friendica
/
dir
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Decentralized Network Clarification #45

New Issue
Closed
opened 2018-04-26 06:28:58 +02:00 by g-monk · 4 comments
g-monk commented 2018-04-26 06:28:58 +02:00 (Migrated from github.com)
Copy Link

Hello respected developers. In the wake of the #DeleteFacebook movement I have recently tried Friendica and I have loved it. I want to get word of it out, but because it’s not a widely used platform, I am wanting to attract attention to it through a video I want to do. Though I wanted to clarify somethings before I write my script for my video.

In the remaining body of the message, I have tried to defend a decentralized network and what I understand of how it work. I am not super tech savvy in terms of running a server and coding, but from a general point of view here is what my friend and my conversation was about. I hope that after reading this, if there are corrections or things I have missed, become clarified by you and that you can help. The video will be basic and covering how to sign up, how Friendica works and some cool features you can turn on. I will post the link when it’s ready to be viewed and will gladly appreciate subscribers as well. I hope you can help me out.

One of my friends said there is no way to hide on earth and I told him that, Decentralized Software is your gateway and privacy ceases to exist through through open source software. I told him about Friendica and hopefully I said the following few things right.

“Friendi.ca for example is a Facebook that’s decentralized, your in control of your data and the day you delete your account your forgotten by the system”.

He questioned that if it really is decentralized and I said, “Think of it as getting a Facebook without Zuckerberg monitoring your data. No fake news, no nothing. It’s just a platform where you express yourself and you can even chose who to share your views with.”

He then said, “Nothing is safe”

To counter it, I said, “Decentralized Servers - in order to run a decentralized network - have that code installed and set up that people can’t change it, Inly do upgrades to the software. So if I set up a Friendica server, I can’t see who signed up. I can only see that a share (file) of your name exists and I can’t touch it or access it, it’s untouchable. Plus new upgrades have to be maintained else the server owner gets marked off the list. Open source in that way is a blessing and even more the government can’t force Open Source people to be exposed bc more likely - a lot of people would be exposed and that’s to risky enough to start Privacy wars.”

He then later asked, “Is there even any privacy on fb?”, to which I responded, “Not really. Your best options for privacy is decentralized tools. I’m sure they can access every transcript of a person, I talked to. While they can deny it at the moment, but let a complaint be filed of misdemeanor by someone saying something bad- and they will pluck those chat logs like it was an easy game.”

  • this is the end of our conversation, but please correct anything wrong I might have said and share with me how this works so I can further educate my friends about it.

Thank you.

Hello respected developers. In the wake of the #DeleteFacebook movement I have recently tried Friendica and I have loved it. I want to get word of it out, but because it’s not a widely used platform, I am wanting to attract attention to it through a video I want to do. Though I wanted to clarify somethings before I write my script for my video. In the remaining body of the message, I have tried to defend a decentralized network and what I understand of how it work. I am not super tech savvy in terms of running a server and coding, but from a general point of view here is what my friend and my conversation was about. I hope that after reading this, if there are corrections or things I have missed, become clarified by you and that you can help. The video will be basic and covering how to sign up, how Friendica works and some cool features you can turn on. I will post the link when it’s ready to be viewed and will gladly appreciate subscribers as well. I hope you can help me out. One of my friends said there is no way to hide on earth and I told him that, Decentralized Software is your gateway and privacy ceases to exist through through open source software. I told him about Friendica and hopefully I said the following few things right. “Friendi.ca for example is a Facebook that’s decentralized, your in control of your data and the day you delete your account your forgotten by the system”. He questioned that if it really is decentralized and I said, “Think of it as getting a Facebook without Zuckerberg monitoring your data. No fake news, no nothing. It’s just a platform where you express yourself and you can even chose who to share your views with.” He then said, “Nothing is safe” To counter it, I said, “Decentralized Servers - in order to run a decentralized network - have that code installed and set up that people can’t change it, Inly do upgrades to the software. So if I set up a Friendica server, I can’t see who signed up. I can only see that a share (file) of your name exists and I can’t touch it or access it, it’s untouchable. Plus new upgrades have to be maintained else the server owner gets marked off the list. Open source in that way is a blessing and even more the government can’t force Open Source people to be exposed bc more likely - a lot of people would be exposed and that’s to risky enough to start Privacy wars.” He then later asked, “Is there even any privacy on fb?”, to which I responded, “Not really. Your best options for privacy is decentralized tools. I’m sure they can access every transcript of a person, I talked to. While they can deny it at the moment, but let a complaint be filed of misdemeanor by someone saying something bad- and they will pluck those chat logs like it was an easy game.” - this is the end of our conversation, but please correct anything wrong I might have said and share with me how this works so I can further educate my friends about it. Thank you.
👍 1
MrPetovan commented 2018-04-26 10:50:56 +02:00 (Migrated from github.com)
Copy Link

Hi @g-monk and thanks for your feedback.

