.1>):
"There must be a domain and website with direct contact information easily deducible from the delivering IP's hostname (FQDN)."
That policy of theirs has existed for a long time now. It's a really odd one at that.
They also don't enforce DMARC, nor do DKIM. It's stuck nearly four decades in the past.
That's Germany in a nutshell.
2026 - 40 = 1986 was right before more mainstream internet adoption. Yep checks out, Germany today.
Were the trains running on time in Germany back then? They certainly were 20 years ago, so I assume they were in the 80's.
Maybe "strictly worse than 40 years ago"?
Microsoft has a similar policy on their consumer domains though. If they have not received mail from you for a month or so you are insta blocked. It's infuriating for personal mail server owners.
Microsoft and google seems hellbent on destroying classical email, by doing this crap. Their interoperability is also pretty bad.
Yes. It's the last phase of embrace, extend, extinguish. Typical big tech move.
When I ran my own mail server Microsoft was the only company I encountered that would black hole my messages - no SMTP error for my own server to bounce back to me, no bounce back from their server, nothing. I vaguely recall having to do a dance with them a few times to fix this and the last time I tried I received no response. I don't frequently interact with Office 365 users so this didn't matter much to me.
I did end up later moving to Proton primarily out of laziness. I thought these issues would be a thing of the past until I applied to work at a company that administered their own Exchange server that also black holed my messages from Proton's servers. Their reasoning? "We geo-block Switzerland for security reasons." Needless to say I turned them down.
Oh when I ran my own mailserver I did get SMTP errors back.
Every month or so I had this issue and I had to contact them through a form somewhere and I would get emails back from someone in india who reset my 'reputation'. They have some stupid made-up reputation system which means they need to see significant volume from you that is not marked as spam for them to accept your mailserver.
And yeah proton has similar issues. A lot of companies blackhole even confirmation emails there. So you can't confirm accounts with a proton email and they give zero indication as to why. Tinder and the internet archive (archive.org) come to mind.
I think this is standard. It applies to domains as well. I experienced government services blocks as well -- they send me an email, yet block my reply. I complain every time and rarely does anyone care, the support person does not escalate, so my email remains blocked, sometimes I'm told system is working as configured, completely ignoring that I am a real person and system is hostile towards me.
It's just general fragility of tech and lack of care from the creators/maintainers. These systems are steampunk, fragile contraptions that no one cares to actually make human friendly or are built on crappy foundations.
We call it the email mafia.
To send emails we need to pay for a mail service. Or get ads of course Gmail is part of the ring.
Like most things it start with good intentions, to fight spam. As if it even worked, I guess we would get far more without they will say.
It's one of the downsides of decentralized networks. Trust is built or pay-your-way-into'd.
This has nothing to do with decentralized networks. It's simple incompetence.
If you haven't received any mail from a mail system before (or in a long time) and then it sends you one message, it probably isn't spam, because spammers are typically going to send you a large number of messages. You also typically want to let the first few messages through so the recipient can see them and then classify it as spam or not, so that you get some data on how to treat future messages from that sender.
This is the same thing a centralized system should be doing with individual users. You impose some reputation on accounts (e.g. by sender/registration IP address) and then if that address starts spamming people it gets blocked, and otherwise it doesn't.
Is there a government requirement to be reachable by its citizens? That would seem to violate it.
I mean, yes? But that's by sending a letter, or a fax. Email is not part of this...
This is one of the things that E-Delivery (something which Europe is now implementing[1,2,3]) is going to fix.
It's sort of like email, but based on the XML stack (SOAP / WSDL / XML Crypto / XML Sig), with proper citizen authentication and cryptographically-signed proof of sending and delivery.
[1] https://ec.europa.eu/digital-building-blocks/sites/spaces/DI... [2] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A... [3] https://ec.europa.eu/digital-building-blocks/sites/spaces/DI...
How ugly it is...
This should have been updated decades ago to include email. Is it possible for any government to function properly?
The main issue is that who is supposed to implement it? The gov has 2 possibilities: hire a contractor, or do it themself. DIY has the issue that nobody wants to work for the gov because as any IT specialist you'd earn 1/3 or 1/4 of what you would earn in a private company. Stateworkers here cannot be fired. So you trade money for extreme "stability" (read: laziness). Hiring a contractor requires money they also don't see the necessity to spend. And that's how you end up in this situation. There are also other issues like no national wide implementation plan. Every state, every commune has to figure out and build stuff themself.
We are repeating obvious things here aren't we? I moved to Germany from a very pro IT country Finland. I've been here now for 15 years, and while I still disagree with their idea of dismissing email, I kind of got used to it. A couple more decades and it'll happen...
Well, I don't know if that is better or worse than my experience with Comcast. They will usually unblock my emails within a day of my sending an unblock request, no questions asked... and then block me again after a few days, with no explanation as to why. I've had this IP for years, I have spf, dkim, and dmarc all property configured, I'm not on any blocklists, and I only send a very small volume of personal emails from the server.
but the fun thing about them is, they allow you to impersonate any mail address you want with their smtp server.
Aka, when you are a customer of them you get a @t-online.de address and login data for their smtp server.
You can just login into that server and set the From: Header to anything, they don't check.
Isn't that fairly common? You could then put in some other address, but you could do the same thing by setting up your own mail server, and in the former case you're not even really anonymous because the headers are going to show it was sent through their mail server and their mail server's logs will show which account was used to send the message.
The email sent from your own separate server will fail basic dmarc/SPF/dkim validation the email sent by their own servers likely will appear legitimate
In Germany I'd be surprised if the police didn't come to your house when you did that, and take all your computers to find evidence you sent it, and you're not getting them back even if you're proven innocent.
At least they respond quickly to such inquiries. I have given up on T-Online Mail. I refuse to follow ridiculous rules like these.
Well, we have to "register" every new IP or new mail server with them as well. It's annoying and a weird system, but they respond quickly and it's just one todo we have to think about.
Been there, done that. After a bit of back and forth, Telekom basically recommended that I go and use one of the big SMTP servers and stop bothering them. While I hated myself for doing it, I eventually switched to Gmail for peace of mind.
Does Fastmail have any clout in Europe? I've been a customer for the better part of a decade (with my own domain name) and I've never had a mail delivery issue.
Nope, but there are various good and cheap e-mail providers in EU, such as Soverin, Posteo, Mailbox, Migadu, Tuta, ...
I was going to suggest Fastmail too. I don't know about Europe in particular but have been a very happy Fastmail customer for several years, running mail for 2 small corporations plus personal, zero problems ever.
Unfortunately some inbound servers will block emails if the originating server does not match the From: address.
If you control the domain, you can use SPF to designate Google as an authorized sender for your domain.
This is one of the reasons why I'm not planning to host my own e-mail server. It's not that I can't do it, but I don't want to sink time into investigating and working around/solving things like that.
The small boutique mail hosts are also much more tedious to deal with than any of the big players. So it depends on your recipients how much effort self-hosting is.
They just want to make sure you're not a spammer.
fwiw t-online.de hasn't been owned by Deutsche Telekom since 2015
Does anyone self host email anymore successfully? I'm honestly asking. I would like to but it seems like a full time job trying to keep it running. Are there halfway solutions where maybe you own the service and domain and it runs somewhere trusted?
I have been running my mail server for about 20 years now, using three different domains.
I have switched servers regularly, mostly between OVH/online.net/Hetzner since they are the three big cheap European hosts. I have also used various server software, now happily running OpenSMTPd.
I have had a few problems with Microsoft in the past but contacting them (what made me care enough was marrying someone with an @hotmail email address) eventually fixed delivery for good. No notable delivery problems otherwise. I also run my company's mail server, it works fine too (with a much larger volume and different usage patterns), also running out of OVH servers.
What I recommend for people who don't want to do sysadmin is buying a domain at OVH to use the free email service offered with it. It's cheap and works, and it's easy to switch to another registrar or provider if needed.
I self host email and have done so, with the same domain, since ~2000.
My IP has not changed since 2010 and I have perfect dkim/dmarc/rdns and whatever duct taped bullshit de jure is currently being practiced.
Everything generally works.
± same here
Sure. Highly successful even, I would say. I can deliver to Microsoft and Google.
Not sure though what the magic ingredient is. I've had the IP address for 7 years before I decided to use it for mail, after one quick mail to Cisco's Talos stuff everything was fine. Software is Mailcow. Hosted at Hetzner in Germany.
