Submitted by “A few months back, four geeky college students, living on pizza in a computer lab downtown on Mercer Street, decided to build a social network that wouldn’t force people to surrender their privacy to a big business. It would take three or four months to write the code, and they would need a few thousand dollars each to live on. They gave themselves 39 days to raise $10,000, using an online site, Kickstarter, that helps creative people find support.” They call the project Diaspora and have managed to raise $100K in just 20 days.
Collective pissing in a bucket.
If you don’t want stuff to become known, DON’T SHOUT THEM OFF A DIGITAL SOAPBOX.
This is not hard.
Thom, I think you’d be amazed at how many people simply do not grasp this concept. For example, there’s been a lot of complaints about identity theft on Twitter lately. However, these fcuking morons are dumb enough to put their personal info up in a tweet, knowing full well that anyone can read it! How stupid can they get? That’s like putting a sign on your back saying “Hello, my credit card number is xxxx, please rob me!”
The simplest things, it seems, are the hardest for this new generation of social network idiots to grasp. If we get much more people like this, the criminals won’t need malware to steal people’s private data, they’ll just be able to ask for it and these morons will give it to them!
People already deteriorated to such levels that criminals can just ask for information and get it, it is called phishing.
No need to do Phising or Pharming anymore, just use a bot to scrape the information freely—Facebook are certainly happy to give it all away and continually let more out without users being aware.
In other words, Social engineering.
Cory Doctorow, who can’t be accused of not being tech-savvy enough, has been phished, and wrote a nice article on it and why it is not only a question of “being dumb” against “being intelligent”:
http://www.locusmag.com/Perspectives/2010/05/cory-doctorow-persiste…
He fell for a simple clasic phish trick, he was being stupid.
People thing that the only people that ever would bother to read thier page would be thier friends which for the most part is true.. untill you add in employers and thieves ….
I think the idea these guys have is great security by defaut only your friends read your stuff
The problem is that Facebook moves the line of privacy, whether with your consent (in a very, very obfuscated way), or just plainly without it, for business (“but trust us!”).
This article and its hyperlinks make a nice summary of the fubar-book :
http://www.downloadsquad.com/2010/05/13/farewell-to-facebook-at-lea…
The New York Times article points that users have now to go through 170 settings to set their privacy options. No, there are no general settings: you have to go through all 170 of them. And Facebook’s 2010 privacy policy is longer than the US Constitution, with 5830 words, complemented by a 45000 words FAQ. *headbang*
…all of which can be solved by treating Facebook (or any website) as if they had no privacy policy at all.
That’s how I do it. I am quite protective about my personal and social life, and as such, I don’t put it on my Facebook account, just as I wouldn’t tell it to any other random person.
Exactly. If you don’t want something known … then don’t post it. If you don’t want people to see pics of you in bad situations … then don’t post them. If you don’t want “random stranger on the Internet” to know where you are and what you are doing … then don’t post it.
Just because you can … doesn’t mean you should.
However, on the flip side, it’s very annoying that you can take the time to set all the different privacy options, configure a bunch of groups with different access levels, take your time to assign people to groups, and still end up with the wrong people seeing things they shouldn’t.
This also assumes that people who know you are just as protective of your private information as you are.
Excellent point. The whole friends-of-friends thing is horribly managed (or even understood by most). And anything we make available to friends, they can download, print, forward, etc to anyone.
Yup. Just as in real life.
Do you need a privacy policy in real life?
Wouldn’t that be fun to enforce.
It’s not quite as simple as that. If a friend fills in some dumb quiz, whoever owns the application can pull off all the information it wants from the players profile, and all his friends too. A lot of people don’t realise this.
I agree with you that you should just not put any information on there you are not comfortable sharing. The only winning move is not to play.
If you don’t want people to see pics of you in bad situations … then don’t post them.
There is just one little snag. What about “friends” who have these pictures of you and post them like they post everything else: with full abandon?
