Thomas and I (with help from a few others) have been working pretty solid for the last 10 days or so to get this banner ready, and wanted to get it out with plenty of time before 02/11. We realize there are a few cross-browser quirks and some of our code is messy, but it works, and any issues will be ironed out between now and February 11th. You can embed the code starting now without worry.
In the meanwhile, if anyone wants to submit pull requests to fix any issues they see, that'd be wonderful. We'll clean up the code and fix any outstanding issues in the meanwhile.
In case you missed it, this is a follow up to The Day We Fight Back campaign [1]. The site itself will also be updated on the day.
Edit: If you work at a medium or large tech company and care about this issue, please take a moment to start a conversation internally about joining the day of action on the 11th. It can be adding the banner, or something else entirely. It's likely you'll find quite a bit of support amongst other employees. While we've reached out to the policy arms of some larger companies, we're pretty constrained on resources, and many of them are interested but hesitant. Engineers often have a lot of say in what actually happens; if you care, speak up.
I'm working on a startup called postdot [1] that allows you to send physical mail the same way you'd send email. Would it be possible for us to help you add a feature to send a physical letter to your representatives?
Sweet, I was hoping someone would make something like this!
The thing that inhibits me from using your site is that I don't understand 100% what it does / how it does it, and how much it costs.
I'd add A LOT more meat to your landing page.
I want to know
* What am I allowed to print? Show me examples of all the stuff I can do
* Can I create campaigns, where it is automatically scheduled to send X on Jan 1st, Y on Feb 1st, etc..
* Can I have trinkets / widgets delivered to you guys and you combine that into one mailing?
* I definitely want to be sure the printed thing looks like how I intended it to be. How will you do this? I would like it if I got the mail piece scanned or photographed (as a review copy, before it is scheduled to be sent) and emailed to me.
* What's the cost? You don't have to do all the stuff above for free. You can charge a fee for everything, e.g. $1-$5 per trinket that has to be processed, $10-$20 for a review copy photo / scan. What's the cost per print + mailing? Can I choose the mailing speed (e.g. FedEx overnight, UPS 3-day ground, etc.)?
While it might not be the best feature-set for this specific startup, those are features that I would be looking for if I wanted to use this for my business.
However, the "About" page makes it very clear that this is nothing more than a project (not a business), so adding the feature request would likely take more time than it would bring in dollars.
Hey, I couldn't find any contact info on your site, but this is something I would definitely like to learn more about. I'm working on a different project to help fight state surveillance, and sending physical mail could be a hugely useful feature. Could you email me jeff@rubbingalcoholic.com
A platform play for "Snail-Mail as a Service (SMAAS)"!
I love the idea, but most of my outgoing mail requires that I send along a specific piece of paper. Most of my bills can be paid on-line now, but my quarterly income/tax declarations require a coupon that's 1/4 letter size.
I suppose it's the signature they really want (though my account details are on there too and for some people, that eliminates incoming payments that can't be read due to illegible hand-writing).
Hey, just a heads up: I went and poked around the site a bit and after submitting a blank form within the "Order Summary" modal, I got the following traceback page:
"You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard 500 page."
Love the idea, but I don't really get the recipient field - whichever (valid) address I put in, I get an error. I also think it's a bit unclear on what should be entered here, a post/zip code, company name, etc.?
Indeed, I hope they add the mail option, and get rid of the email option. Too many people will default to it (sending an email is much easier than placing a call) and as far as I recall, most representtatives don't tally "concerns raised via email" like they do for phone and mail (mostly because they have to open their mail, and take their calls, but they can just sit on email forever without the box getting "full.")
I don't think a form letter has much over a form email. Lots of advocacy groups already let you send a postcard with one click. (Though, in theory, both should get logged in the system. Whether or not the member cares is another issue.)
A call or a letter/email you write and send yourself will be much more impactful.
In theory, both should get logged in the system. In practice, though, (I've seen this question answered in a lot of AMAs by congressmen et al.), they simply don't treat email as a constituency channel.
The amount of attention your representatives tend to give your issue is directly proportional to the amount of time you can force them to spend listening. You can filter an email; you can skim a letter; you have to listen to a call all the way through. The best thing, though, is to set up an appointment, and talk to them in person.
