[Freedombox-discuss] Friendica Red

[Russell Edwards]

On 2012-09-19 08:25, Bob Mottram wrote:
> I've been running Friendica on a plug server now
> for two years with very few issues - even on the cutting edge
> repository version rather than the stable versions.  It does the job,
> and I keep the logs.

You keep the logs of what happens on /your/ site. But every time you 
comment in a context hosted on another node (wall-to-wall, community, 
"private" messages etc.), you must consider, where will this be stored? 
On someone's shared hosting account where the hosting provider is 
required by law to keep all logs and hand them over to government upon 
demand? On a node that is making commercial use of your data? Both? 
(Red's solution to the latter is to make the user the customer, but 
surely that doesn't stop the commercial host from making the user the 
product at the same time.) We can't necessarily trust personal 
home-hosted nodes, either, but at least they a) generally have greater 
legal privacy protection and b) individually represent low-value targets 
for snooping.

> IMHO the most practical approach is going to be the fully
> decentralized/federated personal home server scenario.  I'm an
> existence proof that it can work, and that you can run your own 
> social
> network system for extended periods of time and keep the logs

But as long as you are communicating with others who are on a handful 
of centralised servers along with hoards of others (high value target 
with no privacy protection), then that's not true. And unless public 
servers are banned or designed out of the system (for example by 
incorporating the server within the client - p2p) their usage and 
concentration will surely only expand if/when Friendica's mainstream 
take-up expands. There is virtually nothing stopping it becoming another 
Facebook. Users didn't jump on a 100% centralised commercial service 
because they had no alternative. They did it because it was convenient 
and easy and everyone else was on it. There is no reason why they 
wouldn't do the same thing with public Friendica servers, because the 
payoff for /not/ doing this is insufficient: even if you avoid public 
server for your own wall, owing to the fact that other people are using 
them, your privacy is still compromised. So why bother? (Or, for that 
matter, why even bother switching from Facebook to Friendica?) It's a 
tragedy of the commons scenario caused by faulty design and policy.

(I would also like to know how one user's use of Facebook connectors 
affects the privacy of other users - similar considerations might apply 
there.)

> The barrier to entry with regard to setting up a
> server is still too high.  It's still not completely plug and play,
> though hopefully Freedombox will fix that.

Yes it will - so there is no need for adopting a compromised system. 
Once it's compromised with public nodes, no amount of wishful thinking 
will make them go away, for the reasons outlined above. Better to start 
with an uncompromising system from the outset. Yes there is a bigger 
hurdle for users, perhaps even when they are on a FreedomBox, but there 
is also the incentive of an immediate payoff with real privacy that 
Friendica cannot offer.


> On 18.09.2012 22:48, Russell Edwards wrote:
>> I would rather see FreedomBox come out with no social networking 
>> than
>> an imperfect solution.
>
>
> I think that's not a very pragmatic approach to technology.  If you
> wait for a system to be perfect before using it then you will be
> waiting indefinitely.  Systems don't improve by magic.  They need
> users, user feedback and bug reports.

For software that just needs bugfixing, fine. But what's needed here is 
a fundamental shift in policy and/or design. Ban public nodes or design 
a system that doesn't use them. The former is not within the influence 
of the FreedomBox project. The latter means adopting or creating 
something other than Friendica.

Russell