It’s easy to say that you shouldn’t be doing “stupid stuff”, but sometimes it’s also abut context. E.g. I’m in a picture holding an alcoholic beverage and laughing hard. Am I a candidate for the A.A. or am I just enjoying my one drink and laughing at a joke? It all depends on how you want to (ab)use the information in the picture to suit your agenda.
Facebook is a threat, even if people are careful.
That’s also very true. No matter how careful you may be, there are a lot of cell phone cameras out there.
Be nice if the world were that simple wouldn’t it? Unfortunately, that ain’t really the whole issue at hand. Facebook is becoming infamous for cases where you think you’re sharing information with a specific set of individuals but it ends up in other hands due to bugs, shady policy changes, or deceptive wording
I do not think it is unreasonable to want a system that allows easy communication among ones friends without announcing everything to the world. I should be able to send a photo album to my friends (and let them all see each other’s comments on the photos) over the internet without wondering who else is going to look at it (excepting, of course, that those friends can show it to anyone else). Currently there is no easy way to do this without running my own server, which is not a viable solution for most users.
Expecting privacy out of current social networks is silly. Expecting privacy out of a hypothetical well-made social network designed with privacy in mind is not.
This is basically the same idea Ive had before. Ive even written a short summery of how I would solve it in Swedish. So if there is any swedish-speaking people here they can read this post.
http://forum.abstraction.se/viewtopic.php?f=42&t=9&p=112
Not the same. Diaspora is fully decentralised, meaning you won’t have to accept any web site, only your friends. This is important because once [evil company|mark zuckerberg] has access to your information, what does it matter if the data is hosted on your server? Cache is a harsh mistress.
Diaspora is looking awesome and I really hope they can make this. They probably won’t, but hey, we’re all idealists.
Edited 2010-05-14 02:08 UTC
Ah yes you are right. It was not exactly the same thing.
I’m no Facebook user. I’m most concerned about what I don’t have control over and that’s friends and relos putting up stuff about me on there own pages. Do I have to carry around disclaimer forms every time I get in a photo or have a conversation with them? What’s this all coming too seriously?
I was working on something similar a while ago. The project is called Peerscape.
Peerscape homepage:
http://www.peerscape.org/
Diaspora comment in Peerscape discussion group:
http://tinyurl.com/diaspora-vs-peerscape
Interesting.
But those guys have something that all the other FB alternatives don’t have:
– Eben Moglens strong vision
– Funding to code for months full time
– a lot of free news/marketing all over the world
And I personally like the vision and the name. “Are you on Facebook?” “No, I joined Diaspora” It is fairly international, although I guess too linked to jewish history to be accepted in some cultures, but as long as they built on open standards wherever possible it might work./
I will certainly look at the Rails code once they release it and install it on my server and I guess so will a lot of hardcore geeks. So it might get a following with coders and then everything is possible. They just need a little traction. Once there is a autoupdating Diaspora-distro for little arm boxes that are dead simple and cheap people might buy them. (That is obviously years down the line)
Interesting project. I like the idea of a peer-to-peer system like Peerscape as it does not require users to run their own servers. Most people do not have computers they keep on 24/7 (except home routers, which don’t quite count), so that would discourage users from controlling their own information. A peer-to-peer approach would be better as it would mean that when a user’s computer was off, they could still have a presence on the social network through their friends computers (for a user with enough friends, at least one of them will have a computer on at any given time, if only because they have a couple friends that leave their computers on 24/7).
That was my main issue with the Diaspora concept as I have seen it described so far: there is a server-to-server network with friend relations, but those friend relations do not get used to maintain extra copies of information (those would be encrypted copies, of course).
If you don’t want people to have your personal information, don’t give it out. This has been the golden rule for ages, however when a computer asks for information people seem to loose any sense and want to put everything out in the open.
And of course arguments that you need social networking to enjoy life is not true, but people tend to give in to peer pressure a little too easy.
Wow. They wanted to raise $10,000 in 40 days or so. As of this post, people have put in $135,760 and it still has 18 days to go. They had better be able to put something good together for 1350% more than what they were shooting for.
Edited 2010-05-14 15:28 UTC
I raised your score one point. This fact alone shows that people are feeling increasingly uneasy with the privacy policies of Facebook and other social networks to the point that they’re willing to donate money to a bunch of unknowns that came out of nowhere with an idea.
