Poll/discussion: friends-of-friends

[elusiveat]

One of the shifts in internet culture that has occurred over the past ten to fifteen years is the degree to which people are willing to make their ideas public. This is notable on Dreamwidth, where a lot of accounts are locked down entirely, and it can be hard to make new connections (certainly harder than it used to be on Livejournal).

An idea I've heard kicked around as a possible middle ground for privacy would be to allow a privacy level that was visible to people trusted by the people you trust, or possibly separated by more degrees of separation, something you might call a "friends-of-friends" access level (though the "friends" nomenclature presents problems of its own). I believe this exact setting exists (or existed) on Facebook, but with the number and (number of different types) of people I had on *my* Facebook friends list, I regarded that option as essentially meaningless, so never used it.

The situation might be different on Dreamwidth or similar platforms.

What do you think?

Poll #21013 friends-of-friends

Open to: Registered Users, detailed results viewable to: Access List, participants: 28

If Dreamwidth offered a friends-of-friends access level, would you use it?

Yes
6 (21.4%)

No
9 (32.1%)

Maybe
13 (46.4%)

Mu
0 (0.0%)

Do you think a friends-of-friends access level would be a good idea?

Yes
13 (48.1%)

No
4 (14.8%)

Maybe
9 (33.3%)

Mu
1 (3.7%)

Discuss.

Comments

[squirrelitude]

I think I would mostly use it for discussion of controversial topics, where I want a wide audience (for diversity of viewpoint) but generally only trust friends-of-friends to behave appropriately. I might also not want my own opinions exposed to the whole world.

This isn't as much an issue for me on Dreamwidth, but if I used Twitter (which has a history of dogpiling and harassment) this would be a very useful setting.

[elusiveat]

My main reservation is that I don't think there is any kind of agreement on what kind of a relationship qualifies a person to be on an access list.

[artan]

Which is a good point, since I have had friend-of-friend people who I wouldn't really trust with day-to-day competence or politeness.

There is the possible option of friend-of-friend with quiet blacklist?

Friend-of-friend does allow easier perusal for broadening social contact networks, so as an option for a security level makes sense. It's not like it would have to be mandatory.

[someonefromthewater]

Dreamwidth already has a blacklist feature; though right now it just blocks comments and PMs. With a security level like this it'd probably get a lot more use.

[sparr]

Proposal:

1) Quick way to see who your friend is that has this person as a friend such that they are your friend-of-friend. LinkedIn has this, to show you the network links between you and another person.

2) Option to have some people as a friend but not include their friends in your FoF list. This would allow you to filter out some connections from people who are too liberal in their connecting.

[rialian]

===It would be nice to have the option, but yeah...I suspect that these days it would go into dogpile city very easily if the friends did not have a reasonable cohort. (sad, tired chuckle)

[jducoeur]

I almost certainly wouldn't use it, but I live pretty publicly -- I just haven't had much time to post lately, and what posts I do make are spread around Medium (my professional blog), DW (other relatively in-depth topics) and FB (quick links and other stuff that doesn't really matter much). It's vanishingly rare for me to post locked...

[sorcyress]

This --almost everything I post is public (enough so that I explicitly state within the post or title when I'm posting locked or filtered). I think it would be a neat idea for other people, but doesn't work for me.

[casimirian]

Dreamwidth does provide a network portal to read friends of friends journals, but this is a paid for feature.

[squirrelitude]

But it doesn't provide a way to give *access* to a post to friends of friends. So using the network portal, you can only see posts you'd see normally, just gathered in a single place.

So for example, you and I both have elusiveat as a contact, but there's no way for me to make a post that isn't public but that you can see as a friend-of-friend.

Pseudonymity

[cos]

While I think it could be useful, dreamwidth offers true pseudonymity, which is a much more powerful tool.

On LiveJournal there were a lot of people who posted the sorts of things people generally don't want to post public, but they used accounts which nobody could identify unless they already knew who it was. You might think that Internet culture change has driven this kind of thing away, except we still see it A LOT on reddit - another site that offers true pseudonymity.

One thing that works really well on reddit is the popular "Reddit Enhancement Suite" add-on for all popular browsers, that makes switching between multiple accounts trivial. If dreamwidth had something similar - say, let you link a few accounts, or log in to multiple accounts, and have a simple account-switcher menu at the top - that would allow people to easily use alternate accounts whose identity is known to few, or not revealed at all.

