For the last five years, EFF has greeted the holiday season by publishing a list of things we'd like to see happen in the coming year. Sometimes these are actions we'd like to see taken by companies, and sometimes our wishes are aimed at governments, but we also include actions everyday people can take to advance our digital civil liberties. This year has seen a few victories, including the fact that more and more websites are using HTTPS by default and using Let's Encrypt (and our Certbot client for it), but there's always more to do. In 2017, we're narrowing our focus to technology companies and challenging them to step up and protect their users in what's likely to be a difficult year.

Here are some of the things EFF would like to see technology companies do in 2017:

Google should make it possible for users to enable 2-factor authentication without having to give the company their phone number, however briefly.

Twitter should turn off the ability to reset your password over SMS when users enable 2-factor authentication.

Twitter should enable end-to-end encrypted direct messages.

Apple should enable some form of out-of-band verification for iMessage and Facetime.

W3C members should back our call to protect accessibility, security research, and innovation in DRM standardization.

Google should stop mining the data they collect from students using Chromebooks for advertising.

Facebook should stop making itself an arbiter of "authentic names" and allow people to use whatever name they want on their account.

WhatsApp should continue to allow users to opt out of data-sharing with their parent company, Facebook. Currently, the opt-out deadline has passed and new WhatsApp accounts do not have the option of opting out of data-sharing at all.

We'll be keeping track of these companies over the year to see which of these wishes come true, so stay tuned. This blog post is part of a campaign asking the technology community to defend users and digital rights.