[oehpr]

Fair. By my own admission, I don't know much about gab.

I think the first time I ever heard about it was when Firefox banned Dissenter from their addons. Dissenter to me was a genius idea that has an ugly userbase. I'd love to have a version of Dissenter that isn't populated entirely by bigots.

I think the idea of Dissenter really has some value, you walk along the web for all sorts of reasons, and then up in the corner in your toolbar you see "oh, someone from my community has said something about this". Rather than the social network taking you to a site, the site takes you to the network.

[input_sh]

That by itself implies that every URL you visit has to be looked up to see if there's a related discussion.

No way I'd trust any add-on/startup/mega corp to do that. I barely trust Mozilla to keep my history on their servers, and that's only because they only keep the last few months and purge older data.

[commoner]

Firefox Sync is end-to-end encrypted, so Mozilla is not able to access your Firefox history.

https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

[oehpr]

nope, you'd simply distribute a bloom filter to everyone, and then you could transmit hashed urls.

you could easily make this privacy safe.

[KirinDave]

This wouldn't address a lot of metadata-related privacy concerns.

[musingsole]

How would it not?

[KirinDave]

Because you'd still know everyone who went to a specific site because they'd be sending you unique hash. Even if you ignore that, you'd know what clusters of people all use the same sites, how often and when.

[oehpr]

That was the intent of the bloom filter. Configured properly it would actively filter out the need to endlessly send the server requests like "Hey, have anything for this hash?"

However I suppose that if the site does have comments, then you do have to make requests to the server to get them...

Still, I believe you're being overly pessimistic here. I think there may be some solutions to this. Maybe not perfect, but better. Lets say our social network "Ascenter" has become corrupt and is looking blackmail its participants. What about this?:

The design currently requires you to send a sha(URL+salt) to the server to look up comments. This prevents Ascenter from directly knowing what site the comments refer to, but the comments themselves will be a big clue. What if to look at the comments you have to decrypt them using sha(URL+salt2)? Ascenter will have no means to derive this key, it will only be able to determine how many comments have being placed and how large they are. That improves things a bit...

But Ascenter might be able to crawl the web to discover conversations. Particularly for salacious sites if it's looking for blackmail. So... What if the salts are the answer to that? If you had your own set of salts you could use them to create your own private groups, Ascenter would have no way to access that conversation. Or even figure out that they have occurred.

With the presence of public and private salts, what if the browser plugin itself could be configured with a blacklist of sites not to send requests for? You could still have private channel comments, but not public. I could see the community per-generating a black list...

One last note I'd end on here is that the level of trust we are expecting right now is a huge bar lower than the level of trust we give general social networks

Consider what HackerNews could do if it went rogue like like Ascenter? To blackmail you all they would need to do is go to one of your old comments, rewrite it as something salacious, then blackmail you with it. Comments on HackerNews arn't signed, and arn't encrypted. We're quite vulnerable to them.

edit: sorry for the long post. This was a bit of a stream of consciousness.

TL;DR: The bloom filter limits the risk, and I think there are cryptographic solutions that reduce the level of user exposure to below that of current social networks.