Ask HN: Social Nets - Can I have my data back please?

[hypest]

Hey HNers,

Social networks have proved that people can and will communicate online, sharing bits of their lives with their friends. Facebook with its millions of users is the modern and most successful example!

I would like to propose a possible improvement of the privacy-related issues that arise from the central design of such networks:

Use something along the lines of public key (PK) cryptography to hide the messages exchanged by users. Friends would somehow exchange public keys and a Javascript client would automatically encrypt/decrypt messages that are stored in the network. For example: a status update would be a long string containing instances of the actual "status message", each encrypted with the (public) key of the friend that is allowed to see it. The client at the friend's side, will decrypt the instance (and discard the rest, non-decryptable string) and show it as normal status update message.

That would create a sub-network, and yes, loosing the private key will be a very bad event!

Anyway, what do you think?

[brk]

What problem are you solving with this? It seems like you are adding a lot of overhead and needless data to a simple system.

[hypest]

Well, many people raise privacy concerns about FB and (ofcourse) Google, as to what these corporate bodies actually do with the data they collect. See for example here http://www.schneier.com/blog/archives/2009/12/my_reaction_to...

There are not many good examples of privacy violation up to now, but as more individuals participate and share info, the "problem" may rise.

You know, when "talking" with your friends, you actually want to do just that: talk with your friends. It is rather unsettling to know that most probably there are "eyes" that may watch over your info. These eyes are not FB's or Google's (they just want to sell things).

My examples may not be the best...but I do know that day by day, I feel that I lose hold of my data :(

[brk]

I feel that I lose hold of my data

OK, I understand what you are driving at. I still am a little confused by the concept where you willingly post "your data" into the essentially open ether, then lament that action.

How about not posting it to Facebook in the first place? It seems that the implied contract with posting data into public places is that the data is in fact public.

What you propose is interesting, but I'm not sure it provides even basic security-by-obscurity. The keys would either have to be so overly distributed to your friends that they essentially become public. Or the data stream has the same message encrypted over and over again, which makes the size of the data grow exponentially (and also most likely makes it easier to crack).

[hypest]

I'm referring to the "friend-space", where info is public but only among these friends. I want to share stuff with my friends, and FB seems a rather good technology for that!

The public key is used for encryption, not decryption, so anybody can have it...To read a message I send you, you use your private key. The message will be encrypted by me using your public key. So, any friend can send me a message but only I can read it. If more friends are to be able to read the same message, the string must actually include an instance of the message, encrypted with the "other" friend's key.

[aj]

That is actually a cool idea. As an extension or a greasemonkey script, it might actually work quite well

[hypest]

hm, you're right! I didn't think about greasemonkey ;) Perhaps a dedicated FF extension would be perfect!