It's pretty easy to "filter" a stack of more-or-less identical postcards, but otherwise I agree.
It's almost a truism: if you want to show that you care... spend the time to show that you care. I actually think it's really cool that you can walk right into the office of your Congressman or Senator. Obviously you won't get past the interns if you don't have an appointment, but still... pretty cool.
There is a callOnly flag for the widget that I really recommend people use. In brief there was a lot of debate over whether emails should be included at all, and the flag was the compromise. Some orgs, for example the EFF, will be promoting the call-only flag when they distribute the code.
I'm in the advocacy space and you aren't collecting enough information to deliver the emails to Congress, the web forms require many other pieces of information like a title (Mr./Mrs. etc) and often a phone number. Better to take off the email option than mislead the public that it will be delivered.
It just occurs to me, though I'm signed up and all, that I don't actually want "new laws" that curtail online surveillance. I don't personally believe that the current interpretation of law is Constitutionally valid, and what I really want is for more gravitas to be given to the 'old laws', namely, the fourth amendment.
I don't know that I expect you guys to change it, or whether or not my non-solution is actually workable, or that it will necessarily stop me from displaying the banner; Either way, while I'm not trying to be a pedantic nay-sayer, I couldn't let it go unmentioned.
I agree. History has shown that new laws are largely used to legalize the behavior. The wording should focus on the fact that mass surveillance is unconstitutional and we want our leaders to support the constitution that they swore to uphold.
The zip contains a subdirectory. Only the subdirectory should be uploaded to your site plugin folder. If you want to upload a .zip file in the browser, only the subdirectory should be zipped first.
Thanks--zipping the subdirectory, then uploading it, worked to install the plug-in. (If it's not too much trouble for you, putting it in the WordPress Plugin Directory, http://wordpress.org/plugins/, would let WordPress users find it easily.) Unfortunately, when I tried to activate it I got this error:
Parse error: syntax error, unexpected T_FUNCTION in /home/content/61/6806261/html/wp-content/plugins/thedaywefightback/thedaywefightback.php on line 13
The official site has chosen a similar plugin that has some additional options you can configure. They've also added good instructions on how to install it.
https://github.com/modemlooper/thedaywefightback.wp
Hey, I tried to check out the examples, but neither one displays the header for me. (FF-28a) There's only a black bar at the bottom of the page and this in the console:
TypeError: options.location.country is undefined
if(options.location.country.iso_code) {
Sorry, our bad. Fixing that now, should be done in a few minutes. That's our GeoIP server not returning a value, and our javascript freaking out as a result.
All socially-polished hustlers in the DC area might consider prioritizing some time to setting up meetings with congress people to continue this crucial conversation in person. It's important to underscore that their participation in the debate or not and their votes are being watched. On a personal note, a friend of mine promised to do this and I will bug him again to follow-through on it.
It's not obvious from the call-to-action button or on the call info page whether the call costs the end user anything, and if so, how much. Judicious use of the word 'free' might increase conversions (if that's actually the case).
Just more noise for the NSA to sift thru and for well-paid legislators to ignore.
Americans: there's something called the Fourth Amendment. What we need is a free straightforward how-to guide to filing suit over this wholesale monitoring[1], such that thousands of individuals can act on for mere court filing fees. Overwhelm the courts with it, creating a proliferation of contradicting verdicts, forcing the Supreme Court to address it on terms of 300,000 individual citizens vs NSA. Rather than pouring vast sums into a single case with a couple carefully selected plaintiffs and hoping for an unlikely perfect outcome, crowdsource it.
Just a recurring thought.
[1] - which the Founding Fathers would certainly enumerated rights against had they been able to conceive of such pervasive intrusion on "papers".
This won't work.
Even if you had individual standing (4th amendment violations were actionable on their own due to bivens, but not so much anymore due to later precedent. For the most part, federal agencies don't count as a whole), your plan to flood the courts would fail.
They have multi-district litigation panels, etc, meant to manage the process of thousands of claims that are not class claims, and are spread out all over the place.
Americans elect their legislators. If enough people in their district don't like what they're doing, they can put someone else in office. It's a beautiful system.
