Ben Barbersmith

Diaspora's Privacy Model

— Posted on Apr 12, 2011

I just wanted to write a quick follow-up to my post yesterday on Diaspora’s failure to practice what they preach and implement real privacy controls on basic user information.

Yesterday I said that to date, the Diaspora developers had “failed to integrate their most basic premise into the soft­ware design. They’ve missed the point from first principles.” Well, a couple of friends on Twitter called me out on this and asked whether I’d actually checked out the back-end code to be sure about my accusations. Maybe Diaspora was just lacking a UI to make the relevant changes? This is alpha software, after all.

Well, they had a point. And thanks to the beauty of open source source, I was able to download the source code directly and take a look for myself. I only got as far as looking at the database schemas, but it looks to me like the database layer would require significant work to bring profile information into their aspect-based privacy model.

The aspect model is clearly built around controlling visibility of posts, which starts out by encompassing “wall posts” and will cascade to include comments, photos, mentions, videos and everything else that flows from there. At first glance, the team have done well. They seem to have laid the foundation of their privacy approach on bedrock, building their philosophy into the software from the ground-up. Their initial design will naturally affect everything based on their central idea of a “post” as the network grows and features are added.

The only problem? Profile information does not sensibly fall into this model in any way. It’s currently stored in fields in the Profile model in a non-extensible way which is entirely disconnected from posts. To allow profile information to fall into line with the rest of their aspect-centric approach, they’d need to refactor the user profile models pretty heavily (which admittedly they will likely want to do anyway eventually, given the limited nature of their current design) and they will also have to rework with the basis of the aspect model or the way in which users and user profiles are connected.

In other words, their foundations aren’t built on bedrock at all. They’ve laid them two storeys up, establishing their groundwork on top of the hastily-constructed user model they already had in place.

Fixing this omission certainly doesn’t look like a trivial job. And in addition, let’s not forget that any reworking of their basic models at the database layer would naturally have to fall through the rest of the MVC layers to the UI too. This is not an insubstantial overhaul. Given that the Diaspora project doesn’t even have a note about this on their roadmap, my initial assumption that they’ll have to hack this support in and bolt it on later when it’s too late to refactor properly seems accurate.

All of the above shouldn’t be taken to mean that nothing can be done and the problem is unresolvable, but there is a reasonable amount of work involved and it would mean pretty fundamental changes to their core models. It’s not something that could get implemented as a quick patch; this change would require full support of the core development team. Open source is indeed beautiful thing that enables us to trust our software and gain understanding of how it works, but sometimes you just have to hold your hands up and admit defeat.

Diaspora is fundamentally missing the point of their own philosophy, and there’s nothing we can do but wait and see how they end up fixing it later down the line. Will it be a Facebook-style mess of privacy controls? I hope not, but at present the odds aren’t looking good.

Apr 12, 2011 @benbarbersmith