Conversation
Notices
-
A question to the !gnusocial devs: the INSTALL file states that in private gnusocial instances "total privacy is attempted but not guaranteed or ensured. Private sites currently don't work well with OStatus federation." Is that just a general caveat about #privacy in nowadays communications? Otherwise what exactly could be non-private of a private instance?
-
@aroque The main purpose of !gnusocial is meant to be a public, social media. There may be API calls that have been looked over when restricting private site behaviour.
Private sites should _not_ work with !ostatus
So the point is if you can get private data from a private site, it should be considered a bug. And since we haven't had the resources for an audit we can't guarantee anything .)
-
I see. And I guess this applies to private notices sent within a public instance, since they likely use the very set of API calls private sites are restricted to. Is that correct?
-
If !gnusocial is really not well tested in "private mode", than the way it is presented on the official websites is misleading. From gnu.io: "It is social communication software for both public and private communications.". From https://gitorious.org/social/: "What if you could authorize your server to reveal as much, or as little information about you to other sites, as you wish... one time, one day, or forever?". @mattl
-
@aroque I don't have anything to do with the gnu.io site ;) Does it say anything similar in the source repository? Then I'll fix it.
https://gnu.io also mentions "HTTPS for secure chatter" or some other mumbojumbo buzzwording. Not sure what would be more _secure_ about the _chatter_ per se. ;)
-
@aroque I believe that many of Evan's former customers for #StatusNet Inc used "private" settings. For a while, #OStatus #federation was not even activated by default in !SN. However, I think any !Twitter style site on the public Internet is not ever really private.
-
My favorite !gnusocial use case is actually that of self-hosted semi-private instances: a bunch friends sharing via private groups while still being able to reach out to the rest of the !federation. It's not about #privacy paranoia, but rather being able to restrict the scope of communications depending on context. So if you tell me the private api calls were reasonably well tested back then with #ostatus that's fine with me :-)
-
@aroque You're welcome to improve on the private post stuff, I've got quite a lot of other things which need fixing so one doesn't get #brainaids from trying to fix just small bugs.
-
@mmn Idea for private dents moving from instance to another is to create a separate API class. An other idea is to enrich the existing "dent-transportation" call (salmon?) with a flag "is_private" which can be true or false. The downside of this is that outdated instances will may ignore that flag and make private (is_private=true) dents public. @aroque This does not yet work with !gs. We must be all a little more patient with @mmn. :-) He is just one guy ...
-
Ah, the word "moving" may confuse. I mean send here. :-)
-
@roland Private should be private in an encryption sense. Diaspora has already solved this.