[a1a]

I have failed to find any list of "known attacks" against diaspora. But I would like to point out a fundamental flaw: What is to stop anyone from setting up a malicious server in diaspora?

Even if I don't trust facebook, I still trust them more than a random individual running a server.

Hopefully there are some solution for this? Perhaps server operators don't actually see any unencrypted data?

[Amadou]

The solution is to run your own server. If you want ultimate control, you have to do it yourself, which is painful - and one of the reasons I like freedombox which has, as a goal, to minimize the pain. They just aren't there yet.

The benefit of using a diaspora server operated by someone you trust is the decentralization. Facebook gets EVERYTHING about EVERYBODY, diaspora server operators only get everything about the users on their particular server.

[a1a]

I think they are just splitting up trust to less trust-able entities. Sure, the impact of a malicious entity would be less severe, but the chance of any being malicious is rather big. Cause let's face it, my mom is not going to run her own server, and I believe she has the right to control her data as well as all of us do.

I believe the only way to properly implement a social network is not to trust anyone but your friends. I'm thinking something like a freenet-like apporach, everybody in the network holds a little bit of encypted data, but only the ones you have accepted as friends will be able to see your data unencrypted.