ecosistema-social-decentralizzato/topics/privacy.md

Privacy

Designing for public communication requires less focus on privacy than social applications designed for close social circles. However, privacy is still important to consider on several counts: protecting user metadata, respecting private account settings, and supporting private direct messages.

User metadata

At a large enough scale, user metadata collected by federated applications becomes a cause for privacy concerns. Examples of these kinds of concerns can be found in this privacy report on Matrix, conducted by a privacy-focused nonprofit, and this response.

Private accounts

Mastodon has account-level and post-level privacy controls. When an account is locked, follow requests must be approved. Since posts are copied to the instances of followers, locking an account gives a user more control over where their posts will be distributed.

Individual posts, as well as the default post setting, can be set to "followers-only".

Direct messages

Many decentralized social applications use e2e encryption to preserve the privacy of direct messages.

• Matrix - End-to-end encryption guide for Matrix clients
• ActivityPub - Mastodon is adding e2e encryption to ActivityPub. Previously, messages were unencrypted on the server.
• Ssb - Ssb, as a p2p protocol, included e2e encryption for direct messages from the start, so that unencrypted messages would not be passed around the network.

Some more e2e messaging encryption options:

• Noise protocol, used by WhatsApp
• Messaging Layer Security (MLS)

Decentralized social applications focused on privacy

• Peergos - Peergos provides capability-based access control for files on top of IPFS. Files are kept private. All encryption happens on the client, which could be a native Peergos client or a browser. Data is always encrypted on the servers. Servers do not have access to metadata or sensitive information. Access is controlled through cryptographic capabilities.

• Zeronet - Zeronet is a p2p browser built on BitTorrent and Bitcoin, designed with a focus on privacy. Instead of having IP addresses, Zeronet site addresses are Bitcoin public keys. ZeroMe is a proof-of-concept Twitter-like social network on Zeronet. Other sites on Zeronet include ZeroTalk (like Reddit), ZeroBlog (microblogging), and ZeroMail (encrypted mail).

• Zbay - Zbay is a Slack-like messaging application with monetary transactions, which uses the Zcash blockchain as a database and transaction settlement layer. User identities are Zcash addresses. Usernames are registered by sending a message to an address everyone has a viewing key for, and providing the new user's public key. Private messages can then be sent to the user's address using encrypted transactions.