I support this effort 100%, but... there's something a bit off about the messaging that I can't quite put my finger on. Perhaps "the day"? This is going to be a long haul, not like killing SOPA or some other bad bill. This system is entrenched, and has a lot of support. It's going to be a long fight, and it's going to be a slog.
For those in the US, though, please do call your representatives.
If I had to point to one thing it would be "the day".
* It's clearly going to take more than a day to achieve a positive outcome in a system that was established over many decades
* What happens when "the day" ends?
* Since the action is framed as "the day", this is how the media will report on it - including
outcomes of the day. These outcomes, whatever they are, will be packaged with the day and thus more easily dismissed than, say, "the movement" (which continues to grow) or "the tide" (that is turning) or "the big cleanup" (which must be repeated regularly)
I think drives like these (whether intended to or not) result in heightened awareness of a problem, not necessarily a fixed outcome.
If something like this took place once a year (where sites protest mass surveillance) it would assure that people continue to discuss the issue instead of slowly forgetting about it.
Labeling the effort "The Day We Fight Back" has a certain "shock" value that intrigues people. If instead it were marketed as "let's talk about long-term strategies for dismantling mass-surveillance" support would probably trickle in.
After all, signing a petition or putting a url on your site isn't really "fighting back," it's a protesting.
Agreed. Even if the media gives "the day" plenty of coverage, their 24-hour news cycle will simply bury it, and CBSABCNBCCNNFNC viewers will have forgotten it by Friday, and likely not see it again.
It's a matter of effort, I suppose... "proof of work" as the bitcoin people talk about. Clicking a button is less effort than making a phone call and talking to a person.
As far as I am concerned, fighting back for a day is useless. The NSA is probably going to find they have already lost this battle because we now trust their co-conspirators a lot less. It's the slow, relatively minor pressure over time by billions of people that will change things.
But the real danger is with the next battle. I think we are going to see a major showdown over legality of encryption generally within the next few years with a push for legally required back-doors (since it will be harder to guarantee cooperation unofficially and there is almost certain to be a lot of effort into guaranteeing better security). That's the one we should be steeling ourselves for.
So I won't be participating in this "The Day We Fight Back" not because I think it is unimportant but because I think it is too important than to relegate to a day of action.
I think this is more about making noise to remember people -- people which does not follow tech and NSA news -- that surveillance is still a problem, that Snowden is still stuck in Hong Kong, that the NSA still collects a huge amount of personal information from non-targets.
But you're right the battle is much bigger than that.
I really, really don't think anyone is trying to say that this is the /only/ thing you should do.
Many of the people organizing this campaign worked on any number of different campaigns over the last 6 months (Stop Watching Us, Restore the Fourth rallies, a rally in DC, Defund The NSA), so we'd be the last to say that this is the only day you should take action.
Rather, this is a single day for all of us who care about the isuee to rally round and do something to reach a critical mass of action that gets noticed on capitol hill. And also to help educate people who've tuned out of NSA stories by reiterating all the things the NSA is doing to erode privacy.
> Rather, this is a single day for all of us who care about the isuee to rally round and do something to reach a critical mass of action that gets noticed on capitol hill. And also to help educate people who've tuned out of NSA stories by reiterating all the things the NSA is doing to erode privacy.
To be honest, I am jaded enough to wonder how much politics actually matters here. The NSA isn't going to stop spying on us because Congress tells them to. It isn't even clear that Congress knows enough about what is going on to really oversee it. And if they don't, then what? We get some feel-good legislation which purports to solve the situation but really just plants the seeds of the next great abuse. That's exactly what happened with FISA.
The current battleground is not on Capitol Hill. it is in the insistence that we make companies pay for what they are doing with the NSA and insist on the development of secure alternatives.
The next battleground (as we make gains in private industry) will be in Capitol Hill, and believe me, when it comes, we will need business interests to be on our side.
> I think we are going to see a major showdown over legality of encryption generally within the next few years with a push for legally required back-doors ...
<boggle> History, people. History. This showdown already happened and the intelligence services lost.
I think it's interesting that there are ~200k Twitter/Facebook shares at the time of this comment, but less than 10k calls/emails. The message seems to be, "I think contacting legislators is a great idea! I hope some of my friends do that.."
Chiming in as one of the developers, these share totals are the total from when the campaign first started. The tools for calling/emailing/petitioning have only been active for two or so hours.
True, but as congresspeople are elected by the people of the US they would only be keen on hearing from them (well, that's the idea at least - in reality they don't seem to worry a lot about what a small but informed contingent cares about)
Oh, a flash protest, one that seems to have been announced with a press release only yesterday and pushed by the EFF just one hour ago.
Well, it is too short notice for me to invest the time to black out my website, so I will not be supporting this. Maybe there will be a similar action next year that I will support, if it is better advertised beforehand.
Maybe you're not on the EFF email list or Facebook group? They've been promoting this for several weeks (actually too much for my liking, so it's interesting for me to hear that others weren't aware of it).
Why don't we (as the hacker/programmer community) also "fight back" in the meaningful & legal way that is our core strength?
Resolve to push for encryption if there is any PII data in an app that you work with especially if it is a e-mail/mobile/social app. at scale
Refuse to work with/at NSA until their policies change
Refuse to participate in any committee/standards body, conferences, with NSA employees (or their cohort companies who have willingly forsaken the public's interests)
Encourage non-tech folks to adopt stronger privacy practices
> Refuse to work with/at NSA until their policies change
Don't agree with this. Boycotts relying on cooperation and trust between unorganized members are doomed to fail and only hurts those that take part in such boycott.
There's also such a thing as having a conscience. I agree that organizing and solidarity are necessary for effective political action but let's not discount the power of resistance against the moral turpitude of the day.
I'm not going to jail due to fighting the government about disclosure of the users of my dumb smartphone game. It's fun to play the moral high ground, but let's not pretend we're the bastions of society because we encrypt user data.
So you think that after you join NSA, you'd participate in such a boycott against NSA? Or will you be even more terrified about losing the job you've already gotten, and try to be on the "safe side" as much as possible to keep your job?
>Refuse to work with/at NSA until their policies change
When the NSA demands your data, you're not really entering a business partnership.
>Refuse to participate in any committee/standards body, conferences, with NSA employees (or their cohort companies who have willingly forsaken the public's interests)
That said, if you're part a committee or a standards body and you have opinions, the only way that you'll get your changes in place is if you show up.
> When the NSA demands your data, you're not really entering a business partnership.
True, but I saw the original comment as relating more to recruiting. The NSA works just as hard as any tech company to compete for skilled employees.
If you're the kind of person they want to hire, you have lots of fantastic other choices. So choose something else. Unless you're planning to pull a Snowden (and have gonads of steel).
And if you do decide to help code the surveillance state, the rest of us may take that into consideration in future hiring, buying, and investing decisions.
>If you're the kind of person they want to hire, you have lots of fantastic other choices. So choose something else.
I am the kind of person they'd want to hire and what has kept me from applying is the relative low pay and not being in my area. As an engineer, you'd get access to cool tech in an interesting domain.
>And if you do decide to help code the surveillance state, the rest of us may take that into consideration in future hiring, buying, and investing decisions.
Really? Because you don't use Amazon, Microsoft, Google? You wouldn't hire a qualified candidate if she had worked at the NSA?
So are you saying that the actions that the NSA have taken are not against your conscience? If so, then I would hesitate to hire you because ethical and conscience-based decisions are key to having trust in employees.
>If so, then I would hesitate to hire you because ethical and conscience-based decisions are key to having trust in employees.
Because every employee working for the NSA is doing a-thing-that-you-don't-like(tm) and not something different or important. I wouldn't want to work for someone that simplifies complex issues anyway.
