Are we really protected?

266 views
Skip to first unread message

Carl Marley

unread,
May 18, 2012, 7:36:37 PM5/18/12
to diaspora-discuss
Facebook owns your data and sells it, while Diaspora offers an
alternative that allows you to be in control. Two things come to mind.

Firstly, if the pod owner breaches their privacy policy, can I take
them to court? Is it a legal offence? If yes, great. If no, it doesn't
seem that much better than Facebook. I'm blindly trusting that they're
one of the "good guys".

Secondly, let's say I'm running my own pod. I control my data. I'm
connected with friends on pod1, pod2, pod3, pod4, pod5, foo-pod and
bar-pod. I presume that if my friends on those pods can access my
personal data, so can the admin of those pods (via cache or whatever),
which means I have to trust not only my pod, but all the other pods
too. SSL doesn't stop an evil pod owner to harvest personal
information. It's likely that as Diaspora gains traction, there'll be
more than one evil pod out there.

Disclaimer: I don't claim to know what I'm talking about. It's
possible that I'm completely wrong about the above, which is why I'm
asking here. Love the project.

Stephan Schulz

unread,
May 19, 2012, 9:06:50 AM5/19/12
to diaspora...@googlegroups.com
You are right in theory. The design of Diaspora makes some pretty hard assumptions, one of them being the fact that users have to trust the pod their account is hosted on. This is comparable to e-mail, and as Diaspora allows everyone to host their own pod, this is not the problem in the first place. The thought behind it is that eventually everyone will host their own pods or at least know someone really trustworthy who is offering to host the account for them.

The problem now is that it's not easy for everyone to operate their own pods. Also the fact that webspace supporting ruby is scarce and expensive compared to other techniques like PHP for example.

The other thing that you mentioned is true as well. This is like a web of trust, you trust your friends and they again trust their pods what makes it similar to the problem discussed above. Again, it's similar to e-mail from that trust perspective!

This of course is not perfect, the design of Diaspora was made with focus on practicability, not perfect security and privacy.

Hope this could help,
Stephan

Kurt Padilla

unread,
May 19, 2012, 11:54:10 AM5/19/12
to diaspora...@googlegroups.com

Priv.ly offers, or promises to offer, a solution to this issue. Similarly, GnuPG is a solution to the issue with e-mail.

Kurt

Sent from my Android phone.

Paul Morris

unread,
Jun 10, 2012, 10:38:59 AM6/10/12
to diaspora...@googlegroups.com
Thanks for the pointer.  Priv.ly looks awesome, and a really innovative solution to this issue.

-Paul

Steven Hancock

unread,
Jun 11, 2012, 4:01:16 AM6/11/12
to diaspora-discuss
I can think of at least two places just off the top of my head where
you can host a small Diaspora pod (or practically any other Rails app)
at zero cost, it's definitely not any more expensive than hosting PHP
if you know where to look. One of them is even documented in the wiki
(Heroku), although there's an even easier way to host your pod there
and I'll probably be updating that wiki page as soon as I have the
time to deploy a new pod using heroku_san instead of doing all the
work by hand. :)

Heroku = Completely documented, zero cost unless you want to use your
own domain (in that case, I think it's $20/month for their SSL
offering) or need more than one dyno (for a small pod, single process
mode or "piggybacking" your Resque worker on the web dyno is fine).

CloudFoundry = Not documented, maybe I should write up a wiki page.
Zero cost unless you want to get a server and host your own cloud. Not
sure if you can use your own domain or if you're stuck with a
*.cloudfoundry.com subdomain.

Now if you're thinking of hosting on your own VPS or dedicated server,
multiple dynos on Heroku or something like EngineYard Cloud then
yeah.. it could get expensive.. although Slicehost (Rackspace) and
Linode both have VPS offerings in the $10-$20 a month range which
should have no problem running a small Diaspora pod, making it no more
expensive than all but the cheapest of shared PHP hosts. :)

Raven24

unread,
Jul 26, 2012, 1:05:39 PM7/26/12
to diaspora...@googlegroups.com


On Monday, July 23, 2012 7:08:20 PM UTC+2, BT wrote:
Generally these are questions (::looking for validation::): 
A pod (and therefore, the pod administrator) requests data on behave of a user and data is available based on what access that user has to the data?
Currently only a fraction of the data is actively requested. And the part of it which is, is public (e.g. webfinger).
The messages with varying access restrictions are sent in a push-fashion (like eMail), to only the recipient's pod, which saves the message in its database and handles access control amongst the users registered on it.
 
