The page where you can get the button also should have a description of or a link to what PRISM is, even if it's just a link to the Wikipedia article, it would increase the ability of this thing to inform people infinitely :)
FYI to anyone considering: the `window.$` global is assigned to `document` in here. Someone would need to refactor the JS before it's safe to consider including.
I'm not a developer of any sort and this is exactly what I was thinking. "What's the guarantee that they don't change the code inside the .js file? I would've already provided them a hardlink and long forgotten about it by the time they start their shenanigans".
The code for this needs major cleanup.
"var $ = document; // shortcut" may kill jQuery and break your site.
This also declares the following global namespaces variables: cssId, head, and link.
The code is hosted on an untrusted amazon instance, so requires a bit of work to crawl the links and copy paste the source for self-hosting and security needs. Cool idea though. Put this on Github if you want code fixes.
Please consider moving the JavaScript file to another place: using GitHub's gist service like this is considered as abusing the service (because gist was not designed for hosting you assets).
There is profound irony that each of these various PRISM protest sites thus far has used Google Analytics. While I have great respect and admiration for Google, Analytics and other centralization tools like it make the task of nefarious tracking dramatically easier, all to have a slightly easier to obtain visitor graph.
Security and coding issues aside, the point of this is unclear to me. If the U.S. (or any) government is going to collect and analyze personal data, they're going to do it, and good luck stopping them through voting, protests, etc. The best way to advocate privacy is to provide technology that makes the data difficult to analyze. Outside the technology industry, very few know or (surprisingly) care if their information is encrypted when providing it.
1) NSA’s PRISM logo is hideous and it’s copyrighted. You might want to create your own graphics.
2) Add an explanation of what PRISM is and how people can help fight it. For instance, link to a template letter for people to send to their representative.
3) You should create a page that generates a list of all participating websites. That gives websites some incentive to join.
On #1, see Wikipedia: A work of the United States government, as defined by United States copyright law, is "a work prepared by an officer or employee of the U.S. federal government as part of that person's official duties."[1] In general, under section 105 of the Copyright Act,[2] such works are not entitled to domestic copyright protection under U.S. law.
It seems the PRISM logo isn't copyrighted unless the US gov't pirated it.
How do you know the logo was prepared by an officer or employee of the U.S. federal government? They could’ve hired a design company to make it (albeit not a very good one, by the looks of it).
> How do you know the logo was prepared by an officer or employee of the U.S. federal government? They could’ve hired a design company to make it (albeit not a very good one, by the looks of it).
Had they done so, it'd presumably be a work for hire and still not be copyrightable, since the government would own it.
“Unlike works of the U.S. Government, works produced by contractors under government contracts (or submitted in anticipation of such contracts) are protected and restricted under U.S. copyright law.”
Also important: even if a federal employee made it, it may not be protected by copyright in the US but it can still be copyrighted in all other countries.
The NSA stole the prism image for the logo from a professional photographer without permission. In theory, that photographer could have had the products pulled due to the photo copyright.
Maybe that's for international protection as someone else reported in this thread. It seems that it's only in the US that NASA's works can't be copyrighted.
“Contract terms and conditions vary between agencies; contracts to NASA and the military may differ significantly from civilian agency contracts. Civilian agencies and NASA are guided by the Federal Acquisition Regulations (FAR).”
love the initiative but I have major concerns about the implementation.
assigning $ as an alias for document is totally useless and can kill jquery / prototype running on the user's site.
also please consider moving all variables out of the global scope. you are using variable names such as "link" which could cause major conflicts with 3rd party javascripts
Show this button as a reminder that sharing should be a choice.
Is it not a choice anymore? Who is forcing you to share data with a company that might be legally required to turn it over to the authorities in the country's they operate in?
We have a right to speech, we don't give it up when we go online.
We also have a right to speak privately.
To say that I could choose to simply never pass data through any American company is merely silencing.
'legal requirement' is not 'due process'. When every American company can be compelled to give up all the information they have about me, without a warrant and in secret...when even the people involved can't effectively fight it, let alone me...
For anyone who wants a completly self-hosted and stand-alone solution (single file including logo in base64) here it is: http://jsbin.com/evafaz/4/edit
Code needs major cleanup. As a start encapsulate the code into a Module Pattern and stop chaining variables to the global prototype. Finally as mentioned here, why would anyone be placing links to a untrusted 3rd party JS code on their site?
50 comments
[ 11.3 ms ] story [ 864 ms ] threadAt least audit and mirror the file on your own server.
The code is hosted on an untrusted amazon instance, so requires a bit of work to crawl the links and copy paste the source for self-hosting and security needs. Cool idea though. Put this on Github if you want code fixes.
https://github.com/zackliscio/prismbutton
Please consider moving the JavaScript file to another place: using GitHub's gist service like this is considered as abusing the service (because gist was not designed for hosting you assets).
Solution: Inject third party JavaScript into as many websites as possible!
1) NSA’s PRISM logo is hideous and it’s copyrighted. You might want to create your own graphics.
2) Add an explanation of what PRISM is and how people can help fight it. For instance, link to a template letter for people to send to their representative.
3) You should create a page that generates a list of all participating websites. That gives websites some incentive to join.
It seems the PRISM logo isn't copyrighted unless the US gov't pirated it.
Also, here’s the HN discussion about it: https://news.ycombinator.com/item?id=5868220
Anyways, it seems like the NSA feel it is copyrighted: http://gawker.com/the-nsa-sent-a-takedown-notice-over-my-cus...
Had they done so, it'd presumably be a work for hire and still not be copyrightable, since the government would own it.
“Unlike works of the U.S. Government, works produced by contractors under government contracts (or submitted in anticipation of such contracts) are protected and restricted under U.S. copyright law.”
Also important: even if a federal employee made it, it may not be protected by copyright in the US but it can still be copyrighted in all other countries.
http://en.wikipedia.org/wiki/Copyright_status_of_work_by_the...
http://en.wikipedia.org/wiki/Copyright_status_of_work_by_the...
assigning $ as an alias for document is totally useless and can kill jquery / prototype running on the user's site.
also please consider moving all variables out of the global scope. you are using variable names such as "link" which could cause major conflicts with 3rd party javascripts
Is it not a choice anymore? Who is forcing you to share data with a company that might be legally required to turn it over to the authorities in the country's they operate in?
We also have a right to speak privately.
To say that I could choose to simply never pass data through any American company is merely silencing.
'legal requirement' is not 'due process'. When every American company can be compelled to give up all the information they have about me, without a warrant and in secret...when even the people involved can't effectively fight it, let alone me...
Then I can not speak freely.
If so, we (folks at stopwatching.us) can make something more secure and safer to implement.
and a secondary call to action - how you too can add this button.
As is, I wouldn't add it to my website.
Thanks to a suggestion by ozten a call-to-action has been added: https://optin.stopwatching.us/