Do you think your security knowledge is something people should pay for, or do you just do it for the pleasure? I know you've developed decrypters for free, and I also think knowledge needs to be shared in order to evolve, nevertheless I always find people which technically demand help, related to hardware or security infections, and of course for free because "it's not hard for you to do it".
It always depends. There is a difference between people genuinely looking for help and people who fall into the category "choosing beggars". People with that "it's not hard for you to do it, so it should be free" attitude belong to the latter category and I meet them a lot, unfortunately. But ultimately I don't want to have a couple of people who feel entitled and come off as demanding assholes ruin it for all the other genuinely thankful people.
But... since they are part of the criminal element, it probably is wise to assume that a threat might be involved. And indeed... the grudging mutual respect of the adversary generals in WWII did not preclude them from trying to kill each other..
There are some aspects of this, that most non-German people may not be aware of. In Germany, there is a central register of all people living in Germany. You are legally required to register with the local municipality and keep your personal and address records updated. In addition, any person can go to the local municipality and get a copy of your address. The only requirement is, that based on the information you provide, the person needs to be uniquely identified. Depending on how unique your name is (Fabian Wosar is quite unique), the name alone may be enough. Otherwise, the name plus the birthdate will do the trick in almost all cases. Such a request costs about 8 Euros. If you can prove that you have some form of claim against the person, in addition to your current address, they may hand out way more detailed information about you. Like former addresses, your religion, names of your relatives etc.. So when there were messages alongside "we have friends in Hamburg", with Hamburg being the city I had set in my Linkedin profile, things got to a completely different level.
I never actually lived in Hamburg. I just had it in there, because it was only 1 - 2 hours away and if I told people where I lived, they had no concept of where it was, while Hamburg is usually quite familiar with people even if they aren't German. I actually lived in one of the harbour cities next to the Baltic Sea. In fact, there was a shipyard in my town who was bought by a Russian shell company. The owner of the shell company was later executed by the Russian mob in Moscow and the entire operation turned out to be a huge money laundering ring for the mob. So I literally had the Russian mafia right in front of my door.
The last bit is that there actually have been attempts to narrow down where I live. One example is this Twitter account:
That's the only message it has and if you look closer, you can see that there is a bit in the middle of the message that looks odd. It turns out that's a BASE64 encoded URL to an IP logger. My guess is they were hoping I would find it, then get curious about it and hope I would visit the link to know my rough vicinity. That would have allowed them to know which municipality was responsible for my area (or narrow it down to like 2 or 3) and then request my address from those.
So yeah, I can understand that without context it is easy to kind of dismiss. I had one person, who has a Youtube Channel, try to tell me that they got haters and get threats in their comments like all the time! But the key difference is, that he and his Youtube Channel don't cost the angry commenters literally millions of dollars every year and that the commenters most likely don't already have connections to organised crime, while the usual ransomware gang does. They still need to convert the bitcoins they collect into clean money and money laundering is kind of big business for most cartels.
Thank you for your explanations! So, basically, if one connects a VPN, there should be no way for them to decrypt traffic? (Assuming the traffic is encrypted with a high-security standard)