And still, I cannot deliver to T-Online, so there's that.
> about what content
Ask ChatGPT to generate you a very long very graphic story about how much you'd like to fuck a dog and your father is the only person who understands your desires and you want to discuss this with him via email. While fucking dogs is illegal in Germany, talking about it is (probably) not. Make the guy who asked the question regret doing it.
I'll give you an insider info: There's no guy! Your response would be filtered away by the profanity filter and nobody working in Telekom will ever read any of it.
Hell, I can even say, likely, nobody will ever read it, regardless of how you answer.
Those companies only respond to lawyers.
Imagine the lawyer reading the case files pffffft
I own a FTTH connection to Telekom since 2018, as the only provider in my street, allowed to install an internet connection (only glass fiber).
Since then, I have always used my own device and I maintain a GitHub Snippet in how to connect OpenWRT modem (and by extension, any other modem that supports pppoe), rather than their Huawei SpeedPort crap or the more expensive Fritz Box). Link to Gist : https://gist.github.com/madduci/8b8637b922e433d617261373220b...
I use PiHole in my own network, circumnavigating the DNS limitations, using Quad9 as my main DNS provider, but Unbound is on my to-do list.
The most concerning limitation in the German market is the unavailability of native Glass Fiber modems, that can accept as input a Glass Fiber connection: at the moment, providers install their own Glass Fiber modem. Without it, you can't actually have an internet connection at home
As a fellow OpenWRT user who tried many DNS solutions including unbound, also consider NextDNS. They are pretty awesome.
You have the right to router freedom even with FTTH. And fortunately, with DTAG FTTH, you can also book 1und1 with good peering (:
router freedom yes, but the Telekom Black Box that takes as input the Fiber cable is still a real "black box" that needs to be installed
Here in NL I've been able to replace router (Zyxel in my case) and ONT (Huawei in my case) with one SFP+ (went with some South-Korean one). Only had to register the serial of my SFP+.
nope, just remove the Telekom Black Box/ONT and get a GPON SFP (Like Luleey or FS) and register that mac.
> providers install their own Glass Fiber modem
It's the same in the US. The ISP fiber network falls inside their security boundary in my experience - you can't BYOD. They install a modem (these days often including an integrated router, switch, and AP) and you receive either ethernet or wifi from them.
I think the only major change in that regard has been that coaxial cable providers here will often let you bring your own docsis modem these days.
I never found any of this concerning until quite recently. With the advent of ISPs providing public wifi service out of consumer endpoints as well as wifi based radar I'm no longer comfortable having vendor controlled wireless equipment in my home.
I don’t have fiber access, but at least for cable, my provider (formerly Kabel Deutschland, now Vodafone) allows me to put the modem/router into "modem only" mode, which then allows me to use my own router. Outside of Fritzbox (which is again a whole integrated thing; with questionable features) there aren’t many DOCSIS modems freely available, and the no-name china devices don’t seem much better than my Vodafone Box.
> allows me to put the modem/router into "modem only" mode, which then allows me to use my own router.
Telekom Speedports also have a modem only mode (the ones for non-fiber, dunno about the ones for fiber, but it looked like those are only modems and not a router as well). I don't make use of it since I manage the wifi for my family, but I do know it exists.
US ftth in my experience (att + gfiber) are ONT and router/wap as separate boxes and you are free to byo routerbox but have to use their ONT.
In the U.K. you get a PON which gives you a cat5 gig or mgig port, you then connect your router and pppoe to your ISP. Most ISPs offer a managed router but the ISPs I’ve chosen have always allowed the pppoe option.
Same thing here except when they last upgraded the ONT I had to turn PPPoE off - it's just plain old ethernet service now. But the ONT seems to be performing the equivalent authentication role from what I was able to gather by shoulder surfing the tech.
They had to start offering routers that integrate the ONT because the common consumer gear is 1G or 2.5G ethernet but they sell up to 10G service here.
I have fiber in the US with just a plain ONT. Still CGNAT but I control my network. My former cable ISP permitted customer modems. It is becoming a challenge to find cable modems without router+wifi.
Faraday fabric is inexpensive, you can use ethernet to your own router and wrap the isp's in it.
You might be able to switch to a different ISP, e. g. 1&1. They rent the line from Telekom but you still get their peering.
> The most concerning limitation in the German market is the unavailability of native Glass Fiber modems, that can accept as input a Glass Fiber connection: at the moment, providers install their own Glass Fiber modem.
Im actually quite okay with that. Why should I have to pay for specialized hardware that won't be usable if I move and the new apartment uses DSL or docsis. Give me an rj45 (or sfp for some fiber connections) and let me put whatever Router I want behind it.
You say "why should I have to pay", but they really haven't said or suggested anything about how they'd rather you paid for anything. They're talking about having an option to supply one's own device, not about requiring so.
The common rationale behind this I'm aware of is that an ONT device is technically a computer with persistence, hosting arbitrary code and data that you cannot (or at least not supposed to) audit or alter, despite being on your premises, operated on your cost (electricity, cooling, storage), and specifically deployed for your use. These properties hold for SFP modules too in general, not just SFP ONTs (they're all computers with persistence).
The catch is that this is further true for all of these kinds of modems.
The counter-catch is that despite that, for DSL specifically, you could absolutely bring your own modem, hw and sw both.
The counter-counter-catch is that with DSL, you were not connecting to a shared media, but point-to-point. This is unlike DOCSIS and GPON, where a misconfigured endpoint can disrupt service for other people, and possibly damage their or the provider's devices and lines.
That's all the lore I'm aware of at least.
Very much indeed, a 'rogue ONT' can screw another nearly 63 users' acess in my area. Oversubscription is very noticeable, but just not problematic. 10G FTTH delivering 60~70% of the bandwidth is enough I guess. And latencies or jitter aren't a thing either.
The "glass fiber modem" is an inherent part of the GPON network. These are complicated. The "P" stands for "passive". Yours and and up to 127 other houses are all on the same "light domain" i.e. the downstream is passively split, and the upstream is passively combined, in optical boxes that don't even have electrical parts.
This needs crazy accurate timing for the upstream. The head end needs to know the exact delay to your particular box to give it a "grant" to transmit at exactly the right time so transmit bandwidth is not wasted by idle time or multiple boxes transmitting at the same time and corrupting each other.
You don't want brand X modems with dodgy configurations in this. Of course as a consumer you'd want "as little modem as possible" i.e. just give me an ethernet port running DHCP or PPPOE and let me do the rest.
They are complicated, but standardised and commoditised. Ubiquiti, for example, sells an ONT (fibre modem) in a SFP form factor for US$39 [1], or a little standalone unit with an Ethernet port for US$49 [2].
1. https://store.ui.com/us/en/category/fiber-gpon/products/uf-i...
2. https://store.ui.com/us/en/category/fiber-gpon/products/wave...
Here in Spain it was common to get one of these to replace the ISP ONT:
https://eu.store.ui.com/eu/en/category/fiber-gpon/products/u...
Not that I had the need or anything, but it's similarly priced to the example in 2. Seems to me like maybe they're phasing it out soon?
For comparison: you can bring your own DOCSIS modem to a cable network, even though all the houses on the street are connected to the same cable and you could jam it, or send a voltage spike to break everyone's modem.
Not very familiar with DOCSIS and cable; the story I'm getting from my nearest friendly LLM is that while you could bring your cable modem, it'd have to be a pre-approved model, and that the firmware and configuration would be under ISP control, unlike with DSL modems. Is that wrong?
In Germany it's wrong.
How does it work in Germany?
You may either rent/buy a device from your ISP, or you may bring your own, at your discretion. ISPs are required to accept all devices, of course if your device kills the network segment, they will kill your connectivity. But they can't refuse to let you connect.
Your by law allowed to chose your own hardware.
And do they exert any control over the software and configuration on it? That was kinda the crux of it after all.
I cloned mine into an SFP+ for a handful of microseconds of latency improvement.
Less W usage as well.
Is it possible to use a media converter from glass fiber to RJ45/Ethernet? Those are commonly available and then you can use whatever modem/router you like.
I don't know if it's the case in Germany, but here in France consumer FTTH networks are of the GPON persuasion. These need to handle encryption and be able to properly register on the tree, so I'm not completely shocked they require some form of ISP-provided device to terminate the fiber connection.
