Include 'email contacts' in aspects/federation

N Nick Public Seen by 68

Related to this discussion (https://www.loomio.org/discussions/5304) I just created regarding messaging, federation, and email, I think it would be great if users could add 'email contacts' to aspects. (FOR CLARIFICATION, I AM NOT TALKING ABOUT UPLOADING AN EMAIL ADDRESS BOOK).

After being added to a users' aspect (or receiving the first post to the aspect) for the first time an email contact would receive an email from the pod asking them to confirm that they wanted to receive posts from this user. If they confirmed, in the future they would continue to receive posts to a specific aspect via email. This would make it easier for current diaspora users to update non-diaspora users about things, and also increase awareness of diaspora.

It would be even better if 'email contacts' could comment on posts via email-reply as well.


goob Tue 16 Jul 2013 4:07PM

I'm afraid I'm also against this. The 'facility' to uploading an address book is one of the most egregious privacy abuses of networks such as Facebook.

Diaspora is about respecting the privacy and data security of everyone - and that has to include people who have not yet chosen to sign up to Diaspora, for whatever reason. We cannot facilitate people to give their personal data, such as their email address, to third parties. OK, Diaspora wouldn't actually do anything with that email address, but that simply isn't the point. Unless you have explicit permission from each person in your contacts list to upload their email address to a network, you shouldn't be doing it.

And if people want to interact with you in Diaspora, they can sign up to Diaspora. If they don't sign up to Diaspora, they probably don't want to receive your Diaspora updates in their inbox.

We have to get away from thinking about building features on the basis of making it easier for people to do whatever they want (even if it might have negative impacts for other people) to each user to work in a way which best respects the privacy of everyone, even if it means they can't take shortcuts such as uploading their email address book to Diaspora.


Jason Robinson Tue 16 Jul 2013 7:00PM

Hmm I'm not sure I like the idea that people can be subscribed via email, sounds a bit weird, though an interesting idea :) Why not just send them an invite like we already can?

Also if they want to subscribe they can already get an RSS feed of users posts.


Nick Wed 17 Jul 2013 9:07AM

Ok @goob , to be clear what I was talking about here was not about uploading an address book to diaspora. What I mean is adding someone as a contact by their email address. To illustrate/clarify by example:

My friend 'A' is not on diaspora, and is unlikely to sign up to diaspora while, at most, a couple of her (real, offline), friends are on diaspora. However, I do think she would be interested in some of my posts - maybe for example on my 'electronic surveillance' aspect. In fact, being a non-facebook user, I might even choose to email her individually about things.

  • friend A might be very interested in what I have to say, but is not interested in joining - and checking - yet another online service, and particularly one that is in beta. Therefore, we facilitate this by making it work over email; making things easier for both diaspora and non-diaspora users (note that I suggested than non-diaspora users would have to confirm as if they were being added to a mailing list!).

@jasonrobinson - wouldn't rss feeds only work for public feeds? Although i would also be in favour of diaspora allowing access to other things by encrypted rss...


Nick Wed 17 Jul 2013 9:12AM

Also, @goob , what I'm suggesting is no more intrusive of people's data security than having a facility which allows you to invite people to join diaspora via email address. I would suggest that if we are against even that on privacy and data security grounds, then diaspora is not going to get anywhere, and that would be bad for data security/privacy/an open web...


goob Wed 17 Jul 2013 11:26AM

Hi Nick, thanks for explaining.

You make the comparison with inviting someone to join Diaspora via email. To do this, you don't upload their email to Diaspora's network: you send them an email from your email account, just as you would any other email, including if you choose the 'invite URL' from a Diaspora page. But there is no leak of their email address to Diaspora or any other third-party source.

In the scenario you give in favour of this feature, is there any reason why you can't simply email your friend a link to your public post, or if it's a private post, copy the text and send it as an email with 'I thought you might be interested in this?' You say 'I might even choose to email her individually about things,' which seems to be just what I'm suggesting - no need to involve Diaspora at all.

It may be a tiny bit less convenient for you, but it avoids the problem of you uploading your friend's email address to a third-party site without her permission.

I'm afraid I'm fairly implacably opposed to any facility which would enable people to give away their contacts' private data without their express permission.


goob Wed 17 Jul 2013 11:28AM

ps: whether you upload a contact list wholesale or one address at a time, it is not a good thing.

I guess one way around this would be to provide an invite URL which you can email to people, giving them the URL to click on to authorise their email address to be uploaded to Diaspora - but it sounds messy and I still don't really like it.


Nick Wed 17 Jul 2013 4:38PM

@goob - there is a button underneath that link which allows you to send an invite directly from the pod - this is the 'data leak' you are talking about.

I could do exactly as you are suggesting and copy-paste posts or links to people - it's not going to happen on a regular basis though, and hence I'm not going to be quite so encouraged to use diaspora, and hence lose interest. Convenience is an important thing.

I guess I don't see email addresses as quite such a private piece of data as you do - but I also think that the solution to this particular problem is encourage people to share their own data - and others - only with social networks they trust (podmins they know and trust) - not to refuse to allow diaspora to do anything involving external users email addresses. To be fair, there are plenty of other ways on diaspora to give away other users' data - post a photo of them, gossip about them, post their email address/details in a status - I think the issue here is cultural, not what we 'facilitate' to happen.

Also, as far as I remember, doesn't the facebook connect tool do the very thing with email addressbooks that you're so against - give pods access to your facebook contacts so that you can see who is on diaspora or invite them? Unless this feature has since been disabled...


goob Wed 17 Jul 2013 5:34PM

Oh, you're right - I thought the functioning of that 'invite by email' link had been changed to open a new email in your email client with a unique URL in it. It's not great, although there is in actual fact no privacy leak, as Diaspora doesn't store such information. Someone receiving one of these emails is not that know that, of course, so it may be that the functioning of this link should be changed to avoid anyone having the impression that their email address has been abused.

