I agree. Let's do something. But what? Physical protests? Projects created in protest? New tools that can actually do something to make a difference, e.g. meshnets, anonymization & encryption software, email clients with GPG support built in? Participating in existing projects to do the same?
And by the way, here's my idea I've been throwing around. It's just an idea and I'm not sure if it would even work or be worthwhile, but:
A decentralized personal information protocol. Instead of joining a social network or other online service and putting all your personal information into their database, you run your own server (either truly on your own server if you want the most privacy or through a hosting service for this protocol if you want ease of setup) that contains a certain set of information which services can request (but you must authorize, like with OAuth). Information generated within those services is then saved to your server rather than their own. Thus if you cancel your account, you have sole control of the data. If they don't allow you to cancel your account, you can just revoke their access to your server.
Problems:
- Trust: You can't trust everyone to not save their own copies of the data themselves. Perhaps this could be semi-solved by having a machine readable license agreement for your data that the services agree to by connecting to it, giving you the ability to sue if they violate those terms.
- Performance: Presumably there would be performance issues in something like a highly-interconnected social network if each person's data is on its own server. Some servers would be more reliable than others, too, leading to instability for the greater service using the data.
- Public exposure: If the services using your data are, for example, Facebook-like in nature, where a large amount of the data is publicly displayed anyway, there is nothing stopping anyone from scraping it off the public-facing webpage and archiving it.
I wonder if the same things that worked in Europe could be used in the US. Over here, we have a nascent network of professional activists (EDRI, DigiGes, laquadraturedunet) that monitor critical developments and coordinate the hacking, the public relations, the interactions with politicians and the feet on the ground. Having something like this is essential to be able to harness the public outrage fast enough to make a difference.
For instance, this network campaigned for a long time against ACTA, but not much was happening. Then all of a sudden there were mass protests in Poland (btw. thanks guys!) which, together with protests in other countries, helped the network to get heard by the people that matter in EU politics. This is how ACTA was killed.
From my perspective, it seems as if the US has some organizations that could help in this, if they would coordinate. I'm skeptical, however, if the way in which the US tech scene is organized might not be detrimental to the overall effort. To many people in it for the next big thing, to few people doing blinkenlights.
Some people have started doing things. See:
https://optin.stopwatching.us
https://call.stopwatching.us
http://www.restorethefourth.net
And if you have browsed New on HN for the past few weeks, you will have seen many hobby projects on the subject which received little to no upvotes.
But I agree, let's keep it up and do something.