Diaspora

visit the Diaspora Blog

short frontend overview video (german)

another short frontend overview video (german)

 * free software (AGPL)
 * written in Ruby on Rails
 * custom federation protocol in XML over HTTP
 * good layout
 * seems a little slow
 * interface to Facebook, Twitter, Status.net
 * does not provide end to end encryption (only for nerds willing to install a special client? 
    but how do they know the other side hasn't given its private key to its server as is the default behaviour?)

Privacy problems of Diaspora

<lynX> here's a very sweet diaspora ad some fan made:

       https://www.youtube.com/watch?v=_4mMSxWEnjU

he doesn't know he is telling several incorrect things:

 * diaspora puts the user back in control
   how? by using a network of servers that a lot of strangers control?

 * diaspora meets the highest security standards
   it provides TLS/HTTPS encryption between pods and a bit of extra crypto for 1:1 conversations, but everything is always unencrypted on servers. would be better if encryption was happening on the user's computer all the way to her friends' computers. in theory diaspora allows for end-to-end 1:1 encrypted messaging, but you have to install special software and it's pointless if you are the only one doing it. and why only for 1:1?

 * nobody can sell your social life
 * you don't have to fear anybody spying you
 * you are in control of everything
   these three claims are all incorrect for three reasons

   1. in all social softwares, even p2p distributed ones, you can't
   avoid making your data accessible to your friends, so if your
   friends suck they can spy on you and sell your data - only as
   much as you make them see, but that's already a lot. you are only
   in control of how much you give to whom.

   2. in the case of diaspora and other web-based systems it's worse:
   each administrator of your friends' pods has access to your data,
   can spy on you and sell information about you to third parties.

   3. it gets even worse if the admin of your own pod betrays you,
   because she has got the complete data of everything you ever did
   on her server, just like facebook has now.

so if you are going to use diaspora, use it only with your own pod and make sure you add nobody that doesn't run a pod as safe as you. hard to do, right? that's why we prefer a p2p approach which is like that by design.

(and i haven't even mentioned scalability in this text ;))

Discussion

• Regarding 1): No offense but that's not Diaspora's fault – that's a consequence of sharing things with friends in general. Ok on the Internet, there's a difference when it comes to spying on you or literally selling your data (which is machine-accessible and thus easy to "steal"). But a system where we can share information that can't be copied&pasted by the people we're sharing it with is impossible to achieve. Apart from that, I agree with 2) und 3). (Simon Hirscher)
  • <lynX> Yes, I'm not critizing Diaspora in that case, I am critizing the advertisement video which is promising unachievable magic.

Feedback from eckes (CCC/piratenpartei)

Diaspora is an example on how to do things even worse than Facebook:

 * even more (private) hosters with an interest in spying on people
 * no strategy for access control
 * no way to recall/cancel a message
 * no function to 'erase' data
 * in an even more decentralized data store

Michael Vogel adds:

 * extremely unreliable communication between pods (servers)

droi comments:

 * why, you can erase your data/message
 * its faster since some time
 * if you want : make your own "closed" network
 * to be spied on you have to host an open pod. On facebook, everybody can spy on you.

zoroithe:

 * eckes please quote source or something about lines 3 and 4