Topics
- JavaScript
- Python
- Web Development
- iPhone
- Django
- Photography
- Travelling
- Architecture
- Speculation
- Communication
- Software
- Android
- Mobile Development
- Mozilla
- Diaspora
- Metrics
- Data Integration
- Security
- Node.JS
- Grouperfish
Personally, I see three major challenges that everyone passionate about the open internet needs to make up their mind about:
In the context of the Diaspora talk, I’ll focus on the third issue.
We need Diaspora because people need to be in control over with whom they share personal information. Every time Facebook sneaks in a new default that breaks privacy, we grudgingly change the settings again — and stay, not wanting to lose our friends. Or we just don’t know about it and leave it as it is. Combined with the social monopoly that Facebook has established, this makes privacy and security optional features, subject to change like any other.
The main distinguishing factor of Diaspora compared to Facebook et al. is in that it decouples your social graph from the network provider, bringing back real competition to the social space. Like with E-Mail, there can be lots of network providers, loosely connected over push-interfaces. Whenever a pod (the equivalent to an e-mail-provider in Diaspora) should violate your trust, you can just switch to another one, or set up your own pod.
On the downside, this means that you have to trust your pod as well as all your friend’s pods. No big deal? Well, where the same server software is used on a distributed network, it is very prone to exploit of vulnerabilities due to patch delay and misconfiguration (correctly setting up TLS is still a big challenge, not only for regular people).
Secure HTTP is great when a large, anonymous group of people needs to trust a central service. It allows us to do online banking and purchases, free from eavesdropping and man-in-the-middle attacks. However, it is not peer-to-peer: When you fetch your mail over a secure IMAP connection, you might be sure that your password is protected, but you do not know who actually sent you that e-mail (think about it: that is the reason why phishing works). When you get it from Google Mail, you might be using TLS, but Google is still able to read your every conversation.
I propose that Diaspora pods should be dumb post boxes that are not able to actually look into status updates, private messages, friend lists and so on. How? The technology for that has been available for quite some time and is called PGP.
Basically, PGP allows you to send and receive messages that cannot be decrypted by the servers that route them. So, if you were to encrypt your message inside your browser, you would establish secure end-to-end communication. No need to trust the shady pods that some of your friends decided to use, not knowing any better. But encryption in a web client? That sounds awfully slow! Well, Firefox Sync does it already with your entire browsing history (the pass phrase to your key is never sent to the server), and I would imagine that JavaScript interpreters have become fast enough to emulate the cryptographic capabilities of a PC from 1991.
I do have ideas on how to approach search and incremental profile updates with this, and on the new security considerations that apply here (Can you always trust your browser? Could a pod not make you use an insecure web client that transmits your passphrase?). However, that is rather technical, possibly material for a follow up post.
The problem with PGP has always been that people have been unable to exchange public keys in a manner that is both trustworthy and extensive. Because a web of trust can often not be established, people refrain from using encrypted e-mail. Turns out that social networks come with a mechanism that is just made for this: Friending. In the secure social network, accepting a friend request would be equivalent to exchanging keys. Usually you are referred to friends from people you already know, so there already is a basic level of trust.
This means that online social networks can be transformed from a jeopardy to our security to a vehicle of the same. This idea is of course also not entirely new. What might be new is the idea of building the social web entirely on top of PGP rather than just integrating that as an optional feature.
I have not gotten around to add Commenting or Pingback to this blog, but I would love to incorporate any (links to) comments in a follow up post, please write to michael at this domain.
If I understand correctly, the diaspora guys are already planning to use GPG for cryptography somewhere. This is a pretty good start. If they really already plan on generating keys for everyone, then they would only need to pull the actual encryption into the web client.
(*) Like any intern at Mozilla I had the opportunity to to talk to John Lilly, and I got the impression that Mozilla takes this development very seriously.