That said, yeah, I think friends-of-friends would be a good feature. And maybe I might use it. But when it comes to what kinds of things people share, I think the friends-of-friends idea comes from a more Facebook-oriented frame of thinking, where obviously anything you post to your account is connected to *you*. Strong support for peudonymity is much more powerful. "It's not about who you share with, it's about who you share *as*."

Re: Pseudonymity

[jducoeur]

Yeah, this. The FB and G+ wallet-name-uber-alles approach has driven too much thinking, and most folks have forgotten how powerful pseudonymity is. With that in place, friend-of-friend becomes much less useful as an access-control feature, although it's still useful for discovery.

(I put a *vast* amount of effort into getting identity management more or less right in Querki; eventually, that should become user-visible, and I expect it to be important for at least some users.)

Re: Pseudonymity

[squirrelitude]

I get nervous when I think about using a long-term pseudonym to post things publicly that I wouldn't want attached to my wallet name, because I generally expect that the pseudonym will be "compromised" at some point. That said, it's a good layer of defense in combination with access controls.

I do worry about the discoverability issue. There are a lot of people I see commenting on Dreamwidth who I *probably* know in person, but I can't tell. :-/

Re: Pseudonymity

[sorcyress]

I feel you on the "compromised" problem. I desperately want to lead a public life, because I'm not ashamed of myself¹ but I do recognize that eventually, my students -or coworkers, or bosses, or parents- (in increasing order of problematic) are going to find me.

My secret hope is that by spending a lot of time on the less well known parts of the internet, I will defy my students, who are used to the snapchats and the instagrams.

~Sor

1: I recognize that there are other reasons to want to be private about your identity, but for me it has always been a weaponized reaction to societally enforced shame --if I tell you "hell yeah, I'm a kickass queer poly kinkster" with a voice full of pride, you can't use those words to attack me in the same way. Similarly, ADHD, nonbinary, rape/abuse survivor, "weird", etc.

Re: Pseudonymity

[squirrelitude]

I go back and forth between https://xkcd.com/137/ on the one hand, and on the other hand thinking about how we don't have to make this choice in meatspace, and how the process of making that choice has chilling effects in the ways we communicate online.

I want to just be able to do stuff online without having to worry about it.

I think one of the core tricky bits is that for online stuff, keeping a permanent record is both 1) easy, 2) desired by many users, and 3) a natural consequence of asynchronous communication.

Re: Pseudonymity

[elusiveat]

https://xkcd.com/137/

I might vaguely remember having seen this one once long ago in the past, but in any case I had not been aware of it three minutes ago. Thank you for (re)making me aware of it.

<3

Re: Pseudonymity

[squirrelitude]

Have you written about your identity management design anywhere? I'd like to hear your thoughts on it.

Re: Pseudonymity

[elusiveat]

I know I've seen other DW posts by JDuCoeur about the ideas he has applied, but I do not know whether they are available on a more public and/or curated forum.

Re: Pseudonymity

[jducoeur]

Actually, I don't think I've ever written about this stuff non-publicly (it's quite rare for me to lock posts), but it's scattered around. Some is in The Art of Conversation, some in my personal LJ (all of which is now here on DW), some on G+ (which I stopped using ages ago), and much (probably most) was in the now-abandoned Querki Development Journal over on LJ. But no, it's never been curated...

Re: Pseudonymity

[jducoeur]

Some, although much of it is pretty old. My old professional blog, The Art of Conversation, was focused on the subject of online conversation, and identity management was a thread that I developed during that.

(My original stab at a startup, CommYou, was specifically focused on line conversation; I shut that down when Google released Wave, which looked uncannily similar even though many of the key details -- *especially* around identity management -- were quite different. Art of Conversation was basically CommYou's blog.)

Anyway, my thinking on the subject originally coalesced (in 2012) in this post, which spells out the layers of a proper decentralized identity architecture. It's just a sketch, but I think it's still mostly correct.

As for Querki itself, I'm pretty sure I've described its identity architecture on LJ (and thus, now on DW), but it was probably back in 2013 so it's not trivial to dig out offhand. (ETA: ah, here it is.)

[NB: Querki is essentially a wiki system on steroids. Individuals and communities use it to create "Spaces", which are distinct namespaces, each of which is essentially a database-plus-website. The goal, spelled out a bit more here, is to make it quick and easy to create small, collaborative, data-centric websites. Basically, it's what I've always wanted wikis to be able to do, so eventually I built it.]