The problem is the "tyranny of the majority". Those who don't understand the issue squash the interests of those who do. Fortunately, the Founding Fathers wrote a Constitution which focuses on protecting and facilitating the rights of individuals such that no majority can (in theory) suppress them. For the issue at hand, getting enough voters in enough precincts to take a dominating stance on something as obscure as NSA spying is unlikely; a system as beautiful as the one you note is the one whereby a single person can stand up and say "you can't do that!" and, duly adjudicated, be left alone.
Yes, asking for a SCOTUS ruling is playing with fire in a hay barn. I'm just annoyed that for all the ink spilled on this (and other such topics, see 2nd Amendment) there is precious little actual court activity addressing it, with most of it decided by either extremely big money or guilty-as-hell defendants grasping at straws; the legal system should be reasonably accessible by pretty much anyone without having to shell out big bucks for lawyers more interested in preserving their symbiotic relationship with the courts.
What, call this number and say something vague about opposing surveillance and supporting a law with an extremely vague name and no link to the actual content thereof?
A momentary tsunami of opinions will soon pass, vs the persuasive job-preserving quiet comments of a few people who know everything. I don't want to knock this effort as all efforts in the same directions help; I'm concerned that it will have little effect, vs the potential of grossly under-used objective tools of actual laws enforced starting with first principles (the Constitution).
Educate users? Start with an up-front link to the actual text of the law, with explanation of how portions of it apply and how it has real teeth vs an agency protected (sometimes with force) by extreme & legal secrecy.
I'm suspect of bills named as vapidly as "USA Freedom Act" with little addressing of its content. More like a legal Rorschach test, eliciting what individuals want to see and then asking them to act on what they imagined it is.
Then you tell me... why do legislators who support those things keep getting re-elected? You can hardly blame them for supporting things that (apparently) have the support of most of their constituents. And if you think the reason is that not enough people know/care... well isn't that the whole point of this banner campaign?
> Then you tell me... why do legislators who support those things keep getting re-elected? You can hardly blame them for supporting things that (apparently) have the support of most of their constituents.
Nice sophistry there. Do you think raping the public's privacy is part of their election campaigns? "If you vote me into office, I promise to rape your privacy extra-hard!" --> "Yayyy! Here, have my vote!" .. or something?
You could find politicians who have the same values as you and work to support them. You could start a PAC that contributes to the campaigns of candidates who promise to change the things you don't like. You could run for elected office yourself.
Ultimately though if you're relying upon intelligence agencies, ISPs, etc to change what they do, good luck. Unless I can be elected head of the NSA, the democractic process isn't going to help much here.
If you want to "fight back" as a technical person, please do something useful:
- Learn some applied cryptography and use that knowledge to write and review cryptographic software. Develop and analyze anonymity networks. Work towards development of powerful peer to peer replacements for existing centralized technologies.
- Deploy systems with this technology
- Teach others to take advantage of it
Don't waste your time and everyone else's with worthless campaigns such as this. The only real way to change is to defeat the useful purpose of spying.
> Don't waste your time and everyone else's with worthless campaigns such as this. The only real way to change is to defeat the useful purpose of spying.
Wrong. The only reason that the spying is happening is that it is accepted and allowed. The mentality needs to be clear: only police states(evil states) spy on citizens (their country and others) without a clear reason (c.f. 4th amendment of the US). The concept of mass surveillance needs to be dumped into the ashbin of the US history, along with the internment camps and the Trail of Tears.
Only when the mental restraints of the police/espionage forces are lifted does strong encryption become a working requirement for free speech.
As a technical person, I would argue that our responsibility is to educate non-technical people on what is happening and the ramifications thereof - encouraging artists to explore the idea of the panopticon; encouraging writers to ruminate on the matter in fiction and non-fiction; talking to police and politicians about what security really means in practical purpose; talking to the neighbors about the implications of the coming internet of things and what mass surveillance means then.
We desperately need less user hostile encryption technologies but our control regime for abusive surveillance technology must include create a societal norm that these systems are morally unacceptable. The toolkit to do this is the popular democratic process and these campaigns are essential in this effort.