In this scenario, the qualifications of the person or what function they served at the NSA is pretty much irrelevant. (That said, as a hiring manager I wouldn't take what a former NSA employee told me about the functions they served at face value.) The poster is brainstorming ways in which average citizens could cripple an organization seen as out of control. While this particular method may hurt the individuals who work there, and leave the overall hiring a little less unqualified, it doesn't mean that the idea has no credence.
I think it would be hard to build a movement around the things you list. The core competency of the hacker/programmer community is technical and a lot of the technical solutions tend to have significant difficulties in implementation (such as email encryption).
Why not focus on a very limited number of simple to understand technical goals. For example, you could advocate the creation of private encrypted tunnels between large corporate networks. So that all traffic is routed by default over a VPN if such a route exists. This lets encryption be a compliance issue for an IT department rather than a user level app problem.
All of the people who built the site and the banner are volunteers who met on HN across various threads, and not members of any of the advocacy orgs or companies listed on the site. We're really interested in getting feedback on how future campaigns can be better, and happy to discuss some of the decisions we made. The non-profits involved did all the legal and organization lifting, and this is a great opportunity to donate to the EFF and Demand Progress if you haven't recently.
Likely the most impactful thing you can do right now is to add the banner to your own site and ask the companies you work for to do the same. We've tried to make it as easy as possible to add the banner; you can find all the options (including a Cloudflare app and Wordpress plugins) here: https://github.com/tfrce/thedaywefightback.js
Pushing for technical solutions to the surveillance is also really important. Friends at Fight for the Future are launching a campaign along those lines as soon as this one wraps up, and there are a lot of open source projects (e.g. the great work done by [Whisper Systems](https://whispersystems.org)) that deserve attention.
But legislation and technology need to work hand in hand for things to change in the long run. Even if we have decent technical solutions, legal measures can easily limit the scope of their success (see Lavabit).
(My comment here is about the international version of the site - the USA one is much clearer in its purpose.)
One crucial piece of information I haven't been able to find is what happens to the names and email addresses people enter. How does filling in those boxes amount to taking action?
I am strongly opposed to mass surveillance, but thedaywefightback.org doesn't seem to be communicating successfully how exactly it is going to help. If it is doing something that will truly help (which seems likely, but I can't really tell), that needs to be clear in its message, and it isn't.
Your point is very good! It needs to be specified how our signatures will help in the fight against mass surveillance. We signed, and now what? Spread the word. But what is next?
I think the solution to this has to be on multiple fronts. It would be a good idea to push for laws which forbid certain kinds of surveillance. In the US the situation with the constitutionality of the NSA activity needs to be clarified. In the UK it would appear that the activities of GCHQ - particularly using DDoS and other "dirty" methods - is against the existing computer misuse laws. Investigating and following up on that would be useful. Probably they will make all of that retroactively legal, but there might be an opportunity to challenge and stop that in parliament.
On the technical front if you're a software engineer you can spend some of your time helping to develop, test and debug the various encrypted communication systems. Often security audits are needed. If you're not a software engineer then find out how to use encryption tools - PGP, XMPP/OTR, Tor, Bitmessage, etc and encourage your friends to use them.
So they'll be a shorter version of this on the main site soon, but I can spell it out at greater length and more informally here. (I'm EFF's International Director, btw)
The short answer is that you're signing your support for a set of 13 principles on the application of human rights to communications surveillance ( see https://necessaryandproportionate.net/ ), that were worked out last year (pre-Snowden, actually) by a coalition of technologists, privacy activists, and legal scholars.
The long answer: We've been using this language to push the idea in international venues and among key lawmakers in various countries that mass surveillance (as well as a bunch of other practices conducted by the NSA and other spooks, including corruption of crypto standards and backdoors) is a violation of existing human rights standards.
This is important internationally because if the NSA gets away with its current behaviour, it'll establish a norm that such surveillance is okay for any government to conduct. We need to push back against that norm.
To do so, diplomats, policymakers and others need language and arguments to back that up.
The Principles give them that language in a familiar context (and we're working together to provide more detailed arguments and other legal guides). It has found favor among politicians, experts and other influential people I think partly because the smarter ones are genuinely worried that pervasive surveillance really could undermine their own societies -- they recognise what it could do in the wrong hands as much as anyone else.
In providing that leverage, it helps to convey that it's not just a bunch of domain experts that think forbidding mass surveillance is a bad idea, but that an increasingly large number of citizens find it abhorrent. That's what the signatures will do. It really makes a difference in this arena, because so few obscure technical documents have hundreds of thousands of supporters :)
I'd encourage anyone who wants to understand better how we're trying to get all governments, not just the US, to craft better surveillance legislation to read the full text of the principles at https://necessaryandproportionate.net/text You can also ask me questions at danny@eff.org . It's a long haul project, and we're conducting it alongside legal actions in the US and abroad, shoring up and disseminating crypto tools, and other non-policy defences. But it's pretty amazing to get unanimity with hundreds of privacy groups on some basic principles with which to start building proper, 21st century, surveillance law.
It's a great action - and technically speaking takes us to a new level I think - I look forward to adapting the code for other campaigns I'm involved with. I appreciate the background and your work involved in bringing groups together internationally.
But my question is, with the publication/confirmation yesterday of the basis of the US drone assassination program in NSA cellphone spying (see https://firstlook.org/theintercept/article/2014/02/10/the-ns...), will you be incorporating a demand to reign in the NSA because their surveillance is killing innocent people? I think it is a real opportunity to reach out to many other groups and individuals who are opposed to and organizing against the drones both in the US and abroad.
> The short answer is that you're signing your support for a set of 13 principles on the application of human rights to communications surveillance
Yesterday, I was this close to putting my name+email there, until I thought "wait, what am I even signing for, either this might actually accomplish something important and I really should know what exactly before I can honestly give my support, or it's a rather meaningless gesture carrying just a vague anti-surveillance sentiment" (given the names and people involved I was pretty sure it was the former, but not knowing what I'd feel disingenuous about just adding my name to a list "just, make it better, or something").
"Likely the most impactful thing you can do right now is to add the banner to your own site and ask the companies you work for to do the same."
Why do you feel this is the most impactful thing that [I] can do? Specifically, do you believe that putting a banner on webpages will prompt more phone calls to legislators, which will in turn lead to the reduction of surveillance?
The video is heavy handed (actors and names-the-common-person-would-know with sweeping music) saying that surveillance is bad, but it's never clearly articulated _why_ one should believe that data mining by the government is wrong (besides unqualified claims of it being unconstitutional and against imagined civil liberties).
I personally think that there's risk in allowing a government to harvest and store data indefinitely (primarily because an unscrupulous politique could perform a character assassination to push a narrative), but I'm not the target audience for this advertisement.
I switched into writing Markdown by accident. We've got the site frontend running on jekyll so it's static and easy to scale, and I've gotten too used to using the syntax.
Assuming these comments are being watched. The "thirteen principles" link on the main page gives a 404, it looks like there was a copy/paste error, it goes to:
> We're really interested in getting feedback on how future campaigns can be better
I'd recommend addressing the actual problem, which the all-encompassing surveillance is a symptom of. The actual problem is that there is a government in place. For more information, look up Stefan Molyneux, Larken Rose, Michael Huemer, Murray Rothbard, David Friedman, etc.
And the actual problem that cancer is a symptom of is that we have bodies. So we should really be working towards the Matrix, not doing dead-end research on curing or treating diseases.
You're not following, but that's expected. It's not exactly difficult to see reasons for why governments should not exist. They're all around you, and there are countless of them.
As a very simple example, why are laws like SOPA and CISPA passed in secret, unless there's a massive uprising against them? Obviously, they're passed in secret, or stealthily, or all of a sudden - they're just rammed through exactly because they know the people would be against these laws if they only fucking KNEW ABOUT THEM.