There's also a EU law which says that users should be able to bring their own modems / routers, so AFAIK providers say that this particular terminal device is still "on their side of the network".
I've seen such devices come in two varieties.
One is a separate device which plugs on the optical network, does the encryption and stuff, and then exposes an ethernet port which is connected to the actual router which does wifi, etc. With SFR and Bouygues, it was trivial [0] to replace the ISP-provided router with one of your choosing. You get the normal external IPs and you do your thing. The ISP router sleeps in its box in storage. This was my setup up until a few years ago, with both these providers. Now SFR has moved to CGNAT, but the setup is the same, so I expect users to still be able to switch routers (but I haven't tested, since I'm not a client anymore).
Then there's Free, who provides a single device that connects to the fiber, does routing, wifi, etc. In this case, it's possible to flip a switch in its settings for it to act as a bridge (don't know how wifi behaves in this case, if it stays on). It then only accepts a single downstream client, which gets the external IP. SFR had a similar setup for DOCSIS.
I'm not familiar with how Orange, the biggest operator, functions. But I understand they have a general tendency to be a PITA so YMMV with them.
---
[0] For Bouygues, this device only talked on a tagged VLAN100 for some reason. On the SFR, the network expected you to send a client id in the DHCP request.
> I'm not familiar with how Orange, the biggest operator, functions. But I understand they have a general tendency to be a PITA so YMMV with them.
I can only attest how they work here in Spain: They're not the best in terms of the 'openness' of their hardware: (in Spanish, feel free to us a translator) https://bandaancha.eu/articulos/router-pone-orange-jazztel-s...
The term you're looking for is "demarc" or: https://en.wikipedia.org/wiki/Demarcation_point
This is the physical boundary of a network, in telecommunications. This is the junction where the service provider can point and say "that's our equipment on this side". So it helps to narrow down the troubleshooting.
Often, if you have a telephone landline, you will see your demarc take the form of a gray RJ11 box with a small self-plug in it. It would be common practice to plug a phone into that box directly, then you've eliminated the "inside wiring" in the house.
The 8311 discord is a great source of technical info and help on using your own PON equipment of various sorts with providers
I've seen things about this, but I'm not convinced there's enough value in going to great lengths to replace that particular piece of equipment.
In the case where the terminating equipment is a small box that exposes ethernet, with no routing or otherwise interfering the function of my own router, I think it's good enough. An argument could be made for the all-in-one devices, like saving some power.
I get the geek factor, and it's one of the reasons why I run my own router, but for this specific bit, which needs to be fairly well integrated with the ISP's network, combined with their usual abysmal support, I think it's a better bet to just leave it alone.
For me the issue would be that they mandate the user traffic to be vlan tagged but their modem only exports 1000BASE-T so it's physically impossible for me to get the full gigabit of Internet they sold me.
They most probably sold you 'up to 1 Gb' bandwidth, not just '1 Gb'. Overhead is about the same in these cases. Your losses are negligible. It's more painful having 4-5 (on worst time periods/peers) or 6-7 (on best) of the 'up to 10 Gb' (clearly sold as such) fiber access I have.
You’d need to be able to replicate whatever configuration the ISP provided device has, and they won’t give you that.
FTTH here in Australia is the same, you’re stuck using the network providers device, which just provides an Ethernet port, and a POTS port if you’re in to that sort of thing, with your LAN device connected behind it.
There was fierce lobbying back in the day (shout out to Simon Hackett / Internode) for our national broadband network to be simple dark fibre and that ISPs could build on top of that to provide innovation and differentiation.
Instead what we got was a bunch of ISPs that resell the National Broadband Network’s expensive wholesale plans with little in the way of either differentiation or innovation.
Edit to add: what the sibling comments said too.
FWIW, the incumbent ISP in Switzerland, Swisscom, tried to roll out XGS-PON but our "Internode", Init7, fought them in court on the grounds that it was anticompetitive, since it locks every provider into a single technology. They won.
Now customers can choose. Nearly every ISP chooses the easy way and has the customer connect through Swisscom's XGS-PON but Init7 in particular has instead built out their own routers in POPs around Switzerland so that customers can have a physical fibre directly to their network. It's just plain ethernet with DHCP so you can use whatever equipment you want. It's also allowed Init7 to do something none of the other providers can do: offer 25Gbps symmetric service at no extra cost (beyond a one-off installation cost for the more expensive SFP modules).
Thanks. I have an ISP provided media converter with my own router behind that, using the correct VLAN was enough to get it working. I thought those media converters were pretty dumb devices but it seems they are not.
They are not dumb but are very standardized. Unless they are issuing and verifying device certs you can almost certainly use your own PON equipment with very little effort.
If they are using certs youd have to extract it. The vast majority of ISPs don't bother or care.
They most likely use GPON so the optic is going to see return traffic for your neighbors. So they make it hard (but not impossible) to bring your own optic or media converter.
AFAIK GPON uses encryption, so you actually get the traffic intended for all your neighbors but can't do anything with it. If you bring your own converter, you wouldn't be able to handle your own traffic either.
Usually yes, but it depends: https://pierrekim.github.io/blog/2016-11-01-gpon-ftth-networ...
Also the authentication might rely on weak secrets. I know my ISP provided FTTH router has a six letter password and a guessable username (derived from my last name), and I can't change either.
Though the research is quite old now. Couldn't find anything recent specifically for DT.
You can bring your own modem. You just have to register it.
But how? There is no information about it, which means, it can't be done without any form of reverse engineering
At least for Germany, you can buy the Digitalisierungsbox Glasfasermodem or any other modem. You just have to register it with the DTAG via their hotline.
If I recall, for something like GPON or XGS-PON, you end up having to clone the various attributes of the original for it to work properly. This typically includes serial number, hardware id, firmware identifiers, etc.
For most it is just serial number. The 8311 folks have scripts that will fully automate the cloning for most common devices. This is not like a "break open your hardware and attach wires" type thing.
There are some ISPs issuing and verifying certs for GPON, which are more annoying to extract. I'm not aware of anyone (even those same ISPs) doing it for XGS-PON. It seems they all decided maintainimg their own CA infrastructure for millions of customers was not worth it ;)
Question out of curiosity. I once swapped a TPLink media converter between two homes, both using the same ISP, to debug internet issues and to see if that would improve the situation. Did I do something incredibly illegal? And did my ISP get confused seeing my media converter on the other side of town?
When I was a kid I used to pack my house's cable modem in a backback and bring it to my friend's house a couple miles away when I'd visit to play Xbox Live. My dad had a back-up dial-up connection for emails and mom didn't use the internet very much so usually wouldn't mind unless he needed to work. I remember this working at greater distances in other places occasionally too.
Earlier, in the dial-up era, my dad didn't feel like paying for internet at home and work, so after school I would call his office and ask his secretary if he had left for his evening meetings yet. If so, she'd disconnect his dial-up connection and I'd get a couple hours to myself after school.
We didn't have two phone lines at home so I'm not sure what happened if he needed it unexpectedly. I think he also had a by-the-minute service as a backup or maybe his partner in the office had a separate plan? This was all done under agreed rules I only vaguely remember so must not have been a frequent problem.
Always funny to think back to that era when internet wasn't assumed to be a 24/7 thing and losing internet for a day wasn't the end of the world...
Illegal? No, at least not in any sane jurisdiction. It's no different than moving a SIM card between phones.
Confused? Maybe but probably not. It depends on how they track things. An ISP I had in the past tagged subscriber accounts on the OLT side.
This wouldn't be criminally illegal anywhere unless done with some sort of fraudulent intent, but maybe in some places the ISP could make you swap them back.
Yes, with right kind of PON SFP stick this is possible.
Most kinds of PON sticks are still in the $150-300 range though for XGS-PON
(I use an XGS-PON stick with AT&T instead of their modem)
For PONs you can get a programmable SFP+ and clone the manuif, devid, and password into it.
Sorry to say but how you are framing things is simply not true anymore.
You are not required to buy their "Glasfaser Modem 2" you can buy any ONT Modem.
You are not required to use any of their equipment, they give you the data to connect via PPPOE directly.
I bought a house with FTTH in 2023 and never used any Telekom hardware. Nobody forces you to use the peer DNS. The telekom DNS isn't complying to https://cuii.info/anordnungen/ because they want to but to avoid being sued everytime some company wants to block an illegal streaming site.
