If loads are distributed across a network, how secure would your information be? I guess you could get around that by being explicit about how open your data is and discourage people to post sensitive info.
Also, by re-federating the service of Facebook with partner companies (push pics back to flickr, status back to twitter, etc.), they could get some nice allies, reduce the bandwidth requirements dramatically, and allow granular control of users in a very clear and powerful way (flickr is set to private, for instance).
Neat idea. I'd love to see it kill facebook. If there's an elegant way to detach online socialization from the profit motive while maintaining functionality, it would be good for everyone not employed by facebook to see it succeed.
The security will be determined by your web of connections and the quality of their profile providers. For such a system to be functional and have sufficient appeal to 3rd parties such as Google and other systems that will want to crawl the graph, a certain portion will have to be open. Things like your name and connections to others.
Ultimately, a larger subset of your data will eventually become public. This will happen by users installing games and other apps on top of the system that aren't as trustworthy. This can happen today with Facebook. It just isn't talked about much. Writing an app for FB is eye opening.
The biggest sticking point is going to be the web of trust. Facebook's walled garden is excellent at managing identity, and this would be very difficult if any random 419 scammer can set up a Diaspora server and plug into the network.
Really, it seems like turn-key services are the primary solution, though the important thing is to get a competitive marketplace where some are ad-supported, some aren't, but all of them are reasonably trusted.
How many e-mail do you receive that appear to come from your friends, but don't? For me, that's none.
Diaspora server will be the same. Your random 419 scammer won't be able to make a lot of friends if people are a little careful. Add PGP keys and a proper web of trust, and the scammer won't be able to spoof any identity at all.
Trust would be an issue. In an open system, it would always be possible to set up a rogue server with spoofed profiles.
There are ways to combat this. Using OAuth for authentication keeps them from getting your credentials. It or a similar protocol for data exchange allows you to shut them off if they're proven bogus. They might have limited visibility into your network in the meantime, but that's it.
It will probably end up working a lot like the web works now. You'll have to look at the URL and decide if you trust the provider. You can also send a message along with the friend invite and prior to accepting another's invite, that gives you some confidence that you know that person. Finally, by seeing that you share common friends on common providers will be a strong indicator.
Also, by re-federating the service of Facebook with partner companies (push pics back to flickr, status back to twitter, etc.), they could get some nice allies, reduce the bandwidth requirements dramatically, and allow granular control of users in a very clear and powerful way (flickr is set to private, for instance).
Neat idea. I'd love to see it kill facebook. If there's an elegant way to detach online socialization from the profit motive while maintaining functionality, it would be good for everyone not employed by facebook to see it succeed.