af83

Diaspora seems poorly thought out

I love the idea of killing off all of the Facebooks. Getting to a real Open, Distributed, Social web. And the Diaspora guys have their hearts in the right place, but they are going about this all wrong.

It's cool that they've coded a nice Ruby on Rails application, using mongodb, relying on some of the "stack" like WebFinger. Really cool. But in order for this to mean anything real thought must go into the "Privacy aware" stuff.

I see no documentation, no explanation of how they consider to go about this; what I do see are some very dangerous assumptions. Some are coming from a somewhat naive approach to the matter, most come from the lack of communication with others. You don't do something like this in a garage, you do it over mailing lists.

I am really not sure they understand the core concepts of digital identity: Identification, authentication, authorization are separate concepts, and an implementation that wants to be "privacy aware" and decentralized must separate those.

Most importantly, in a distributed world you must consider how much information leakage is caused by discovery and negotiation phases between systems. The protocols are not documented, so hard to say but it seems to me no thought was put into this. Crypto is not some secret sauce you add and it makes everything private. On the contrary you might very well expose through your public key signature a GUID. And exposing GUIDs is really bad for privacy.

This can of course be fixed as this is an open source project.

As the protocol for adding friends is not exchanging information does not seem to be documented anywhere. This is the anchor point and I see no discussion on this.

What I do see are some quite horrible design decisions (though I do really need to study this more), documentation would have helped:

Most importantly there seems to be a great amount of information leakage towards http://joindiaspora.com

so after a very short reading of the code and playing with a local install, some initial thoughts..

Why would a "Privacy Aware" social network ask by default: email, username, name, firstname and password. All of these can and should be optional. The only assumption needed is that the user has some control over a url that represents him.

Again, "Validation failed: Email has already been taken" why does the email need to be unique. Confirming an email exists on a "Privacy Aware" system is very important information leakage.

Why do we need :

guid = profile.links.select{|x| x.rel == 'http://joindiaspora.com/guid'}.first.href

and:

 profile.links.select{|x| x.rel == 'http://joindiaspora.com/seed_location'}.first.href

Again, as long as I don't fully understand the underlying protocol it is hard to know what are the true properties of Diaspora. And I can just hope the community will help the guys to make out of this something that can jumpstart the distributed/open/private social web.

more trolling on http://leavediaspora.com

blog comments powered by Disqus