I disagree, I think even if anti-prism litigation is successful there's no way we can trust the government to not do it again. I think there need to be ubiquitous technological solutions to ensure a basic level of privacy, and short of a technological solution we can not assume that we have privacy.
The problems with privacy on the internet are so large and entrenched it's hard to know where to start. Strong end-to-end encryption is good. Challenging government policy is good. A diversity of services is good. Donating to the EFF is good. There is more than one battle, and people who are fighting the same war should be wary of undermining people who have chosen different battles.
The problem isn't privacy on the internet. It's "privacy". What do you mean by privacy? If you can define it, then we can talk about solving "privacy on the internet".
Example: I don't want people seeing me when I go to the bathroom. Or when I'm having an intimate conversation (or other intimacy) with my wife. Or listen in on a conversation I'm having on the train or in a cafe or in my kitchen. Or over email or IM, or in a personal letter.
Some of those things I have a right to in law, and some I don't. Some of them are things that not everyone agree should be private (in public, where there is no legal expectation of privacy). Privacy sounds like a nice neat concept, but it's actually quite hard to pin down. Should employers have a right to ask your ex girlfriends if you're a worthy employee? or to pay CCTV owners in town for the right to footage of you in public so that they can give that footage to psychologists who can analyse your facial micromovements as you walk down the street? Should you have the right to use binoculars to look into the apartment of the cute girl across the street if she doesn't close the curtains?
Define privacy, then you know what the problem is. Only then can you solve the problems of "privacy on the internet".
Guess what. All those other governments are probably busy creating their own Prisms to spy on you and you have no legal recourse with them. Self serve seems like a better option.
That's why I keep advocating that Google, Microsoft, Facebook and the other big companies need to implement end to end encryption/client side encryption for their services - so it can be much easier for hundreds of millions of people to use the services that way, instead of a few of us looking for other services that barely anyone uses.
But even this should be a short term solution. The main solution should be a policy one - repeal the Patriot Act and FAA, and fire the people involved in this.
This doesn't address the issue of Google, Microsoft, Facebook and the other big companies (including banks, grocery chains, HMOs, etc.) building individual profiles out of the information they collect and trade about you. And once they have this information, voluntarily handing it over to the government. Or acting as their own de facto surveillance state without the help of the government.
Sure, have all the end to end encryption you want. Your information is still getting out there.
To the best of my knowledge, DOM and JavaScript does not allow for a secure implementation of end-to-end encryption in a browser, especially if you want the decrypted text to populate the DOM. You'd be leaving your data open to XSS attacks, browser extensions and the service provider changing their code. For this reason, I think it would be better if you started advocating for specific changes to the HTML standard.
Wait, why would you still use Google, Microsoft, or Facebook? Am I missing something here? They gave your data away without telling you. That's unacceptable. Hit them where it hurts - in their pocketbook.
