SoylentNews is people
SoylentNews
El Reg reports
The Electronic Frontier Foundation (EFF) has pushed out its fifth annual "Who Has Your Back" report, claiming to chart tech companies' commitment to "the next frontier of user privacy".
The EFF's categorisation of what constitutes effective privacy standards for data controllers has seen it award full marks to Apple, Yahoo, and Dropbox, among others, in its 2015 report, telling netizens who has or does not have their back, or backs.
The "digital rights" lobbying group evaluated 24 companies--not on whether they shared data with commercial partners, or whether they snooped on users' devices and trafficked that data back to their own labs--but instead on the five categories we have included below.
- Follows industry-accepted best practices
- Tells users about government data demands
- Discloses policies on data retention
- Discloses government content removal requests
- Pro-user public policy opposes backdoors
Responding to The Register's questions regarding the widespread criticism of many of these companies true commitment to customers' privacy, Nate Cardozo, an EFF Staff Attorney, told us that "with this report, we ask specifically how well companies stand up to the government, not what kind of business they run. In fact, there's likely room for an entirely different report that looks at how much data companies collect, retain, and share. We may produce such a report in the future, but it wouldn't be a part of Who Has Your Back."
[...]Particularly interesting are the full marks for Dropbox, a PRISM target "partner" according to Snowden documents released earlier this month.
Original Submission
(Score: 3, Interesting) by Zz9zZ on Monday June 22 2015, @08:47PM
I'm torn between calling bullshit and respecting that the EFF is doing the best they can to rate corporate practices. I truly appreciate the rating system and feel that it is better than nothing for the average person to gain some insight into who does what. However, there are necessary details missing (all the complaints already coming into this thread) and there seems to be a total disconnect between a company being "open" and "protecting privacy". Just because a company has their data retention policy publicly available doesn't mean that its readily available to the average user, or that it is protecting their privacy.
Facebook publicly announced they will use a phone's microphone via the fb app to record conversations for advertising purposes. Is this ok just because the information is publicly available? I would say not because even some of the more tech savvy people I know were unaware, let alone the fact that they are literally spying on users.
If the EFF wants to keep publishing these reports they should step up their game and require more detailed reports that won't be laughed at. If a company fails to disclose convincing enough information about their practices, no gold star! Also, these categories are a bit black and white. I feel that retaining data for two year is a violation of privacy and the EFF should establish some basic criteria. As it stands a company can completely violate user privacy and get all 5 stars. Maybe they don't give data directly to the government, but running data through a 3rd party who DOES hand it over would be one sneaky method around these ratings.
~Tilting at windmills~
(Score: 2, Disagree) by Anonymous Coward on Tuesday June 23 2015, @12:03AM
What surprises me with the amount of bribery and corruption in the OSS community is that people think the EFF would be beyond it.
Example? Oh, how about Adblock Plus? Wladimir Palant and the gang...waiting until they've gained enough popularity that most people won't know better, then they add in a feature requiring you to opt out of certain "acceptable" ads. Then we find out that companies are paying the Adblock folks off to get on the whitelist.
Debian. What about Debian, you ask? How about the fact that their most questionable decisions in the past few years came _entirely_ after Valve announced they'd be giving some freebies to Debian developers? At that point a user's rights and privacy went straight out the window. They still won't even package Firefox in their non-free repositories, but Chromium, which stealth-downloads a closed-source extension used to read an open microphone for voice commands, gets no more than a slap on the wrist. Between that, the entire systemd travesty and Valve cozying up to devs on the Debian team, I'd trust the no-names behind Devuan or the very-much-named scumbags at Canonical before I'd trust them.
SourceForge. Oh yes, SourceForge. Bane of Soulskill and the editors at Slashdot tasked with trying to censor DICE's clickbait-haven. They take the Windows installers for no-name projects like fucking GIMP, for example, package some malware into the installer and swear on their lives that it's all for our own good.
Why Apple, Yahoo and Dropbox? Why not? Maybe they have a vested interest in trying to portray themselves as holdouts in the surveillance state, rather than the willing participants that they really are. Hand the EFF a paltry sum in donations and all of a sudden, stars for everyone. Meanwhile the EFF themselves continue to "protect" privacy in...bizarre ways. HTTPS Everywhere would be a good example. "Would you like to turn on SSL Observatory? It's totally so that we can check them against a database of certificates we have stored, to make sure no nasty hacker is trying to substitute a fake certificate in a MITM attack. It _certainly_ isn't so that we can sell a list of the most frequented, SSL-encrypted sites to the highest bidder and give them the highest-value targets to attack, both on the 'Dark Net' and off. You can trust us, we're the EFF."
No. No we can't. No American tech company can be trusted, period. We've literally _years_ of leaked documents attesting to that fact. I would put it further that no American organization, government, civilian or non-profit who claims to be protecting your privacy online can be trusted. At best, a National Security Letter(tm) and they have to bend over and take it, hand over any information, backdoor encryption routines, the whole nine yards. Either that or (likely) be tried and convicted in a secret trial held by a secret court, off to one of the black sites like the one unveiled by #gitmo2chicago. That's what makes the whole TrueCrypt story rather bone-chilling...why would the author or authors, who were clearly passionate about providing real, solid encryption solutions (judging by the source code audit) suddenly give up and disappear from public view entirely? Considering the Americans are now operating secret prisons _within their own major cities_, there's a good chance said author(s) could be rotting away in a jail with no chance for a trial, probably on some trumped up terrorism charges so nobody will bat an eye. At worst they won't need a national "security" letter because half of these companies are practically _begging_ to sell people's private lives and personal information.
Great rule to follow, don't trust people who ask you to trust them. Listen to what comes out of their mouth, watch what they do, then decide for yourself. Anyone asking (even _telling_) you to trust them has something they're trying to hide.
(Score: -1, Redundant) by Anonymous Coward on Tuesday June 23 2015, @12:06AM
The EFF isn't an American tech company.
(Score: 0) by Anonymous Coward on Tuesday June 23 2015, @12:25AM
Yes, that's why I pointed out in the same paragraph you failed to read that I would extend that lack of trust to any American organization claiming to protect user's privacy.
Nice try though. Don't tell mommy you've been trolling again, we wouldn't want you to be "grounded" from your Runescape account.