
Which companies help protect your data from the government? - mcenedella
https://www.eff.org/who-has-your-back-2013
======
higherpurpose
I don't think this "benchmark" is that relevant anymore. It feels way too
simplistic post-Snowden revelations.

I think we need a more comprehensive benchmark, that also includes the type of
security they use (perfect forward secrecy, 128+ bits of security), as well as
stuff like not tracking your _private_ conversations, and so on.

While many of the companies there fail even at _this_ benchmark, it makes it
sound like a few of them that have 4+ stars are very "privacy-focused", and
that you should feel very "safe" with them, and again, post-Snowden
revelations, I don't think that's so true anymore.

In a new benchmark, companies like Google and Linkedin would probably get 2/5
stars, or 3/5 at most. Maybe make it out of 10, so you can still include other
companies that may have privacy level at 1/10, or 3/10, which is harder to
show in this 5/5 type of rating.

If a company that _tracks everything_ receives a "top privacy rating", I don't
think the benchmark used is very useful.

~~~
chestnut-tree
_" I don't think this "benchmark" is that relevant anymore...If a company that
tracks everything receives a "top privacy rating", I don't think the benchmark
used is very useful."_

I think it is a useful comparison, but only part of the picture as you say.
For example, Google gets high marks in this EFF survey but, as you rightly
point out, you also have to balance that against the amount and type of data
that Google (and other companies) collect about users.

I don't doubt that Google has a strong committment to security. But security
and privacy, although closley related, are not the same thing. Even if Google
stops the NSA snooping on their data, that doesn't stop Google from continuing
to collect as much data about you as they possibly can. Google's comments
relating to the NSA revelations have all been couched in terms of security
(but not a word about privacy or the volume of data they collect). So yes,
better security will protect your data from government eyes, but it won't
necessarily stop companies collecting as much data as they can about you.

Just to be clear, there's no comparison between Google collecting user data
and a secretive Goverment agency with questionable motives and intentions
collecting data - one is obviously an order of magnitude worse. But that
doesn't mean it's fine for companies to track users unhindered just because
they're not the NSA. And Google arguably tracks more than anyone else. Isn't
it time we also had transparency reports from these companies about the data
they collect?

------
JD557
I feel like the title is a little bit misleading.

It should be noted that this is related to protect your privacy from
government attempts to to access such data.

Given LinkedIn's MD5 password leak, the LinkedIn Intro "MITM", and the fact
that LinkedIn asks users for their e-mail and e-mail password, when I read the
title I assumed it would be related to security issues and not legal issues.

~~~
josephlord
Original title: EFF gives LinkedIn 5 out of 6 stars for protecting your
privacy (sourcefed.com)

I guess the update is since your comment.

~~~
judk
Security is a required component of privacy. Just talking the talk of policy
is useless.

------
discostrings
This report was published in early 2013, and it appears the only update since
the beginning of May was for MySpace[0]. The report doesn't take into account
any of the new information we acquired in 2013 or the "transparency reports"
some of these companies have added. As others have pointed out, considering
what we know now, the approach (or at least the categories) probably isn't
particularly relevant anymore--we need to take much more into consideration.
I'm looking forward to what the EFF comes up with for this year.

[0]
[https://web.archive.org/web/20130501214421/https://www.eff.o...](https://web.archive.org/web/20130501214421/https://www.eff.org/who-
has-your-back-2013) , [https://web.archive.org/web/*/https://www.eff.org/who-
has-yo...](https://web.archive.org/web/*/https://www.eff.org/who-has-your-
back-2013)

------
donotsurveil
This title is outrageously misleading.

Turns out this is a policy assessment of those companies and whether they
publicly stand on the side of users when the government attempts to seek
access to private data.

This a 6 point assessment: 1\. Require a warrant for content of
communications. 2\. Tell users about government data requests. 3\. Publish
transparency reports. 4\. Publish law enforcement guidelines. 5\. Fight for
users’ privacy rights in courts. 6\. Fight for users’ privacy in Congress.

------
iandanforth
This list _must_ include Lavabit. They deserve their own column, "Willing to
shut down rather than comprise their customers privacy."

------
perbu
Anyone knows how relevant this is for non-US citizens? If FBI wants my gmail,
will Google still require a court order? What court would be the relevant one?

~~~
ChrisAntaki
Just a heads up, the FBI's jurisdiction is within the USA. But that's a great
question.

~~~
anaphor
The FBI collaborates with other countries' federal investigators a lot (e.g.
RCMP). I could definitely see them doing something like that.

------
Nanzikambe
This is the same LinkedIn that was hacking people's email accounts to siphon
contact lists?

~~~
hansjorg
Hacking might be the wrong word. What they do is quite underhand though.

------
Mithrandir
Here's the report: [https://www.eff.org/who-has-your-
back-2013](https://www.eff.org/who-has-your-back-2013)

------
bowlofpetunias
I guess this chart only applies to American values of "you", "your data" and
"government".

And the stars in the column "Fights for users’ privacy rights" seems like a
sick joke, given the massive international anti-privacy lobbying of some of
those companies.

------
suprgeek
A report like this could become another track from which privacy respecting
companies (against the Govt.) can differentiate them selves from others.

If sonic.net (to pick one from random)consistently keeps touting "Five stars
from the EFF for protecting your privacy" then runs ads where they show how
poorly their competition are doing, this might sway customers.

Unfortunately this report needs an addendum -

Companies that made the ultimate sacrifice (Shut Down) rather than cooperate
with Big Brother - LavaBit, SilentCircle et al.

------
mark_l_watson
I find Apple's poor rating kind of sad.

Apple has a good revenue stream without collecting private data and exploiting
that and if they both respected private data and stood up to the government
then they could be a viable safe haven. I think that Apple is missing an
opportunity.

------
ChrisAntaki
That's cool so many of these companies are fighting for users' privacy rights
in Congress. I was surprised to see Comcast alongside Google in fighting for
privacy rights in courts as well.

------
judk
#1 problem with this is that it is based on policy language, not actual
measured behavior. Behavior is hard to measure, but especially in this area,
where lying is both common and sometimes required by law, policy wording isn't
so meaningful.

For example, it doesn't include a measure of security against government
hackers, or internal "hackers" doing govt bidding.

------
afterburner
Ultimately corporations won't defend you from the law. You'll have to insist
on the laws being rewritten.

------
flavor8
Odd that they'd include the Bells (Verizon, AT&T) but not TMobile or Sprint.

------
jebus989
Same as they gave Google?

~~~
rjknight
And Dropbox. And less than they gave Twitter.

------
dz0ny
How much did LinkedIn donate to EFF? They talk about transparency, yet I can't
find their donors list? Or any info whatsoever how they are funded... Strange

~~~
unethical_ban
[http://www.charitynavigator.org/index.cfm?bay=search.summary...](http://www.charitynavigator.org/index.cfm?bay=search.summary&orgid=7576)

Transparency in government activity is different from disclosing support to an
organization.

------
diminoten
I wonder how much leverage this list gives the EFF.

"If you don't do what we say/donate to us, you might find yourself off of this
list."

We wildly speculate the NSA blackmails politicians, so why can't we wildly
speculate the EFF blackmails companies too?

