Oh I guess then it's safe to put my data on the American cloud again.
Just kidding, wouldn't do it. And neither should you.
It's sad, but as a foreigner I don't see that, regarding government policies, anything at all has changed since Snowden went public. I have nothing against the USA taking various leadership roles. Biggest democracy, newest technology etc, but since early 2000s it seems they are doing a bad job in many areas.
What would make you think that foreign governments would be any better? Supposedly privacy friendly European governments engage in plenty of wiretapping[1][2][3]. What I find different about what happens in the US is that these events are highly publicized, scrutinized, and court battles over wiretapping are extremely expensive for the US government, compared to other countries. I don't see that happening elsewhere.
Sorry to nitpick and slightly OT, but more people voted in the elections in India these past weeks than the US has citizens. A staggering half billion plus.
You mean "cloud" all by itself. Don't let the current focus on the NSA fool you into believing that other countries aren't taking low hanging fruit like "your data on a remote server" for their intelligence.
That is my problem with the debate. While some people DO get up in arms about the U.S. government's activities, it is always phrased in such a way as, "You can't do this to American citizens!" What about non-citizens? What happened to "All [people] are created equal?"
The EFF apparently cares a great deal about government surveillance but does not comment on corporate surveillance.
Is it a coincidence that some of the 6 star corporations who supposedly "have our back" are funding the EFF? Sigh.
A lot of the EFF's work seems to go into defending Google's rights rather than defending individuals' rights. This is bizarre behaviour for a privacy advocacy group. See also: https://twitter.com/EFF/status/466727797713825793
I find that I can no longer support the EFF's work.
No, they spend an enormous time commenting on actions by private companies, including corporate surveillance. Maybe you've just paid attention for the last few days?
Meanwhile reliable critics of Google like Cory Doctorow have also been criticizing the ruling by the European Court of Justice, and if you read the link in that tweet
you'll see that the implications of that ruling actually are troubling. I think on the contrary, implying that being troubled by the ruling is equivalent to "defending Google's rights rather than defending individuals' rights" is disingenuous and intellectually lazy.
You can disagree with them, but it shouldn't be hard to empathize here: imagine someone who strongly believes in an American-style right to free speech; surely it's not beyond the realm of possibility that that person can't be both a vociferous defender of individual's rights while also worried about how this ruling will itself erode those rights?
Focusing on governments seems like a good focus. They are much more powerful, have a much darker history of abusing that power, and opting out of giving info to businesses is much more realistic, while still hard.
>Your Web searches about sensitive medical information might seem a secret between you and your search engine, but companies like Google are creating a treasure trove of personal information by logging your online activities, and making it potentially available to any party wielding enough cash or a subpoena.
>Tell users about government data requests. To earn a star in this category, Internet companies must promise to tell users when the government seeks their data unless prohibited by law, in very narrow and defined emergency situations,[2] or unless doing so would be futile or ineffective.[3]
Those caveats make this a meaningless category, particularly the first one. Nearly all the data requests that people are concerned about have been coming with gag orders attached. Not to mention, how can the EFF even verify this? One assumes the criteria are assessed by the companies' policies, not by their actions, and that's clearly meaningless if the government is essentially compelling them to lie, keep silent or "massage the truth".
> Nearly all the data requests that people are concerned about have been coming with gag orders attached.
citation? most data requests are run of the mill subpoenas (in non-criminal cases), gag orders only apply to a fairly small subset of user data requests.
The PRISM companies have been saying they 'have our backs' since that story broke, and it's more clear than ever that they were lying in those statements. (notably, see the material in Glenn Greenwald's recent book No Place to Hide about direct surveillance agency access to severs, in spite of coordinated statements from the companies denying precisely that. Not that most people found them credible back then.)
What I'd like to know is who is acting to protect their users, and for a lot of the of the entries on this list I have negligible levels of trust that words and actions tell the same story.
Still, all the star categories here are at least somewhat verifiable, and giving bad actors credit for improving is a good thing.
I think this has limited value as a guide to what companies can be trusted, but great value as a survey about the response of U.S. society to the Snowden releases, and these trends look somewhat encouraging.
Thanks EFF, for pointing the spotlight.
