Loomio
Mon 29 Aug 2016

Push feature relinquinshing control over data

HP
Hypolite Petovan Public Seen by 400

Hi everyone,

I joined the Diaspora* community a few weeks ago and I'm sure this topic already has been discussed but I couldn't find anything using the Loomio search feature. Feel free to slap my hand if I overlooked an older thread.

According to its homepage, the Diaspora* project promises privacy and data ownership. However, I found that the content replication between pods is going against both those concepts.

The concept I like the most about Diaspora* is that if you don't trust any podmin with your private data you can be your own podmin. However, the push feature sends my private message to each pod whose user I'm chatting with privately, exposing their content to their respective podmins I did explicitly not trust when I set up my own pod. I appreciate that not all podmins can read all my private messages, but isn't one remote podmin forced trust enough to endanger the Privacy and Data Ownership concept of Diaspora*?

I'm not that thick however, and I figure this is a tradeoff whose extreme is technically extremely costly, but I was wondering if it bothered, even lightly like for me, anyone else? Coming from Facebook where every employee could potentially pry my otherwise innocuous private messages open, it still feels like an improvement, but I can't help but wonder if Diaspora* could have reasonably gone all the way. I totally get the push feature for public content, but as a podmin, even a tiny one, I'd feel uneasy hosting the private messages of people on remote pods just because one of my users started a private conversation with them.

What do you think?

M

muppeth Mon 29 Aug 2016

I don't understand how this could be done otherwise. If you dont want to share your private conversations with other pods, you need to either not send them, convince people you msg with to switch pod.

unless i dont understand what exactly you mean, but you cant have conversation with people on different pods without pushing and pulling those conversation between each account .

G

goob Mon 29 Aug 2016

Diaspora allows you privacy. If you host your own pod and only share messages with aspects whose members are either on your pod or on other pods whose owners you know to be trustworthy, you have a measure of privacy and data ownership. If you delete messages or comments, they should be deleted (almost) immediately from remote pods. Public messages can of course end up on any pod, but then privacy is contrary to public posting, so it's not a consideration there.

As I understand it (from previous discussions of this issue) pushing in this way, with remote pods storing local copies of remote messages, is the only way to have a functional network. Pulling every message and comment from the respective pods every time a user refreshed a stream would push bandwidth way above the resources of most pods, and the response time would be unacceptable to most users. The same is apparently true of encryption of data on pods (see comment here from one of the core devs in answer to my proposal for this). In order to have a responsive network, there has to be some element of trust - but you can, if it's important to you, choose to which pods your messages are sent by using aspects as above.

It's not by any means a foolproof system. If you feel the wording of the text you quoted is misleading, please suggest how it can be improved. This disparity between that text and the reality has been pointed out before, and we're always open to improvements.

M

muppeth Mon 29 Aug 2016

Goob thanks for your answer. I totally misunderstood what Hypolite Petovan meant. Now everything is clear, and i agree with you goob. The overhead specially on tiny pods would be way beyond resources.

HP

Hypolite Petovan Mon 29 Aug 2016

Thanks guys for your answers. I completely get the technical part, but I'm wondering how it should translate in the Diaspora* marketing. I can't imagine something along the lines of "you own your data unless you start interacting with other pods, in that case fat chance", but this is what technically is happening. I'm slightly exaggerating because I personally have no reason to distrust any podmin, but it could happen.

on other pods whose owners you know to be trustworthy

That's the key issue, you can't know every podmin that may have a look at your semi-private/private content, and as far as I know you can't blacklist individual pods. I'm not saying we should enable that, but it just feels like the "you own your data" tagline is somewhat inaccurate.

In the end, it just reinforces my feeling that you shouldn't post anything on Internet that you wouldn't want to be public, and I somehow feel like Diaspora* should be more clear about it instead of boasting Privacy and Data ownership even though they aren't technically guaranteed.

G

goob Mon 29 Aug 2016

We should definitely look at rewording the text on the project site. I wrote a lot of it, about three years ago, and I'm not happy with much of it. I also don't fully understand many of the technical issues, so even though the text was reviewed by people who do understand the technical side, there are probably many parts of the project site that can be improved.

I'll direct you to the Github repo for the project website where you can report any issues (they can also of course be discussed here).

HP

Hypolite Petovan Tue 30 Aug 2016