Did you think defeating SOPA would be meaningful in the grand scheme of things? If they're passing one law that's harmful to the masses and against their will, why wouldn't they pass another? .. and another, and another?
Well, if they're passing harmful and unnecessary laws all the fucking time, do you think they just might not be on your side? I mean, how difficult is it to figure out that "your" representatives don't actually represent you? They're constantly passing laws that are against your will, after all. Oh, and they're extorting you too! (It's called "taxation" to make it more palatable)
Now then, since it's obvious that the government and its legislators are not on your side - contrary to what people commonly believe, strangely enough - doesn't it make you wonder whether having a government is a good idea in the first place?
Ah, this again. Is there something special about all those services that makes them impossible to provide with money that has not been extorted from millions of people?
That FUD is not relevant to my question, and I don't have the time and energy to dissect his contrived, unrealistic fearmongering scenario now.
But for example, why would other people let Mike pollute the water despite everyone else having signed the "Filter Pact"? Mike's selfish actions would directly affect other people making a living, and therefore, some kind of intervention would be warranted - and would happen too! After that, everything is fine again.
Even if you're silly enough to argue against your own freedom, you can't just leave things at presenting a problem, expecting it would not get solved, and thinking you've proven that freedom "doesn't work".
It's not difficult to see that government should not exist ... Do you have any idea how ridiculous you sound? No one should take you seriously; I don't see what espousing that ideology is going to get you.
Did you even read what I wrote? But I get it. It's difficult to process this information.
> No one should take you seriously
Don't just take my word for it. Go investigate the collective works of the people I listed above. If you do that, you'll agree with me (unless you've been severely traumatized as a child).
> I don't see what espousing that ideology is going to get you.
Me? -Possibly nothing. But it's good if I can help ordinary people everywhere avoid whatever seriously unpleasant fate awaits us all if we don't wake up in time. People not being subjected to coercion is not much of an ideology by the way.
Government exists for all animals. It is an immutable fact of the universe. Ants have government. Termites have government. Naked mole rats have government. Wolves and caribou have government.
It's not up to us. All we can do is decide what structure the government will take.
> Government exists for all animals. It is an immutable fact of the universe. Ants have government. Termites have government.
Wow. At least you're being original :p
> All we can do is decide what structure the government will take.
Actually, as long as we have rulers, we can't even do that. You may be aware of the US quickly turning into a nasty police state. Do you think the people being "governed" had a say in that?
Saying "let's get rid of rulers" is like saying "let's get rid of the ends of a piece of string." It's a logical impossibility. All you can do is replace rulers.
And how does massive social change come about? Via organized campaigns. Which have leaders. Who become the new rulers if they succeed.
In the last century the Chinese and Russians collectively agreed to give up concepts of property and privilege for the betterment of all. Except, some of them only pretended to do that. So they ended up with everyone else's property and privilege.
It's not hard to convince every single person that they should not be ruled. It's impossible to convince every single person that they should not rule. There's always someone who thinks they could do it better if they were in charge.
Since you are asking for feedback, I heard this on IRC when I mentioned adding thedaywefightback.js to a site I manage.
<Erkan_Yilmaz> lukeshu did you tell 'em already:
#findTheError "The Day We Fight Back" against mass
surveillance has on its website #twitter and
#facebook offered (only) thedaywefightback.org
That said, I'm not personally sure what's popular these days in terms of decentralized social networking.
I'll preface by saying that the USA freedom act will pass because congress does not like finding out when an agency is going behind their backs, and also voting against it is electoral suicide in close districts. So, in my opinion a calling campaign is a gestural action.
That said, fighting an information war against intelligence apparatus is a losing battle. This will only push the program deeper into the classified bowels of the massive US intelligence machine. They are currently operating through classified intelligence and loopholes, and once the FISA court loophole is closed they will find or produce another.
politicians ignore campaign promises You should back or elect different candidates. Don't simply choose the candidate others have chosen for you, get involved earlier in the process to make sure the person you're voting for has a greater chance of voting for the issues you care deeply for.
That worked really poorly with the last "Hope & Change" candidate.
If you suggest voting for an independent... That is sort of a pipedream in the current US election climate. Noble thought and effort to push for such a candidate, but they have little to no chance of actually being electable. And even if they do get elected... Whats to stop them from being totally corrupted, or just overtly ignored by the rest of the government?
You think Obama had a hard time pushing through legislation? Just wait till some independent has to fight both Dems & Repubs on every issue because he/she isn't part of either party (and basically a slap in the face to their power structure.)
Edit: The biggest issue (in my opinion) at this point is the two party system that is entrenched beyond belief.
> Edit: The biggest issue (in my opinion) at this point is the two party system that is entrenched beyond belief.
Entrenched to hopelessness.
Money buys politicians so much power and there is no amount of regulation (which would have to be passed by those in power and getting the money, HA!) that could curtail it. Eventually you are going to step on someone's first amendment right to "say" (buy ads upon ads upon ads) what they want for/against another candidate.
I think the only way I can hope for actual change is for more people to get involved and not be so easily swayed by various types of media. But the majority is lazy..
In the election of my local representative there are only two realistic contenders - both from the 2 main parties. No one else has the resources to send out all the junk mail and recruit all the college kids to harass people.
And the funny thing is - just like probably most of the congress people - our representative isn't really all that bad. She's just not really good. She's just a nice old lady that's a vanilla career democrat. The chances she'll be voted out are effectively zero.
So I just don't vote for people any more (i leave it blank). However, I still go to the polls to do the ballot initiatives
Next time you do this, you should create a widget for calling Congressmen directly, the way Tumblr did it with SOPA last year I think. Calls are much more effective than signatures or emails and I barely even see a 2-step call to action for it. It should be the big immediate and obvious call to action right on the front.
Oh, and this shouldn't be only a single day thing. I mean I see no reason why this couldn't have gone for a whole month, or even in perpetuity, and ask websites to keep it until we see real change from Congress.
When I shared the link with a friend he mentioned he was uncomfortable giving his number and email address. Maybe consider having a link close to those fields to help the visitor find the number or email address of their Representative. That way if someone doesn't want to give out that information there is a quick alternative available.
Yes, this is always what I look for when I see one of these sites. As well-intentioned as you may be, I have no way of verifying that you're not putting me on a bother/solicit list, so the thing that is most likely to get me to participate is if you take all the "we do it for you" machinery and have an option where I can walk through the flowchart myself. Provide me a way of doing the mapping from my home address to the relevant phone numbers myself, then coach me on exactly what to say when I call.
Exactly. It's asking to help get back privacy by giving private information. I understand why it's done, and it's quite useful to a lot of people. Still, having another option would be nice.
Assuming you're not trolling, why would you not assume this about Hacker News as well? This place has practically become a hangout for armchair dissidents, and employees from many large tech companies are known to post here. It would make the perfect honeypot.
It's not ideal, of course, but in the short term since there seems to be no political appetite for relinquishment or meaningful reform then technical mitigation strategies - if they can be sufficiently popularised - may help to reduce the harm resulting from mass surveillance.
Ultimately the solution is both political and technical. When politicians or other public figures make claims that what's going on is "not mass surveillance" or try to imply that collecting metadata is unimportant then they should be challenged.
It's not little - it's quite comprehensive. Excellent job done. It's explained quite well in a very enjoyable writing style.
I think anyone who knows enough to add a banner to a webpage can work their way through the document.
It's a good idea to promote it as an alternative because from the outside at least, it seems freedombox has lost momentum since the privoxy release, even though the idea is sound.
I didn't mean to belittle it all, I'm well impressed with it. Nicely explained for the most part and I saw afterwards that it's up on github too so it's easy to send in corrections for it.
I had to look up Friendica and Movim to see what they were (I'd never heard of them before), it'd be nice to have links to the respective homepages, so off I'll go and add them in.
