Facebook has far better security, far better privacy controls, and absurdly better UI/UX, and after a few releases I have lost my faith in the Diaspora core team to ever close the gap on any of these areas.
Diaspora was a nice thought experiment, but there is simply no reason to switch and will never be. Your data is going to be much more exposed on some rando's hobby Diaspora server than it will be on Facebook's.
Also, social networks are not tech problems; they're interface problems, even for a subproblem like privacy. And the UI/UX of Diaspora is pretty poor.
A real, viable Facebook alternative would focus much more on a novel interface that makes sharing and privacy more intuitive, not some technical solution that will be less secure than Facebook anyways.
I have a ton of respect for them throwing themselves out there, but i think they should hire a designer or two and refocus their efforts on interface rather than features.
I up-voted you because I wholeheartedly agree that privacy is primarily a UI/UX issue, because the strongest internal privacy algorithms don't mean much in a social network if most people don't use them.
Although I disagree that Facebook's privacy UI/UX is a good one. I almost find it purposefully obfuscated in order to encourage world-readable posting.
And ultimately, the issue with Facebook is how the company operates with user's data, by virtue of being an effective monopoly in the social networking market.
I agree that Facebook's attitude towards privacy and market position can be bad for users, but I don't think Diaspora will necessarily be better for users just because it != Facebook.
An interesting thing about Diaspora, is that despite their popularity and funding, they have been extremely vague. They have very little documentation, hardly any specs, their roadmap is... succinct, to put it nicely.
Often times this summer, I've wanted to write an article comparing and contrasting Appleseed and Diaspora's goals, implementation, approaches, etc, and even with the source code out, and having read over it, there wouldn't be enough information on their end to fill more than a couple paragraphs.
I'd definitely be interested to see how they plan on approaching a lot of the design and architecture issues Appleseed has had to content with, along with their approach to UI, and how third party developers will be able to extend and interact with their servers.
They seem to be giving a lot of talks, although I haven't gotten much more information out of the ones that have been streamed.
It just doesn't seem that playing things close to your chest is a great strategy when it comes to building open source software. It might be good for a startup, maybe that's where they're headed? If so, I'm interested to find out what their business plan would be.
You guys should make them a proposal - scrap all the Diaspora code, replace it with Appleseed code, then rebrand it Diaspora. Best of both worlds - the more mature Appleseed codebase, and the fame of Diaspora (get it quick before it's squandered).
You could even continue calling the codebase 'Appleseed', while the public brand/trademark/implementation would be Diaspora.
Just as with any field, I think competition in the distributed social networking space will only be beneficial in the long run. Why should Diaspora adopt Appleseed if they want to tackle the problem space in their own way, with their own ideas? More importantly, why should Diaspora hijack the work of Appleseed, simply because they're a more popular brand?
I agree that it would be much quicker to start the movement away from Facebook if Diaspora leveraged other people's experience, but I'd be remiss to dictate how they should run their startup simply because they became popular so fast and I want to use them as a flagship for distributed social networking. This movement will eventually succeed on its own merits, whether or not Diaspora succeeds itself. In the meantime, let two teams with great potential (Appleseed and Diaspora) continue to develop their ideas about how they'd accomplish it.
Patrick, I'd be interesting in hearing what you mean by "php soup." I've developed what I consider (having over a decade of software development experience) to be a very capable MVC framework. Are you speaking to your particular feelings on PHP itself, or do you have specific criticisms of the codebase?
Haven't we already put an end to this "PHP is crap" line of thinking? Every language has its good and bad. Any dev worth his salt should be able to understand it, rather than attaching blind faith and getting tied to one specific language or technology.
They basically plan to implement the ostatus protocols (google them)
Ah yes, I was at the Federated Social Web Summit in July, hosted by StatusNet (met the Diaspora team there, briefly), so yes, I'm aware of the OStatus protocols. I've been following the Github since September, and I've read the specifications that have been put forward, and most of it is more theory than documentation, although that can be forgiven so early on. I still feel, however, that the specs they do have are quite vague, especially in terms of the issues of privacy, access management, security, etc, which is Diaspora's raison d'être.
I guess I assumed that they would have had a lot of that stuff worked out before they had even started coding, or asking for money for that matter.
I could talk more about it, but I'd prefer not to spend much time explaining why there isn't enough information, I'd prefer to have information which I can compare and contrast. It may be that Diaspora and Appleseed are simply at different points in development, so I may just have to be patient and see where they end up.
My tinfoil-hat theory: Diaspora is an inevitable failure deliberately planted and promoted behind the scenes by Facebook, as part of a strategy to discourage would-be social networking startups.
While I don't believe in that, I do think it's odd that Kickstarter accepted their proposal despite being very clear that they don't accept startups and they are catered towards the creative arts.
My tinfoil hat theory:
The passion of a vocal minority is not a reflection of the hacker collective, but rather the reflection of an impressively-run facebook-sponsored astroturfing campaign.