Someone pointed out in another article that something like Opera Unite could work on this scenario sans the constant security vulnerabilities on their implementation. However, one still needs to have his/her computer turned on all the time to make it work and hence it might not be such a good idea as far as the availability of the data is concerned.
That’s why I think that eventually this solution will end up on end users routers and similar networking gear where having the appliance turned on and connected to the net all the time – something with really low power consumption (think ARM) – would not hit the monthly bills too hard and in fact be quite desirable. Imagine a turn-key solution where you buy the appliance on major retailers, take it home, turn it on, answer a few questions to set it up and then start adding family accounts. It would be a hit!
Of course, the decentralized nature of the entire thing would leave open the possibilities of a bad connection and some such spoiling the party but being decentralized never stopped popular P2P protocols like Gnutella and BitTorrent and I imagine that it would be serviceable here as well.
The centralized networks will always have its appeal to those that cannot afford something like I suggested above – because their bandwidth is capped, etc. – or that simply do not care at all about their privacy (most teenagers nowadays are COMPLETELY IDIOTS!) but if something like that gains some momentum, it would provide a feasible way out for the rest of us with privacy concerns.
Edited 2010-05-14 16:08 UTC
I have been a member of Facebook twice already, but I haven’t used any real personal data: not my real photo, not my real name…
Then I inform my “real” friends of my actual identity.
Man, a lot of people here are being curtly dismissive of this project.
Bottom line, this project is for people who…
1) Use social networks (if you don’t, you probably lack the perspective necessary to make a valid, half-sentence criticism of this project).
2) Have concerns over the management of those networks.
and 3) Would appreciate the ability to manage it themselves; to make choices that favor the user.
Yeah, I get it, OSNews, that’s just how we roll here. This project isn’t about making “the Internets” secure; it’s about shifting the controlling power back to the consumer. They should cancel the project because it can’t do the impossible, then they should give their $100k in funding (which they got for being non-magical) to… oh, me.
I’ll use the funding to implement magic. Promise.
We have been doing exactly this in our open source project called Hubbub (http://hubbub.at) for months, and nobody ever cared. We have working code and active users. Sorry I’ve been posting this elsewhere but I’m getting a little frustrated that suddenly Diaspora – who don’t have much to show for yet – are treated like the coolest thing since sliced bread when other, similar projects have fallen on completely deaf ears. Why is that?
Udo, don’t take this the wrong way, but Diaspora just has its 5 seconds of fame in the geek world. It will fade like so many other good ideas in to oblivion.
Social networks are valuable because of the people in it. Not because it has superior technology, or good end user terms, or anything else.
Hubbub, Diaspora, Jabber, Ekiga etc. all suffer the same defect. In the grand scheme of things, nobody uses it (except a smidge of hardcore geeks). What use is cool communications technology if nobody you care about uses it? To communicate you need at least two to tango.
I love empowering technologies, yet I still actively keep a Passport account. The people I want to talk to are all on MSN Messenger. The people I might want to know tidbits about are on Facebook. The people I might want to voip with are on Skype.
Thanks for the cool technology, but since no one I care about uses it (nor wants to), it is useless to me. The short and sad summary…
I’m quite disappointed they chose the AGPL for their project. I understand why they think it makes sense, but I don’t think it should even be considered a Free Software or Open Source license (yes, even if the FSF and the OSI think otherwise, which officially means it is).
The GPL, version 2, at least and other copyleft licenses also have a “viral” nature, in that they restrict the licenses you can use to distribute derivative works, but that’s fine, because the aim of copyleft is to use IP legislation against the use of IP legislation itself. If you are not interested in using IP legislation against others, just in running, modifying and distributing (or not!) the code, then the GPL does not restrict your freedom at all.
The AGPL, in contrast, by trying to close the alleged ASP “loop-hole” is in fact destroying the logical consistency of the FOSS concept and diluting its meaning.