No problems, I can see one or two bits that I think could do with clarifying (not least to get rid of emacs :P ). I'll have a go at it this evening and take notes.
The particular editor isn't all that important. You could just use nano or vi. I don't think any of the instructions contain anything really Emacs specific.
I happen to use Emacs and the source for the site is an org-mode document, which makes editing it very easy. Exporting it as HTML is a few key presses.
As a vi user, i'd be willing to leave the great war to one side and give nano the thumbs up, many people not used to the console struggle to quit out of vi or emacs while being competent with sublime text or notepad++. nano works better for them.
These instructions have been put together recently - mostly in January this year. It's an ongoing effort to include as much useful communications software as possible.
This is really, really, well done. It'd be nice with some simple styling, to not make it look too "alpha-geek" to the wider tech sphere. Otherwise, cracking work.
* don't use md5 as a security feature! I suggest to replace the use of md5sum with sha256sum (not even sha1sum is really safe anymore). The only use of seeing md5 in security contexts is to indicate that the person recommending its use doesn't understand security, which may admittedly be a worthwhile feature in itself. Perhaps you're really saying "this is one of the weak links in our security chain, the source code we're getting here might be hijacked or have huge security holes, and I haven't checked the sources, so it doesn't matter much anyway whether you're using the same sources as me anyway"? Then perhaps point this out, like using sha256sum and at the same time mention "(although I haven't verified the source code against security issues or backdoor (yet?))".
* I'm not a cryptologist, but regarding "the security of encryption depends upon how random the pseudo-random number generation on your system.." I think that's the wrong use of the term "pseudo-random number", as /dev/random really is about randomness, not pseudo-random numbers at all. /dev/urandom does stretch the collected entropy using pseudo-random number generation, but I think even the phrase "how random the pseudo-random generation" is mathematical nonsense, as it's not random at all, just random-looking when not knowing the generator inputs. Perhaps say "The security of encryption depends upon the randomness of the random source used on your system"?
(* I think the NSA is able to track you anyway, regardless of whether you're using your own server on the same IP or not. Thus the suggestion "make you more vulnerable to traffic analysis" will probably only hold for companies trying to track you.)
Good points. Thanks. I used md5sum mainly because it was given on the original sites from which software was downloaded, but if sha256sum is more unique then I'll use that instead.
Although there are some systems where I'm familiar with the code - such as Bitmessage - in most cases I havn't personally checked the code myself. Ideally Freedombone would be a pure blend (I think that's also the aim of FreedomBox), but for now it does involve downloading some non-packaged systems.
That makes it sound like you're thinking that the chances for a conflict (same hash value) depend just on the size of the hash value. But it's worse than that, thanks to algorithmic insights, inputs that produce the same hash value can be found more cheaply than just by chance. Also, they can be found so cheaply that it's computationally trivial to do even for an individual [1]. Thus anyone who can change what data you receive, can trivially also make it hash to the same MD5. (I haven't checked whether publicly available software exists to generate conflicting files that are also, for example, valid gzip files, but I surely expect that an entity like the NSA (and perhaps blackhats, too) can create such software on their own.)
Yes, there are many sites that still tell users to check MD5 hashes. I think it's evident that those are totally worthless for some years now. Worse, it may be giving some people a false sense of security. OTOH those places might give those who do know a hint that perhaps the authors or distributors don't know about security. (Sorry for the harsh words...)
Thanks for the information about this. I didn't know that md5 was quite that easy to fool. The hashes have been duly changed to using sha256sum. I'll file bug reports for any md5 hashes that I see in future.
I used md5sum mainly because it was given on the original sites from which software was downloaded
That is indeed a limitation. I'd suggest you explain what md5sum is, how to use it, and what its limitations are -- specifically that collisions are now trivial to instrument.
Developers / vendors still relying on md5sum really should be named and shamed these days.
I mean no snark here, just clarifying my interpretation of the OP's point:
The only vote any of the mass majority has is where we spend our dollars & labors. These kinds of movements make everyone involved feel good and I do not deny this campaign is for a cause the participants feel is just...I agree in principal. However, joining another mineable database feels like doing the same thing that we are talking about curtailing, with the added potential of making participants part of a larger target if anyone threatened decides to go on the offensive. Legislators only listen to the hoi polloi when reading scripts in front of cameras or they are drumming up votes for the next election. Even more pertinent, the corporate environment that exists in the Western world has morphed to influence our every waking moment and would never allow an organized collective get too big or gain too much traction before well-publicized character attacks and disinformation fill the airwaves(or the startup is 'incorporated'). The status quo owns the media(even Reddit), the 'tubez(backbone) & most western governments(lobbying is corruption, whatever the laws have been tailored to say), thus they have the loudest message and currently control all infrastructure in this global society(think 'good ol boy' network rather than conspiracy theory). The antagonists and would-be 'movements' of late are diminishing from the public consciousness faster than other entities can make noticeable ripples: Wikileaks, Occupy Wall Street, Manning, Snowden... This is how group dynamics has worked since the dawn of tribalism. Adding sentience to the equation has potential to improve the human race above limbic compulsions but so far has only worked to increase the polarization to meet the desires of the controlling interests(most powerful? influential? smartest?).
I am sentient and have principals I believe in. These principals require me to make sacrifices sometimes, and that includes how I earn & spend my monies. I walked off a job in October that would have multiplied my income by a factor of 10, problem is they asked me to endanger myself, compromise my principals and break some really well-founded national safety codes, never mind the organizations' 'professed' safety policies. Instead, I'm living hand-to-mouth in a shack making a small fraction of my potential earnings and reading/commenting on HN. C'est la vie, I have made my choices and still sleep really well at night. Of the few dollars I make, I spend them just as judiciously as I earn them. There are unavoidable expenses in a modern society; housing, utilities, food. Other spending may seem crucial, but ultimately distill down to wants or conveniences and I've minimizing or eschewed those, too; ISP, TV signal, formal education. Then, of course, there's the disposable income and all that encompasses. How I earn & spend my money(times a factor of a few billion others), this is what drives the world economy and this is what I determined I can influence to create or realize meaningful change within 'my circle of influence'[1]. I must change myself first in order to change the world. I encourage anyone who reads this to contemplate doing the same. It's the only way to scale up a paradigm change, IMO.
PS: I also exercise my own tools that sometimes sacrifice useability in order to maintain my privacy and spread disinformation to those who believe they value my privacy more than I do; NoScript/AdBlock/Blender/UserAgent Switcher/HTTPS Everywhere/bleachbit/firewall monitoring/On+Offline switch/disposable accounts/disposable emails/old & tired maemo phone, etc... Even after two decades I still smile when a clerk says "Thank you for shopping with us today, Mr. Revell"[2].
Coordination of phone calls and emails to legislators seems to make a bigger difference than uncoordinated phone calls and emails. Posting banners on websites and sharing it on facebook isn't enough - by miles - but it helps people feel they're a part of something and if we hammer home that there are next steps to be taken maybe we can make some difference. Mockery only helps the establishment.
The objective of this is to generate awareness, and it is achieving it's goal.
My mother knows what the NSA is and sees the problem.
The only thing that might get us to a better place is to slowly change awareness and with it, will start the political pressure.
Why one day? a focused campaign will generate much more visibility.
Think of how fast the zeitgeist has changed for civil right to minorities, you'd be surprised, maybe in 10, 15 years privacy might be on it's way to being respected again.
Hashtags and banners are only helpful for raising awareness. Phone calls to congresspeople actually can have an impact. Congresspeople keep track of issues that generate a lot of phone calls, and it influences how they vote and what they spend their time on.
