Mod parent up. A lot of people didn't realized that as long as there is a single user who is willing to allow his/her diaspora host to access his/her unencrypted data, the privacy of the entire group of his/her friends will be completely compromised, whether his/her friends run their own server or encrypt everything up.

How long will it take for people to realized that under this all-new-super-perfect-diaspora-protocol, Facebook will still get all your data anyway, and now together with a whole new bunch of less accountable diaspora-hosting companies?

This should hardly surprise anyone. In fact, I realized it early that what matters is the protocol not the code, but you can't offer privacy protection in a decentralized protocol. A centralized social network like Facebook can actually offer more privacy protection, because Facebook is the only party that holds your information.

Decentralization on the other hand, means broadcasting information to multiple parties, in this case your friends. A protocol can be designed to be P2P, but you cannot prevent any peer from choosing a provider to host data on behalf of themselves. Just like email, any corporation can make use of this protocol to host a user's social network. When this become the norm, and when you, who host your own social server, try to broadcast a status update to some friends on Facebook/MySpace, then bang! Now both Facebook and MySpace holds a copy of your status update.

I'm actually surprised that the Slashdot crowd is naive enough to expect a protocol to protect one's privacy. As far as I know, none of the protocol we have today holds any claim that it can protect user's privacy, including email, IP, IPv6, HTTP, Tor, XMPP, FOAF, and the semantic web. In fact, the newer protocols such as IPv6 and FOAF are in fact far more privacy invasive than any kind of web 2.0 services today. Sure, we have protocols that protects user's anonymity, but anonymity is different from privacy that anonymity hides the true identity of the user, but the anonymous user's activity is always public. Furthermore, communication protocols such as email and XMPP never guarantee any kind of privacy protection, and they even encourage users to find a provider instead of forcing them to host server themselves.

My point is, either Diaspora will be extremely successful in privacy protection but nobody uses it, or everyone will use Diaspora but it will have serious privacy loophole that can never be fixed.

I'm pretty sure that supporters of Diaspora will be very upset if this happens:
1. Social protocol forks out of Diaspora and becomes standard.
2. Facebook refuse to join. MS jumps in but provides sucky service.
3. Diaspora founders startup Sporazzora social hosting, earns big bucks, starts data mining.
4. Google jumps in as second mover and kill everyone else, now becomes top social network.
5. Facebook joins in too late, but still has enough users for data mining.
6. Data exchange chaos to communicate with friends located at Facebook, MySpace, and Hi5. Privacy settings getting out of control.
7. Evil MySpace discloses all users' data to public. Everyone yells but nobody cares. MySpace users continue to stay there, while Google users unfriending MySpace friends.

Many privacy issues are caused by people misunderstanding about the privacy features of various protocols (which is none). For example, it actually take people by surprise that the server will know the client's IP address for every TCP/IP connection established, and that HTTP is transfered in plain text and cached in various proxies.

But we geeks didn't correct user's misunderstanding, but instead even use it as our own arguments against corporations. We think that, sure, the protocols expose these problems, but we'll just use brute force to restrict how websites can make use of these data. Sure that there are a few responsible one who want to invent new protocols that can protect user privacy, such as the one who made free proxy pools that connect to Google through the shared proxy. But they failed and instead raised more privacy issues in the protocol.

Protocol designers usually aware of the privacy issues that might arise from using their protocol. However they usually keep quiet and do not warn users about the potential danger. This is reasonable since nobody likes to be blamed at, and everyone likes to see their product to success. But then, the Internet is now full of mess about privacy issues. We didn't realized this is all really caused by the ignorance of ourselves, the programmer and the protocol designer. Being a programmer, we thought that privacy is non of our business and the users will take care of the issues themselves.

It is time we the programmers, should clean up the piles of shit that we left for the society. For any upcoming protocol including IPv6, explicitly write RFCs that talk about our intentions and assumptions towards privacy. The IETF will probably afraid of criticism, but its the truth, just say it. Tell everyone about our ignorance towards privacy issue, but also tell them why and how it complicates our live.

Am I the only one who first read the title wrongly as "Steve Jobs Tries To Sneak Shurikens On An iPhone"?

The word "believe" in religion is not about whether you believe in God. You have to believe because there is no solid explanation and evidence on why one religion is more correct than other religions. Hence, you need to have "blind faith" on that religion (not God) and hope that God really is how this religion describes. I came to realize when people ask me why I don't believe in God, reasoning like this is the best way to convince them, even though its not exactly how I think. Remember, never tell the believers "I don't believe in God because I'm a scientific person."

I submitted this story earlier because I agree with Jens Best that it is wrong to claim that Google Street View is violating people's privacy.

A street is a public space. By definition, a public space is where you expect anyone can see what you're doing, and that includes taking pictures. Is it wrong for average joe to take a photo on the street which include random people and plate number? No. So then why should it become wrong when Google is taking photos on the street?

So what's wrong with that? Logically there's really nothing wrong. You only feel it wrong because you don't want so many people to see you appear on that street. But remember its a public space, whether you like it or not there're always people watching you.

Hence, the root of the problem is not Google taking your photo, but its that Google makes it easy for anyone in the world to see photos taken on a street. I'd stress it again, its EASIER now for anyone to see photos of a street - the problem is on the EASINESS, not publicness or privateness.

