Social Web CG
28 Feb 2018
- sandro, cwebber2, hellekin, rhiaro, ajordan, evanpro, saranix, melody
- ajordan, ajordan_, cwebber2
<ajordan> yeah Plumble read "welcome back ajordan" out loud to me
<rhiaro> but in irc
<ajordan> same, probably
<melody> i'm joining mumble but i'm going to be a minute, apparently it's not configured
<evanpro> I'm here
<evanpro> I keep getting bounced off the server
<evanpro> I'm waiting for the VoIP system with AI built in
<saranix> irc only
<evanpro> So that we can automate the first 5 minutes of calls that's about who can hear who and what is working and not working
<cwebber2> evanpro: haha
<evanpro> I'm going to be talking so I don't want to scribe
<cwebber2> scribenick: ajordan
<ajordan_> scribenick: ajordan_
<hellekin> <- how
cwebber2: okay, we have several new members
... maybe we should do introductions again?
... hello I'm chris webber, I'm the cochair of the SocialCG along with aaronpk who couldn't make it
... and I'm coeditor of the ActivityPub standard
<cwebber2> scribenick: cwebber2
<drEquivalent> Imma just sit here and lurk in shadows, I think, for now.
<ajordan_> ah screw it
evanpro: ajordan_ is maintainer of the pump.io social networking software, is invited expert for the SocialWG, has worked a lot on AS2 and AP
<ajordan_> thx evanpro, that was a great intro
<scribe> scribenick: ajordan_
evanpro: so I'm Evan Prodromou, formal cochair of the Social WG
... developer of StatusNet, pump.io and other social networking projects
<cwebber2> note irc folks, also feel free to introduce yourselves
evanpro: I edited AS2
hellekin: hello I'm hellekin
<sandro> hellekin, you're very quite, I can kind of hear
<hellekin> OK, let me write. I can keep quiet on the audio :)
<cwebber2> rhiaro, saranix, drEquivalent: if you'd like to self-introduce on irc :)
sandro: hi everyone I was staff contact for the socialwg
... one of them
... I don't tend to deploy software but I love to play around with it
... *chuckles* I'll stop at that
cwebber2: if our IRC friends give a description I'll read it off
... let's move forward
... two items on the agenda
<saranix> I'm an independant researcher for the last 5 years in decentralized social networks, and a small business consultant for open technologies
cwebber2: one is some linked data object capabilities I'm working on, quick announcement, and the other is evanpro's dating on the open web
<cwebber2> thank you saranix! I relayed via voice
cwebber2: okay so about the first topic
cwebber2: not sure if anyone here's payed attention at all but lemme link it
... so I'm a member of the w3c community credentials group
<hellekin> So I said I'm a former Lorea developer, maintainer for GNU consensus that aims to coordinate the federated web and the P2P systems, now working on an EU consortium called PUBLIC that I presented at FOSDEM, which aims to promote free software as a public digital infrastructure in Europe, and respond to H2020-ICT-28 call on "Future Hyper-connected Sociality".
cwebber2: I'm collaborating with Mark Miller who's known for being sort of *the* capabilities person
... for anyone who's not familiar with capabilities it's a different model than ACLs, users and groups and so on
... a common metaphor is a car key
... in the future your car might scan you and say "welcome evanpro"
... one thing you can do is delegate keys
... and you can add caveats, so you can e.g. make a valet key that says "you can drive it, but only for 5 miles"
... and you can also add caveats for revocation, so you can delete keys
... some interesting reasons to maybe want these things. I'm bringing it up because our notion of who has authority over stuff in AP is very loose
... e.g. if you send a message we kinda have implied access control, you probably look at the headers to guess
... for email this isn't an issue because a message is just *sent*
<drEquivalent> I'm just a (pretty mediocre) sysadmin, believer in everything decentralized and free and open, that thinks that he knows what he's doing, and sometimes thinks he has good ideas. That's the best way I can describe myself right now.
