Last year, we published a holiday wishlist of concrete things we'd like to see happen for Internet freedom. We did receive a few of them over the course of the year—thanks! (Feel free to have a look back at the 2011 list if you're an Internet company looking for a good deed to do—we're still waiting on lots of items from last year.) One area of particular progress has been in HTTPS deployment; 2012 has been a particularly excellent year on that front, as more and more of the web has become encrypted by default.

This holiday season, we've continued the tradition and put together with a new wishlist.

  • Apple and its imitators should cease their restrictive and anti-competitive practices, and allow users of their platforms to choose to install alternative operating systems, arbitrary software, or alternative app stores, if they wish to do so.
  • Canonical should make remote searches in Ubuntu opt-in instead of opt-out.
  • Mobile phone operating systems should include strong, end-to-end1 secure crypto tools for protecting our communications.
  • Mobile phone hardware manufacturers should publish the source code to their low-level "baseband" firmware, so that users can have confidence that reported and unreported security vulnerabilities have been repaired.
  • Email providers should work toward the goal of making end-to-end encryption ubiquitous as a default for all users.
  • Silicon Valley companies should take a strong stance to fix the numerous problems with the software patent system that are slowing and interfering with technological progress.
  • Internet companies should promise—in their Terms of Service—to notify users when they get government requests for users' personal information.
  • Internet companies should also work to develop Terms of Service that do not reduce the amount of privacy protection that their users have against the government.
  • More companies should stand up for their users like Twitter and Riseup did this year.
  • Companies should support the creation of a meaningful Do Not Track standard and respect a browser's Do Not Track signal.
  • ISPs should update their Terms of Service to make clear that subscribers are permitted to run open wireless networks.
  • Hotels, cafés and other businesses should stop wrapping their free Internet connections in captive portals, which achieve little or nothing of any use, but interfere with Internet security and protocol innovation.
  • Companies that store personal information should make clear when data (like the content of e-mail messages) is actually permanently deleted from their servers after users have asked to delete it.
  • Companies like Yahoo! should make HTTPS security on their sites a priority (as we recently stressed in a letter). We're happy to hear Yahoo! is on its way, so we're excited for the moment when this dream comes true!
  • ISPs should promise never to terminate their customers under the Copyright Alert System ("Six Strikes") or anything like it and should reconsider their involvement in the flawed, backroom attempt to get around legal due process and fairness.
  • ICE should stop seizing domain names and answer Congress' questions.
  • No other states should try to pass unconstitutional laws like Washington's anti-trafficking law or try to block whole groups of people from speaking online anonymously, like California's Proposition 35 does.
  • The government—both state and federal—should take the fourth amendment seriously and get a search warrant when it wants to surveil people through any of the communications services they use, from their cell phones to their email providers to their cloud storage services. The fact that our "papers" are stored with others should not reduce the protection we enjoy in them.
  • Copyright and patent trolls should decide to do something more productive with their time—like innovating.
  • 1. End-to-end encryption means that the parties to the communication—not an intermediary like a phone company or e-mail provider—control the secret encryption keys that are used to protect the communication. In this case, a private message is wrapped inside encryption on one communicating party's device and only unwrapped by the other party's device, never by an intermediary.