@evan
It would depend on whether I thought the service was run by some entity that was trying to harvest data or was genuinely providing a free service without collecting any data.
Conversation
Notices
-
Embed this notice
Bruce Elrick (virtuous_sloth@cosocial.ca)'s status on Thursday, 15-Aug-2024 00:19:12 JST 
Bruce Elrick
-
Embed this notice
Evan Prodromou (evan@cosocial.ca)'s status on Thursday, 15-Aug-2024 04:36:31 JST 
Evan Prodromou
@jessamyn @virtuous_sloth how would you know? what signals would you use?
-
Embed this notice
Jessamyn (jessamyn@glammr.us)'s status on Thursday, 15-Aug-2024 04:36:32 JST 
Jessamyn
@virtuous_sloth @evan Yep, this is exactly me. SO many social media platforms want to get access to all your contacts to show you where your friends are, but I'd want something more targeted and privacy-first,
-
Embed this notice
Bruce Elrick (virtuous_sloth@cosocial.ca)'s status on Thursday, 15-Aug-2024 04:42:29 JST
Bruce Elrick
@evan @jessamyn
I would look for what their funding model appears to be. That is a huge ball of wax, but I think many people understand the heuristics by now.e.g.
If it is VC funded, then it will eventually sell your personal information.If it is open source but also has a main hosted instance, I would look to how the main developers are funded and how the main instance is paid for.
If it is built as part of some federated and distributed protocol, like ActivityPub, I would likely trust.
-
Embed this notice
Evan Prodromou (evan@cosocial.ca)'s status on Thursday, 15-Aug-2024 22:26:28 JST
Evan Prodromou
@virtuous_sloth @jessamyn a lot of interesting results. for both of you, if you knew that the service was only keeping hashes of identifying data, would that be meaningful?
-
Embed this notice
Bruce Elrick (virtuous_sloth@cosocial.ca)'s status on Thursday, 15-Aug-2024 22:26:29 JST
Bruce Elrick
@jessamyn @evan Indeed. While not prefect, at least the EU pays a nod to privacy.
-
Embed this notice
Jessamyn (jessamyn@glammr.us)'s status on Thursday, 15-Aug-2024 22:26:30 JST
Jessamyn
@virtuous_sloth @evan I agree. I'd also be looking for a place that is located in the EU because I think part of GDPR compliance is making sure that data can be deleted on request so they are more likely to have ways of doing that (and have thought about it already) and could build it in to a tool.
-
Embed this notice
Bruce Elrick (virtuous_sloth@cosocial.ca)'s status on Thursday, 15-Aug-2024 22:47:51 JST
Bruce Elrick
@evan @jessamyn
I'm having trouble envisioning how it would end up connecting two people. I mean, it could see that it could match the hashes but unless we live-connect and say "match us" because I have the hash of someone's phone number and it hands one of us the IP of the other, I can't see how it connects us only using hashes.Or are the account identifiers not hashed?
-
Embed this notice
Evan Prodromou (evan@cosocial.ca)'s status on Friday, 16-Aug-2024 03:06:50 JST
Evan Prodromou
@virtuous_sloth @jessamyn two steps. First, I go to the service and share my phone number. It confirms that I control that # by sending a text with a code. I opt in to allow anyone who knows my phone number to find my Fediverse handle. The service stores the hash of my phone number and my Fediverse handle.
-
Embed this notice
Evan Prodromou (evan@cosocial.ca)'s status on Friday, 16-Aug-2024 03:09:56 JST
Evan Prodromou
@virtuous_sloth @jessamyn second, you let an app look through your phone contacts. It hashes each phone number and asks, do you have a Fediverse handle for the person whose phone number hashes to this value. It says yes and returns my Fediverse handle, which the app uses to initiate a connection.
-
Embed this notice
Bruce Elrick (virtuous_sloth@cosocial.ca)'s status on Friday, 16-Aug-2024 03:37:28 JST
Bruce Elrick
@evan @jessamyn
Ah, ok, I was not incorrect in my thinking. They need to store at least your account identifier in the clear to be able to send it to matches. That and learning the phone number for at least as long as it takes to prove you own it and likely forever to be able to repudiate it later if you drop that number, it later gets reassigned, and the new owner wants to use it with the service. At that point the new user would want you to not 'have' it.So not nothing but fairly minimal.
-
Embed this notice
All GNU social JP content and data are available under the