Here are the true points about privacy on decentralized servers:

  • Data aggregation is harder because the data is spread over thousands of servers.
  • What data servers collect is transparently available through open source code review. However it doesn't prevent some servers to run a shady private fork, and their users could be at risk of larger data collection.
  • If you signed up on someone else's server, they can read your private messages.
  • If you're exchanging privately with someone on a different server, your messages are sent to the other server, where the admin can read them as well.
  • Multiple server versions co-exist, upgrade is recommended but not mandatory to be able to communicate with newer servers.
  • Deleting your account indeed physically removes all your data on the server you signed up to, and send deletion notices to any server you've had a contact on, but there's no way to know your data has been removed from remote servers as well. This is especially true for public posts that may have been relayed to servers you never had a contact on.
  • Fake news still can spread on decentralized social networks, but they can't be sponsored to appear on anyone's timeline. Virality is limited as content takes time to propagate from a single server to the rest of the network, according to users' connections and post relaying.

I hope I covered all the points you and your friends mentioned.

What your friend said was right though: there's no absolute way to hide on the Internet, but it highly depends on who you're trying to hide from. Decentralized social networks aren't a silver bullet, you still are dependent on your ISP, your server admin (if you don't self-host) and your government. Don't do illegal things on Friendica.

Hi @g-monk and thanks for your feedback. Here are the true points about privacy on decentralized servers: - Data aggregation is harder because the data is spread over thousands of servers. - What data servers collect is transparently available through open source code review. However it doesn't prevent some servers to run a shady private fork, and their users could be at risk of larger data collection. - If you signed up on someone else's server, they can read your private messages. - If you're exchanging privately with someone on a different server, your messages are sent to the other server, where the admin can read them as well. - Multiple server versions co-exist, upgrade is recommended but not mandatory to be able to communicate with newer servers. - Deleting your account indeed physically removes all your data on the server you signed up to, and send deletion notices to any server you've had a contact on, but there's no way to know your data has been removed from remote servers as well. This is especially true for public posts that may have been relayed to servers you never had a contact on. - Fake news still can spread on decentralized social networks, but they can't be sponsored to appear on anyone's timeline. Virality is limited as content takes time to propagate from a single server to the rest of the network, according to users' connections and post relaying. I hope I covered all the points you and your friends mentioned. What your friend said was right though: there's no absolute way to hide on the Internet, but it highly depends on who you're trying to hide from. Decentralized social networks aren't a silver bullet, you still are dependent on your ISP, your server admin (if you don't self-host) and your government. Don't do illegal things on Friendica.
❤️ 2
g-monk commented 2018-04-27 07:04:19 +02:00 (Migrated from github.com)
Copy Link

@MrPetovan the reason I’m trying to promote it was I thought that Friendica, had privacy to messages and that messages couldn’t be read. I really thought unlike Facebook’s scandal, Friendica would be different in the sense that messages would be on servers but inaccessible to the people who own them. However I was wondering if I could run a server, how much would it cost, what would I need to run on one and if I could change the code to make it possible to implement a private protocol.

If I think it’s feasible I might setup one, but I’m going to need help getting it running.

I thought decentralized networks don’t care about your pics posted and what you do or whom you chat with, as its inaccessible data to them. The way I look at it is- Would someone feel comfortable proposing to someone knowing that a third person is reading the messages, or even fighting about some useless project grade or anything like that? However it sounds like we are back to square one, as it’s the same case with Facebook - or am I wrong?

I personally would like it where when data when deleted is permanently gone from all places it could be, messages as well because I believe that privacy is a huge thing and that one shouldn’t have prying eyes on conversations between friends. These could go from friendly to heated arguments or worse, but the admin of the server should be involved when there is something serious. Unless there is a category filter - where friends you chat with are classified as family, friends and other and then alerts trigger if something wrong goes on like inappropriate things posted or a non-monitor filter is implemented.

I personally though don’t want any prying eyes on any of my chats, because I feel my privacy would be invaded and I would then be vulnerable. However I would love to create using the source code something where everything is encrypted and private - that it’s inaccessible to me, but my server can delete the users when they decide to delete their profile.

