This should hardly surprise anyone. In fact, I realized it early that what matters is the protocol not the code, but
you can't offer privacy protection in a decentralized protocol. A centralized social network like Facebook can actually offer more privacy protection, because Facebook is the only party that holds your information.
Decentralization on the other hand, means broadcasting information to multiple parties, in this case your friends. A protocol can be designed to be P2P, but you cannot prevent any peer from choosing a provider to host data on behalf of themselves. Just like email, any corporation can make use of this protocol to host a user's social network. When this become the norm, and when you, who host your own social server, try to broadcast a status update to some friends on Facebook/MySpace, then bang! Now both Facebook and MySpace holds a copy of your status update.
I'm actually surprised that the Slashdot crowd is naive enough to expect a protocol to protect one's privacy. As far as I know, none of the protocol we have today holds any claim that it can protect user's privacy, including email, IP, IPv6, HTTP, Tor, XMPP, FOAF, and the semantic web. In fact, the newer protocols such as IPv6 and FOAF are in fact far more privacy invasive than any kind of web 2.0 services today. Sure, we have protocols that protects user's anonymity, but anonymity is different from privacy that anonymity hides the true identity of the user, but the anonymous user's activity is always public. Furthermore, communication protocols such as email and XMPP never guarantee any kind of privacy protection, and they even encourage users to find a provider instead of forcing them to host server themselves.
My point is, either Diaspora will be extremely successful in privacy protection but nobody uses it, or everyone will use Diaspora but it will have serious privacy loophole that can never be fixed.
I'm pretty sure that supporters of Diaspora will be very upset if this happens:
1. Social protocol forks out of Diaspora and becomes standard.
2. Facebook refuse to join. MS jumps in but provides sucky service.
3. Diaspora founders startup Sporazzora social hosting, earns big bucks, starts data mining.
4. Google jumps in as second mover and kill everyone else, now becomes top social network.
5. Facebook joins in too late, but still has enough users for data mining.
6. Data exchange chaos to communicate with friends located at Facebook, MySpace, and Hi5. Privacy settings getting out of control.
7. Evil MySpace discloses all users' data to public. Everyone yells but nobody cares. MySpace users continue to stay there, while Google users unfriending MySpace friends.
Many privacy issues are caused by people misunderstanding about the privacy features of various protocols (which is none). For example, it actually take people by surprise that the server will know the client's IP address for every TCP/IP connection established, and that HTTP is transfered in plain text and cached in various proxies.
But we geeks didn't correct user's misunderstanding, but instead even use it as our own arguments against corporations. We think that, sure, the protocols expose these problems, but we'll just use brute force to restrict how websites can make use of these data. Sure that there are a few responsible one who want to invent new protocols that can protect user privacy, such as the one who made free proxy pools that connect to Google through the shared proxy. But they failed and instead raised more privacy issues in the protocol.
Protocol designers usually aware of the privacy issues that might arise from using their protocol. However they usually keep quiet and do not warn users about the potential danger. This is reasonable since nobody likes to be blamed at, and everyone likes to see their product to success. But then, the Internet is now full of mess about privacy issues. We didn't realized this is all really caused by the ignorance of ourselves, the programmer and the protocol designer. Being a programmer, we thought that privacy is non of our business and the users will take care of the issues themselves.
It is time we the programmers, should clean up the piles of shit that we left for the society. For any upcoming protocol including IPv6, explicitly write RFCs that talk about our intentions and assumptions towards privacy. The IETF will probably afraid of criticism, but its the truth, just say it. Tell everyone about our ignorance towards privacy issue, but also tell them why and how it complicates our live.