> Nobody forces you to use the peer DNS.
For practical purposes there's the problem (at least a few years ago?) though that Akamai in particular uses DNS to steer you to the correct portion of its CDN and the default IPs returned by independent DNS resolvers tended to have relatively abysmal peering with the Telekom network that was getting completely overloaded at peak times.
Unfortunately "use <insert favourite DNS provider here> everywhere except for Akamai CDN, for which use the Telekom DNS" isn't something that consumer routers support, so you'd have to start running your own custom DNS resolver to work around that problem…
Don't you have the small black glass fiber box that takes as input the fiber glass cable and outputs a rj45 port?
> I use PiHole in my own network, circumnavigating the DNS limitations, using Quad9 as my main DNS provider, but Unbound is on my to-do list.
Why is PiHole necessary to dodge DNS limitations: can't you just put Quad9 as the DNS in your router/FritzBox?
Now I switched from PiHole to running unbound on a... Pi! I did that years ago: do it, you won't be disappointed.
I don't have the shiny PiHole UI anymore but I don't care: unbound supports wildcards to blacklist domains and that's what I care the most about.
So a Pi with unbound then dnsmasq on my Linux desktop: this makes for very speedy lookups (as most queries are hitting the cache).
>The most concerning limitation in the German market is the unavailability of native Glass Fiber modems,
This is not true for everwhere. You can totally use your own ONT or fiber modem with DTAG.
Not sure it’s the same issue but in Hungary they (DT) refuse to use/pay Cloudflare so in peak hours every single site outside the country loads incredibly slow because of the constant re-routing. Everything has to go through Frankfurt even though CF would have alternate direct routes
https://kozosseg.telekom.hu/topic/40322-cloudflare-magyar-te...
https://old.reddit.com/r/programmingHungary/comments/1ngv2pt...
https://telex.hu/techtud/2024/06/21/deutsche-telekom-cloudfl...
At least they are cheap. 25€ a month for 2gbps/1gbps so I can’t complain about that
They also offer 4gbps/2gbps for 40€ but at this point I’m not even sure what to use that for (besides torrent seeding)
It's similar.
The DT is not doing cost neutral peeing with Cloudflare. Also the DT has no (or only one 10G NIC) at the DE-CIX.
I pay 80 EUR for 1Gbps/300mbps and it's behind GPON or if you can get more XGS-PON. Not even real ethernet. It's a shame.
Slovenian ISP T-2.net also violates local network neutrality laws here by requiring customers to pay extra to unblock some special TCP ports, like 25 and 53, meaning they block selfhosting email and dns servers without additional payment. I filed a complaint to the national regulator AKOS. They first responded with agreeing with me, but nothing was fixed for many months, and upon emailing the regulator again, I received a different response from another employee claiming that charging more for unblocking special applications is legal (it's not).
Another T-2 customer here. I never ran into issues with port blocking (but didn't try 25/53), even more, I had a "free" static IPv4 on DSL before we got the fiber line, but I've lately been noticing random connection slowdowns. Never had significant slowdowns with DSL.
I've talked to a few people (Telemach customers) who told me it happens every now and then, they call the support center that tells them to restart the modem (even if they'd done it before) and then the connection magically works at full speed again.
Could it just be that it all goes through Telekom Slovenije who does some weird load balancing? Definitely worth an investigation, but ZPS might be a better address for this than AKOS.
Telemach is also funny in net-neutrality regard:
Article 7.2 of their terms of service https://telemach.si/download/terms/splosni-pogoji-poslovanja...
> Naročnik se obvezuje, da po priključitvi na omrežje izvajalca: > ... > * ne bo postavljal strežnikov na svoji lokaciji, razen v primeru sklenitve ustreznega dogovora z izvajalcem, > ...
It states that customers are bound not to setup servers on their internet connection point without prior aproval by the ISP. It sounds against the law to forbid this, albeit ianal.
Calling this "paying to unlock ports" is disingenuous. I'm also a T-2 customer and have run into this before. They block ports on dynamic IPs, but if you pay +2€/mo for static, this is unlocked. This seems reasonable. If you're not paying for static IPv4, you're paying for "internet access", whether that's a rarely chaning dynamic IPv4, a constantly changing IPv4 or full CGNAT.
Would you also say your mobile phone operator is violating net neutrality by putting you behind CGNAT that you can't forward arbitrary ports through? You can pay a bunch of money to get a private APN and get public IPv4 addresses. Would you call that an unblock fee?
I've been told there's a law that my mobile phone operator has to turn off all firewalling on my connection if I ask.
I don't know about that law, but GP's point was that you don't get a public IP anyway, firewall or not. And with this NAT in place, you can't ask them to forward specific ports to your equipment.
In France, CG-NAT is getting widespread even for fixed, FTTH links. I'm typing this connected to SFR, which provides a static IPv6 /56, but IPv4 is behind CG-NAT. I can't host anything on IPv4. I think there's an option to get a fixed, internet routable address, but not on the "discount" plan I'm on. I hear you maybe can ask support to get you out of CG-NAT, but that doesn't seem very reliable.
Free (local ISP), by default, doesn't give a static IP for fiber, but you can ask for one for free through your online account page (you just need to tick a box).
Blocking port 25 is perfectly reasonable.
There are no sane and legitimate reasons for running an SMTP server on a residential connection. Even most server providers will block it unless you give them some very good reasons.
Blocking 53 is just weird though.
Define "residential connection".
There is no such thing. A connection to the internet should be equal to any other connection to the internet, modulo BGP peering. Noone has a right to dictate what services I run or don't run, what protocols I speak or don't speak, what traffic I accept or deny, but *me*. That's the whole point of being on the internet rather than Prodigy or Compuserve or something.
The physical location of that connection is irrelevant. Maybe I feel my servers are safer in a datacenter. Maybe I feel they're safer in my basement. In my case, it is very much the latter, and again, you don't get to make that call. I do.
I'm not sure you read the OP's comment in full. They are talking about inbound traffic from the Internet. It's certainly a lot more common a case to self-host an MX than running an open DNS resolver or authorative name server.
You may be surprised to learn that there are many types of botnets out there, and many use DNS queries for the C&C.
Although the GP wrote "53/tcp" that is a weird situation, because most (not all) DNS is over UDP.
One day I suddenly found my DNS resolver logs were very active with veritable gibberish. And it seems that my router had been pwned and joined some sort of nefarious botnet.
I only found this out because I was using NextDNS at the time, and my router's own resolver was pointed there, and NextDNS was keeping meticulous, detailed logs of every query.
So I nipped it in the bud, by determining which device it was, by ruling out other devices, and by replacing the infected demon router with a safe one.
But yeah, if your 53/udp or 25/tcp is open, you can pretty much expect to join a botnet of the DNS or SMTP-spam varieties.
That's none of the business of my ISP to care about. If a botnet abuses my connection to send excessive traffic, that's going to be limited by the bandwidth limit I'm paying for.
Restricting ports also doesn't mitigate it, as a port scanner can easily find out I'm running this or that vulnerable server software on a non-standard port.
It's none of the ISP's business to restrict the ports I should be using.
Just like the parent, you too have gotten your ins and outs mixed up.
Whether or not I have a sane reason to use port 25 is none of their business.
Telekom is well known for the crappy service - but they have a de facto monopoly. For example, when it rains, the line goes down where I live.
Solution: I got my Starlink. 3x speed. No crappy service. Weather independent. And surprinsingly cheaper ( 40 euros vs 45 ) .
[ as much as I do not like Musk & co, this is a real useful thing he build for the mankind - internet everywere from sattelite ]
> And surprinsingly cheaper ( 40 euros vs 45 ) .
> [ as much as I do not like Musk & co, this is a real useful thing he build for the mankind - internet everywere from sattelite ]
Right - but then you also depend on an US service here. And the USA changed policy where Europeans became enemies ("we won't give you arms to defend against Russian invaders! Greenland will be occupied by our military soon!").
It's a bad situation, lose-lose here. I don't think the price difference is the primary problem though; the behaviour of Telekom is the problem. That must change. The state has to ensure fairness rather than allow monopolies to milk The People.
> he behaviour of Telekom is the problem. That must change. The state has to ensure fairness rather than allow monopolies to milk The People.
The state is the monopoly here.
