Advisory Privacy

Mike Macgirvin
 High Range, Australia 
As long as I'm in a ranting mood, I'd like to mention Advisory Privacy, because it's something other projects love to throw in my face. Advisory Privacy basically means that every message contains the recipients or scope for that message, and if it's private and it's not addressed to you, you're not supposed to look at it - even if it arrives at your server.

The obvious question arises, "But if there's nothing actually preventing you from looking at it, it isn't really private - is it? You can just ignore the advisory."

Quite true.

A very vocal opponent of everything Hubzilla on another project recently wrote a scathing blog post on advisory privacy (right after we had an online dispute about something else - coincidence? I think not.) Anyway he rightly said that this mode was an atrocity and insecure and their project would never allow such a thing because they take pride in your security (while passing around hidden metadata in a way that exposes the metadata they're hiding and using encryption that's basically plaintext to any hacker and protecting private photos with random strings that can easily be seen by fuskers - but I digress). That's not the point. The point is that Hubzilla does have this mode available - we just don't use it. You can only trigger if you set your permissions to 'custom/expert mode' and only applies to exactly one of the 20 categories you can manually set limits for in expert mode. We actually don't use it even there to send private posts, but only to set a limit to how public things should be. Now I'm fine with people using insecure privacy if they are 'experts' and choose to do so. I'm not going to question their right to do whatever they want. But the fact is that unless you choose this expert mode, there's no way you're going to ever use advisory privacy, and our documentation strongly discourages it.

Anyway, here's the irony... advisory privacy is the de facto privacy mode for activitypub which several projects are being asked/bullied to adopt. It is also the new privacy mode under development at mastodon. There are no other mechanisms under consideration.
Haakon Meland Eriksen (Parlementum)
  last edited: Sat, 15 Apr 2017 02:58:42 -0700  
How many dimensions do we use to describe a privacy setting now? Four? Something like this - Scope/Context-Permission/Capability-Role-Person? It should be possible to compare and contrast our privacy settings with other solutions. I borrowed a bit from Moodle to high-light similar concepts like our Scope and their Context. However, these are not the same dimensions, there are just four(?) of them, e.g. Context in Moodle is tied to the surface area you have access to, either Portal-Category-Course-Activity while our Scope is tied to person, i.e. Only you-etc-to-Anybody on the Internet.

Edit: :facepalm . I see now Asset/Object/Thing/Context are the same, i.e. what you have access to.