They are basing this largely on statements by the companies in question, not on their actions or any proof that these companies actually abide by their promises. Seems a bit hollow to me.
Criteria like "Tell users about government data requests. To earn a star in this category, Internet companies must promise to tell users when the government seeks their data unless prohibited by law" doesn't inspire confidence either.
If people are interested in a more in-depth view about this, check out https://transparency-reports.silk.co/. It covers other countries too and has more raw data on both companies and governments.
The EFF collaborated with us [1] on this and we're very excited about being able to provide the data in an accessible and easily comparable way on the web.
It is indeed a sad state of affairs when you have to read the title "Protecting Your Data From Government...".
It highlights the fact that government no longer works for us; that that majority of people either do not care about the issue, or they do care and democracy is a farce.
Of those options, I firmly believe that democracy is a farce.
My 90 year old Gran's father was one of the founder's of the British Labour Party. She says that if someone starts a revolution she she join in. She thinks she is too old to start it, and to be fair she is blind and deaf so she's doing pretty well. We need more people like her.
I'm curious as to whether my pessimism about government, or my disillusionment with democracy or my 90 year old Gran's revolutionary tendencies caused offence?
I am happy to see the significant increase in stars, but I do wonder if the same rules apply to both US and non-US users. The report is vague regarding this.
This is a very good development, and it also suggests that these kinds of publications may have some positive effect in encouraging more companies to, well, "have your back".
I think they changed the categories, and now they are only about whether they fight against the government or not, and even those aren't that great. Take AT&T for example. Yes, they "publish transparency reports", but very weak/misleading ones. They don't publish everything. AT&T gives NSA the whole firehose to their cables, and they still get to get a star for "publishing transparency reports" which don't even include that important tidbit of information?
They have nothing to do with how invasive their privacy policies are against their users, how much they track you, how good of an encryption they use or anything like that. Maybe they should make a separate benchmark for all of those, too, if they're not going to integrate them anymore. Because soon we'll be seeing headlines like "Facebook has 5/5 stars on privacy!" - which is just misleading to most people.
It's a good development but to say that these companies "have our back" is an overkill. Most of them don't really care, I probably would just count on twitter from that list, and I'm not so sure anymore since this happened: http://allthingsd.com/20130830/twitter-general-counsel-alexa... interestingly this was right before the IPO.
So the EFF is now becoming the lobby for the US surveillance companies?
Several of these companies built their business model on commercial surveillance of their users with the purpose of monetizing their data directly or indirectly.
And these are the companies that are supposed to "have my back"? Really?
Companies never "have anyone's back." They exist to generate revenue; this isn't intrinsically bad. However, this should preclude any form of blind trust.
Their whole business model fundamentally depends on extracting as much personal data as possible from their users. Though there is some solace in the fact that their motive is at least known.
It's fighting for users' privacy as in fighting for how much of that ton of information they're gathering can be withheld. Otherwise, yeah, I know a few really attractive ladies who are fucking for virginity.
> CREDO Mobile, a new addition to this year’s report, demonstrated through its exemplary policies that it is possible for a telecom to adopt best practices when it comes to transparency and resistance to government demands.
I'd never heard of Credo Mobile before.
Regardless of the intentions of Credo, since they appear to be leasing Sprint's towers, doesn't that ultimately put Credo's customers at the whim of Sprint in terms of who gets wiretapped / transparency reports / etc?
Or is it possible for a tenant on the infrastructure to be reasonably assured that outsiders can't intrude into their communications.
I know very little about it, but what I've seen of cell network security research, makes me assume that no such security exists for tenants leasing towers.
The problem with this list is that I can't tell if the starred company ALWAYS does the relevant action, or HAS done the relevant action at times. Does Google always tell users about govt requests for data? Or does Google sometimes tell users about govt requests for data? Because recent revelations indicated the government could retrieve their data without Google even being involved in each transaction, and they were legally barred from revealing fine-grained details about requests. But they did publicly oppose that policy after the fact and fought (or at least appeared to) the policy after it was revealed. So they get a star in that category now?
It's a bit like charting a flip-flopping political candidate's stances on issues. Does candidate X support issue Y? Yes! Does candidate X oppose issue Y? ... yes!