Telekom is still partially state-owned (~27%), since they were, back in the 90s, privatized from the former total monopoly "Deutsche Bundespost" and the related ministry "Bundespostministerium". Nowadays, the parts of the ministry that were back then regulating EM spectrum, allowable phones (basically phone police, you had to rent from Bundespost or go to jail) and generally being corrupt (relations of the former ministry to copper manufacturers is why they botched the first fibre rollouts in '95 and then ignored the topic for 20 years). Nowadays, the "Regulierungsbehoerde", staffed with the same people, is supposed to regulate their former colleagues at Telekom. Telekom got all the networks and was never split up, so it still has a (~85%?) monopoly on everything copper basically, as well as on customers, using this monopoly to bully other ISPs as well as it's own customers and extending this monopoly into future tech. And the state has a financial interest in this regulation being as lax as possible. So you can imagine how this goes...
The best solution here would probably be the EU launching its own internet constellation. China and the US both have them. How is this any different than the issues surrounding GPS?
A better solution is guaranteed broadband internet for all people living in Germany. With heavy fines if ISPs can't deliver that.
Well there is one : Eutelsat OneWeb
For the curious:
2022 Russia controversy
In March 2022, media reported that OneWeb was scheduled to launch a batch of 36 satellites from Baikonur cosmodrome days after Russia's invasion of Ukraine. There were calls for the UK to cancel the launch. Russia said the launch had already been paid for and would not be refunded, and would be cancelled from the Russian side unless OneWeb provided additional assurance that the satellites would never be used for military purposes and the British Government disposed of its shares in the company. The British government refused this demand and the launch was cancelled, along with other Russian launches. OneWeb tried through negotiations to get the stack of 36 satellites back, stranded in Kazakhstan due to political reasons. However, these negotiations never progressed. As OneWeb was on the verge of completing its 1st generation satellite network, they gave up hope in March 2023 on further attempts to get their satellites back, potentially scrapping the batch. The satellites were insured for $50 million, and OneWeb received the insurance money for them.
https://en.wikipedia.org/wiki/Eutelsat_OneWeb#:~:text=2022%2...
Huh TIL. What a troubled history. Bankruptcy shortly following launch of the initial batch, then in 2022 Russia stole the launch fee and a stack of 36 satellites from them.
They're online but unfortunately it seems they don't sell directly to consumers? So you have to find a local reseller. Sounds needlessly complicated.
Apparently Amazon's constellation should be available for consumers within the next 6 months as well. Qianfan not until next year (I didn't realize they had hit delays). So there should be direct-to-consumer Starlink alternatives SOON™.
But honestly is like a movie or what? we have Musk, Bezos and Xi. Hard to choose. We need netral or less controversial player.
The EU did do that, decades ago. The problem is that it requires constant investment. It's not profitable. The governments helped build it, abandoned the companies until they went bankrupt, rescued them (they're not actually insane enough to just abandon working satellites), privatized them, they went bankrupt, ...
Obviously the satellites were never modernized. But it does work, for a few thousand terminals for all of Europe with 2x to 10x the ping Starlink provides.
It's like a lot of things in the EU: on the one hand the EU absolutely requires this infrastructure, or they become dependent on foreign nations for critical infrastructure. But they won't pay. It's not even that expensive. Starlink was built with budgets that would be double-digit millions per year per EU country. But the main problem always repeats: they can't agree who gets the money/business.
If you calculate the lifespan and cost of a Starlink satellite you will come to the obvious conclusion: it will be very hard for Starlink to break even. Of course, the same can be said for most of Musk's businesses (perhaps all. I'm not actually aware of any exceptions)
Well, you have a point but on the other side since about 20 years the Telekom does not even think about improving the internet connection in the place I live. At some point you're just fed up. To me it seems like they just do not care about providing a good service and even if they would now provide a good service I would be more willing to give my money someone else.
are all starlink connections routed through the US?
don't they do local downlinks? at least for countries they have an agreement with or where the infrastructure is available?
What does it matter where they are routed through? You think your Starlink service in Germany is beyond the control of Musk or the US government?
i misread the parent. i read it as depending on the US internet but they meant depending on US regulations. so yes, it doesn't matter for the latter.
I think Musk cares about revenue more than pissing off some random customer in Germany. As long as you don't stand out from the crowd, he'd rather have your $40. Use a VPN to be sure.
Until the us government says to withhold service or to tap the line.
Musk is a subject of the US president. Like all American CEO’s he has to pay his tribute and jump when the president’s law enforcement says to.
If you don't stand out, and use a VPN, they can get nothing. If they cut your service, well, you can switch back to DT, crap as it is.
No. My endpoint is in Berlin. Which implies there is a EU based major downlink somewhere.
Who owns and controls starlink? A local downlink dish or a US defense contractor?
[flagged]
It was hilarious when I checked the movie listings for this week and found Greenland 2 in its opening run.
So I went to YouTube and rented Greenland (2010). It was a hoot! https://en.wikipedia.org/wiki/Greenland_(film)
I wrote "it's the second funniest rom-com I've ever seen". But seriously, it was filmed in close collaboration with the United States Air Force. (Much like Mission: Impossible was a collab between US Gov and US Mil units.)
It is kind of a fun ride if you're willing to suspend that much disbelief.
But I just found it hilarious that a pair of films named and set in Greenland should be produced in this way, while the actual country is in our news cycle now. I almost feel like it's a "PR buzz campaign".
> Telekom is well known for the crappy service - but they have a de facto monopoly. For example, when it rains, the line goes down where I live.
Haha, I used to have that as well when tech swapped from ADSL2 to VDSL2 (IIRC skipped out on VDSL1), except then the line wasn't down, I'd have severe packet loss (which resulted in lag in gaming, and disconnects). So they blamed our inner house's phone lines. Then some dude came, checked everything in the house, and couldn't find the issue. I said of course not, it isn't raining.
After it got escalated further it turned out it was rotten equipment at the DSLAM. They replaced it and boom, problem was gone.
No hair on my head (and I ain't bald knock on wood) wants to have all my internet traffic first routed through an American neonazi, but if the choice is nothing (or something severely broken) or that, I can see where you are coming from. Whereas I can pick between FttH (XGS-PON), DSL (VDSL2), or cable. With the latter two being fiber up till a few hunderd meters to my house (I know where both PoPs physically are in the neighborhood, as I have seen technicians on both places). The fiber one is further away, and larger (for more households), but that is OK. It can handle that much distance. Technician showed me a photo from his smartphone when my fiber got down due to specifically my fiber connectivity destroyed at the PoP. That was a lot of fiber I saw. Good cable management though.
It was a busines decision for me: being in customer meetings and suddenly dropping out was unacceptable. Or not being able to access critical data. Vodafone LTA coverage is average at best and data is severily limited ( 15 GBs ). Really out of options here!!
While I chuckled at "American neonazi", the company SpaceX is doing great things.
My experience was slightly different. I mean, yes, there pretty much no 'non crappy' German internet providers, but nothing was as bad as Vodafone.
Not true.
https://www.lwlhome.de/
I didn't say there are none at all. And I've heard that internet from small internet providers can actually be good.
But after living in 3 different apartments there, I never had a luxury to be able to connect the internet from a small provider. Their coverage is very, very limited. So it always was Telekom/Vodafone/o2.
Thats cool and all but the majority of the country still has one, or at most two choices :/
same as https://www.m-net.de/ Advantage over telekom: they own the city and the can lay fiber whereever they want without state intervention.
Telefonica enters the chat.w
I'm glad Vodafone is available where I live. They're not better but at least they're an alternative. Also Telekom manages only to deliver 250mbit/s while Vodafone gets 1gbit/s.
Last apartment I rented Telekom was the only option and that was one of the reasons why I decided to move.
Starlink I would love to try but as there's building and trees blocking the horizon it's not an option here sadly.
Not an alternative anymore. Vodafone started doing the same shit with their peering at the end of last year.
Both throttle in my area unless we vpn so I just share a vpn with a friend to fix it.
Vodafone seems also terrible, but maybe better than DT?
How can a satellite connection be more weather independent than a landline? Not questioning your statement. Just wondering what could be the reason. A segment with a long distance directional antenna?
With ADSL: broken waterproofing somewhere along the line, water gets into the cables or connections == broken while it's raining.
Then you call their customer support, tech comes out, it's not raining anymore and everything works, and the problem doesn't get fixed.
Exactly what I am suspecting! I called so many times: nothing found all works as expected.
