I think we need a more comprehensive benchmark, that also includes the type of security they use (perfect forward secrecy, 128+ bits of security), as well as stuff like not tracking your private conversations, and so on.
While many of the companies there fail even at this benchmark, it makes it sound like a few of them that have 4+ stars are very "privacy-focused", and that you should feel very "safe" with them, and again, post-Snowden revelations, I don't think that's so true anymore.
In a new benchmark, companies like Google and Linkedin would probably get 2/5 stars, or 3/5 at most. Maybe make it out of 10, so you can still include other companies that may have privacy level at 1/10, or 3/10, which is harder to show in this 5/5 type of rating.
If a company that tracks everything receives a "top privacy rating", I don't think the benchmark used is very useful.
I think it is a useful comparison, but only part of the picture as you say. For example, Google gets high marks in this EFF survey but, as you rightly point out, you also have to balance that against the amount and type of data that Google (and other companies) collect about users.
I don't doubt that Google has a strong committment to security. But security and privacy, although closley related, are not the same thing. Even if Google stops the NSA snooping on their data, that doesn't stop Google from continuing to collect as much data about you as they possibly can. Google's comments relating to the NSA revelations have all been couched in terms of security (but not a word about privacy or the volume of data they collect). So yes, better security will protect your data from government eyes, but it won't necessarily stop companies collecting as much data as they can about you.
Just to be clear, there's no comparison between Google collecting user data and a secretive Goverment agency with questionable motives and intentions collecting data - one is obviously an order of magnitude worse. But that doesn't mean it's fine for companies to track users unhindered just because they're not the NSA. And Google arguably tracks more than anyone else. Isn't it time we also had transparency reports from these companies about the data they collect?
It should be noted that this is related to protect your privacy from government attempts to to access such data.
Given LinkedIn's MD5 password leak, the LinkedIn Intro "MITM", and the fact that LinkedIn asks users for their e-mail and e-mail password, when I read the title I assumed it would be related to security issues and not legal issues.
I guess the update is since your comment.
 https://web.archive.org/web/20130501214421/https://www.eff.o... , https://web.archive.org/web/*/https://www.eff.org/who-has-yo...
Turns out this is a policy assessment of those companies and whether they publicly stand on the side of users when the government attempts to seek access to private data.
This a 6 point assessment:
1. Require a warrant for content of communications.
2. Tell users about government data requests.
3. Publish transparency reports.
4. Publish law enforcement guidelines.
5. Fight for users’ privacy rights in courts.
6. Fight for users’ privacy in Congress.
But they are.
And the stars in the column "Fights for users’ privacy rights" seems like a sick joke, given the massive international anti-privacy lobbying of some of those companies.
If sonic.net (to pick one from random)consistently keeps touting "Five stars from the EFF for protecting your privacy" then runs ads where they show how poorly their competition are doing, this might sway customers.
Unfortunately this report needs an addendum -
Companies that made the ultimate sacrifice (Shut Down) rather than cooperate with Big Brother - LavaBit, SilentCircle et al.
Apple has a good revenue stream without collecting private data and exploiting that and if they both respected private data and stood up to the government then they could be a viable safe haven. I think that Apple is missing an opportunity.
For example, it doesn't include a measure of security against government hackers, or internal "hackers" doing govt bidding.
Transparency in government activity is different from disclosing support to an organization.
"If you don't do what we say/donate to us, you might find yourself off of this list."
We wildly speculate the NSA blackmails politicians, so why can't we wildly speculate the EFF blackmails companies too?