[Freedombox-discuss] Friendica Red

Wed Sep 19 09:12:57 UTC 2012

On 19.09.2012 04:38, Russell Edwards wrote:
> You keep the logs of what happens on /your/ site. But every time you
> comment in a context hosted on another node (wall-to-wall, community,
> "private" messages etc.), you must consider, where will this be
> stored?

Obviously, I can control what happens on my own server but I have no 
control over what other people do with theirs.  That's always going to 
be potentially an issue with any system, and the only solution is to 
choose your friends carefully, and remove any who seem to have been 
inactive or who have moved their accounts.

> We can't necessarily trust personal
> home-hosted nodes, either, but at least they a) generally have 
> greater
> legal privacy protection and b) individually represent low-value
> targets for snooping.

I don't know about the Facebook connector, since I don't use it myself, 
but the main point is that use of home servers spoils the dragnet 
surveillance business model by rendering it uneconomical.  An adversary 
intent on the bulk collection of dossiers/timelines for commercial 
and/or political gain would have to compromise each box separately, 
whereas with a centralized Facebook-like system it's just a matter of 
someone at the company running an SQL query.

> But as long as you are communicating with others who are on a handful
> of centralised servers along with hoards of others (high value target
> with no privacy protection), then that's not true. And unless public
> servers are banned or designed out of the system (for example by
> incorporating the server within the client - p2p) their usage and
> concentration will surely only expand if/when Friendica's mainstream
> take-up expands. There is virtually nothing stopping it becoming
> another Facebook.

Friendica in its current form is unlikely to become another Facebook in 
terms of centralization.  It was written for federation, and I don't 
think it scales very well.  Red perhaps might be though.

> Users didn't jump on a 100% centralised commercial
> service because they had no alternative. They did it because it was
> convenient and easy and everyone else was on it. There is no reason
> why they wouldn't do the same thing with public Friendica servers,
> because the payoff for /not/ doing this is insufficient: even if you
> avoid public server for your own wall, owing to the fact that other
> people are using them, your privacy is still compromised. So why
> bother? (Or, for that matter, why even bother switching from Facebook
> to Friendica?) It's a tragedy of the commons scenario caused by 
> faulty
> design and policy.

This is fairly easily resolved.  Under Admin/Site (only available to 
the node administrator) enter some allowed friend domains if you want to 
restrict friends to a whitelist of known nodes, check "block public" to 
ensure that public posts are only viewable if users are logged in, check 
"private posts by default" and "only allow Friendica contacts".