As for the starlink: I noticed that clouds or weather ( rain snow ) does not have a true effect. Must be the frequency is not absorbed by the water in the air or similar effects. Only hard blocking with construction or big canopies of trees is struggling.
I don't have think this is sustainable. There can physically be only so many satellites before we reach Kessler syndrome. The costs will rise as the quality of service falls, and there market for alternative land-based ISPs will not have developed.
Depending on the age of Starlink you could add 10-30 to the bill for its power consumption.
>For example, when it rains, the line goes down where I live.
Sounds like an access line issue with DSL (lol)
DSL is so old you can't even order it in Sweden anymore.
Also, the post above would be a core issue not access.
Excuse me, I remember when DSL was the latest and greatest, it can't possibly be this old. :')
That would be ~25 years ago. I remember getting my first ADSL connection around 2000 in the Netherlands when that stuff was still very new.
KPN MXstream! Thanks for making me feel old. I got flashbacks of spending multiple evenings configuring PPTP in Linux without being able to access the internet just to get internet access.
I remember having to walk to a buddies home just to check the tutorial:
https://rj.home.xs4all.nl/mxstream/
I mean yes me too, but that was in 2005. I feel like "everyone" got fibre here 10 years ago and if not there is 4/5G mobile broadband.
Except that with Telekom they answer to the German courts which might eventually force them to stop doing this but with Starlink you're at the mercy of some dudes halfway across the globe. If/when Starlink reaches the enshittification phase, there will be very little in the way.
The bright side of this is that there is at least some sort of competition, since they operate on very different infrastucture. This is the free market premise on how quality and price should improve. Reality is often different though, because most customers are not really comparing and/or voting with their feet.
Meh, the threat vector to me as a resident of Germany is the German government - not some dude at the other end of the world. What is Musk going to do? Ban me from Twitter? Not sell me a Tesla?
That's nothing compared to what German authorities can do to me. Germany is a country where you get police searching your home for torrenting movies or making stupid jokes on Facebook. So yeah.
Also about enshittification - one could argue that our local ISPs never left that phase to begin with.
He could just turn off Starlink in Germany. And yes, German ISPs suck donkey ass.
He could sell information about which websites you visit.
So can every website with a tracking cookie
Only for that website.
German courts are expected to be much more hostile towards German citizens than any foreign powers or individuals.
[flagged]
This person just wants internet that doesn't frequently cut out.
Don't blame them for their choices. Blame Telekom and its shareholders for not being able to reliably supply broadband internet in 2026. Blame the government for not having consumer protection regarding right to internet access. But don't blame this person for just doing what is necessary for having basic internet access.
Come on... He survived before and now he supports a democracy killer
Small tangent, but I feel like it is a good time to drop the term "net neutrality", which covers way too much ground. In the past in political discussions, the term "violation of net neutrality" was used to protest multiple different issues:
* Traffic shaping (e.g. slowing down Bittorrent traffic)
* Traffic fast lanes (pay for priority access to some content providers)
* Selective zero-rating (exclude some providers from counting towards a traffic limit)
* Artificial peering restriction (what Telekom is doing, usually via forcing content providers into paid peering agreements)
I think people should start using more specific terms that are understandable for non-technical people, because otherwise the discussion becomes confused, which helps the providers.
Lots of semi-technical people think that "violating net neutrality" refers to traffic fast lanes, because the last time this discussion entered the public was when the US social media was in uproar about FCC rules 10 years ago.
What Telekom is doing looks similar to the outside (some content providers are fast, some are not), but they can just deflect by saying that they do not intentionally throttle traffic, which is pretty much true, as they hit their physical bottlenecks. If you are knowledgable enough as a lawmaker to press them on the peering issue, they could argue that forcing peering would force them to pay rent at Internet Exchanges, just so other providers have good access. Where they also kind of have a point.
And even lots of technical people have no clue about peering, transit etc. and treat their uplink as a blackbox, a cloud in their network chart where the Internet comes out.
For the Telekom case, we would need a different legislation, for example make paid peering agreements between providers illegal or at least regulated, which would then be an incentive to be generally well-connected (free mutual peering is usually considered a win-win scenario unless you are Deutsche Telekom and can use your market power to bully other market participants into another form of rent extraction). And that means that lawmakers and the public need to understand first the specific problem we are fighting.
> For the Telekom case, we would need a different legislation, for example make paid peering agreements between providers illegal or at least regulated, which would then be an incentive to be generally well-connected (free mutual peering is usually considered a win-win scenario unless you are Deutsche Telekom and can use your market power to bully other market participants into another form of rent extraction). And that means that lawmakers and the public need to understand first the specific problem we are fighting.
Realistically not going to happen, as the effort would need to be global. Like, Cogent STILL refuses to transit-free IPv6 peer with HE. https://bgp.tools/kb/partitions.
T1s are very happy where they are, and it's an exclusive club. Any attempts to tame this behavior from DTAG will also face backlash from basically all the other T1s.
Regulating peering within the EU would already be a win.
The providers are then free to either move out of the EU market, or let their non-EU traffic flow via the (then likely larger) unrestricted pipes at DECIX and AMSIX. If they think that routing everything via EU is cheaper instead of just peering better in the other parts of the world to deliver traffic locally, then be it, that is their own economic freedom to decide so.
But they will realistically not do that. Also, SDNs will likely never go back to serving content in Europe from e.g. the US. Good connectivity is just generally the economically better option.
That being said, T1 companies like Deutsche Telekom who also serve a large consumer base via broadband and mobile and not just other large business networks are probably more vulnerable to such legislation than an exclusive transit provider.
> Regulating peering within the EU would already be a win.
Regulating peering how? Freedom of commerce is one of the core pillars of the EU. Forcing a company to do business with another company is insanity.
If DTAG doesn't want to peer with CloudFlare, you can't force them.
DTAG are also a consumer ISP. A consumer ISP should be considered a utility, and utilities can also be forced to provide certain services. In addition, Internet Exchanges have become so critical for the Internet architecture that they should also have some privileged status.
Legislation could focus on the following general rules, without favoring some providers over the others:
* If you participate on an IX node, there is no reasonable technical or financial reason not to peer with the other participants at that node. Of course this would also mean that participants have to be protected against price-gouging of IXs when they need to scale up their uplink for that reason.
* Alternatively, you could conditionally allow paid peering, but in that case require certain availability guarantees on your general transit connection.
* If you do not want to do business with a certain party, it should be all or nothing. Blacklist them organization-wide. No misleading to consumers that a content provider just appears slow, announce that you do not want to play with e.g. Netflix anymore and if your customers do not like it, they will switch.
* If you want to opt out of all of this regulation, you are free to run fiber yourself and just directly connect with everybody you are interested in. That is expensive? Too bad.
Letting the government regulate peering will be the death of the internet as we know it.
I don't believe that there's a single lawmaker, anywhere in the world, who understands anything about the fundamentals of IP transit. But no doubt they have ISP buddies who understand everything about it, and no doubt they'll be the ones actually writing the legislation.
Well, there is always a regulatory measure that would be a lot easier to implement: Lawmakers could just disallow Tier 1 carriers to provide consumer Internet access. (This forced separation of business domain already has precedent in other sectors, e.g. energy companies having to separate network upkeep from energy trading or banks having to split their investment branch from the credit branch)
And I have a feeling that as soon as that is seriously discussed, the current exploitation of market power will stop rather quickly, without any need for actual regulation.
> Lawmakers could just disallow Tier 1 carriers to provide consumer Internet access.
This one I actually agree with.
Governments successfully managed this before. It was called Local Loop Unbundling.
They recognised where the monopoly was: the incumbent telcos with millions of customers that had to go through them to get anywhere else.
So the government insisted that such incumbents make available space in their exchanges for third parties (not for free!), and to allow their customers to use the third parties for telephone and/or internet service, rather than themselves.
A similar argument and regulation could be made today. It could only apply to ISPs with a significant number of endpoint customers. It could require that the ISP make peering available to third parties, at the third party's cost, but the resulting transit should be settlement-free. It could require that if a peer asks the ISP to upgrade, because the ISP is deliberately underprovisioning, the ISP is compelled to allow the third party to pay reasonable costs to upgrade both sides (so the ISP can't sit on its hands, can't brazen it out, and can't set an impossible price)
WhatsApp has been required to provide an open API, Apple has been required to provide alternative app stores. Neither one has actually done it because the EU is too pussy to enforce the law, but the legislators clearly had no huge principle disagreement when writing these laws.