Why aren't there any of the services that actually have our backs on this list? Companies such as https://MyKolab.com clearly seem to belong on that list.
reddit doesn't really have any of your personal data. They may have an email address, but that's about it. They may also have an IP address, but as long as your ISP is good, even if law enforcement gets that it won't help much.
[+] [-] scrrr|12 years ago|reply
Oh I guess then it's safe to put my data on the American cloud again.
Just kidding, wouldn't do it. And neither should you.
It's sad, but as a foreigner I don't see that, regarding government policies, anything at all has changed since Snowden went public. I have nothing against the USA taking various leadership roles. Biggest democracy, newest technology etc, but since early 2000s it seems they are doing a bad job in many areas.
No thanks.
[+] [-] lgbr|12 years ago|reply
1: http://ccc.de/en/updates/2011/analysiert-aktueller-staatstro...
2: http://falkvinge.net/2012/04/02/sweden-paradise-lost-part-1-...
3: http://www.wsws.org/en/articles/2011/09/fran-s09.html
[+] [-] harkyns_castle|12 years ago|reply
In particular I find the constant harking back to "Well, we don't spy on US citizens, only everyone else." particularly annoying.
Like that's OK.
[+] [-] trusche|12 years ago|reply
Sorry to nitpick and slightly OT, but more people voted in the elections in India these past weeks than the US has citizens. A staggering half billion plus.
http://qz.com/210222/6-takeaways-from-record-turnout-in-the-...
[+] [-] Sprint|12 years ago|reply
[+] [-] rmc|12 years ago|reply
[+] [-] goodcanadian|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] dragonwriter|12 years ago|reply
Yeah, because the US was a paragon of virtue throughout, say, the Cold War.
[+] [-] ronaldx|12 years ago|reply
Is it a coincidence that some of the 6 star corporations who supposedly "have our back" are funding the EFF? Sigh.
A lot of the EFF's work seems to go into defending Google's rights rather than defending individuals' rights. This is bizarre behaviour for a privacy advocacy group. See also: https://twitter.com/EFF/status/466727797713825793
I find that I can no longer support the EFF's work.
[+] [-] magicalist|12 years ago|reply
Meanwhile reliable critics of Google like Cory Doctorow have also been criticizing the ruling by the European Court of Justice, and if you read the link in that tweet
https://www.eff.org/deeplinks/2014/05/hidden-in-plain-sight
you'll see that the implications of that ruling actually are troubling. I think on the contrary, implying that being troubled by the ruling is equivalent to "defending Google's rights rather than defending individuals' rights" is disingenuous and intellectually lazy.
You can disagree with them, but it shouldn't be hard to empathize here: imagine someone who strongly believes in an American-style right to free speech; surely it's not beyond the realm of possibility that that person can't be both a vociferous defender of individual's rights while also worried about how this ruling will itself erode those rights?
[+] [-] emiliobumachar|12 years ago|reply
[+] [-] aestra|12 years ago|reply
https://www.eff.org/issues/privacy
>Your Web searches about sensitive medical information might seem a secret between you and your search engine, but companies like Google are creating a treasure trove of personal information by logging your online activities, and making it potentially available to any party wielding enough cash or a subpoena.
[+] [-] harkyns_castle|12 years ago|reply
[+] [-] x1798DE|12 years ago|reply
Those caveats make this a meaningless category, particularly the first one. Nearly all the data requests that people are concerned about have been coming with gag orders attached. Not to mention, how can the EFF even verify this? One assumes the criteria are assessed by the companies' policies, not by their actions, and that's clearly meaningless if the government is essentially compelling them to lie, keep silent or "massage the truth".
[+] [-] lukesandberg|12 years ago|reply
citation? most data requests are run of the mill subpoenas (in non-criminal cases), gag orders only apply to a fairly small subset of user data requests.
[+] [-] etiam|12 years ago|reply
What I'd like to know is who is acting to protect their users, and for a lot of the of the entries on this list I have negligible levels of trust that words and actions tell the same story.