Well... We should tell TLAs to stop spying (we already did, long time ago, with obvious results). We should make such activity illegal (it is what's happening), because a big part of problem is secrecy and legal consequences leading to inability to tell anyone they're being spied upon.
But, indeed, sole laws are not proper security measure. And for some reason I don't see calls for any technical measures to make mass surveillance costly (and strongly believe it's necessary). We have locks and safes for a reason.
Great initiative, I've shared & supported it. But is compiling a database of (full) names and email addresses of internet dissidents really wise given that that's the very medium these organisations are abusing?
And would it be enough to deter a significant number of people from putting their details in and showing support?
I think that 1984 references, while apropos, are counterproductive. 1984 isn't documentary, and it's not prophecy; it's fiction used to make some political points. It is entirely reasonable for someone to not weight it very highly, in their assessment of likelihoods in the real world. Those not already sympathetic see comparisons to 1984 as hyperbole, those making them as out of touch with reality, and it doesn't help us seem less "tinfoil hat". Actual and potential abuses, with historical analogue, should be substantially more important - though precise reaction is hard to judge (can we get some polling done?)
From the website:
Governments worldwide need to know that mass surveillance, like that conducted by the NSA, is always a violation of our inalienable human rights.
Sorry, but the governments of the world already know this. Obama, Merkel, Hollande, Cameron or Putin isn't going to stand up proclaim: "I'm sorry, we didn't know".
It's not that we shouldn't do anything, nor do I have the answer as to what we're suppose to do, but this, "The Day We Fight Back", is pointless. Changing your Twitter icon to green didn't stop the war in Libya, the Internet "Blackout" is already forgotten and just pissed people of, it didn't encouraged anyone to resolve or change anything.
Yes, SOPA and PIPA were defeated with much fanfare and attention, while some different laws doing the same damn thing were passed just a month or two afterward.
True ... I just hate when a won battle draws attention away from a hidden, lost battle over the same ground, because in a way you're worse off if you think you won when you really lost.
The privacy policy link (international version) points to a page written in Serbian. For a campaign all about privacy, really surprised about this. Sorry, I can't give you my name and email if I can't read your privacy policy.
I really like the banner, although, in all honesty, I don't think this will have any effect on spying. I truly believe that the NSA cannot be stopped by words alone. People lie all the time. The only thing I think words can do in situations like this is drive it more underground, and make the NSA lie that everything is back to normal...
Presidents lie. Politicians lie.
Now, if every American refuses to work 1 day, and all head to the NSA's office, datacenter (and actually destroy the thing), that'd really mean taking matters into our own hands (extreme scenario, I know). The NSA knew people wouldn't like this, but they did it anyway, because nobody knew. We will never truly have 100% transparency what the NSA is doing. People can no longer trust them. Period.
> Now, if every American refuses to work 1 day, and all head to the NSA's office, datacenter (and actually destroy the thing), that'd really mean taking matters into our own hands
You forget the part where the USA is a militarized police state that, unlike (say) the Ukrainian government/police will not hesitate to use lethal force at these people.
Not that it will happen, but if it were to happen, that's what's going to happen.
Remember the police violence excesses with the peaceful Occupy protest? They didn't get friendlier in the mean time. The police did, however, get equipped with more shiny military war toys.
Since you guys are reading this, a huge thanks for putting the time and effort in to organize this. Here's hoping you are able to keep that up for the long haul.
Snowden, the NSA scandals and the subsequent political and media responses are very clear example of our right eroding. But, they are mostly concerned with the US Government and US citizens.
This is a global fight. The perpetrators and the victims are everywhere.
I find it a weirdly ironic that a protest opposing government collection of personal information, such as political affiliation, from opt in data stores on the internet consist of declaring your political affiliation in an opt in data store on the internet.
It is a positive day for the freedom of information and I am happy to support it, make the calls and emails, and tell friends about it.
I also think framing it as a one day campaign where the “fighting” involves passive action at the individual level is not a game winning strategy. It is still a great rallying signal though, and its effects have already gone beyond the single day, and for every person too lazy to change their avatar back, they will carry on for a good while longer in some way.
However, the motivation for the average person to even think about engaging such an overwhelming and invisible force as mass surveillance is very close to zero. For those who are willing, involvement seems to be passive (donating to a more capable organization, hitting a like button, resharing links), bursty (waiting for organized events to rally around), or demoralizing (low visibility of opponent, lack of support from uninterested peers or locals, extremely slow and indirect feedback loop for any action).
For these reasons, I hope that a campaign modeled as a constantly running open source game engine emerges, because that is actually just the bare minimum required for victory - to at least continue playing the game as long as your opponent is playing, no matter whether you are winning or losing at the moment.
A game model will at least make undeniably clear that there exists a thing worth playing for (your personal information perhaps), that there are actual opponents who can and will take this thing from you, and the visibility and mechanics needed for you to take action to protect that thing.
In my opinion, the front page should really, really highlight the call-back-and-show-script feature. Sending this out to family and friends, this is the piece I really want them to see.
266 comments
[ 2.3 ms ] story [ 324 ms ] threadFor those in the US, though, please do call your representatives.
* It's clearly going to take more than a day to achieve a positive outcome in a system that was established over many decades
* What happens when "the day" ends?
* Since the action is framed as "the day", this is how the media will report on it - including outcomes of the day. These outcomes, whatever they are, will be packaged with the day and thus more easily dismissed than, say, "the movement" (which continues to grow) or "the tide" (that is turning) or "the big cleanup" (which must be repeated regularly)
If something like this took place once a year (where sites protest mass surveillance) it would assure that people continue to discuss the issue instead of slowly forgetting about it.
Labeling the effort "The Day We Fight Back" has a certain "shock" value that intrigues people. If instead it were marketed as "let's talk about long-term strategies for dismantling mass-surveillance" support would probably trickle in.
After all, signing a petition or putting a url on your site isn't really "fighting back," it's a protesting.
Getting out a message means bringing as many voices together at the same time. Getting press coverage. Making noise.
Diluting that influence over a longer period of time dilutes the call.
That said: yes, a longer-term call to action would be a damned good thing.
But the real danger is with the next battle. I think we are going to see a major showdown over legality of encryption generally within the next few years with a push for legally required back-doors (since it will be harder to guarantee cooperation unofficially and there is almost certain to be a lot of effort into guaranteeing better security). That's the one we should be steeling ourselves for.
So I won't be participating in this "The Day We Fight Back" not because I think it is unimportant but because I think it is too important than to relegate to a day of action.
But you're right the battle is much bigger than that.
https://en.wikipedia.org/wiki/Edward_Snowden#Temporary_asylu...
Many of the people organizing this campaign worked on any number of different campaigns over the last 6 months (Stop Watching Us, Restore the Fourth rallies, a rally in DC, Defund The NSA), so we'd be the last to say that this is the only day you should take action.
Rather, this is a single day for all of us who care about the isuee to rally round and do something to reach a critical mass of action that gets noticed on capitol hill. And also to help educate people who've tuned out of NSA stories by reiterating all the things the NSA is doing to erode privacy.
To be honest, I am jaded enough to wonder how much politics actually matters here. The NSA isn't going to stop spying on us because Congress tells them to. It isn't even clear that Congress knows enough about what is going on to really oversee it. And if they don't, then what? We get some feel-good legislation which purports to solve the situation but really just plants the seeds of the next great abuse. That's exactly what happened with FISA.
The current battleground is not on Capitol Hill. it is in the insistence that we make companies pay for what they are doing with the NSA and insist on the development of secure alternatives.
The next battleground (as we make gains in private industry) will be in Capitol Hill, and believe me, when it comes, we will need business interests to be on our side.
<boggle> History, people. History. This showdown already happened and the intelligence services lost.
Well, it is too short notice for me to invest the time to black out my website, so I will not be supporting this. Maybe there will be a similar action next year that I will support, if it is better advertised beforehand.
