You can friend others by using their user@system address. Like t...@tom.joindiaspora.com. though, this doesn't seem to work properly on my system, I think its due to my own issue of some sort.
I would be interested to know how if its possible to link two systems as you describe. It seems to make more sense that way.
You can friend others by using their user@system address. Like t...@tom.joindiaspora.com. though, this doesn't seem to work properly on my system, I think its due to my own issue of some sort.
I would be interested to know how if its possible to link two systems as you describe. It seems to make more sense that way.
The point is not that everyone runs their own seeds, but that anyone CAN
run their own seeds if they so choose. They can also change seeds at any
time and take all of their data with them.
If I move my data from s...@joindiaspora.com to sa...@acmeco.com anyone
who is friends with me will still be friends with me and will still know
that I am who I claim to be (via my public key).
Best,
Sam
--
Sam Whited
s...@samwhited.com
404.492.6008
Georgia Institute of Technology
Mechanical Engineering Undergraduate
swh...@gatech.edu
I don't get why this is such a problem. Can't people just tell each
other their Diaspora handle using email, phone, word of mouth, or any of
the other ways people already communicate? It seems to me that this is
only a problem if you're expecting Diaspora to replace all these other
forms of communication, but this is never going to be the case and nor
should it.
Search is definitely a good idea, but it's not a problem. The feature
will be created eventually, probably using one of the general methods
which are being discussed in this group.
Best,
Sam
--
What?
> On Sep 17, 9:33 pm, Tristan Sloughter <tristan.slough...@gmail.com>
> wrote:
>> Is there any explanation anywhere about how this all is suppose to work?
>>
>> Users being connected to a server by user@server seems very bad.
Why, and what do you mean by "bad?" This is exactly how it should work
(it's exactly how your email works among other things).
--
Sam Whited
s...@samwhited.com
404.492.6008
Georgia Institute of Technology
Mechanical Engineering Undergraduate
It seems to me that we ought to find out if your suspicions are correct, as a priority. Any ideas as to how? I'm not a cryptography expert; I wouldn't know secure data transfer from semaphore...
Now, assuming that they haven't...
All the problems you talk about are solvable. I know, because Tor must have solved them, and if Tor didn't work, I think the stink would be all over the internet. It naively seems to me that if each pod has an encrypted db, and only talks to other pods that are certified by a public key, then that deals with most of it.
My concerns are at a more basic level. How do pods communicate? Is there a distributed hash network going on here, and if so, what is stored in it?
Well in the real world we use DNS resolution to trust who we are
connecting to. As you say... with facebook people know that
facebook.com is a trusted domain name, owned by facebook inc. We then
go on to trust that the page they are serving us is authentic and not
hacked. (which is rather the point where facebook security starts to
fall down, of course. teehee).
With diaspora is entirely likely that most users wont want to trust
any tom dick or harry with their data. We will still want to use the
trusted dns domain name model to connect to diaspora servers and
gateways which we trust.
Consider the distributed security concept adopted by TOR. We trust tor
GATEWAYS with entry and exit into the tor network. For establishing a
connection and an endpoint. Tor relay nodes (the links in the middle
of the chain) however can be hosted by anyone. All of the data
exchanged by tor relay nodes is completely anonymous and always
encrypted by an ssh tunnel.
Now. Transfer that same mentality to a different kind of networking
service like diasposa. You would have 2 kinds of diaspora seeds. One
kind are known and trusted authentication gateways. The other kind are
basically just anonymous distributed databases. That would be a secure
method of safely storing your profile data on any free (untrusted)
server. But still remaining in confidence for your login pages not
being phished by hackers / identity theives.
I dont really know how else you can set up a watertight security model
for diaspora. Can there possible be an easier way to do it? If so,
then great.
On Sat, Sep 18, 2010 at 10:58 AM, Michiel <dejong....@gmail.com> wrote:
> On Sep 18, 12:47 am, "shadowfirebird@gmail" <shadowfireb...@gmail.com>
> wrote:
>> That's a truly horrific thought, and one I've been avoiding. I've no experience at all with open source development, but I've certainly seen that scenario played out any number of times in the commercial programming world, and I've seen enough here to start feeling, um, that I ought to brace myself for a possible sinking feeling later on...
>>
>> It seems to me that we ought to find out if your suspicions are correct, as a priority. Any ideas as to how? I'm not a cryptography expert; I wouldn't know secure data transfer from semaphore...
>>
>
>
> It seems to me that the security is done the wrong way around in what
> I've understood so far, think about it. I have to trust the server
> that hosts my diaspora account. This means not only trusting the
> application (ref. http://www.theregister.co.uk/2010/09/16/diaspora_pre_alpha_landmines/),
> but also trusting the kind stranger where i currently have my account
> (in my case www.diasporahosting.eu). But there is a third security
> risk I think: say I send a private message to my friend. That friend
> hasn't done a lot of research on which diaspora seeds are run by
> people who know what they're doing, and he happens to have his
> diaspora account on a server owned by whatever phishing mafia, who
> access his private data, and through that, all the photo albums of all
> the victim's friends. Instead of having to trust just facebook, I now
> have to trust each server on which at least one of my friends has
> their diaspora account. If people host in their homes, with amateur
> server hardening and monitoring, then this may become even worse.
As for your friends accounts being compromised well... thats an
inherent problem for any kind of social network that is like Facebook.
Theres just no way to get away from it. You either trust your friends
are smart enough to not compromise their passwords. Or otherwise
simply dont trust them. No watertight security model can ever stop
that from happening. And the issue probably has got absolutely nothing
to do with "amateur servers".
Therefore, you never can be sure what will happen with your data. But
Diaspora hopefully will give you more control. But on the other side, I
think, a good, nice, user-friendly social-network provider (not FB but a
non-commercial organization) theoretically could ensure a higher data
security.
A distributed network communicating over encrypted channels through a web of trust and storing data encryptedly goes a long way towards privacy.
I agree with this. The question isn't just about whether some seeds on a
network like this can potentially be abused by phishers or whoever
(there's no such thing as total security and they probably can), it's
about whether a distributed model of trust can give as good or better a
level of security across the whole network over a period of time. If
there are obvious exploits, then it's good that they should be designed
out where possible, but the question for me is whether a distributed
network can work well enough that I'm happy to trust it with my data. My
inclination is to say that it can.
At the moment people have the choice between putting their trust in
facebook or using other means like email to communicate over the
internet. If facebook breaks that trust (which it already has done in
various ways), then lots of people lose out but have nothing obvious to
do about it except leave the network. Whereas with diaspora if it
becomes obvious that a particular server is deliberately or accidentally
being abused, people do have something to do - they can move their
diaspora account to another host (and be more careful in the future
about making decisions like this). I think that over time, many people
trying to make informed choices about where to place their trust is
likely to produce better results than everybody pooling their trust with
a big organisation like facebook.