[Social-discuss] On Data Privacy

[Max Shinn]

I have been following this list since the beginning, and so much time has
been spent talking about privacy.  Some of the discussion has gotten to
the stage where it could be called unrealistic.  The more theoretically
complex a system becomes, the less time is spent on the rest of the
platform.  So maybe it is time to look at GNU Social as what it really is
instead of as a spherical cow in a vacuum.

Once data is made digital, there is no controlling it, especially when it
is put online.  Security exploits in GNU Social WILL occur, but they are
only the beginning.  Running individual instances on personally owned and
managed hardware certainly helps the problem, but it will never solve it. 
The more individually-run servers that exist, in general, the less secure
they will be.  Running them on a hosting company or any other host for
that matter will make them more secure, but it sends the user back to
stage one: putting their data on someone else's server, just like
Facebook.  That hosting company will be able to take down or manipulate
the data on a dime.

So, really, only seasoned users who run their own professional hosting, or
those who know one of these people, will have their information 100%
private.  Right?  Not quite.  If one server is exploited, my how easy it
would be to exploit another server that "trusts" that server, or at the
very least, gain access to private information of other people on other
servers.  Giving a user on a different server access to a piece of
information also gives the server operator access to that information.

In addition, unless encryption is used between servers, ISPs can snoop on
data as it is being transfered.  The stipulations of privacy keep adding
up.  Technical solutions may help a bit here or there, but in all reality,
the only way to prevent private information from becoming public is to not
post it online.

This leads one to question the scope of GNU Social.  Just because Facebook
provides something doesn't mean GNU Social MUST have it.  For instance,
personal messaging.  If you want to send private personal messages, use
email and GPG; DON'T send that information through a web service so that
your data can sit on who knows what server.  Encrypting that information
before sending it through the server, and making the user download it
before decrypting ruins the whole point of going through GNU Social in the
first place.

So for those who just skimmed the the message, what I want to say is that
the expectation of privacy we set should be no greater than that of
Facebook.  The most advanced level of privacy that can possibly be given
by a web service is that MOST of your data will be private; in other
words, a rudimentary "we'll do our best" followed by a firm handshake.

-- 
Max Shinn
Free Software Foundation Volunteer
Email: address@hidden
Freenode: trombonechamp
GNU Generation: http://fsf.org/gnugeneration