Also I was wondering about the fake news part- what I understand is that anyone can post an article or something rumored, but unlike Facebook you won’t see it on your dashboard.

At the moment the solution is see is to have your friends all sign up on the same server you sign up, so whether you delete or they delete their accounts- the data should then be deleted. Perhaps people signing up can chose what they want to share and limit to certain pods, rather than posting everything public. My understanding is that if posts made are shared to designated friends or pods then they should be deleted from the servers, as they have not been spread publicly. Correct me if I’m wrong on that.

Also I was wondering how could you detect a shady fork?

Also do all these rules also apply to Diaspora and GNU Social, or would they supposedly have different rules?

While it’s true that there is no way to hide on the internet, I believe that decentralized networks or decentralized approaches help reduce one’s internet print and keep him/her in low profile.

@MrPetovan the reason I’m trying to promote it was I thought that Friendica, had privacy to messages and that messages couldn’t be read. I really thought unlike Facebook’s scandal, Friendica would be different in the sense that messages would be on servers but inaccessible to the people who own them. However I was wondering if I could run a server, how much would it cost, what would I need to run on one and if I could change the code to make it possible to implement a private protocol. If I think it’s feasible I might setup one, but I’m going to need help getting it running. I thought decentralized networks don’t care about your pics posted and what you do or whom you chat with, as its inaccessible data to them. The way I look at it is- Would someone feel comfortable proposing to someone knowing that a third person is reading the messages, or even fighting about some useless project grade or anything like that? However it sounds like we are back to square one, as it’s the same case with Facebook - or am I wrong? I personally would like it where when data when deleted is permanently gone from all places it could be, messages as well because I believe that privacy is a huge thing and that one shouldn’t have prying eyes on conversations between friends. These could go from friendly to heated arguments or worse, but the admin of the server should be involved when there is something serious. Unless there is a category filter - where friends you chat with are classified as family, friends and other and then alerts trigger if something wrong goes on like inappropriate things posted or a non-monitor filter is implemented. I personally though don’t want any prying eyes on any of my chats, because I feel my privacy would be invaded and I would then be vulnerable. However I would love to create using the source code something where everything is encrypted and private - that it’s inaccessible to me, but my server can delete the users when they decide to delete their profile. Also I was wondering about the fake news part- what I understand is that anyone can post an article or something rumored, but unlike Facebook you won’t see it on your dashboard. At the moment the solution is see is to have your friends all sign up on the same server you sign up, so whether you delete or they delete their accounts- the data should then be deleted. Perhaps people signing up can chose what they want to share and limit to certain pods, rather than posting everything public. My understanding is that if posts made are shared to designated friends or pods then they should be deleted from the servers, as they have not been spread publicly. Correct me if I’m wrong on that. Also I was wondering how could you detect a shady fork? Also do all these rules also apply to Diaspora and GNU Social, or would they supposedly have different rules? While it’s true that there is no way to hide on the internet, I believe that decentralized networks or decentralized approaches help reduce one’s internet print and keep him/her in low profile.
MrPetovan commented 2018-04-27 14:32:01 +02:00 (Migrated from github.com)
Copy Link

More privacy bullet points:

