Source code of Swedish e-government services has been leaked
darkwebinformer.com214 points by tavro a day ago
214 points by tavro a day ago
Ok, some important context for non-Swedes. Anyone can get access to all Swedish (non-protected but those are a very VERY small subset) personal identification numbers by simply signing an agreement with SPAR[1] (the Swedish national people database). Identification numbers per se are not particularly useful or hard to get, they are effectively public information. Using SPAR you can also get the home (and any additional) addresses of individuals
A Swedish citizen database is... you know. fun. But not exactly hard to get hold of.
[1] https://www.statenspersonadressregister.se/master/start/engl...
I think this is good to highlight for non-Scandinavians.
Scandinavian countries are extremely open and transparent in a way that might be shocking for Americans. For example, in Norway, I can check nearly anyone's brokerage account holdings, addresses, phone numbers, etc. on public websites. I can in theory look up anyone's tax filings.
Personal identification numbers do not tend to be considered private in the same way that social security numbers in the US are.
We're so open, we even leak our government source code _ourselves_ https://github.com/navikt
Uff, COBOL written in Norwegian, talk about a narrow target to hit for hiring :)
I see mostly Java/Kotlin and Maven.
Pretty modern stack. I would start a government service using those today.
He is probably talking about this repo: https://github.com/navikt/DSF
Description translated:
> This system was one of the oldest IT systems in NAV, and ran in production for 51 years, from when the National Insurance Scheme was introduced in 1967. In January 2018, Presys was put into production, which together with Pesys became the successor to DSF. At that point, DSF was also shut down. The system is written in PL/I.
It's like the Apollo 11 code, but for social services.
Mostly PL/I but a few files of COBOL too, e.g. https://github.com/navikt/DSF/blob/main/src/GML/FO04D1X1.cob...
What's the point of making public how much each person owns? Aside from making you a prime target for kidnappings and targeted advertising?
Tax data is government data. Government data is public data. Instead of asking "what's the reason for making something public" the question is "what's the reason for making a carveout for some specific data to make it secret"
Government data about private individuals can be considered as private, for privacy reasons. If the government knows that I have a mental disability, should everyone know about it, so they can discriminate me accordingly? What kind of dystopian view of the world is this?
Or, if I own crypto, why should the government facilitate the work for criminals?
I heard a rumor that some people use this to check their neighbour's revenue and sometimes make snark comments if one of them has a high revenue but lives in a "average revenue" part of town.
They'd say that if you earn a lot, you shouldn't take a cheap housing.
Any truth to that?
There used to be a lot more of that, but a system was put in place where you have to identify yourself with electronic ID to access the information, and the information is logged so the other party can see it.
Nowadays I think mostly journalists use it to pull up information about politicians and other people that are in the public spotlight. There are of course the yearly "richest people in Norway" lists in various categories.
> There used to be a lot more of that, but a system was put in place where you have to identify yourself with electronic ID to access the information, and the information is logged so the other party can see it.
Yeah, kind of a fake solution, request it via Ratsit or whatever and all they get to see is that someone used Ratsit, but not who actually requested it.
Same goes for criminal cases, using Krimfup or whatever just leads to the service's name "leaking", while you can use fake details to sign up for both Ratsit and Krimfup.
> They'd say that if you earn a lot, you shouldn't take a cheap housing.
I think a lot of "humbleness" is also enforced this way, in the US seems normal (or even some European countries) to flaunt your wealth, and others seem more or less OK with it, while in Sweden it's much more socially unacceptable to in any sort of way brag about being rich, or showing that off. Humble-richness is OK and tolerated, but flagrantly displaying your wealth among the public is generally frowned upon.
So together with that, living in a average neighborhood but have a house that sticks out as clearly "rich person's house" will gain you evil looks from your neighbors, as you're "supposed to" live in a different neighborhood where neighbors look more equal, otherwise you again stick out, which is cause for friction culturally.
Lots of culture in Sweden is less about "lets correctly solve the problem" and more "lets ensure the gaping holes aren't so visible for everyone, so we can ignore it properly".
I have a friend who has moved to Sweden a while ago, and she told me a lot about the Swedish housing situation, and admittedly most if it went over my head, but in short, apparently very few places would even allow you to build even somewhat freely.
Apparently she was in a situation where she 'owned' her house, but still paid a monthly maintenance fee to some agency. and she wasn't allowed to repaint the rooms or do any sort of repairs, but had to go through some agency, who would do it for her.
Apparently that was a neighborhood thing, but she told me of epic (and apparently fruitless) struggles of her friends' who wanted to repaint their house in a different color and install some circular windows.
Probably just didn't really buy the house. Many houses are part of an association (BRF). When you buy one, you practically only buy the right to live in the house plus a share of the entire association. The fee that she paid was towards that association for things like maintainance, managment, trash-fees, internet, parking, likely heating and water, and possibly interest on the associations loan. It's just a different structure that many countries have for flats in a building, in this case applied to single family houses.