The problem is indeed cultural. People have been conditioned by the likes of Facebook and Gmail to expect that the only important thing is how convenient something is to them, and to consider nothing else. This is a bad thing. The question is, does Diaspora decide that there's no hope of changing people's bad habits and thereby facilitate the abuse of other people's private data by its users, or does Diaspora decide that its founding principle of respecting privacy and data security is above all important and so not add 'features' which might be 'convenient' for the user but which encourage bad behaviour? I would say 100% the latter. If Diaspora becomes like Facebook, there is absolutely no point in Diaspora existing at all.

You may well think a lot less of the privacy aspect of an email address than I do, but should it therefore be made easier for you to give away other people's email addresses to third parties? Those people, some of them at least, might consider their email address a more private thing than you do, and might have entrusted you with their email address. You might well therefore be breaking their trust by giving their email address away to third parties.

Facebook is without a doubt the most convenient way ever invented to give away all your private data, and all those of your friends and family as well. Yes, it's very convenient, but in my opinion it's a very convenient way of doing a very bad thing.

In Diaspora we shouldn't simply think 'people expect to do x, because they have been conditioned to expect this by Facebook, Gmail etc, and it's technically possible to do x, so we should do x'. We also have to think about what it is best to do, ethically as well as technically.

Diaspora has to respect the privacy and data security of each and every of its users, because it has promised since the first day it was proposed 3 years ago to do exactly this. I say that this is a somewhat hollow promise if it doesn't by extension respect the privacy and data security also of people who are not a part of the network - i.e., there should be nothing in Diaspora which encourages privacy leaks.

Convenience is important, but convenience should only be catered for where it can be done without infringing on the promises of respecting privacy and data security of everyone, not just the individual user in question.

It is a cultural issue, but we should not encourage a bad culture by creating technical means to facilitate bad behaviour. We should encourage and foster a better culture by building software which helps people to interact in better ways.

You remember incorrectly about the Facebook connect tool, by the way - all it does is allow a Diaspora user to connect their own Diaspora account with their own Facebook account, and post from their own Diaspora account to their own Facebook account. No one else's accounts or data are involved in any way.


goob Wed 17 Jul 2013 5:35PM

ps: sorry for long posts, but this is an important issue and I need to be clear about why I believe what I do.


Nick Wed 24 Jul 2013 10:17AM

OK, so to look at this a slightly different way, this proposal and my other post here (https://www.loomio.org/discussions/5304) should be seen as attempts to increase federation/interoperability with email - which is currently THE MOST POPULAR decentralised and federated social network (although its not a social network in the facebook image, being a social network one of its functions - incidentally I think it would be possible to design a webmail client that looked like a social network as we now understand them).

I, as I think many others do, see diaspora as part of a wider project - creating a decentralised web, where tools, services and communication are federated and decentralised. That means making diaspora work not just with other pods, but also with other services that work on a in a decentralised way.

So what is an email address? An email address fulfills exactly the same purpose as a diaspora handle. If you are to allow people to contact you, there has to be a system like email-addresses/handles; otherwise you would have to have some kind of centralised database and search which poses far more serious privacy issues.

No-one would propose that we shouldn't be able to request to add contacts via their diaspora handles - but why should we refuse to apply the same system or logic to emails? The recipient would have the opportunity to say yes or no, or even to say 'i don't know this person, this is spam'.

When someone gives you their email address, they don't ask you what service you're going to use to contact them, or specify that you can only contact them through gmail, or hotmail. And when people switch emails, its usual practice to email your old contacts from your new email so they can update their addressbooks. I don't see anything wrong with that - what would be wrong is selling those email addresses to a company to use for spamming and making money.

What I'm suggesting is no more 'giving away someone's email address to a third party' than emailing them is in the first place is (or than emailing them from a different email address), whether that's via webmail or IMAP. The question is what that server does with the data - if its gmail, quite likely use it for commercial purposes, as well as make it accessible to the NSA - while diaspora is going to take care of that data (and is open source, so there is a far greater degree of transparency over what it does with it). But there's still trust involved.

So to come back to diaspora handles - are we going to see adding someone with a diaspora handle as a violation of their privacy? Or, if I migrate to another pod and add my old diaspora contacts there, without explicit prior permission from everyone of them, is that a privacy violation?

I don't think it is, and I don't think that by federating email and diaspora through the way we build diaspora is either. I don't think allowing people to contact other people on email from diaspora is any worse than people being able to contact other people from a third pod, or a different email server (incidentally, if these were both implemented diaspora would also be an email server).

I think the point, rather than point blank refusing to implement this, is to build in safeguards - recipients have to say yes to receiving these emails (as they would to signing up to a mailing list). And we don't build in a system where diaspora will ask the person sending the invite 'how do you know this person' - because adding flesh to the functional bone of an email address IS a violation of privacy.


AlexB Tue 20 Aug 2013 10:21PM

Goob: "I guess one way around this would be to provide an invite URL which you can email to people, giving them the URL to click on to authorise their email address to be uploaded to Diaspora - but it sounds messy and I still don't really like it."

FWIW I don't find this that messy. And it seems to me to address Goob's own privacy concerns while fulfilling the functions Nick is interested in. Isn't this a good compromise between your two perspectives?

I see you end with "and I still don't really like it", Goob -- but I'm not sure why. As far as I can tell your later posts don't elaborate on these further concerns in particular.