A pod (and pod admin) can only access data that one of it's users has access to?
Yes
 
Can it access that data whenever it wants, or only when that user requests the data (don't see how it could be restricted to requires the user be active... the admin can probably impersonal the user whenever...)
The data is saved in the pod's database in plain text, so the admin just has to look there, if he wants to see what the users are doing.


If those answers are generally yes (first two questions), then one can protect their data by 
1) using a pod (and admin) that the data owner trusts (perhaps self) and 
2) only friending those who are on pods that the owner trusts
(I'm not even sure if my concept of a user belonging to a pod is correct... )
Generally these observations are true.
The original idea is for every user to have his own private pod - for maximum privacy. But since most users aren't able or willing to set up a pod themselves (for varying reasons), a pod can also be home for many other users.
But that requires that you trust the pod owner/admin with your data, since everyone with physical/administrative access to a pod can also access all the user's data.

So yes, only sign up on a pod, where you trust the admin and
only share posts with the aspects (group of people) you really want to share them with.

and 'public' means "WORLD public" - potentially including google and others...

Hope that cleared up some questions,

- Florian

 

Thanks in advance,
-- BT

On Tuesday, June 12, 2012 5:46:34 PM UTC-7, jeremy wrote:


On Friday, May 18, 2012 7:36:37 PM UTC-4, Carl Marley wrote:
 

Secondly, let's say I'm running my own pod. I control my data. I'm
connected with friends on pod1, pod2, pod3, pod4, pod5, foo-pod and
bar-pod. I presume that if my friends on those pods can access my
personal data, so can the admin of those pods (via cache or whatever),
which means I have to trust not only my pod, but all the other pods
too. 

This is correct. The answer is that no, we are not protected. Unless you host your own pod and host all your followers too then you do not control your data. Along the same lines - if you are hosting yourself and your friends, your friends have to trust you with *their* data. I don't know that I'd want someone in my circle of friends hosting my private messages, which may relate to topics of interest to them that I'd prefer they not read. I don't want my podmin telling my ex-girlfriend what I said about her to another friend in a private message. I'd much sooner trust a soulless corporation that doesn't care a fig about my personal life, when it comes to that score.

Priv.ly looks very promising. I just read about it in this thread for the first time but I like what I've seen so far. While adoption may be a struggle, for those who really want privacy they probably will be able to get it no matter which network they are hosted on this way. There is probably no solution to this problem that is convenient enough for most people. Consider email: most people will never use GPG, will not host their own email server nor only host email with their friends.

I definitely think that there is a place for D*, even though we live in an imperfect world in which seamless encryption systems do not exist for data at rest. The developers have already stated some improvements in federation protocol; for example less actual copying/caching of data. Unfortunately there are tradeoffs: reliability, performance, privacy. Pick two.D* has to be usable and fast or it cannot get anywhere. The initial implementation of federation was disappointing from a privacy perspective but I understand why it was done and I will not say it has been wrong, but it must get better.

One final point. Even if federation doesn't pan out and the only useful/fun PODs are very large ones, as long as there is still the same functionality we have today at a minimum, then we will have more freedom and privacy in at least one important respect. Simply put, the Facebook terms of service would never, ever fly on a D* pod because people would have a choice. So we can worry about what a nefarious evil podmin might do - but those are the edge cases.

 Its a world of difference trusting a a big soulless corporation that has *promised* to exploit your data, compared to a relatively open and engaged company  that has promised not to. 
 

Brandon Trussell

unread,
Jul 26, 2012, 3:05:22 PM7/26/12
to diaspora...@googlegroups.com
You answered every question. Thanks for the reply!

-- 
BT

Reply all
Reply to author
Forward
0 new messages