I think the main mistake is to consider that users of a web-based service are users of the software that runs on the server. They are not; the user of the server software is the owner of the server, and the clients are users of the online service. You can’t protect the users’ rights if you are not clear about who is the user of what.
You might as well say the customers of a pizza place which uses a copylefted DBMS for its pizza database are users of the DBMS, so the fact they can’t force the pizza place to release any modifications to the source code of the DBMS, or even the pizza database itself, is some kind of “loop-hole” in the copyleft concept.
If you go down that road, the only way to modify a copyleft software and keep those modifications private is to abstain from providing any kind of professional service based on that software, ie to keep it amateur or internal. But one of the main points of FOSS is that no distinction is made between personal and professional use, that is, both are users and both should have the freedom to use the code as they see fit.
The GPL (v2) and other copyleft licenses are trying to build a sample of what a world without IP legislation would look like. What the AGPL wants to achieve would be impossible without some kind of IP legislation.
Wannabe Geek, you are looking at this from a proprietary viewpoint.
It’s my server, it is my code on the server, you (as end user) are merely using (renting) my server and my software.
Richard Stalman started the Free Software movement because a printer manufacturer prohibited him from modifying a buggy driver. In essence Free Software is about elevating end users to the same level as developers rights-wise. You treat end users with respect or they will use your own intellectual work to smack you over the head.
The whole Open Source services model is just a justification to put an “open” label on essentially closed software. An end user of a non-AGPL “open” service is no better off than with EULA licensed software. Whatever code is released, there is no requirement that it is the same stuff that is running on the server. At a whim the proprietor can change the rules on the end user. An end user of such a service is powerless, since there is no threat of forking.
The AGPL may suck for the Google’s, the Yahoo’s and any other “I don’t want the remotest risk of competition” types, but for a mere end-user it is a lever to ensure they at least have some power over what terms a service provider can put upon them.
On the other hand, anyone is free to start a proprietary web-service and everyone is free to accept or reject it. It would be nice though not to try and tack “Open” or “Free” to it for marketing purposes when it is clearly a closed outfit.
I’m not particularly interested in defending Google and other web services providers. What I’m interested, as I said, is in the logical consistency of the concept. The software running on Google’s servers is not closed, it’s simply unreleased, private software. That’s not just a nuance, it makes all the difference.
To begin with, it means Google is the end user of the software, not the people who connect to Google. Being the end user is perfectly compatible with being a big corporation, it has nothing to do with how much money you have. If Google is the end user, it’s Google’s rights you should have in mind when you discuss how much freedom a license gives to the end user.
But you may wonder, if Google can call itself an end user of the software, is not this a fatal flaw of the FOSS concept, one that must be fixed immediately? Well, no, because the problems caused by IP legislation, as described by FSF and others, do not apply to web services.
You, the web service user, are not forced to abstain from “helping your neighbor”, because you don’t have anything you may be tempted to share with them.
Much more importantly, I think, is the fact that you, as a developer, are free to imitate whatever interesting behavior a web service may provide. They can’t accuse you of copying their software if they did not release it.
In discussions about IP you can often hear the phrase “why don’t you just write your own code and let other people’s code alone”. Yes, except that there’s always the risk that other people may think your code looks too similar to theirs, and then you have a problem. This is only getting more interesting with software patents. That’s why I find “shared source” licenses to be more harmful than traditional, no source, proprietary licenses. That’s why I think the main concern of Free Software advocates should be software patents, and not at all web services as such.
Now you may say Google (or similar) can get a patent for some one-click nonsense and hit you with that, without even releasing the code. I don’t know whether they can do that, but if they do, the issue is again that they are using patent law against you, not that they are web services providers who simply refuse to release their private software.
I was glad to have a chance to briefly discuss this point with Stallman when he visited Vigo, my home town. I don’t have the video of the conference right now, but my impression is that he agrees web services, while a big concern for the FSF, is not something to be lumped together with copyrights and patents.
By the way, I should add I still think Diaspora looks like a very nice project, I wish them the best and I don’t blame them for picking a license so often regarded as best for that kind of FOSS project. I just don’t agree with that widely held opinion.