Here in Australia, I’ve seen what we call “strata title” applied to “single family homes” before (American terminology, we’d say “detached houses”) - it is uncommon, much more common with apartment buildings or townhouses/villas/semidetached (you share walls and maybe the roof with your neighbours, but there is no one above or below you)-but not completely unheard of
[flagged]
Hold on, I was sharing an anecdote from a friend living in a foreign country, and somehow you're somehow connecting this to a dastardly geopolitical plot by a league of evil nations?
Also may I ask who the heck you are to call my story uninformed? As far as I recall, there's nothing inaccurate about what I said, I might be missing some context or nuance, but there's no disinformation in there, and there's certainly no hidden motive (what would even that be?) you seem to imply.
”and admittedly most if it went over my head”
”Apparently she was in a situation where she 'owned' her house, but still paid a monthly maintenance fee to some agency.”
(This is not the norm. I can go into a lot more detail if you want to.)
I am not accusing you of disinformation. I am saying that are writing completely irrelevant stuff in a story that is, as far as I can see is mostly false and has a high probability of being propaganda related to current conflicts.
And yes, dozens of other people did the same.
Making snark comments about that sounds very unlikely. More likely they'd have respect for someone living frugally and not showing off. See https://en.wikipedia.org/wiki/Law_of_Jante
Making snarky comments about it, no, not really. Will some people snoop around? Yes, nosy people can be found everywhere.
Yes and no. You get notified if someone else actually asks for your revenue info and so in practice nobody actually does it.
Is this not trivial to get a random person to check stuff for you in exchange for making requests for them (on people they are interested in)? Or is that illegal?
There's paid services that pull it for you, most charging around 100nok (10eur) per lookup.[1]
Media is also allowed to pull "top" lists like the 100 people with the most income in a city, 100 people with the most wealth in a city, etc.
What is the harm in this case? Shit people are shit even without information. They would be snark about something else then.
I think it was covered during a discussion about immigrants that are easily rejected - because they're immigrants.
The points was that it added another layer of issues for immigrants because they didn't understand the neighbourhood they "should be living in" with their revenue.
Why is this not the “shit people do shit things” category? This happens even without being immigrants. Large part of my family lives in a way poorer neighborhood than what we can afford, because we don’t care to move. People who have problem with this had other problems even before we got richer. There is exactly zero difference. The exact same people are snark as before, just for something else now. They were and would be snark even without this.
This seems to me a very bad attempt to hide xenophobia.
Yep, that tracks.
There's also the underlying current of Jantelagen (Law of Jante) https://en.wikipedia.org/wiki/Law_of_Jante
The US used to be more this way. Not brokerage accounts as far as I recall, but whether you own a house, how much you paid for it, your address, phone number, even your SSN didn't used to be considered very private, people had it printed on their personal checks, and schools used it as a student ID number.
Newspapers used to publish hospital admissions and discharges, nothing medical but names and dates. Probably a lot of other stuff I'm forgetting.
Let's not forget white pages, those door stopper telephone books containing everyone's name, phone and address that everyone had (along with yellow pages for business listings).
All email conversations in Swedish public institutions are basically a public act and any citizen can request an extract of them.
Out of curiosity how do you authenticate yourself with government services and finance companies and such? The reason the SSN is considered private is because it's used for authentication. Usually an SSN + one or two pieces of trivially obtainable information is enough to sign up for just about anything in somebody else's name, unless physical documents are required as in the case of a passport.
With cryptographic keys, normally stored on a smartphone. BankID[0] is the most common solution, but there are others. I personally use biometric 2fa to log in, and PIN to sign contracts or pay.
And then there are widespread amounts of identity theft and mapping out of minorities, but you may sleep well as everyone knowing where you do so is an important step in making sure corruption is no more, don't think too much about it.
Just a few years ago this was about to change in Sweden.
But they didn't change it, because "women should be able to look up the men that they date".
Oh yes. I'm Swedish and I do have to admit I have looked up quite a lot of people on these kinds of sites. It's become so normalised to do this even though I also feel like it would be better as a whole if they just did not exist in the first place.
Last update I heard about something being done about it was this:
https://www.regeringen.se/pressmeddelanden/2024/11/utredning...
Not sure what the current status is.
[flagged]
> You criticize these websites when they affect minorities, but you use them yourself to look up men. That seems inconsistent.
This is very close to the "Yet you participate in society, how curious" mean, especially since they're implying they would vote in favor of a law that changes it so that the data is no longer public in the same manner.
But then your comment history reveals enough about your intent.
I live here so I can add my experience, thank you.
Speak clearly, what do you have an issue with exactly in my comment history?
>Why are minorities so protected? :)
Because it's the law, and it's a good thing as governments and people tend to use violence against minorities. Don't like it? Move to a more racist country like Israel.
[flagged]
Svensk, anti Zionist, and proudly so. I'm not anti west, though I see all the bad shit we do to the world.