Mobile networks have been forced to allow roaming in other countries for a certain low fee, and that is actually enforced and has happened. It's clear the EU has no qualms about forcing companies to do business a certain way when it serves some greater interest.
The difference between WhatsApp open API, alternative App Stores and forcing peering is that it costs virtually nothing for WhatsApp to provide an open API, and for Apple to allow alternative App Stores.
Roam-like-at-home is also not a particularly good comparison here, because the the roaming fees were basically a price gouging scheme.
Don't like DTAG? You're free to switch to another ISP.
It costs DTAG virtually nothing to have good peering, certainly compared to their income. It costs Apple a very high percentage of their revenue to allow alternative app stores, since their main revenue source is the 30% tax on all in-app purchases through the Apple store.
What's your estimation for how much more expensive it would be for DTAG to peer at Decix instead of only doing dedicated private peerings that they get paid for?
Because I don't believe it's about any additional cost -- it's only about additional revenue that could be extracted. That's a behavior you don't like to see from a state-owned ex-"Only Offer Allowed" monopolist that is still dominating the market while the government entities tasked with regulating the market are closing both eyes.
> Forcing a company to do business with another company is insanity.
This already happens all the time, and especially in telecommunications. Interconnection is a core of telecommunications law everywhere.
People use the same word because all of those actions have the same result for an end user.
Replacing net neutrality with a bunch of smaller issues means you have to educate and lobby N times as much. And every time ISPs find a new loophole you'd have to start from scratch.
Looking at this case specifically, "fast lane" is not a technical term so maybe in your mind it only means packet scheduling not refusal to upgrade capacity but that's not a universal definition.
There's no such thing as paid peering, is there? There's only being a customer. DT wants you to buy transit to get access to their customers.
Peering just means that two AS physically connect to each other directly. Whether this peering is paid or not is independent from the technical implementation.
Just nearly everybody except Telekom is doing this on a liberal and informal not-even-handshake basis. On ISP scale, you either invest in infrastructure, or pay rent for network ports or cross-links, and you generally want your traffic usage to be smooth without spikes, and also go to the destination without going through your expensive ports more than once. So general connectivity is more important than any kind of traffic metering.
> peering just means that ...
This also describes transit and describes getting internet service at home. I wouldn't say my cellphone peers with my provider. My cellphone is very much subordinate to my provider, not a peer.
DT thinks it's important enough that it can extort everyone.
A good policy for ISPs is to peer as many places and networks as possible, and carry traffic between your peers and customers, and customers and customers, and transit and customers, but not between peers and peers, or peers and transit. This way one end is paying for all traffic you carry. If you are a bully, you can try to make both ends pay.
> This also describes transit and describes getting internet service at home.
Well no. Transit means that you use another AS (usually by a larger ISP) to get connectivity to a certain AS. And as for your internet service at home, unless you announce an AS, you are not peering with anyone.
Peering has everything to do with the physical interconnect and nothing to do with the ID numbers used to describe that interconnect, IMO.
Then we are just talking about two different things.
On ISP level, routing tables are built via BGP. BGP needs Autonomous Systems (AS) as organization unit to work. If you are not an AS you are never a peer as you are not on equal footing.
As a rule of thumb, if your edge router has a default route set, we are very likely talking about different scales.
All the points you list contribute to the Internet being neutral or not, therefore of course these items come up in discussions.
I know about this issue so it's great that something is being done about it, but the page really needs a text explainer instead of the just a video.
Reading a couple of pages of the full complaint, starting from page 15 is surprisingly accessible (assuming German is accessible at all to the reader).
They claim Telekom keeps their transit access points intentionally underdimensioned. In order to be reachable at decent speed by Telekom customers, internet services need a direct, paid contract with Telekom.
Edit: The section numbering is weird. Why does 2.2.0 come after 2.3? On my phone, don't have a good overview.
>Why does 2.2.0 come after 2.3?
Ask the paper how many 'r's in strawberry
This is the best text explainer I have found: https://cyberlaw.stanford.edu/blog/2025/05/no-two-tier-inter...
Isn't that exactly what is below the video in the "What is this about?" section?
That's only a very vague description.
Fun fact: Deutsche Telekom just started their ad campaign "being better in the best network" (https://www.telekom.com/de/medien/medieninformationen/detail...). While they have the worst network of all, especially when it comes to peering (30% of the internet is just slow over Telekom but fast over Telekom + any VPN).
Yeah, but they're the only network when you want to have cellphone reception outside of dense cities. You can completely forget O2 and Vodafone if you go hiking/skiing in the Black Forest, or on the Beach at the German Islands.
Also Vodafone outsourced their peering to a subcontractor, and doesn't do any public peering at all anymore. So I guess Telekom still isn't the worst Network at all
So they should re-label the ad campaign as "Could be worse" :-)
That is sadly the truth. They also charge the most per GB, but you can use any of their resellers like Congstar.
Just checkout DTAG's 5G network coverage on Breitbandatlas.
It's not that bad, I pay 8.60€ per month for 30GB, and they also threw in a cheap Android Phone in the 12 Month Contract.
Also Switzerland being included is at least for me a nice perk that O2/Vodafone don't offer. But compared to other European Countries offerings it's obviously shit.
Also Fraenk is even cheaper than Congstar
8.60€ per month? Certainly not from DTAG themselves, right?
It is, but it was a limited time promotion
https://www.teltarif.de/telekom-aktionstarif-prepaid/news/10...
I unfortunetely have Deutsche Telekom as my ISP and I can confirm that in the evening websites that use Cloudflare have a latency of one minute or simply do not load at all.
I don’t understand why anyone that serves the German market would use Cloudflare. Regardless of who is at fault, you are losing a lot of customers that way.
>Regardless of who is at fault, you are losing a lot of customers that way.
Don't know. Germans are stingy. I'm German, I live in Germany yet I don't even localize my software to German anymore because German downloads wouldn't convert in any meaningful way. (Even when I had German localization).
It's just anecdotal of course but every other dev I talked to would confirm this unless they had some very germany-specific product.
One minute latency? Sound like worse experience than dial-up.
Just switch to 1und1 with good peering (:
Do 1&1 customers get CGNAT or a native v4 address? I have had issues with the AFTR's port mapping tables running full when I was on Unitymedia coax.
They switched me to CGNAT in my last speed upgrade, but I wrote to them about it and they moved me to native v4 straight away.
Their service is good on a technical level but they have the most aggressive and obnoxious sales reps. They scammed me twice with open lies on the phone (probably abusing also the fact that german is not my mother tongue) and had to fight for ages with their customer service later to get the issue resolved.
If you wanna go with them, buy on their website and hang up if anyone from 1und1 ever calls. They are official 1und1 reps and they will prove it you yet behave like scammers.
I get proper IPV4 and IPV6 addresses with Easybell on VDSL. I've been with them a long time and they've been pretty good.
My offhand impression is that when I was in Germany, consumers were oddly suspicious of the Internet in general and very suspicious of social media in particular. That suspicion was somewhat translated into a lackadaisical attitude about service quality. Perhaps that attitude is finally changing because DT simply won't care unless there is a sufficiently large enough vocal public to force the issue.
I just ended my contract with them. I could not reach my own raspberry pi Homepage which uses cloudflare. They called me and asked why I ended the contract, I told them about cloudflare, but that my cancellation is final, and magically my Homepage now works again!
I literally could not ssh into several of my servers since last week, and could only do so through my berlin server.
Yes, I have to rent a local server to proxy all my home network through it, otherwise it is unreliable or outright does not work. It is absurd.
I have a contract with a smaller German ISP (Pyur), they do throttling too, uploading to Backblaze quickly gets capped to a few hundred bytes, sometimes the connection gets aborted. Using Mullvad or Tor gets around that. I considered switching to Telekom or Vodafone, gave up because they are even more expensive and now this.
DT owned for a long time what remained of the former state phone operator in Romania.
They were the only provider that hijacked DNS lookup failures to redirect to their own page.
They're gone out of this market now, fortunately.
Glad to hear again, that Romania is living in the future of the Internet.
It looks good still, but we're down to 3 major providers. The future may bring entshitification yet...
The only ISP I have access to is Deutsche Telekom and I often have problems with websites loading slowly. A few more years before other ISPs can provide internet in my new development area. I can't understand, why they are allowed to have a monopoly in some areas.