> - Wholesale compromises of devices if they meet certain selectors.(Jacob Applebaum and Der Spiegel's reporting)
You're kidding, right? Most of those are hardware attacks that were guaranteed to be possible with physical access. A few exploits for sure, but definitely 100% expected stuff. If you want to thwart such attacks, use anonymity networks under virtual environments. Or consider that perhaps you're not high value enough for them to risk 0-day exploits on.
> - Self replicating government malware with stockpiled zero days.( Flame and Stuxnet)
Yes, anyone can write malware. It's fucking piss simple. This has little-to-nothing to do with mass surveillance. Again, virtualized environments which force things over an anonymity network are relatively simple to set up and beat this.
> - Secret court orders for parties to turn over their encryption keys.(Lavabit)
This could easily be thwarted if the solutions I suggested were used. End-to-end encryption is the only sort which should be used.
Easily thwarted. Use redphone or mumble. Run Orbot or similar on your phone for more. If you don't want your phone tracked, you're probably screwed, but if it's the actual data you care about then you have options.
> - Comprise of networking gear for large scale traffic analysis.
Have a party with that encrypted network data. Get cracking. Passive or even MITM attacks don't matter against every solution I mentioned.
So please, stop with your paranoid bullshit. The cryptography is good and solves most of these problems.
Yes, anonymity networks are a key to this and must be developed further, but it's far from as bad as you make it sound.
So instituting a massive cultural shift in adoption of strong encryption technologies AND winning an arms race against the NSA's inevitable attempts to subvert them is simpler than pushing for political change that is supported by the majority of the population and has strong support in congress and industry?
Both approaches are useful and can be complementary, but if you have to put all your money on one horse, I think you're choosing the wrong one.
But it hasn't done so or has completely failed to do so. Most people I've discussed this with have generally supported privacy, some have even changed usage habits to do so.
I believe there have been wide studies even on this that have largely shown that people world wide are against such practices.
Who's settling? Awareness is much more achievable for far less effort and has exponential effects in how many people can affect the issue.
Always take half-measure, if cost-benefit or your own priorities indicate it's worthwhile, and don't hide behind canned responses to justify irrationality.
So that license was suggested by someone at FSF and I ran with it because I don't know enough about licensing.
Can someone who does make a suggestion and I'll change it? We do use snippets in the code from other GPL/Apache licensed code in main.js for example, but we specify the sources and licenses for each snippet in the code.
My original thought was to use http://unlicense.org/. Would that work? Do I need any other language in there to clarify that the licenses of the snippets we use stand?
>We do use snippets in the code from other GPL/Apache licensed code
If you include in your JavaScript code any code that is licensed under the GNU GPL you most likely have to release your code (the files with the GPL snippets) under the same -- at least that's an assumption you don't want to bet against. As for your other JavaScript code, the situation is less than clear and there's debate on the matter. See, e.g., http://stackoverflow.com/a/1239727/3142963 and read https://en.wikipedia.org/wiki/GNU_General_Public_License#Lin....
The first thing anyone should know about licensing is to ignore advices that says "use license X". The only exception is the advice to use known and established licenses.
Ask instead yourself under what conditions you would accept having your code used. Is it acceptable if a commercial company take the software, say Google or apple, using it in products and do major secret modifications and changes without contributing anything back? If no, AGPL is the license of choice.
If you are acceptable of that, do you want direct distributors of the software to contribute secret modifications? If no, use GPL.
Do you want companies to be able to take your code, distribute it and then try and take you out with patents? If no, use apache.
Else: MIT/BSD. For-profit companies prefer the lower end of the list because it gives them the most options in order to create revenue. As such, you might get more users if you can live with the consequences. In the end, only you can answer what you want the license to say.
> So that license was suggested by someone at FSF and I ran with it because I don't know enough about licensing.
Disclaimer: I care a lot about software licenses and have used pretty much every free software license around. If you can name a free software license, I've probably released some code under that license.
You can use the regular GPL and it will be fine here (it will not require anyone to release any code from the rest of their website).
If you use other GPL-licensed software in your project, you should use the GPL[0] for this project too.
Do not use the Unlicense - it's legally shaky (and not compliant with GPL-licensed software you incorporate).
