Loomio
Wed 17 Jul 2013 8:34AM

DiasporaHQ account and intrusion

F Flaburgan Public Seen by 83

Note: this is now a problem for any account set as the default account for the podmin (see #4278)

We just faced a terrible fail:
* a new user: "hi I'm new here"
* DiasporaHQ account: "you should post this in public to discover people"
* new user "If it wasn't a public post and you're not in any of my aspects how did you know about my post?"
* DHQ "This account is automatically added to the aspects of every new user, which is why I was able to see your post."
* new user "Okay that means it's time to close my account. I was hoping for an alternative to Google+ but this clearly isn't it. #creepy #omnipotentoverlords Thanks!"

And the account is now closed, no way to contact him to explain ourselves.

But that's a really good point: the user did not add manually the diasporaHQ account, and by default, the visibility of posts is "all aspect", so by default the diasporaHQ account has access to every post of the network.

It is "normal" for people registered on joindiaspora (messages are not encrypted in the database so accessible to the podmin anyway) but it's a big problem for people from other pods. (this user was on jd but this doesn't change anything)

I think the simplest solution to that is to make DiasporaHQ sharing with the new user instead of making the new user sharing with diasporaHQ. By doing that, DiasporaHQ will not have access to any limited post of the users, but the users will still see the post of DiasporaHQ in there stream (don't they?).

We should solve this issue quickly!

SVB

Steffen van Bergerem Wed 17 Jul 2013 10:42AM

Sounds good. I think the account of the pod maintainer (in this case DiasporaHQ) should automatically be in the Community Spotlight so new users will receive updates about their pod.

G

goob Wed 17 Jul 2013 10:48AM

Hi Fla,

You raise a good point, but I see a few problems with the solution you propose:

  1. Users wouldn't see posts from DHQ in their streams unless they were following DHQ (or unless the post happened to use a tag they were following). For them to see all public posts from DHQ, they have to be sharing with that account, not the other way around.
  2. When I first started helping to administer the DHQ account, I noticed some performance issues which appeared to be caused by the 1515 accounts in the 'Followers' aspect. These were accounts auto-added when the pod was first set up. If they were causing issues, imagine that multiplied hundreds of times. I suspect that account would become very unwieldy and difficult to operate.
  3. It is actually useful for new people to be sharing with DHQ (assuming the account is being actively administered) for another reason: they can post a limited post asking for help. They couldn't do that if they weren't sharing with DHQ. I also see several posts each day from new users saying 'Hi everyone, I'm #newhere' in a limited post. DHQ is probably the only account able to see those posts, as they've only just signed up, so I'm able to inform them that their post was limited and advise that if they want a welcome and to connect to people, to make their post public. Many of them say thanks, that they didn't realise, and if DHQ couldn't see their posts, they would continue to think they were being ignored.
  4. What would happen to the hundreds of thousands of accounts which have already been created? How would you make DHQ start sharing with all of them?

I think a better solution would be to tell people that they are auto-sharing with DHQ, so that they can stop sharing if they want. This can be done in two ways:

  1. Make better user guides so people can RTFM when they start(!)
  2. Add a splash pane to the 'Getting started' process, telling people: 'Diaspora HQ will be added to your Acquaintances aspect so that we can keep you up to date with important announcements and also so that we can try to help if you encounter problems. If you would prefer not to share with Diaspora HQ, uncheck this box.' That way no one gets any nasty surprises.

Does that sound desirable and workable?

ST

Sean Tilley Thu 18 Jul 2013 6:08AM

I agree with Goob. I think if just a simple disclaimer were put at registration, users would at least be better informed as to what's going on.

G

goob Fri 19 Jul 2013 1:59PM

Do we need to take a vote on this or shall I just open an issue in Github?

TM

Taylor McLeod Sat 20 Jul 2013 4:34AM

Goob, I agree, as a temporary fix. In the longer run ~1 or 2 year timeline, we should definitely deal with this in a holistic structural design overhaul though.

You have my support, though I guess decisions should be more democratic to create more ownership by all. Maybe make a quick poll with only 2 days to respond?

F

Flaburgan Fri 16 Aug 2013 7:44AM

I still think follow the diasporaHQ account should be opt-in. Currently, diasporaHQ has access to every posts posted in "All my aspect", for all the network! Beside, I'm sure there are many people who are annoying by the diasporaHQ posts, which will be received because reshared by many people anyway.

So in my opinion, in the registration page, there should be a checkbox, by default unchecked, saying "Do you want to follow diasporaHQ, to know the actualities of the project?"