[Freedombox-discuss] Relationship driven privacy

Fri Jul 8 04:50:34 UTC 2011

Hi Mike and Everybody

> Friendika was mentioned in this thread but in a different 
> context, so I wanted to point out what we do for profile 
> personas. There may be some ideas you can use. It's a 
> distributed system, but has multiple profiles. 
> You can tailor any profile for any person or group of people.
> 
> There is a default public profile. You can make this as 
> sparse as you wish. Maybe just your name and what country you live in.
> 
> Then you can add richer information specifically for 
> different friends or groups. Some people might be able to see 
> your email address. Others might be able to see your hobbies. 
> Bu rather than control visibility of individual profile 
> fields, you can instead build complete profiles specific to 
> any audience - and have completely different contents in any 
> of the fields - if you wish. To the ladies you can be a jet 
> pilot, while your co-workers will see the truth. You can also 
> clone any existing profile if you only want to change one 
> thing for a particular audience but leave the rest the same.
> 
> We make these available to individuals due to DFRN's 
> authentication scheme. It's a dual-authenticated PKI exchange 
> which establishes the identity of both sides of the 
> communication stream - and in the case of profiles can then 
> issue a browser cookie giving you a 'visitor id', which gives 
> you certain rights on the remote system. You can post to your 
> contact's profile wall and leave comments there, you can view 
> private photos, and you can be assigned a profile specific to you.
> 
> (No other distributed social service has these abilities that 
> I'm aware
> of.)
> 
> There are no password challenges between sites. No OAuth 
> crap. All the visitor does is click on a profile link, and 
> they are taken to the correct profile that they are allowed 
> to see. Any failures in authentication take them to the 
> default profile.
> 
> It's a pretty slick system.

Thanks for pointing out the flexibility of Profiles. I liked the way
Friendika links profiles to an account and then you link a profile to a
contact at connection time. You have full control of your personal
identifible data - Fantastic. 

Using a social network service again reminded me of a pet peeve of mine. All
social networks have a friend decide whether to publish me in their friends
list. At connection time, I should be allowed to opt-in to having my name
published by a friend - it is my identity after all.

I was also reminded about what I consider a major privacy flaw in all social
networks. When you post to your wall you are posting to friends of your
friends - you have no control over who sees your message on a friends wall.
Most of the time, my partner uses the FaceBook messaging system (email)
because it's the only safe way of making sure that messages aren't leaked by
friends of friends. This means social networks are a great way of connecting
people, but they are not very effective at communicating with people because
even if you separate messages through relationship-based groups as soon as
you post to a wall all that work can fall apart. 

I think the solution is that we need a more social email interface than
trying to fix the wall model. Basically, you have the Wall/Stream UI with
content coming into you like your email inbox. In a sidebar you would have a
list of Groups/Contacts (no Outlook folders/apps). You (the user) filter the
content received (no more throwing over the wall), like you do with your
email inbox and you forward the content by dropping it on a contact or
group. When you click on a contact/Group you will see all their
messages/content. Click reply to a message and it will go to that
contact/Group. 

Another wish of mine, would be that for each profile you can define your
messages/content maximum degree of separation from you. For example, if I
define 1 degree of separation for my friends profile, then all my messages
can be sent to my friends, but my friends would not be able to forward it to
their friends without getting an error message saying you cannot forward the
message. If you have 2 degrees of separation then a "friend of a friend"
would not be allowed to forward the message to their friends. This would
prevent message/content leaks. Of course, this could be circumvented, but
that would be a deliberate act rather than an accident which I think happens
too often with the Facebook Wall Model.

What do people think? Is this a reflection of the FreedomBox Model or do you
think my privacy wishes are a step too far? Do you have any other ideas for
FreedomBox privacy models?  