>why they are allowed to have a monopoly in some areas
because no other ISP can enter for a reasonable price. Germany should have made the infrastructure open-access for all providers, just like they did in Switzerland.
I like the subtle bit of trolling they did with the page color: DT had registered that shade of magenta as a trademark, made it a core part of their brand and generally was VERY vocal in public about "owning" that color. [1, 2]
Though more recently they seem to have lost that protection. [3]
So if that page now deliberately uses the "Telekom color" to call out their bad behavior, that's a statement on its own.
[1] https://adage.com/article/digital/t-mobile-says-it-owns-excl...
[2] https://www.exali.de/Info-Base/magenta-markenstreit (in German)
[3] https://chiever.nl/en/blog-en/t-mobile-loses-the-protection-...
That's the first thing I saw too. dataJAR (an Apple MDM service company in the UK) were targetted in the UK for using a different shade of pink in a different industry.
https://www.bbc.co.uk/news/uk-england-sussex-44107621
I’m on Comcast and I strongly believe they’re selling my data to brokers from the targeted ads I see. I paid for WARP+ from cloudflare and the targeted ads dropped noticeably.
Their standard plan offerings could be already be considered throttling. I moved to Spain and I have 1gbit up/down.
Germany always surprise me with continuous contradiction in their society.
Largest economy in eu but very unstable and riddled with wierd burocracy.
Strongest worker protection, but very large amount of lobbysm.
Most advanced railway system in eu, transformed into a joke by interdiction from said lobbies.
You have to pay a "radio tax" to help funding press and keep it independent, but then fuck net neutrality.
And I could continue with more point, but I don't want to get too political.
Some of these contradictions are fractal - i.e. contradictions all the way down :) For example the independent Radio and TV isn't that independent actually but in practice is. Partially this is because of the insecurities of the times these institutions were setup in making people in power unsure about true independence - so they wanted a control mechanism. The end result is an institution that is deeply coupled into the government but that has at the same time to pretend to be independent to such a degree most people inside it just act that way and its output is sorta neutral except in very slight tonal shift ways and in some individual cases. instances that are very German-culturally local? This is very hard to explain correctly but easy to just explain it wrongly - Let me do that now and translate it to American.
Imagine an institution being dependent and biased in exactly the opposite way that fox news is independent and balanced. Imagine a government-independent institution where you join a controlling organ and after sworn in you are invited to 2 after-meetings at the same time. One invitation comes in a red letter the other in a blue letter. Yet everybody has to be independent because that is what it is supposed to be. Germans can be very very stubborn about that.
this is sorta incomplete and wrong but I think gets you the taste for the setup? If not complain in the replies :)
It is independent in the sense of not being partial to any specific political party. Still the media is very biased towards the status quo and the state. For example you will not find any serious criticism of Israel in any public or private mainstream media in Germany.
The one that always gets me is security and privacy paranoid and lecture me on the Stasi and using Apple phones and how they aren't repairable but then goes and uses unpatched rotten old Android they can't fix anyway and sticks fingers in ears. Nearly every German I know does this and I know a lot of Germans as half my family is German and my ex-partner is German.
I'll bite (I'm not German but I'm close culturally):
* Old Androids are not repairable because they're shit, not because a megacorp works hard to make repair impossible
* Old Androids may be hacked by a pegasus-like software (just like most new smartphones anyway), but at least the operating system does not lock you into its own closed ecosystem.
You may disagree, and correctly, because it's in part irrational, but many Europeans just dislike Apple and consider Android a more open/free ecosystem.
I have bought an Android phone and I couldn’t even change the font used or use an ad blocker on the browser it comes with. It comes with advertisements on the home screen and if I disable them half of the system functions stop working. Seems it’s not open at all. Sent it back the next week. </rant>
Buy a Samsung not the cheapest possible device from a random Chinese seller
I'd believe there was some truth in that if they used any open apps but they just lock themselves into Google's ecosystem instead. All their data is siloed in some US cloud.
If you run like that it doesn't matter what phone you use and your privacy and openness arguments are moot.
>unpatched rotten old Android
Based.
Fsk Apple. Soy aah
Do you know similarly large, democratic societies without contradictions?
my impression is that other countries like Italy or France are much more consistent in what they are bad or good at.
But it's possible it's just my personal bias.
I have the same (possibly mistaken) impression of Germany as an outsider. The US is also remarkably contradictory in its supposed values. I think it would be interesting if there were a semi-objective measure of this quality.
Maybe that is the point. The contradiction about what you expect, and reality. Like in Italy is expected to go and find out this or that is messy. But Germany has a strong image of responsibility, seriousness, efficiency, etc. And when you see closer, is not.
Also, what I'm not sure, I'm trying to find out, if there was a change in the last 1 or 2 decades, or was always like that. Like now, except for things like you here a siren and cars open like Moises opened the water, in many other things, seems to be not more organized that any other country. Hell, sometimes compared with Bangladesh seems to be lagging behind (point example: birth certificates)
> Most advanced railway system in eu
France is certainly better
Certainly not. Nobody wants to book his train 2 weeks in advance to reserve a seat, because otherwise it's "sold out". Also Commuter Rail (TER) is a total Joke outside of Ile-de-France. Sometimes also even with mandatory reservation. I think SNCF confuses itself with an Airline
I believe Germany's is much more interconnected while France's mostly goes from Paris to other places. Mesh versus star topology.
That’s be a use Germany economy is far more distributed (5 or so economic centres) across the country where as counties like France and U.K. have one centre, and places like Spain and Italy two (Madrid/Barca and Rome/Milan)
Yes, as a German I can agree.
However, I remember the anecdote of how France has two different companies for the trains and trainstations. The first ordered trains which were a little bit to wide for the trainstations, due to a miss communication.
When I read about this, I thought „this could have been Germany too.“
In fact German ICEs are limited in speed in Germany because of the rails, when they cross to France go faster.
>You have to pay a "radio tax" to help funding press
I mean, same as in most countries taxpayers effectively sponsor government propaganda.
Nothing will come out of this unless all former state monopolists are targeted at the same time.
Honestly a crappy situation. In Germany, Telekom is a monopolistic bully. In evening hours, any service behind Cloudflare more or less stops working (for instance, before I cancelled my subscription, chess.com web assets were delivered with neck-breaking 5kB/s, which made loading a 20MB wasm for stockfish analysis no fun).. but there are absolutely no viable alternatives that aren’t also crappy: Vodafone -> same peering idiocy, Starlink -> king Elon). VPNs make things complicated, but are often the only alternative.
I am on o2 and didn't have any problems with availability that I would notice.
The laws should be changed. Corporate overlords thinking they can milk citizens should have mandatory jail times - something reasonable like a full decade or so. That way their'll behaviour would quickly change too and they'd have to stop those "we can slow them down and they can not do anything about it" shenanigans.
237 pages, wow...
??? Yes its called peering agreements
DT famously does not use them. They prefer to shut down their peers to make them become customers or fuck off, and by doing so, deliver crappy service to everyone and lose customers, except they have a monopoly so they don't lose as many customers as they should.
We have many BGP workarounds to avoid interconnection points with some of our tier 1 providers and DT because as our providers tell us, discussions with DT to add capacity are a non-starter. We've been relatively stable through a tier 2 provider through Lumen to DT though... for now. Very similar to Cogent in some regions.
[dead]
[dead]
Complaining about net neutrality in 2026 with yt videos. What a joke by pseudo-"hackers."
It's called being pragmatic, are you going to sponsor the bandwidth needed so it can be hosted on a sustainable indie server?
please. I don't understand how the fuck we still don't have p2p social networks and private sharing groups. The amount of possibilities to f* up any kind of control are massive - it's just that we end up writing some convoluted distributed mainframe when all people need is p2prss.
In life, you have to pick your battles.
Why are you leading your visitors to your channel on a monopolist site? To bring ad revenue? There's no need for video for your type of content in the first place.
I get it - a 2026 "hackers" campaign for binging yt. And in case you haven't noticed: appealing to the net neutrality debate of the last millenium is meaningless with just a bunch of monopolists left on the net profitting of vast public investments. The kind of thing traditionalist "hackers" in it for social recognition would be wasting their time on.
Because they're betting on the video finding its way onto people's feed, thus raising awareness among non-techy people. Hard to do that with a random website.