By Sarah Perez
A number of websites for Internet services, businesses and even several nonprofits, including Amnesty International, Greenpeace, MoveOn.org, and others, will participate in a series of online anti-NSA protests this week. The websites, which also include Reddit, Imgur, BoingBoing, DuckDuckGo, and several others are taking part in an online campaign called “Reset the Net,” which is specifically aimed at encouraging website owners and mobile app creators to integrate increased security protections into their services, like SSL and HSTS, for example. The overall goal is to make it more difficult for government agencies to engage in their spying activities.
Explains the campaign on its website, ResetTheNet.org: “The NSA is exploiting weak links in Internet security to spy on the entire world, twisting the Internet we love into something it was never meant to be: a panopticon.” While it’s not possible to stop the attacks, the site adds, those who offer users online services could help cut down on the mass surveillance by building proven security into the “everyday internet.”
The campaign asks website owners to step up and integrate technologies like SSL, HSTS, and PFS – tools that make mass spying more difficult. Meanwhile, app developers whose apps talk to a server are asked to use SSL and cert pinning, and make sure that all third-party code like ads and analytics do, too. To actively participate in the campaign, web and mobile developers can take the pledge and submit what changes they’re willing to make and how they’ll promote the campaign on their own services.
Websites can promote Reset The Net by running a splash screen, while apps are asked to send out a push notification that promotes a mobile privacy pack. This privacy pack would point consumers to free software for web, mobile and PC, including tools for free IM chat, apps like Textsecure and Redphone for private SMS and voice calls, TOR, HTTPS Everywhere, GPGtools and Enigmail.
It’s interesting to note that among this list, none of the mobile messaging applications that tout their ability to offer private or anonymized communications are suggested, including an emerging list of consumer apps like Confide, Wickr, Frankly, Burner, or FireChat, to name a few. While they might not meet the strict criteria that a campaign like Reset The Net would be comfortable with, they may offer increased protections versus using the “big” services, like Google or Facebook, so it seems like something of a missed opportunity to not anoint some selection of more consumer-friendly apps as being “good enough,” if not “great.”
Finally, Reset The Net will attempt to reach consumers by asking everyone to join the protest on social media, where you can share a pre-written tweet and promote NSA-resistant privacy tools.
The campaign participants themselves will show their support in a number of ways. For instance, Reddit will be running free ads on June 5, the day the campaign kicks off, promoting privacy tools and asking Redditors to use encryption. Imgur will promote the Reset The Net privacy pack, and DuckDuckGo will help promote the encryption tools. BoingBoing and iFixIt will both be adding SSL to their websites.
The full list currently has dozens of participants, though it contains quite a few of the usual suspects (read: anti-spying, pro-privacy supporters) and not many of the web startups and companies actually building popular consumer apps and tools.
This is not the first time some of these sites have participants in online protests of this nature. Last July, WordPress.org, Reddit, Mozilla, 4chan, Namecheap, MoveOn.org, Demand Progress and several others joined in a similar campaign organized by Fight The Future, the organization behind the upcoming Reset The Net campaign. In that previous case, however, the campaign was about collecting signatures on a petition and getting users to call Congress and make donations to fund TV campaigns.
This time around, it’s about specific actions individuals can take on their own, with a somewhat fatalistic admission, referenced above, that “we can’t stop targeted attacks,” so the best we can do is arm ourselves against them.
Fight for the Future also runs related efforts at the Internet Defense League and the “take action now” site callforfreedom.org, and helped build StopWatching.Us, a movement backed by several technical and political organizations, including also Mozilla, the Electronic Frontier Foundation, Reddit, and the ACLU.
More about the Reset The Net campaign is here.