[0] You can use the AGPLv3 if the GPL software is all GPLv3, but I would not recommend doing so.
This is the right answer. These licenses are all heavily vetted and can be safely used in almost any kind of project. The attribution requirements (when present) are straightforward and easy to resolve.
You don't want people to have to think or worry about anything before using this library. Because if they do they often won't bother. These licenses align with that philosophy.
I was about to post this myself. We don't want anyone to worry about "does this make me legally liable to open source my companies code..." or issues like that.
I'm a fan of open source, but you should stay focused on the issue of helping take down government surveillance, otherwise you won't make a dent in it.
I was actually about to look at putting this up until I saw the license, GPL-family licenses (aside from the LGPL) are viral and affect the project as a whole, the AGPL on this would then require the source for my entire site would need to be licensed under the AGPL.
Please look at moving to a less cra^H^H^H restrictive license like BSD, MIT, Apache, etc.
I fully agree. Comments with derogatory terms should be downvoted always and with few exceptions. Do HN viewers really want to have "BSD is immoral/evil" and "GPL is viral" kind of comments everywhere? If not, please use the downvote button.
I had the same reaction. I believe using AGPL code within a website requires that the entire website be open sourced as AGPL. For nearly any company or non-AGPL project this is a huge barrier to using your project. Maybe someone with more legal knowledge can weigh in on if my understanding is accurate.
If the result count as a combined work that requires copyright permission (ie, copyright law), then you must have a license. The question about linking is always about this question.
If you are creating a combined work, AGPL would then provide permission under the condition that all users interacting with it are given an opportunity to receive the source code.
Remember, this is Javascript, so it's not an unreasonable reading of the license that merely serving it counts as "Conveying" it, per the terms of the AGPL. To wit:
To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.
Thats a question regarding when a combined work is created (not about code communicating over a network...).
Its not that difficult question to look into. Imagine that I would "convey" a photo by using img tags and "link" proprietary photos inside advertisement banners. Would the banner count as a combined work, or as two separate and disconnected works?
I would lean towards the single combined work, because thats how I think a non-technical judge would look at it.
Don't listen to these fear-mongering selfish people. There's nothing wrong with AGPL for what you are going to use and it does not force the whole site to be AGPL. All that is nonsense.
This trend suggests to me that a centralized, trusted "outcry" system would be useful.
It'd be great if I could just add outcry.js, then on outcry.io enable this campaign instead of having to add new banners every time the Internet gets up in arms about SOPA/CISPA/NSA.
So the Internet Defense League [1] do this already, and we'll be distributing the widget through their code as well.
The reason for not doing this natively through the IDL codebase [2] is that we are doing a load of custom stuff that they don't generally support. At some point we'll abstract it all out and add it to IDL though ... generally our Taskforce.is group builds something for a campaign and then reuses the code as much as we can. For example, this project recycles a bunch of code from Project Megaphone [3].
They should at least promote the good legislators that cosponsored the USA Freedom Act on the banner so the good ones don't get sent massive phone calls and emails and are instead promoted for doing what's right.
Yes, for sure. As someone who works there, there's nothing more annoying for staff assistants sitting through hundreds of irrelevant calls from uninformed people reading a script. It's not a problem to call offices already in support of the legislation, but make sure those calling know that before they dial!
My understanding is that staffers take the calls and basically tally numbers of support (positive or negative). If the numbers agree with your representative, they can use that as ammo in their debate.
OK, fair enough. But you mean like a debate on the floor? I'm not sure how many minds are changed on the floor of the house... especially based on a second-hand tally of constituent calls.
Are there already representatives co-sponsoring the act the script asks them to co-sponsor? Would it helpful/possible to customize the script for those users to say "I very much support your sponsorship" (i.e. to encourage them to be more active about courting other reps, etc) vs. the same "Please co-sponsor..." text?
Cool concept and idea, although I'm not sure whether this will make anything change up on Capitol Hill. Wikipedia's SOPA blackout sure didn't (they just waited 6 months after the fact to pass another) law.
I think there has to be a better way to enact change than to voluntarily replace you website with a huge black banner. Maybe through lobbying or a SuperPAC type of organization (with donations?).
