Re: [Social-discuss] On Data Privacy

[Max Shinn]

>> This leads one to question the scope of GNU Social.  Just because
>> Facebook
>> provides something doesn't mean GNU Social MUST have it.  For instance,
>> personal messaging.  If you want to send private personal messages, use
>> email and GPG; DON'T send that information through a web service so that
>> your data can sit on who knows what server.  Encrypting that information
>> before sending it through the server, and making the user download it
>> before decrypting ruins the whole point of going through GNU Social in
>> the
>> first place.
>>
> *** I don't understand why encrypting the information before sending
> it, and decrypting it after having received it would "ruin the whole
> point of going through GNU Social", can you explain that part?

Encrypting it on your own computer with gpg or similar and then sending it
to the recipient can be done through email much more easily.  Doing this
with GNU Social would also mandate that either both people have to be
familiar with and regular users of gpg, or that a desktop client exists. 
A frontend to pgp would be more effective than a desktop client.

> AFAIK, there's no reason why server to server (S2S) shouldn't be
> encrypted.  XMPP does it, PSYC does it.  If users also use encryption,
> then everybody's happy, except marketing companies who want to scan
> your data to extract patterns out of it.

S2S encryption is good.  I don't know what I was thinking when I suggested
otherwise.

>> So for those who just skimmed the the message, what I want to say is
>> that
>> the expectation of privacy we set should be no greater than that of
>> Facebook.  The most advanced level of privacy that can possibly be given
>> by a web service is that MOST of your data will be private; in other
>> words, a rudimentary "we'll do our best" followed by a firm handshake.
>>
> *** Then is it related to *web service*?
>
> If  you're an American willing to keep your date secret, MOST should
> be enough.  But if you're a journalist in Iraq or Indonesia, MOST can
> kill you.  It's not enough.
>
> So, the question might be: what and who do you want to protect?  Is
> GNU Social destined to be used in a hostile environment or in
> Disneyland?  FWIW, I've been told that the Internet is a hostile
> environment

If you are a journalist in Iraq or Indonesia, GNU Social is probably not
the tool for you.  Just as important as deciding what needs to be done is
deciding what DOESN'T need to be done.  So much personal information will
be put into this system that we need to be aware that complete privacy is
impossible, and that we shouldn't strive for it.  Many people are
suggesting that a huge benefit of GNU Social would be enhanced privacy,
and I am arguing otherwise.  If the scope of development is too huge,
nothing will ever get accomplished.  GNU Hurd is a wonderful example of
this concept.  So while I'm not saying we shouldn't think about privacy, I
just want to suggest that attempting to reach the impossible goal of
complete privacy, or even that of privacy significantly better than that
of Facebook, is a waste of time.


-- 
Max Shinn
Free Software Foundation Volunteer
Email: address@hidden
Freenode: trombonechamp
GNU Generation: http://fsf.org/gnugeneration