> I don't mean this in a derogatory sense, but we have to seriously
> think about default settings for the "lowest common denominator" of
> the user spectrum, i.e., crank up the privacy. Conversely, for us
> technical users, going into the settings and loosening up the default
> super private defaults would be no big deal.
Like the spec says: "By default, GNU social will assume all
relationships are essentially meaningless, until stated otherwise."
By being friends with someone, simply by following them, you get no
rights unless the user has explictly said otherwise.
So, are relationships something you define just for yourself (and thus similar to tagging) in order to facilitate the privacy management or are they a true bilateral link, that has to be established, and confirmed by the remote entity ?
Here is how we did it in onesocialweb, and I'm not sure if we are aligned or not:
- The user can group contacts (we call them lists) and assign privacy rules to these groups. The groups are only known to the user, not exposed to anyone. You don't need to have any prior-relationship with a contact to add them to a list. So, for example, I can now authorize
address@hidden to see my full profile, no need to friend you before.
- Relationships can be established with others (and confirmed etc...) but this is just a 'vanity' thing. They don't mean anything from a privacy point of view. It is just a way to say "I'm friend with X and he confirmed we are friends". We provide a mechanism for a third party to verify that the relationship is indeed confirmed on both ends.
Cheers,