That's not entirely their fault, advertising is not free. You don't have to be all snobby about it. Sheesh.
For example, crowdsourced black hat hacking bad links to any companies funding NSA loving politicians?
Resolve to push for encryption if there is any PII data in an app that you work with especially if it is a e-mail/mobile/social app. at scale
Refuse to work with/at NSA until their policies change
Refuse to participate in any committee/standards body, conferences, with NSA employees (or their cohort companies who have willingly forsaken the public's interests)
Encourage non-tech folks to adopt stronger privacy practices
etc etc...
Don't agree with this. Boycotts relying on cooperation and trust between unorganized members are doomed to fail and only hurts those that take part in such boycott.
When the NSA demands your data, you're not really entering a business partnership.
>Refuse to participate in any committee/standards body, conferences, with NSA employees (or their cohort companies who have willingly forsaken the public's interests)
That said, if you're part a committee or a standards body and you have opinions, the only way that you'll get your changes in place is if you show up.
True, but I saw the original comment as relating more to recruiting. The NSA works just as hard as any tech company to compete for skilled employees.
If you're the kind of person they want to hire, you have lots of fantastic other choices. So choose something else. Unless you're planning to pull a Snowden (and have gonads of steel).
And if you do decide to help code the surveillance state, the rest of us may take that into consideration in future hiring, buying, and investing decisions.
I am the kind of person they'd want to hire and what has kept me from applying is the relative low pay and not being in my area. As an engineer, you'd get access to cool tech in an interesting domain.
>And if you do decide to help code the surveillance state, the rest of us may take that into consideration in future hiring, buying, and investing decisions.
Really? Because you don't use Amazon, Microsoft, Google? You wouldn't hire a qualified candidate if she had worked at the NSA?
Because every employee working for the NSA is doing a-thing-that-you-don't-like(tm) and not something different or important. I wouldn't want to work for someone that simplifies complex issues anyway.
Why not focus on a very limited number of simple to understand technical goals. For example, you could advocate the creation of private encrypted tunnels between large corporate networks. So that all traffic is routed by default over a VPN if such a route exists. This lets encryption be a compliance issue for an IT department rather than a user level app problem.
Likely the most impactful thing you can do right now is to add the banner to your own site and ask the companies you work for to do the same. We've tried to make it as easy as possible to add the banner; you can find all the options (including a Cloudflare app and Wordpress plugins) here: https://github.com/tfrce/thedaywefightback.js
Pushing for technical solutions to the surveillance is also really important. Friends at Fight for the Future are launching a campaign along those lines as soon as this one wraps up, and there are a lot of open source projects (e.g. the great work done by [Whisper Systems](https://whispersystems.org)) that deserve attention.
But legislation and technology need to work hand in hand for things to change in the long run. Even if we have decent technical solutions, legal measures can easily limit the scope of their success (see Lavabit).
One crucial piece of information I haven't been able to find is what happens to the names and email addresses people enter. How does filling in those boxes amount to taking action?
I am strongly opposed to mass surveillance, but thedaywefightback.org doesn't seem to be communicating successfully how exactly it is going to help. If it is doing something that will truly help (which seems likely, but I can't really tell), that needs to be clear in its message, and it isn't.
Edit: Changes are up. It's not perfect, but hopefully it addresses some of your concerns.
On the technical front if you're a software engineer you can spend some of your time helping to develop, test and debug the various encrypted communication systems. Often security audits are needed. If you're not a software engineer then find out how to use encryption tools - PGP, XMPP/OTR, Tor, Bitmessage, etc and encourage your friends to use them.
So they'll be a shorter version of this on the main site soon, but I can spell it out at greater length and more informally here. (I'm EFF's International Director, btw)
The short answer is that you're signing your support for a set of 13 principles on the application of human rights to communications surveillance ( see https://necessaryandproportionate.net/ ), that were worked out last year (pre-Snowden, actually) by a coalition of technologists, privacy activists, and legal scholars.
The long answer: We've been using this language to push the idea in international venues and among key lawmakers in various countries that mass surveillance (as well as a bunch of other practices conducted by the NSA and other spooks, including corruption of crypto standards and backdoors) is a violation of existing human rights standards.
This is important internationally because if the NSA gets away with its current behaviour, it'll establish a norm that such surveillance is okay for any government to conduct. We need to push back against that norm.
To do so, diplomats, policymakers and others need language and arguments to back that up.
The Principles give them that language in a familiar context (and we're working together to provide more detailed arguments and other legal guides). It has found favor among politicians, experts and other influential people I think partly because the smarter ones are genuinely worried that pervasive surveillance really could undermine their own societies -- they recognise what it could do in the wrong hands as much as anyone else.
In providing that leverage, it helps to convey that it's not just a bunch of domain experts that think forbidding mass surveillance is a bad idea, but that an increasingly large number of citizens find it abhorrent. That's what the signatures will do. It really makes a difference in this arena, because so few obscure technical documents have hundreds of thousands of supporters :)
I'd encourage anyone who wants to understand better how we're trying to get all governments, not just the US, to craft better surveillance legislation to read the full text of the principles at https://necessaryandproportionate.net/text You can also ask me questions at danny@eff.org . It's a long haul project, and we're conducting it alongside legal actions in the US and abroad, shoring up and disseminating crypto tools, and other non-policy defences. But it's pretty amazing to get unanimity with hundreds of privacy groups on some basic principles with which to start building proper, 21st century, surveillance law.
1. Legality - privacy restrictions must be prescribed by law.
2. Legitimate Aim - What you want to break privacy for must be to support laws.
3. Necessity: We cannot (reasonably) achieve the aim without breaching privacy.
4. Adequacy: Listening to your phone calls must reasonably allow us to achieve the aim.
5. Proportionality: Don't listen to everyone when only some will do.
6. Competent Judicial Authority: Any breach of privacy must be authorised by Independant, capable judges.
7. Due process: Who follow a clear process
8. User notification: and tell you you are being watched (unless that might hurt the Aim)
9. Transparency: We get to see the metadata on their phone tapping
10. Public oversight: and a few of us get to see everything not just the metadata
11. Integrity of communications and systems: backdoors are not allowed, if you are bugging us legally, you dont need a back door
12: Safeguards for international cooperation: No playing arbitrage with different jurisdictions
13: Safeguards against illegitimate access: and secure your stuff.
I hope those help
But my question is, with the publication/confirmation yesterday of the basis of the US drone assassination program in NSA cellphone spying (see https://firstlook.org/theintercept/article/2014/02/10/the-ns...), will you be incorporating a demand to reign in the NSA because their surveillance is killing innocent people? I think it is a real opportunity to reach out to many other groups and individuals who are opposed to and organizing against the drones both in the US and abroad.
Yesterday, I was this close to putting my name+email there, until I thought "wait, what am I even signing for, either this might actually accomplish something important and I really should know what exactly before I can honestly give my support, or it's a rather meaningless gesture carrying just a vague anti-surveillance sentiment" (given the names and people involved I was pretty sure it was the former, but not knowing what I'd feel disingenuous about just adding my name to a list "just, make it better, or something").
Knowing this now, I signed it right away.
Why do you feel this is the most impactful thing that [I] can do? Specifically, do you believe that putting a banner on webpages will prompt more phone calls to legislators, which will in turn lead to the reduction of surveillance?
The video is heavy handed (actors and names-the-common-person-would-know with sweeping music) saying that surveillance is bad, but it's never clearly articulated _why_ one should believe that data mining by the government is wrong (besides unqualified claims of it being unconstitutional and against imagined civil liberties).
I personally think that there's risk in allowing a government to harvest and store data indefinitely (primarily because an unscrupulous politique could perform a character assassination to push a narrative), but I'm not the target audience for this advertisement.
