Privacy and Security

From StatusNet

Contents 1 Privacy 2 Easy 3 Medium 4 Hard 5 Federation-implications? 6 Security audit

[edit] Privacy

• What is it?
  • (Control over YOUR information)
• There is a tendency in web 2.0 to using real name instead of a pseudo
  • (Defaults have a tendency to be dangerous for privacy applications)
• Will my information be gone when I ask to delete my account?
• Implications of the impossibility to un-see/un-hear/un-broadcast to readers/federated sites.
• Is opting out possible?

[edit] Easy

• Exclude me from public timeline
  • Limits exposure, but not much against :

- search - subscribers - feeds - Google - readers of your timeline

[edit] Medium

• Mutual subscription ("friends only option")
  • still no guarantee that things won't get reposted
    • (but we know who we "trusted")
  • Like direct messages

[edit] Hard

• Hide some friends from other friends
  • Conversation may expose additional relationships
    • What about replies
      • (Should inherit privacy settings of parent.)

[edit] Federation-implications?

• Trust local server more?
• Delete from foreign server?
  • Scalability for large users issue
• Messaging : It is a best faith effort. Be clear that they may still exist offline or someplace offsite.

[edit] Security audit

• Security means that we maintain our guarantees
• Spammers a likely source of hack attempts
• DoS ?
  • Record IP
    • Which brings it's own issues (retain/log policy)
• robots.txt
• unlisted numbers