

Ask HN: Is Diaspora Overrated? Overhyped? - f1gm3nt

just a little imho...<p>Please correct me if I'm wrong, but there are already open source 'facebook killa'z' out there. What makes Diaspora different? (besides an article in the NY Times)<p>Best of luck to the Diaspora Team "TOUCH GREP UNZIP MOUNT FSCK FSCK FSCK UMOUNT"
======
jwegan
Here are a few problems I see with Diaspora (although I may be wrong, feel
free to correct me).

1) They propose a mesh network, but haven't addressed scalability. If I have
1000 friends, presumably I'll have to open connections to all 1000 nodes to
get updates

2) I don't think they have addressed how you will discover your friends nodes.
Facebook makes it easy to find friends. Just import your address book or type
a name into search. Either they will have to come up with something similar to
an email address (username@domain name of where your node is hosted) or they
are going to have to search the mesh network, or someone will have to be in
charge of a central directory. All except the central directory are less user
friendly than Facebook and the central directory has problems of its own like
who do we trust to run it?

3) When privacy is their main motivator, they don't seem to understand the
encryption that well. They talk about encrypting your data using AES. So how
is a friend going to access your data? You would obviously have to decrypt it
when a friend requests it (and probably re-encrypt it with a shared secret key
specific to that friend). But then if your node is running on a hosting
service (because only uber nerds are going to run their own) you're now just
trusting that host with your privacy which isn't any different than how people
trusted Facebook.

~~~
DennisP
1) They've mentioned maybe using XMPP, which is federated and seems to work
ok.

2) It's worse than that, search for John Smith on facebook and the top result
will be the one in your social circle. So a central directory would have to
know the social graph. However, sending search queries to your existing
friends, by whatever method you use for updates, and forwarding them a couple
hops might work nicely. No idea what they're thinking on this.

3) I thought I saw something about them using public-key crypto, and assumed
they would be encrypting their posts with each friend's public key.
Performance might be an issue, since they would have to re-encrypt for each
friend, so maybe they are thinking to share a secret key with all friends.

It's true that you're trusting the host with your privacy that way, but
instead of one big host that everybody has to trust, there are lots of hosts
that compete with each other for people's trust. And there's no one place for
marketers or other goons to find all the information on everybody.

------
sendos
It seems to me just vaporware for now. Have they stated that they have working
code?

~~~
jwegan
I believe they said they have a mockup

------
jaxn
I think the exciting thing is the fundraising and the momentum (against
facebook?). I wouldn't bet on the project succeeding, but I would (did) give
$50 just to support the experiment.

------
alttab
$100k in non-venture backed capital, other than that, maybe a glimmer of hope.

All we can do is wait and watch. They've talked good game, now it is time for
them to walk it.

------
getonit
I think it's the idea behind it that's overrated, overhyped etc, stemming from
a fundamental lack of appreciation between theory and practice. If you post it
on the internet, it's public. It might not be supposed to be public, and it
may not be public for quite a while, or indeed ever, but it's a naive
expectation, IMHO.

