1 Companies that sell software... better have all code open sourced (not same as free) or should be labelled "NOT TO BE TRUSTED".
No way to tell whether the provided source code matches the provided firmware
Code (including scripts and updates) is then compiled locally and before first execution hash checked automatically against non-centralized database (p2p technology similar to bitcoin block chain)
1) binary code will vary depending on the specific architecture, optimizations, and libraries during compilation. 2) a hash can be falsified as easily as a binary.
3. All hardware sold with precise technical diagrams... or should be labelled "NOT TO BE TRUSTED"
At least an order of magnitude less effective than open source, and we've seen that even "important" OSS like openssl can go decades without independent code review.
4. All encryption always on client side.
Quite sensible, although I suspect that people will rapidly become frustrated when they forget their pass phrase, or lose their private key, and 5 years of family snapshots disappear. Or when grandma dies, taking access to her archive of family history with her.
5. Get rid of centralized authorities for security (looking at you SSL) Centralized servers have big fat sign that say "NOT TO BE TRUSTED". P2P.
Because you'd rather trust 1000 amateurs to secure all of their systems than one professional to secure his server?
7. Shaming lists on NGOs (applause to EFF). Any politician that votes for mass surveillance or doesn't adhere to above principles. put on NGO lists as "HUMAN RIGHTS VIOLATORS"
Yeah, ranks right up there with executing journalists and kidnapping babies. Among the most certain ways to get people to ignore you is to blow your cause completely out of proportion. If you use the same words to describe digital surveillance as other people use to describe the Khmer Rouge or Stalin, then people are going to think you're a nutcase.