Generalizing the problem, we can see that the root problem is on the advance of technology. With the wide adoption of digital camera equipped smartphones, anyone has the right to take pictures at any public space. The technology also make it easier for anyone to see the taken photos on the Internet. Now as long as the photo is not taken at private space, logically there is nothing wrong for anyone to do that. Google is only pioneering the technology to make it extremely easy to view photos of any street.

But even if Google took down street view, it is definitely possible to have user generated street view in the near future, especially with the assist of technologies such as PhotoSynth and geo-tagging. The technology is improving in extremely fast pace, and it will be soon that we can even see entire reconstruction of streets and buildings become a practical reality. I for one definitely hope that such technology could arrive to my country so that I can preserve the heritage of my own town "perfectly" without needing to wait for Google to come to my country.

With CCTV and Street View already watching us all around, the bad news is that there will definitely be more digital eyes watching on us from anywhere at all. If people already complaining on Street View, can they even accept a decentralized peer to peer street view? Should they ban the collaboration website or ban users from submitting photos? Or would it become prohibited to even take photos using hand phone in public spaces? Or is every tourists and photographers are under obligation to blur people's faces and car plate numbers in every photo they've taken?

Although I certainly agree that Street View would not necessary bring no harm to anyone, but I also think that it is wrong to ban such activities for personal reasons. This is not a privacy problem, this is a technological problem. The only way to make it not happen is to prevent the technology to advance. The public space already has a meaning, that is, public. I think nobody should demand for privacy in a public space, and it does no good to impose any privacy restriction to spaces that are already public. Sure you can define more non-public spaces like in your own house and impose privacy restriction there, but street is public, so don't complain.

Finally, I'd like to make disclaimer that I'm writing this not because I'm opposing privacy. I'm just stating the facts here about the root cause of privacy problems and the real challenge on solving them. As far as I know, I think it is wrong to define the problem as "privacy invasion" and such, and I don't think there are any other ways to prevent that other than redefining the meaning of "public" and stop technology from progressing. If anyone else can come out with a better solution, I'd definitely more than happy to accept it. And I really hope my 2 cent can make people think more deeply on the problem and solve the root cause instead of bashing the surfaces by blaming the corporations.

Create some bugs in the unit test and hunt them down!

Email is a decentralized protocol, but there are reasons why people give up their privacy and prefer web mail for convenience. What Eben Moglen described is basically making decentralized protocols for everything including social networks and such. But even when we created the perfect decentralized protocols of everything, I don't think that it will prevent data mining and protect user's privacy.

To simplify the view, just lets say we can do everything with email, let's say all the user's personal data are stored in email messages. To really protect my privacy, not only I'd have to host all my emails, but I'd have to set up my own email server as well. Not only I shouldn't use the web interface, but I also should't use the POP/IMAP/SMTP services that Gmail or Yahoo or my ISP provides. Now building my own web interface would not be so hard, as I'm hosting my own server. But making sure of my server is on most of the time and physically managing and backup my email data on my server would not be so trivial. What happen if I travel oversea and my server crashed or my home went out of electricity? What happen if disaster happened and everything in my house including the server and backup are gone?

So have these problems are exactly the reason why people choose Gmail. By hosting the server on the cloud, all the uptime, backup, and management problems are solved out of the box. Of course there might be better solution than Gmail, but I doubt if it will success commercially. Now lets say we created free software stack that performs better than Gmail and work out of the box. With the software in hand, all we need is just a place to host the server. User would then have three choices: 1. Buy a server plug and host it at home, 2. Purchase web hosting and host it as a black box in the cloud, and 3. Let Google host the same software for free but with storage and data shared with everyone. While option 2 is supposed to be the optimum choice, majority of people would still choose option 3 simply because it is FREE.

So IMHO the real challenge to make the public to adopt a decentralized architecture is to come out with a better business model. Simple hosting charges won't work when there are free alternatives, and there is no way to make black box hosting free. Average Joe will neither want to purchase troublesome sheeva plug nor would they want to pay for hosting in the cloud. Decentralized architecture will not prevent centralized hosting and data mining, what it does is allow us to switch from one provider to another easily. Whether the user choose a free provider that mine data or become their own provider, its entirely their choice.

The other problem with privacy in decentralized architecture is that you actually get less privacy when you use centralized identification. People here often complain that they don't want Facebook to know they like or comment on some random webpages. While that might be a problem, most of our information can already be found in the Internet publicly. If OpenID become the norm, my ID at Slashdot, Twitter, Facebook, Digg, YouTube, and whatever random forum should remain the same. This would be even true for a decentralized data architecture because you need a universal way to identify yourself. With OpenID, a simple Google search will reveal this post I'm writing in Slashdot, the comment I gave on random YouTube video, the articles I digged and liked, and whatever sites that I participated in. Actually all these information already available publicly, but what really stops Google on mining it is the lack of unified ID.

In conclusion, while a decentralized data architecture might seem good, it doesn't help much if most of our information is already available publicly. Protecting private data is only feasible unless we can find a way for providers to provide hosting services. And even if all these problems can be solved, I still don't think the privacy problems could be solve with just that.