  • Admin not able to read their users' messages is called end-to-end encryption. For it to work, users must be able to generate and keep a secret piece of information (a private key) from the admin. This private key is used to decrypt their messages right when they reach them in their client application, while the server would just be sending the encrypted message, oblivious to what it may contain. This can't easily work with Friendica because there's no separate client software users could keep their private key on. The client and the server are in the same place, which means that even if you had a private key, it would be stored right next to your encrypted messages, and it would be only marginally harder to read them for your admin.
  • If you want end-to-end encryption, I suggest you use secure messaging systems like Signal or Tox where the privacy was thought out from the start.
  • It is possible to offer a somewhat constrained mode where one-to-one received messages could be encrypted and the private key could be stored on the Friendica server, itself encrypted by the user's plaintext password, the only piece of information Friendica admin don't have direct access to in the database. But this has a number of drawbacks I invite you to read about in the dedicated issue I submitted: https://github.com/friendica/friendica/issues/4841
  • Knowing that the admin of any node you would sign up to would read your messages, the only solution to increase your privacy on Friendica is to run a server yourself.
  • Yes, you can run a server, and it would cost you about US$10-20 depending on the hosting company, or the hardware if you self-host at home.
  • No, decentralized social networks aren't on par with Facebook, even when you realize that your node admin can read your private messages. Like you said, it is about reducing our own Internet footprint. For example, Friendica servers where you don't directly interact with their users will never have knowledge you ever sent private messages. They may know your existence through your public posts, but if their users aren't directly concerned by your private messages, then they wont even know you wrote any. This is different from Facebook where a single company has complete knowledge over what every single user does on their platform.
  • There is no monitoring tool on Friendica at the moment and I don't think there should be any. We might add manual moderation tools but there will be no plan for an automated monitoring system with alert triggers.
  • In the same vein about fake news, there's no automated timeline filter. You receive everything your contacts posted, and if they happen to post a fake news story, you receive it as well. You can manually remove it from your timeline, or remove the contact who sent it to you, or even block them. But Friendica doesn't discriminate on the content.
  • On Friendica you have a fine-grained control over who you want to send your messages to. You can't chose which remote server you want to restrict but you can make contact groups and restrict your post to groups or individual users. If all the users concerned by a post are on the same server as you, then no message will be sent to any other Friendica server.
  • Additionally, if you run your own server, you can choose to close it off to any other Friendica server so that no users can communicate with any remote server
  • We can't detect a shady fork. A shady fork would present itself as a regular fork to other servers, except the internals could have been changed.
  • I'm not sure what rules you are referring to regarding Diaspora and GNU Social?
More privacy bullet points: - Admin not able to read their users' messages is called end-to-end encryption. For it to work, users must be able to generate and keep a secret piece of information (a private key) from the admin. This private key is used to decrypt their messages right when they reach them in their client application, while the server would just be sending the encrypted message, oblivious to what it may contain. This can't easily work with Friendica because there's no separate client software users could keep their private key on. The client and the server are in the same place, which means that even if you had a private key, it would be stored right next to your encrypted messages, and it would be only marginally harder to read them for your admin. - If you want end-to-end encryption, I suggest you use secure messaging systems like Signal or Tox where the privacy was thought out from the start. - It is possible to offer a somewhat constrained mode where one-to-one received messages could be encrypted and the private key could be stored on the Friendica server, itself encrypted by the user's plaintext password, the only piece of information Friendica admin don't have direct access to in the database. But this has a number of drawbacks I invite you to read about in the dedicated issue I submitted: https://github.com/friendica/friendica/issues/4841 - Knowing that the admin of any node you would sign up to would read your messages, the only solution to increase your privacy on Friendica is to run a server yourself. - Yes, you can run a server, and it would cost you about US$10-20 depending on the hosting company, or the hardware if you self-host at home. - No, decentralized social networks aren't on par with Facebook, even when you realize that your node admin can read your private messages. Like you said, it is about reducing our own Internet footprint. For example, Friendica servers where you don't directly interact with their users will never have knowledge you ever sent private messages. They may know your existence through your public posts, but if their users aren't directly concerned by your private messages, then they wont even know you wrote any. This is different from Facebook where a single company has complete knowledge over what every single user does on their platform. - There is no monitoring tool on Friendica at the moment and I don't think there should be any. We might add manual moderation tools but there will be no plan for an automated monitoring system with alert triggers. - In the same vein about fake news, there's no automated timeline filter. You receive everything your contacts posted, and if they happen to post a fake news story, you receive it as well. You can manually remove it from your timeline, or remove the contact who sent it to you, or even block them. But Friendica doesn't discriminate on the content. - On Friendica you have a fine-grained control over who you want to send your messages to. You can't chose which remote server you want to restrict but you can make contact groups and restrict your post to groups or individual users. If all the users concerned by a post are on the same server as you, then no message will be sent to any other Friendica server. - Additionally, if you run your own server, you can choose to close it off to any other Friendica server so that no users can communicate with any remote server - We can't detect a shady fork. A shady fork would present itself as a regular fork to other servers, except the internals could have been changed. - I'm not sure what rules you are referring to regarding Diaspora and GNU Social?
MrPetovan commented 2018-11-12 06:06:44 +01:00 (Migrated from github.com)
Copy Link

Closed for lack of activity, please open a new issue at https://github.com/friendica/friendica/issues if you want to bring up the topic again.

Closed for lack of activity, please open a new issue at https://github.com/friendica/friendica/issues if you want to bring up the topic again.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
3.3.2
3.3.1
psr4-example
3.3
3.3-RC
3.2
3.1
3.01
3.0
2.39
2.38
2.37
2.36
2.35
2.34
2.33
2.32
2.3
2.3beta2
2.3beta1
2.21
2.2
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
invalid

   
question

   
wontfix
No Label
bug
duplicate
enhancement
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: friendica/dir#45
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?