Comments like
"I have lost my faith in the Diaspora core team";
"so still useless";
"still think the diaspora-design is an non-starter";
"Isn't this project pretty much dead already"
and many, many more like them...
These type of comments just seem off in some kind of way; like they are trying too hard to push something; like I'm watching a news headline attempting to create a scare where there is none.
I read such comments and think "Meh, the internet was born unsecured yet I do sensitive transactions now." <sarcasm on> Thanks to all the astroturf, I couldn't dig through the noise to find similar reactions expressed in earlier HN posts.<sarcasm off> Maybe Diaspora needs it's own Rally to Restore Sanity to counter the March to Keep Fear Alive.
Message to Diaspora:
Whether you incited a genuine vocal minority or are getting astroturfed, don't be fooled. Most are rooting for you so... keep coding. I'll call bs (http://en.wikipedia.org/wiki/bs_game) for you.
Absolutely impossible. I met them before they had their hit kickstarter project, and they were just really enthusiastic about building a real alternative to the social networks, and were spurred on after seeing Eben Moglen's 'Freedom Box' talk.
I usually don't like it when people say "trust me", but I'm going to just this once: Trust me, security in a distributed social networking app is most definitely not a straight forward technical problem.
Most of the security problems that have been criticized in the articles have straightforward solutions.
That said, you're right that there are a host of security problems that people will find out about once everybody starts using it in a distributed fashion. These are the ones I'm really interested in, too.
I'll up it one further and repeat what I said in the previous diaspora thread: Their architecture has bigger problems than mere security holes.
The idea of basing a distributed social network (solely) on "fat hyper-peers" is flawed.
Apart from the countless organizational issues there is simply no way to establish trust (in the cryptographic sense) in such a design. End-to-end trust can only be created when the users run their own nodes that hold their own private keys. And no, these nodes don't have to be always-online for such a system to work.
All I can see in the diaspora architecture is a strong case of "When all you have is a hammer then everything starts to look like a thumb".
If you want to see a more realistic approach then look at FreeNet. They have pretty much everything in place that would be needed for a distributed social network, but they burdened themselves with the requirement of anonymity.
Rip that part out of their codebase and there you have the first (and fundamental) half of your distributed facebook.
This is absolutely what I think HN gives them too little credit for.
Their first release, they released on time, as promised. It was far from a complete release, terribly buggy, full of security holes. But they shipped. They're updating on their status, they've fixed all reported security holes with their first release, and they're announcing a second iteration soon, inspite of such negative feedback the first time around. All of these are the qualities of a successful startup, they were simply hyped too much, too early. This doesn't mean they're less capable as a team, just too open to scrutiny.
"This is absolutely what I think HN gives them too little credit for."
You think a company that got $200k in startup funding and accepted tons of media attentions via interviews before even writing a single line of code should get more credit?
No. I see tons of far more experienced developers here on HN putting their efforts in their projects with far less to start off with and absolutely no media attention on their side. I'm willing to be extremely lenient on any shortcomings in such scenarios because of what they are up against.
But Diaspora was in control of how much hype they got and they got some serious leg ups that few people ever get in their lifetime. They accepted the NYTimes piece. They got accepted at Kickstarter (a feat which I have said before, is a serious aberration in terms of the projects they allow) and subsequently received tons of funding despite having such little work experience.
So considering the resources, I don't think it's out of the ordinary for developers and casual observers to expect a well thought out development.
Is that giving them too little credit? I mean, it's only been six months, and they have a quarter of a million dollars. Not quitting, in those circumstances, is not exactly heroic.
The hype isn't what makes them less capable as a team, their code does. That's the thing about people's response to the code, it was symbolic of their capabilities, and as such, people are rightly critical of whether they'll be the ones to pull this off, especially when others have been working on this problem for years now.
Let's also remember that at this point, they're not a startup, they're an open source project, and we should judge them as such. And with open source, the only thing that matters is code.
I was under the impression that it was heavily hyped, but it was always doomed to failure due to the fact that it only got press due to facebook privacy issues, which users seem not to care about. Additionally it solves problems by adding more of them. Then, when it finally came out, the security issues and poor quality of the code doomed it to failure.
The website is down[1] as for 8:30 this morning. This either means they can't keep it up for bad coding, or Diaspora has more of a following that we give it credit for. I still am interested to see where this goes.
Diaspora was a nice thought experiment, but there is simply no reason to switch and will never be. Your data is going to be much more exposed on some rando's hobby Diaspora server than it will be on Facebook's.
Also, social networks are not tech problems; they're interface problems, even for a subproblem like privacy. And the UI/UX of Diaspora is pretty poor.
A real, viable Facebook alternative would focus much more on a novel interface that makes sharing and privacy more intuitive, not some technical solution that will be less secure than Facebook anyways.
I have a ton of respect for them throwing themselves out there, but i think they should hire a designer or two and refocus their efforts on interface rather than features.