
Prism Button - zackliscio
http://www.prismbutton.com
======
tlrobinson
Just a reminder: you probably shouldn't be placing untrusted third-party
JavaScript files on your site.

At least audit and mirror the file on your own server.

~~~
paulirish
FYI to anyone considering: the `window.$` global is assigned to `document` in
here. Someone would need to refactor the JS before it's safe to consider
including.

------
pak
Problem: Surveillance of all internet activity by a third party is bad!

Solution: Inject third party JavaScript into as many websites as possible!

~~~
egeozcan
The solution gets even better when that piece of JavaScript is served over
HTTP, not HTTPS.

~~~
ivanca
Use the self-hosted version then:
[http://jsbin.com/evafaz/4/edit](http://jsbin.com/evafaz/4/edit)

~~~
zackliscio
Thanks ivanca -- www.prismbutton.com is now updated to reflect your changes.

------
TheSisb2
The code for this needs major cleanup. "var $ = document; // shortcut" may
kill jQuery and break your site. This also declares the following global
namespaces variables: cssId, head, and link.

The code is hosted on an untrusted amazon instance, so requires a bit of work
to crawl the links and copy paste the source for self-hosting and security
needs. Cool idea though. Put this on Github if you want code fixes.

~~~
zackliscio
Thanks for the feedback-just created a public repo where I'd love for people
to help out.

[https://github.com/zackliscio/prismbutton](https://github.com/zackliscio/prismbutton)

------
pkfrank
Like the idea - many hands decrying PRISM - but I think the execution needs to
be significantly more polished before any big-time sites will sport it.

~~~
zackliscio
Totally agree, and would love to open source if anyone is interested in
helping out.

~~~
zachlatta
Sure, I can help you open source the project. Email me at zchlatta (at)
gmail.com

------
Samuel_Michon
First thoughts:

1) NSA’s PRISM logo is hideous and it’s copyrighted. You might want to create
your own graphics.

2) Add an explanation of what PRISM is and how people can help fight it. For
instance, link to a template letter for people to send to their
representative.

3) You should create a page that generates a list of all participating
websites. That gives websites some incentive to join.

~~~
genwin
On #1, see Wikipedia: A work of the United States government, as defined by
United States copyright law, is "a work prepared by an officer or employee of
the U.S. federal government as part of that person's official duties."[1] In
general, under section 105 of the Copyright Act,[2] such works are not
entitled to domestic copyright protection under U.S. law.

It seems the PRISM logo isn't copyrighted unless the US gov't pirated it.

~~~
Samuel_Michon
How do you know the logo was prepared by an officer or employee of the U.S.
federal government? They could’ve hired a design company to make it (albeit
not a very good one, by the looks of it).

Anyways, it seems like the NSA feel it is copyrighted: [http://gawker.com/the-
nsa-sent-a-takedown-notice-over-my-cus...](http://gawker.com/the-nsa-sent-a-
takedown-notice-over-my-custom-prism-log-512085836)

~~~
daeken
> How do you know the logo was prepared by an officer or employee of the U.S.
> federal government? They could’ve hired a design company to make it (albeit
> not a very good one, by the looks of it).

Had they done so, it'd presumably be a work for hire and still not be
copyrightable, since the government would own it.

~~~
Samuel_Michon
That is false.

“Unlike works of the U.S. Government, works produced by contractors under
government contracts (or submitted in anticipation of such contracts) are
protected and restricted under U.S. copyright law.”

Also important: even if a federal employee made it, it may not be protected by
copyright in the US but it can still be copyrighted in all other countries.

[http://en.wikipedia.org/wiki/Copyright_status_of_work_by_the...](http://en.wikipedia.org/wiki/Copyright_status_of_work_by_the_U.S._government)

~~~
adandy
There is an alternate clause that can be placed in a FAR that when used may
give copyright to the contractor.

------
PavlovsCat
The page where you can get the button also should have a description of or a
link to what PRISM is, even if it's just a link to the Wikipedia article, it
would increase the ability of this thing to inform people infinitely :)

------
conductor
to the author:

Please consider moving the JavaScript file to another place: using GitHub's
gist service like this is considered as abusing the service (because gist was
not designed for hosting you assets).

------
sinak
I think we can do much better than this. Is there much interest by folks in
running this kind of thing on their sites?

If so, we (folks at stopwatching.us) can make something more secure and safer
to implement.

~~~
dllthomas
My sites aren't particularly high traffic, but I'm interested.

------
ivanca
For anyone who wants a completly self-hosted and stand-alone solution (single
file including logo in base64) here it is:
[http://jsbin.com/evafaz/4/edit](http://jsbin.com/evafaz/4/edit)

Thanks to a suggestion by _ozten_ a call-to-action has been added:
[https://optin.stopwatching.us/](https://optin.stopwatching.us/)

------
semerda
Code needs major cleanup. As a start encapsulate the code into a Module
Pattern and stop chaining variables to the global prototype. Finally as
mentioned here, why would anyone be placing links to a untrusted 3rd party JS
code on their site?

------
ozten
I wish this had a primary call to action - linking to something like
[https://stopwatching.us/](https://stopwatching.us/)

and a secondary call to action - how you too can add this button.

As is, I wouldn't add it to my website.

~~~
ivanca
Done:
[https://news.ycombinator.com/item?id=5935959](https://news.ycombinator.com/item?id=5935959)

------
brown9-2
_Show this button as a reminder that sharing should be a choice._

Is it not a choice anymore? Who is forcing you to share data with a company
that might be legally required to turn it over to the authorities in the
country's they operate in?

~~~
indrax
We have a right to speech, we don't give it up when we go online.

We also have a right to speak privately.

To say that I could choose to simply never pass data through any American
company is merely silencing.

'legal requirement' is not 'due process'. When every American company can be
compelled to give up all the information they have about me, without a warrant
and in secret...when even the people involved can't effectively fight it, let
alone me...

Then I can not speak freely.

------
overshard
I'd be much more willing to add something like this if it didn't look like a
graphic on a website for Star Trek in 1999.

~~~
Dirlewanger
...That's the logo the NSA came up with.

------
lepunk
love the initiative but I have major concerns about the implementation.

assigning $ as an alias for document is totally useless and can kill jquery /
prototype running on the user's site.

also please consider moving all variables out of the global scope. you are
using variable names such as "link" which could cause major conflicts with 3rd
party javascripts

------
pvnick
Love it! This is the kind of initiatives we should be working towards.

------
rocky1138
Small typo, just a heads up: "Add this to you site"

~~~
zackliscio
Thanks for catching that!

------
corresation
There is profound irony that each of these various PRISM protest sites thus
far has used Google Analytics. While I have great respect and admiration for
Google, Analytics and other centralization tools like it make the task of
nefarious tracking dramatically easier, all to have a slightly easier to
obtain visitor graph.

------
nudetayne
Security and coding issues aside, the point of this is unclear to me. If the
U.S. (or any) government is going to collect and analyze personal data,
they're going to do it, and good luck stopping them through voting, protests,
etc. The best way to advocate privacy is to provide technology that makes the
data difficult to analyze. Outside the technology industry, very few know or
(surprisingly) care if their information is encrypted when providing it.