I can't edit that comment any more (time expired), but the correct link is https://whispersystems.org
https://thedaywefightback.org/international/”https://necessa...
I'd recommend addressing the actual problem, which the all-encompassing surveillance is a symptom of. The actual problem is that there is a government in place. For more information, look up Stefan Molyneux, Larken Rose, Michael Huemer, Murray Rothbard, David Friedman, etc.
As a very simple example, why are laws like SOPA and CISPA passed in secret, unless there's a massive uprising against them? Obviously, they're passed in secret, or stealthily, or all of a sudden - they're just rammed through exactly because they know the people would be against these laws if they only fucking KNEW ABOUT THEM.
Did you think defeating SOPA would be meaningful in the grand scheme of things? If they're passing one law that's harmful to the masses and against their will, why wouldn't they pass another? .. and another, and another?
Well, if they're passing harmful and unnecessary laws all the fucking time, do you think they just might not be on your side? I mean, how difficult is it to figure out that "your" representatives don't actually represent you? They're constantly passing laws that are against your will, after all. Oh, and they're extorting you too! (It's called "taxation" to make it more palatable)
Now then, since it's obvious that the government and its legislators are not on your side - contrary to what people commonly believe, strangely enough - doesn't it make you wonder whether having a government is a good idea in the first place?
But for example, why would other people let Mike pollute the water despite everyone else having signed the "Filter Pact"? Mike's selfish actions would directly affect other people making a living, and therefore, some kind of intervention would be warranted - and would happen too! After that, everything is fine again.
Even if you're silly enough to argue against your own freedom, you can't just leave things at presenting a problem, expecting it would not get solved, and thinking you've proven that freedom "doesn't work".
Did you even read what I wrote? But I get it. It's difficult to process this information.
> No one should take you seriously
Don't just take my word for it. Go investigate the collective works of the people I listed above. If you do that, you'll agree with me (unless you've been severely traumatized as a child).
> I don't see what espousing that ideology is going to get you.
Me? -Possibly nothing. But it's good if I can help ordinary people everywhere avoid whatever seriously unpleasant fate awaits us all if we don't wake up in time. People not being subjected to coercion is not much of an ideology by the way.
It's not up to us. All we can do is decide what structure the government will take.
Wow. At least you're being original :p
> All we can do is decide what structure the government will take.
Actually, as long as we have rulers, we can't even do that. You may be aware of the US quickly turning into a nasty police state. Do you think the people being "governed" had a say in that?
The only possible solution is to have no rulers.
In the last century the Chinese and Russians collectively agreed to give up concepts of property and privilege for the betterment of all. Except, some of them only pretended to do that. So they ended up with everyone else's property and privilege.
It's not hard to convince every single person that they should not be ruled. It's impossible to convince every single person that they should not rule. There's always someone who thinks they could do it better if they were in charge.
Since you are asking for feedback, I heard this on IRC when I mentioned adding thedaywefightback.js to a site I manage.
That said, I'm not personally sure what's popular these days in terms of decentralized social networking.Second there are two tricky bits of the workflow that didn't quite work for me.
1. Feinstein doesn't have a mailbox, and if you wait on hold for more than 2 minutes the line hangs up.
There was no mechanism to have tdwfb "try again later." So now the burden is on me again. (tiny violin)
2. I was connected to two congresspeeps.
Only one is valid, but zip is ambiguous. I suggest that if someone spends time talking to the first rep, then the second shouldn't even be mentioned.
That said, fighting an information war against intelligence apparatus is a losing battle. This will only push the program deeper into the classified bowels of the massive US intelligence machine. They are currently operating through classified intelligence and loopholes, and once the FISA court loophole is closed they will find or produce another.
If you suggest voting for an independent... That is sort of a pipedream in the current US election climate. Noble thought and effort to push for such a candidate, but they have little to no chance of actually being electable. And even if they do get elected... Whats to stop them from being totally corrupted, or just overtly ignored by the rest of the government?
You think Obama had a hard time pushing through legislation? Just wait till some independent has to fight both Dems & Repubs on every issue because he/she isn't part of either party (and basically a slap in the face to their power structure.)
Edit: The biggest issue (in my opinion) at this point is the two party system that is entrenched beyond belief.
Entrenched to hopelessness.
Money buys politicians so much power and there is no amount of regulation (which would have to be passed by those in power and getting the money, HA!) that could curtail it. Eventually you are going to step on someone's first amendment right to "say" (buy ads upon ads upon ads) what they want for/against another candidate.
I think the only way I can hope for actual change is for more people to get involved and not be so easily swayed by various types of media. But the majority is lazy..
And the funny thing is - just like probably most of the congress people - our representative isn't really all that bad. She's just not really good. She's just a nice old lady that's a vanilla career democrat. The chances she'll be voted out are effectively zero.
So I just don't vote for people any more (i leave it blank). However, I still go to the polls to do the ballot initiatives
When I shared the link with a friend he mentioned he was uncomfortable giving his number and email address. Maybe consider having a link close to those fields to help the visitor find the number or email address of their Representative. That way if someone doesn't want to give out that information there is a quick alternative available.
http://freedombone.uk.to/
It's not ideal, of course, but in the short term since there seems to be no political appetite for relinquishment or meaningful reform then technical mitigation strategies - if they can be sufficiently popularised - may help to reduce the harm resulting from mass surveillance.
Ultimately the solution is both political and technical. When politicians or other public figures make claims that what's going on is "not mass surveillance" or try to imply that collecting metadata is unimportant then they should be challenged.
How up to date are the instructions?
I think anyone who knows enough to add a banner to a webpage can work their way through the document.
It's a good idea to promote it as an alternative because from the outside at least, it seems freedombox has lost momentum since the privoxy release, even though the idea is sound.
I had to look up Friendica and Movim to see what they were (I'd never heard of them before), it'd be nice to have links to the respective homepages, so off I'll go and add them in.
I happen to use Emacs and the source for the site is an org-mode document, which makes editing it very easy. Exporting it as HTML is a few key presses.
Until such time as FreedomBox or maybe ArkOS are in a more developed condition this is about the best I can manage.
https://github.com/fuzzgun/freedombone
Presentation and clear readability is certainly an important factor.
http://pastebin.com/7sGiHBwF
... it's just a set of styles I slap on blank pages myself.
Consider it GPL v2 or better, BSD / MIT licensed, though honestly, I couldn't care less how it's used or by whom.
* don't use md5 as a security feature! I suggest to replace the use of md5sum with sha256sum (not even sha1sum is really safe anymore). The only use of seeing md5 in security contexts is to indicate that the person recommending its use doesn't understand security, which may admittedly be a worthwhile feature in itself. Perhaps you're really saying "this is one of the weak links in our security chain, the source code we're getting here might be hijacked or have huge security holes, and I haven't checked the sources, so it doesn't matter much anyway whether you're using the same sources as me anyway"? Then perhaps point this out, like using sha256sum and at the same time mention "(although I haven't verified the source code against security issues or backdoor (yet?))".
* I'm not a cryptologist, but regarding "the security of encryption depends upon how random the pseudo-random number generation on your system.." I think that's the wrong use of the term "pseudo-random number", as /dev/random really is about randomness, not pseudo-random numbers at all. /dev/urandom does stretch the collected entropy using pseudo-random number generation, but I think even the phrase "how random the pseudo-random generation" is mathematical nonsense, as it's not random at all, just random-looking when not knowing the generator inputs. Perhaps say "The security of encryption depends upon the randomness of the random source used on your system"?
(* I think the NSA is able to track you anyway, regardless of whether you're using your own server on the same IP or not. Thus the suggestion "make you more vulnerable to traffic analysis" will probably only hold for companies trying to track you.)