Anyway, Querki uses a simplified version of the decentralized architecture (easier since it is for a single site), which basically boils down to three distinct layers:

-- User: an actual account with Querki, that somebody can log into. Users are *private*: in principle, there should be no way for anyone else to see the entire User. So far, I see no reason to ever compromise on that point.

-- Identity: a *public* facade for a User. In principle, a User may have any number of distinct Identities. (In practice, I've realized that there need to be some limits, to cut down on sock-puppeting -- in particular, I limit Users to a single Identity per Space.) Identities *may* be publicly linked, but that's on a strictly opt-in basis.

-- Person: an Identity in a Space. This is public (within the constraints of the Space's own security controls), and is publicly linked to the Identity, but may be further customized to the needs of the Space. Basically, it's the application view of an Identity.

Mind, while most of this is built, it's not heavily tested yet and mostly not end-user-visible yet: for the moment, Querki still only allows one Identity per User. That'll change when I add the ability to link Querki Users to logins from other sites with OAuth2 (and maybe OpenID, although sadly that has mostly decayed away) -- part of the point is to make it easy to use Querki with whatever identity you care to import from elsewhere, while still keeping those identities distinct by default. And eventually I'll allow you to create multiple Querki-defined Identities per User, although that needs to be done carefully to avoid name squatting.

I built Querki's identity-management system in-application because it was easier, and Querki is insanely ambitious enough as it is. I still occasionally toy with spinning out a separate not-for-profit project to build the decentralized identity management system, and reorient Querki to use that instead. IMO, it's still the *right* way for all this stuff to work...

Re: Pseudonymity

[squirrelitude]

Thanks for the links, I'll take a look! I've been working on some identity management stuff for a project of my own. You might also be interested in social_media_design.

Did you look at Imzy at all, when it was still around? It was a communities-based social media site made by some former reddit employees. Users could have multiple profiles that were not publicly linked together, like your identities. (Users had to choose which profile to use for each community they joined.) One thing I was concerned about was people relying on it too heavily for strong pseudonymity, and in fact I later found and reported a vulnerability that allowed me to identify all profiles that belonged to the same user accounts. So the presentation of pseudonyms is a little tricky, and I'd rather the site not even *know* about the multiple identities a user has, if possible. (Or just make sure people understand that it's not strong security.)

Have you read "Big and Small Computing"? An acquaintance of mine published a collection of essays under that title. The title essay sounds similar to your goal of having Querki embrace small data.

Re: Pseudonymity

[jducoeur]

I've been working on some identity management stuff for a project of my own.

Intriguing...

You might also be interested in social_media_design.

Yeah -- I've had it open in a tab for days now, but haven't had time to dig into it.

Did you look at Imzy at all, when it was still around?

I was vaguely aware of it, but that's about it.

So the presentation of pseudonyms is a little tricky, and I'd rather the site not even *know* about the multiple identities a user has, if possible.

Entirely reasonable, and I'm planning on being pretty explicit that, if it's life-and-death, I don't recommend relying on Querki's identity separation. That's part of why I prefer the decentralized architecture in principle -- more specialization in the identity-management, and somewhat less risk of leakage.

Have you read "Big and Small Computing"?

No, but thanks for the pointer. I agree that it's pretty similar to Querki's ethos of small data...

Re: Pseudonymity

[elusiveat]

From my perspective, the problem that the "friends-of-friends" filter would address is enabling an access level that would make discovery easier. So the question for me is: would this access level be used enough that it would actually increase the chances of discovery?

It looks like a few of the poll respondents would expect to use the filter, which might be enough in itself to justify this kind of feature.

I think I'd need a bit more historical assessment of trends in privacy to be convinced whether the pseudonymity issue is really relevant here. What I want to know is: did people lock down their Dreamwidth accounts because of events on Facebook, Twitter, and G+, or did they lock down their accounts because of events on Livejournal?

My *perception* is that most of the lockdowns occurred following one of the Livejournal abuses that went after fanfiction and alternative livestyles, but it's possible that the more important driver was events on other platforms (GamerGate perhaps?).

Anyway, at this stage it isn't clear to me how strong the role of pseudonymity is.

I haven't poked around much on Dreamwidth following the