Still, all the star categories here are at least somewhat verifiable, and giving bad actors credit for improving is a good thing. I think this has limited value as a guide to what companies can be trusted, but great value as a survey about the response of U.S. society to the Snowden releases, and these trends look somewhat encouraging. Thanks EFF, for pointing the spotlight.
[+] [-] Cieplak|12 years ago|reply
Not very hard to deanonymize a person's every card purchase.
[+] [-] maxerickson|12 years ago|reply
Edit: (I mean from publicly available data, didn't realize how ambiguous that was until I reread it)
[+] [-] sspiff|12 years ago|reply
[+] [-] rurounijones|12 years ago|reply
[+] [-] salar|12 years ago|reply
The EFF collaborated with us [1] on this and we're very excited about being able to provide the data in an accessible and easily comparable way on the web.
[1] https://www.eff.org/press/releases/which-tech-companies-help...
[+] [-] junto|12 years ago|reply
It highlights the fact that government no longer works for us; that that majority of people either do not care about the issue, or they do care and democracy is a farce.
Of those options, I firmly believe that democracy is a farce.
My 90 year old Gran's father was one of the founder's of the British Labour Party. She says that if someone starts a revolution she she join in. She thinks she is too old to start it, and to be fair she is blind and deaf so she's doing pretty well. We need more people like her.
[+] [-] junto|12 years ago|reply
I'm curious as to whether my pessimism about government, or my disillusionment with democracy or my 90 year old Gran's revolutionary tendencies caused offence?
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] Zirro|12 years ago|reply
[+] [-] rmc|12 years ago|reply
[+] [-] skrebbel|12 years ago|reply
This is a very good development, and it also suggests that these kinds of publications may have some positive effect in encouraging more companies to, well, "have your back".
[1] https://www.eff.org/who-has-your-back-2013
[+] [-] higherpurpose|12 years ago|reply
They have nothing to do with how invasive their privacy policies are against their users, how much they track you, how good of an encryption they use or anything like that. Maybe they should make a separate benchmark for all of those, too, if they're not going to integrate them anymore. Because soon we'll be seeing headlines like "Facebook has 5/5 stars on privacy!" - which is just misleading to most people.
[+] [-] rpgmaker|12 years ago|reply
[+] [-] herrschindler|12 years ago|reply
Several of these companies built their business model on commercial surveillance of their users with the purpose of monetizing their data directly or indirectly.
And these are the companies that are supposed to "have my back"? Really?
[+] [-] rectangletangle|12 years ago|reply
[+] [-] 7schlaefer|12 years ago|reply
[+] [-] Centigonal|12 years ago|reply
[+] [-] Oras|12 years ago|reply
[+] [-] rectangletangle|12 years ago|reply
[+] [-] weland|12 years ago|reply
[+] [-] harkyns_castle|12 years ago|reply
[+] [-] ikawe|12 years ago|reply
> CREDO Mobile, a new addition to this year’s report, demonstrated through its exemplary policies that it is possible for a telecom to adopt best practices when it comes to transparency and resistance to government demands.
I'd never heard of Credo Mobile before.
Regardless of the intentions of Credo, since they appear to be leasing Sprint's towers, doesn't that ultimately put Credo's customers at the whim of Sprint in terms of who gets wiretapped / transparency reports / etc?
Or is it possible for a tenant on the infrastructure to be reasonably assured that outsiders can't intrude into their communications.
I know very little about it, but what I've seen of cell network security research, makes me assume that no such security exists for tenants leasing towers.
[+] [-] TallGuyShort|12 years ago|reply
It's a bit like charting a flip-flopping political candidate's stances on issues. Does candidate X support issue Y? Yes! Does candidate X oppose issue Y? ... yes!
[+] [-] butler14|12 years ago|reply
[+] [-] obeleh|12 years ago|reply
[+] [-] rtnl|12 years ago|reply
Why aren't there any of the services that actually have our backs on this list? Companies such as https://MyKolab.com clearly seem to belong on that list.
[+] [-] mherdeg|12 years ago|reply
[+] [-] jedberg|12 years ago|reply
[+] [-] Zigurd|12 years ago|reply
I know of one that makes the use of private keys and encrypted payload easy: Carbonite. Anyone else? Anyone? Bueller?
[+] [-] akandiah|12 years ago|reply