Although there are some systems where I'm familiar with the code - such as Bitmessage - in most cases I havn't personally checked the code myself. Ideally Freedombone would be a pure blend (I think that's also the aim of FreedomBox), but for now it does involve downloading some non-packaged systems.
That makes it sound like you're thinking that the chances for a conflict (same hash value) depend just on the size of the hash value. But it's worse than that, thanks to algorithmic insights, inputs that produce the same hash value can be found more cheaply than just by chance. Also, they can be found so cheaply that it's computationally trivial to do even for an individual [1]. Thus anyone who can change what data you receive, can trivially also make it hash to the same MD5. (I haven't checked whether publicly available software exists to generate conflicting files that are also, for example, valid gzip files, but I surely expect that an entity like the NSA (and perhaps blackhats, too) can create such software on their own.)
[1] "produce a collision for two inputs with specified prefixes within hours, using off-the-shelf computing hardware": https://en.wikipedia.org/wiki/Md5#Security
Yes, there are many sites that still tell users to check MD5 hashes. I think it's evident that those are totally worthless for some years now. Worse, it may be giving some people a false sense of security. OTOH those places might give those who do know a hint that perhaps the authors or distributors don't know about security. (Sorry for the harsh words...)
That is indeed a limitation. I'd suggest you explain what md5sum is, how to use it, and what its limitations are -- specifically that collisions are now trivial to instrument.
Developers / vendors still relying on md5sum really should be named and shamed these days.
It's much harder work than writing snarky one liners on some internet forum for nerds whilst you sip your expensive coffee.
This is the day to ask them to stop spying, and to ask our leaders to make them stop spying.
The only vote any of the mass majority has is where we spend our dollars & labors. These kinds of movements make everyone involved feel good and I do not deny this campaign is for a cause the participants feel is just...I agree in principal. However, joining another mineable database feels like doing the same thing that we are talking about curtailing, with the added potential of making participants part of a larger target if anyone threatened decides to go on the offensive. Legislators only listen to the hoi polloi when reading scripts in front of cameras or they are drumming up votes for the next election. Even more pertinent, the corporate environment that exists in the Western world has morphed to influence our every waking moment and would never allow an organized collective get too big or gain too much traction before well-publicized character attacks and disinformation fill the airwaves(or the startup is 'incorporated'). The status quo owns the media(even Reddit), the 'tubez(backbone) & most western governments(lobbying is corruption, whatever the laws have been tailored to say), thus they have the loudest message and currently control all infrastructure in this global society(think 'good ol boy' network rather than conspiracy theory). The antagonists and would-be 'movements' of late are diminishing from the public consciousness faster than other entities can make noticeable ripples: Wikileaks, Occupy Wall Street, Manning, Snowden... This is how group dynamics has worked since the dawn of tribalism. Adding sentience to the equation has potential to improve the human race above limbic compulsions but so far has only worked to increase the polarization to meet the desires of the controlling interests(most powerful? influential? smartest?).
I am sentient and have principals I believe in. These principals require me to make sacrifices sometimes, and that includes how I earn & spend my monies. I walked off a job in October that would have multiplied my income by a factor of 10, problem is they asked me to endanger myself, compromise my principals and break some really well-founded national safety codes, never mind the organizations' 'professed' safety policies. Instead, I'm living hand-to-mouth in a shack making a small fraction of my potential earnings and reading/commenting on HN. C'est la vie, I have made my choices and still sleep really well at night. Of the few dollars I make, I spend them just as judiciously as I earn them. There are unavoidable expenses in a modern society; housing, utilities, food. Other spending may seem crucial, but ultimately distill down to wants or conveniences and I've minimizing or eschewed those, too; ISP, TV signal, formal education. Then, of course, there's the disposable income and all that encompasses. How I earn & spend my money(times a factor of a few billion others), this is what drives the world economy and this is what I determined I can influence to create or realize meaningful change within 'my circle of influence'[1]. I must change myself first in order to change the world. I encourage anyone who reads this to contemplate doing the same. It's the only way to scale up a paradigm change, IMO.
PS: I also exercise my own tools that sometimes sacrifice useability in order to maintain my privacy and spread disinformation to those who believe they value my privacy more than I do; NoScript/AdBlock/Blender/UserAgent Switcher/HTTPS Everywhere/bleachbit/firewall monitoring/On+Offline switch/disposable accounts/disposable emails/old & tired maemo phone, etc... Even after two decades I still smile when a clerk says "Thank you for shopping with us today, Mr. Revell"[2].
[1]https://www.stephencovey.com/7habits/7habits-habit1.php<...
The objective of this is to generate awareness, and it is achieving it's goal.
My mother knows what the NSA is and sees the problem.
The only thing that might get us to a better place is to slowly change awareness and with it, will start the political pressure.
Why one day? a focused campaign will generate much more visibility.
Think of how fast the zeitgeist has changed for civil right to minorities, you'd be surprised, maybe in 10, 15 years privacy might be on it's way to being respected again.
But, indeed, sole laws are not proper security measure. And for some reason I don't see calls for any technical measures to make mass surveillance costly (and strongly believe it's necessary). We have locks and safes for a reason.
And would it be enough to deter a significant number of people from putting their details in and showing support?
We have an issue of education and clear message. Especially how this counters the Constitution.
Maybe a push for everyone to read "1984" :)
From the website: Governments worldwide need to know that mass surveillance, like that conducted by the NSA, is always a violation of our inalienable human rights.
Sorry, but the governments of the world already know this. Obama, Merkel, Hollande, Cameron or Putin isn't going to stand up proclaim: "I'm sorry, we didn't know".
It's not that we shouldn't do anything, nor do I have the answer as to what we're suppose to do, but this, "The Day We Fight Back", is pointless. Changing your Twitter icon to green didn't stop the war in Libya, the Internet "Blackout" is already forgotten and just pissed people of, it didn't encouraged anyone to resolve or change anything.
SOPA and PIPA were defeated after several legislators changed their stance, purportedly in response to phone calls surrounding the blackout.
Victory?!
Whenever I see something like this, I think of Inigo Montoya:
Presidents lie. Politicians lie.
Now, if every American refuses to work 1 day, and all head to the NSA's office, datacenter (and actually destroy the thing), that'd really mean taking matters into our own hands (extreme scenario, I know). The NSA knew people wouldn't like this, but they did it anyway, because nobody knew. We will never truly have 100% transparency what the NSA is doing. People can no longer trust them. Period.
You forget the part where the USA is a militarized police state that, unlike (say) the Ukrainian government/police will not hesitate to use lethal force at these people.
Not that it will happen, but if it were to happen, that's what's going to happen.
Remember the police violence excesses with the peaceful Occupy protest? They didn't get friendlier in the mean time. The police did, however, get equipped with more shiny military war toys.
This is a global fight. The perpetrators and the victims are everywhere.
I also think framing it as a one day campaign where the “fighting” involves passive action at the individual level is not a game winning strategy. It is still a great rallying signal though, and its effects have already gone beyond the single day, and for every person too lazy to change their avatar back, they will carry on for a good while longer in some way.
However, the motivation for the average person to even think about engaging such an overwhelming and invisible force as mass surveillance is very close to zero. For those who are willing, involvement seems to be passive (donating to a more capable organization, hitting a like button, resharing links), bursty (waiting for organized events to rally around), or demoralizing (low visibility of opponent, lack of support from uninterested peers or locals, extremely slow and indirect feedback loop for any action).
For these reasons, I hope that a campaign modeled as a constantly running open source game engine emerges, because that is actually just the bare minimum required for victory - to at least continue playing the game as long as your opponent is playing, no matter whether you are winning or losing at the moment.
A game model will at least make undeniably clear that there exists a thing worth playing for (your personal information perhaps), that there are actual opponents who can and will take this thing from you, and the visibility and mechanics needed for you to take action to protect that thing.