Here's the question I'm left with which has no answer on the site: how will a distributed social network keep my private data private?<p>I understand how one can build secure communications. That part is easy. So, I have a Diaspora account with "Awesomea" and you have a Diaspora account with "Crapula". It's easy to have communications between Awesomea and Crapula be secure. However, when you visit your Crapula page, you want to see my updates which means that Crapula needs to be able to decrypt my updates. Even if you have a different key for each user (ala public key encryption), for wide adoption the service providers (in this case, Awesomea and Crapula) need to be able to encrypt and decrypt that information (which means they hold the keys).<p>So, if I friend you and you're using Crapula, I need to trust both you and Crapula that you won't do bad things with my data.<p>Part of this is that the Diaspora project doesn't seem to have any technical information. They have lofty goals like, "you own your social graph, you have access to your information however you want, whenever you want, and you have full control of your online identity." However, they have scant information on how they plan to accomplish that. They say they're using GPG, but are they going to have a browser plugin with locally stored keys to decrypt the information? That's the only way I can see this being secure. If you're storing your key with Crapula and it's decrypting my information, it can store is as well as show it to you.<p>Even if the design is to use locally stored keys, what's to stop a provider from offering a "better" (better, in this case, means easier for non-tech-inclined users) Diaspora-compatible server which stores them on the server? And then I have to audit my friend requests to see how their server has set up security?<p>It's kinda like handing a friend a classified document and a photocopier. You tell them "please don't copy this" and they probably won't. But in this case you're handing that classified document to Crapula and saying "pass this along to my friend and don't copy it along the way". Yes, Facebook has that ability too, but it's one company that has a reputation to defend (to an extent) as well as a legal presence in the United States (which is good for me as a US citizen) and by posting in the first place I'm trusting them with that data. With Diaspora, I could start getting friend requests from all sorts of services run by people a lot shadier than the Facebook folk and I now have to deal with dozens of privacy policies rather than one.<p>BTW, this is probably the comment that I would most like to be proved wrong on. I want distributed, secure social networking that puts me in control of my data. It's just that I don't see how it works and the Diaspora website doesn't have any information on it either. If someone here knows how this will work, I'd love it! It's an exciting prospect, but I feel like it's the same as DRM: if people can read it/see it/hear it, it can be copied. Likewise, if a service provider is printing it on screen for one of their users, they can store it. If anyone has technical information on how this works, it would be really awesome!