
Reset the Net Privacy Pack - sinak
https://pack.resetthenet.org
======
Sprint
Sure it is for a greater cause, but making people expose their websites'
visitors to a third-party is not what I would have expected from a privacy
movement. See [http://resetthenet.tumblr.com/post/84330794665/the-reset-
the...](http://resetthenet.tumblr.com/post/84330794665/the-reset-the-net-
splash-screen)

Instead of having a local javascript, they want you to make sure all your
visitors load it from members.internetdefenseleague.org or
fightforthefuture.github.io

The main site is not privacy protecting either. Leaking to Optimizely, Amazon,
YouTube, Heroku, Cloudflare, taskforce.is, Typekit.

~~~
ChrisAntaki
> Leaking to Optimizely, Amazon, YouTube, Heroku, Cloudflare, taskforce.is,
> Typekit

Optimizely helps the team at FFTF A/B test wording. I was asking to remove
that sooner too, but it adds a lot of value for them, so that stayed. I'm with
you there.

Amazon Web Services power a lot of the internet.

YouTube only gets loaded if a user clicks "Watch Video".

Heroku only gets loaded if you submit your email in the top form.

Cloudflare helps power a lot of the internet. (HN, for example)

Taskforce.is a trusted partner, who offered to lend us Piwik hosting for this
project. FFTF is hoping to set up their own server in the future.

TypeKit... that's where "Proxima Nova" is served from. The main designer at
FFTF, Vasjen, made this awesome design using Proxima Nova and... we just all
got attached to that font. I agree though, hosting all of the custom fonts
would have rocked.

\---

The point of the site, isn't to coddle people, and tell them that this little
corner of the internet is safe, but not to go anywhere else. Sorry, but the
reality is, to attain privacy, users need to take action. Installing the Tor
bundle, for instance, which includes NoScript. Ghostery is another good one.

Also, when you criticized the usage of AWS, Clouflare, and Heroku... were you
making the point that high visibility sites should be self-hosted?

~~~
aw3c2
> Sorry, but the reality is, to attain privacy, users need to take action.

Sadly that is true and sadly that site is part of that problem.

I think Sprint's main point was the "please embed our javascript" part though.
For what reason is that not meant to be self-hosted?

~~~
ChrisAntaki
It's not sad that people need to take action. Taking action feels great, and
is empowering.

Reset the Net is a step forward. A step, on a journey towards a society which
stands up for itself, by taking action.

The purpose is to showcase all of the awesome companies who really care about
privacy, and showing users methods by which they can increase the privacy in
their electronic communications.

There's really no pressure for you to embed any JavaScript.

~~~
aw3c2
I think you completely misunderstood the issue which is that linking to a
third-party hosted javascript exposes your visitors to that third-party.

~~~
ChrisAntaki
Snowden and Schneier endorsed Reset the Net. Google, Mozilla, EFF, Twitter,
and many others endorsed it. A bunch of awesome users participated, and shared
how they are making positive changes as well. Feel free to share too, if you
have anything positive to contribute. [https://www.resetthenet.org/#add-
yourself](https://www.resetthenet.org/#add-yourself)

~~~
aw3c2
I give up. You dodge and dodge and dodge with grandiose marketing speak. I am
disgusted.

~~~
ChrisAntaki
:)

------
furyg3
>According to Apple's Legal Process Guidelines, Facetime calls and iMessages
are end-to-end encrypted. This is significant, but Textsecure and Redphone are
more secure and trustworthy.

Yes but they don't exist.

TextSecure looks perfect but has been "coming soon to iPhone" for a year. It
seems to be a long way off if I look at the GitHub activity
([https://github.com/WhisperSystems/TextSecure-
iOS](https://github.com/WhisperSystems/TextSecure-iOS))

I'm not sure why this is, exactly. Maybe there aren't enough iOS developers
willing to donate their time to open source projects?

A real pity. The only way we have a chance is if the basic tools we use are
cross-platform, open-source, and verifiably end-to-end.

~~~
daveid
ChatSecure supports OTR, Xabber supports OTR, Pidgin/Adium too, so there's the
multi-platform, open-source, end-to-end texting app. You just need an account
on any XMPP server.

~~~
hnha
OTR only works when both parties are online. Especially with the modern mobile
internet, that is something crucial!

------
Create
We begin therefore where they are determined not to end, with the question
whether any form of democratic self-government, anywhere, is consistent with
the kind of massive, pervasive, surveillance into which the Unites States
government has led not only us but the world.

This should not actually be a complicated inquiry.

[http://www.theguardian.com/technology/2014/may/27/-sp-
privac...](http://www.theguardian.com/technology/2014/may/27/-sp-privacy-
under-attack-nsa-files-revealed-new-threats-democracy)

~~~
rivd
Kudos for mentioning this article. It is an excellent essay that more people
should read.

~~~
Create
Thank you very much, you made it worth burning all that YC karma.

“You can't solve social problems with software.” – Marcus Ranum

ps: actually, it is worse: [https://www.defcon.org/html/links/dc-
archives/dc-18-archive....](https://www.defcon.org/html/links/dc-
archives/dc-18-archive.html#Marlinspike)

[http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-
of-t...](http://benjamin.sonntag.fr/Moglen-at-Re-Publica-Freedom-of-thought-
requires-free-media)

------
eliteraspberrie
_Wondering why we didn 't include (insert app here)? Read our criteria for
these recommendations._

The page linked for "our criteria" doesn't mention any criteria other than:

 _We need tools that a broad community of experts can get behind._

I don't know of a single expert that would recommend Pidgin. I strongly
recommend against it, whether you believe you are a "specific target of
surveillance" or not.

~~~
ChrisAntaki
What would you say is a better alternative, that supports OTR?

~~~
eliteraspberrie
Gajim supports OTR with a plugin. Both the client and plugin are written in
Python.

------
TheLoneWolfling
I have a question:

What is the value of encrypted communications when your system is closed and
presumably compromised (Windows, iOS, OSX)?

Also, why are they suggesting that you write down passwords? For that matter,
why passwords at all? Passphrases are easier for people to remember for the
same amount of entropy.

~~~
riquito
> Why passwords at all? Passphrases are easier for people to remember for the
> same amount of entropy.

That is true if you compare them directly, but if you have a different
pass(word|phrase) for each service it doesn't matter anymore, you can't
remember more than a limited number of passphrases (unless you use common and
predictable phrases I suppose, but then they're easier to crack).

~~~
TheLoneWolfling
In which case use a single (long) passphrase for a (n open source) password
manager, and generate gibberish for passwords on websites.

------
joshstrange
Forgive if I'm missing something but how does
[http://masterpasswordapp.com](http://masterpasswordapp.com) deal with sites
password requirements (or rather limitations)?

------
eps
Taking bets its a marketing ploy for one listed paid apps.

Specifically, telling to enable the two-factor authentication _to protect
against government snooping_ makes no sense whatsoever. So this is either just
an amateur "OMG, they are spying on us, let's do _something secure_!!"
campaign or it has secondary objectives. My bet is on latter.