Every HN NSA thread has someone defending spying as something moral and ok, only taking issue with mass surveillance. So I doubt this comment will get much support.
The more I read about the history of IC, the more I agree with the "causing more damage than they prevent". History is completely littered with good examples. For every success such as intercepted Nazi radio comms in WW2 there are countless interferences in international politics with temoporary economic benefit and long term poltical turmoil (Iran assassination, trained Al Queda fighters, CIA-supported Indonesian mass killings of communists, etc).
The problem with this widget is the majority of the widget contents are stuck in an iframe. The js code mostly just does time detection and places the iframe on the site.
So even if you can audit and fix the js code you're running, you're still including content served straight from someone else's machine.
When we did this similar thing for sopa blackout (https://github.com/sirpengi/sopablackout), our widget was entirely self-contained (and under 200 LOC). And if you didn't trust our server you could host it entirely yourself.
>You're right. Raising awareness is a waste of time
Raising awareness to what end? Things get done by doing, not by talking about doing. What you are doing is raising awareness about raising awareness. Your endgame is for everyone to be aware that nobody is protecting their freedom of speech. Your efforts are to keep a conversation alive, not the freedoms that the conversation is about.
Raising awareness is only the goal when what you really want is to be included in a conversation in order to identify with a social circle.
Raising awareness is a side effect of when you be an example by doing what you believe in.
Doing requires critical mass. One person picketing outside the NSA HQ won't do jack shit. In order to achieve critical mass, enough people need to be aware a problem exists in the first place.
This issue needs to be battled legally, politically, socially (protest), and privately (apps that encrypt everything). Because the NSA spying is so pervasive and the general populace is so apathetic, we need to push on all fronts to make any difference at all.
Something that battles on the political front ("call your reps") is far from useless. It both makes people aware of the issue (or reminds them that, hey, it's still going on) and puts political pressure on reps to fix it (or at least support it less).
I appreciate your point of view, but you can't "do" alone. You need others to stand with you, and that's where "talking" comes in.
>One person picketing outside the NSA HQ won't do jack shit.
Seven billion people picketing outside of the NSA HQ won't do jack shit either, except that nobody will be doing anything interesting enough to warrant being spied on by the NSA. Picketing is not what I am talking about.
However, one person using technology that respects their privacy does do jack shit. It respects their privacy.
>This issue needs to be battled legally, politically, socially (protest), and privately (apps that encrypt everything).
Not really.
If an animal's relationship to me is that it wants to eat me, and if I don't want it to, then I protect myself from being eaten by it by making it impossible for it to eat me. I don't take it to court. I don't talk to a politician about it. I don't rally in public with others who similarly would prefer to not get eaten. I do the thing I need to do to protect my interests and the interest of those around me.
The NSA's relationship to me is to invade my privacy. Preventing them from doing that, by using technology responsibly, is sufficient. Even if we could cause the NSA to disband through social means, we wouldn't stop using SSL. Our predator wouldn't be the NSA in that case, it would be a script kiddie. And then we would have to protest the script kiddies. I hope you can see how absurd of a solution this looks.
People who don't want to get sick from germs do not protest germs. They wash their hands.
>I appreciate your point of view, but you can't "do" alone.
Thomas and I (with help from a few others) have been working pretty solid for the last 10 days or so to get this banner ready, and wanted to get it out with plenty of time before 02/11. We realize there are a few cross-browser quirks and some of our code is messy, but it works, and any issues will be ironed out between now and February 11th. You can embed the code starting now without worry.
In the meanwhile, if anyone wants to submit pull requests to fix any issues they see, that'd be wonderful. We'll clean up the code and fix any outstanding issues in the meanwhile.
In case you missed it, this is a follow up to The Day We Fight Back campaign [1]. The site itself will also be updated on the day.
[1] https://news.ycombinator.com/item?id=7037532
Edit: If you work at a medium or large tech company and care about this issue, please take a moment to start a conversation internally about joining the day of action on the 11th. It can be adding the banner, or something else entirely. It's likely you'll find quite a bit of support amongst other employees. While we've reached out to the policy arms of some larger companies, we're pretty constrained on resources, and many of them are interested but hesitant. Engineers often have a lot of say in what actually happens; if you care, speak up.