PRISM-Break List is dangerously misleading
A couple of days ago a web site popped up called prism-break.org supplying a list of software and services with the statement
"Opt out of PRISM, the NSA’s global data surveillance program. Stop reporting your online activities to the American government with these free alternatives to proprietary software."
There is a big Electronic Frontier Foundation (EFF) logo at the top which led myself and according to EFF's Parker Higgins many other people to believe this was an EFF web site. As such I wrote to EFF last night expressing my concerns that the site is dangerously misleading - EFF replied that they shared my concerns and explained it was not their site. So after a little more investigation I emailed the actual publisher of the web site, a person called Peng Zhong asking him to bring the web site down until they have fully investigated all the services and software they list on the site as it is dangerously misleading. Peng Zhong has failed to either respond to my email or bring the web site down so I will now explain why it is misleading.
The web site makes a bold claim that by using the software and services listed, people can avoid the NSA from accessing their data and communications - this is completely false and as stated above, dangerously misleading. The web site lists a number of services and software provided by companies based in the United States - all US entities (whether they be global foundations like Mozilla, Tor exit node operators, non-profits or global corporations) are vulnerable to orders under Foreign Intelligence Surveillance Act (FISA) or USA PATRIOT Act via orders issued by the Foreign Intelligence Surveillance Court (FISC) or National Security Letters (NSLs). It is also important to note that no matter what these organisations tell you, you cannot take it as guaranteed truth because under these legal orders they are almost always subject to a legal "gag" which can result in prison terms should they disclose they have received such orders.
However much we might love organisations such as Mozilla (and believe me I am a huge fan and know their lead privacy guy Alex Fowler, personally) to state that they are safe from NSA surveillance orders is simply not true. The same with DuckDuckGo, Wordpress and any other service which is either US owned or has servers in US datacentres - these services and technologies simply are not immune to surveillance and should never be listed as such.
I urge people to do their own research before using any of the services or technologies in the list on PRISM-break.org - please understand that if it has legal links to the US (even a US parent company) then it is vulnerable to US surveillance laws and is simply not safe.