Consider integration with Give Me My Data

[tedstein]

Give Me My Data is a Facebook application that helps users export their data out of Facebook for reuse in visualizations, archives, or any possible method of digital storytelling. Data can be exported in common formats like CSV, XML, and JSON as well as customized network graph formats.

http://givememydata.com/

[tedstein]

Perhaps relevant: https://developers.facebook.com/policy/

Perhaps not: this only applies to facebook "platform applications and developers" of platform (facebook) applications. We are not that. Give Me My Data is, but we are not.

Platform applications and developers are required to comply with, and are subject to, the following documents

I don't think this document applies to us, but here is the offending passage:

Competing social networks: (a) You may not use Facebook Platform to export user data into a competing social network without our permission; (b) Apps on Facebook may not integrate, link to, promote, distribute, or redirect to any app on any other competing social network.

[tedstein]

Short version, considering the above, I think we should just pick a Give Me My Data format and have a Masques import tool which accepts whatever format we decide. We could post instructions on the website. I don't however, think we should include this in our initial release.

Your thoughts?

[macourtney]

I'm not sure how importing contacts from any other social network would help since we shouldn't allow searching based on email address, phone number or real name (all three are big security issues). If we allow searching of profiles at all, the searches should be based on username which will likely not be a real name at all.

This may be a problem for Masques, but keeping Masques a white list only system, we can sell it on privacy.

[tedstein]

I am in favor of white list.

I should have specified: I am talking about photos and photo albums.

[macourtney]

I didn't think about photo albums. Is there a standard export format? I doubt Facebook will support it, but we can support import and exporting.

[tedstein]

There is a standard export format. Way usable.

Also, there is a way to download all of your information from facebook. I am looking into that now.

[aaannndddyyy]

Real name would not necessarily be bad. Depends on the use case.
If you want to connect with your real friends but simply don't want to be spied by Facebook and/or ISP, what you need is p2p (no server), end-to-end encryption (no eavesdropping), and an anonimizing network (hide metadata from ISP).
Your system would fulfill these needs.

This does not mean you need to be anon to your friends, even though you use an anonymizing network.
Searching by name should then not disclose the restused for friend communication, and it should not disclose the searcher's name to the distributed storage. Simply an ephemeral anon id is looking for Bob.

Alice is using this anon id and when sending an encrypted request, she reveals Bob her identity (only to Bob, not part of the search), authenticates somehow (hard part), and tells Bob her long-term id.

Bob now decides whether to contact Alice on her long-term id. If he chooses to do so, he identifies as Bob and authenticates himself.
The authentication is the really hard part. Better even keep using the transient dests until both parts have authenticated. Only then disclose longterm ids to one another.