cwebber2: in AP you might retrieve that message later
... in general not a problem but if you address a forwarding group it can get messy
<rhiaro> oh hi sorry. I was also a staff contact for SWWG, it took over my phd thesis, and I co-edited some specs and stuff
cwebber2: but right now those usecases aren't too important yet
... we have different usecases in the CG
... one example would be groups, or collections
... that have moderators
... maybe you have a Flickr-pool style collection, where you want a bunch of people to be able to administer it
... there's no way to delegate access, or let people moderate
<drEquivalent> Just want to see what SocialCG meetings are all about.
cwebber2: I'm not trying to push this as a "we gotta do it now", just as a "if you run into these things, maybe it's a good idea to look at this spec"
evanpro: I have a question, I'm queued
<sandro> drEquivalent, they vary quite a lot :-) Welcome.
evanpro: so the way I'd do soemthing like this is with oauth tokens
... define a bunch of scopes, you have to have this scope on this token, etc. and give out tokens to people based on auth from the user
... how are LD capabilities different from this?
cwebber2: great question
... so you can use OAuth tokens in a very ACL way or a very capabilities way
... if you hand out oauth2 style bearer tokens, that's very similar to a capability
... but you can't do some things
... you can't do ??? and you can't attenuate it
... there's an interesting project called macaroons from Google which is a big inspiration for LD capabilities
cwebber2: how they work is they're kinda like bearer tokens that you hand out
... but they can do revocation and such
... one nice thing with LD capabilities is that the mechanism we have ties in nicely with LD signatures, so you don't have to provide a separate HTTP header component
... it can kinda flow around the linked data system that we have
... another interesting side effect is that with bearer tokens if you intercept them you have access to them, same with macaroons
... not the same thing with LD capabilities, you can have it in public
... for example someone in the community credentials group is using this for blockchain, so you can see everything public but you can't do anything unless you have the private key
... those are the differences, not saying oauth2 bearer tokens aren't the way to go, just giving a contrast
... *reads off drEquivalent's IRC description*
... *reads off hellekin's description*
<hellekin> thank you
<evanpro> scribe inception
cwebber2: nobody on the speaker queue
... just wanted to put that out there as something for people to think about
... let's move on
... evanpro I think this is you?
<saranix> http://theory.stanford.edu/~ataly/Papers/macaroons.pdf <- non-google link for macaroons
cwebber2: lemme take myself off push to talk
... so I've set it up so I'm now constantly making noise, sorry about that
evanpro: I've got a presentation about it, I made it at Mozilla's MozFest in October of last year
... about using AP for dating on the open web
... I think it's actually a really interesting opportunity for open web tech to start making a real difference in real people's lives
... and presenting a real contrast to silo'd software
... it's a usecase we don't talk about a lot but is actually pretty important to people's lives
... I've dropped the link so people can follow along
... just to be clear there's a page that's specfically for this in-person discussion, I kept it in just for other discussions
... sex and dating is a big world, it's important to keep in mind that people come from all walks of life, let's not be judgemental
sandro: can you say slide numbers?
<sandro> I'll do that
evanpro: when we talk about online dating it's about finding people and making connections
evanpro: typically people you don't already know, it's how you *make* connections
... on slide 4, necessary set of logos
... it's a very important set of functionality
evanpro: lots of variation, e.g. quick relations on tinder, longer relationships, different interests, people of color, lgbtqa folks, etc.
... most of them have very similar functionality
... first you define a profile, often pseudononymous
... trying to give enough of a description of yourself
... but not enough that your pseudonymity could be broken
evanpro: the next important part is defining your own search criteria, who are you looking for
evanpro: blockers e.g. you don't want to date smokers
... gender preferences, etc.
evanpro: next functionality is searches, you want to make descisions about who you contact
evanpro: next slide, there's usually a way to express attraction, "I'm interested in dating you, I'd like to discuss further"
... next slide, there's usually in-band messaging
evanpro: people can preserve pseudononymous identities but still learn more
... next typically these conversations move out of band
... e.g. sharing phone number, location, etc.
evanpro: they kind of step out of the system into the real world
... or there's a second branch, one or the other or both decides not to connect
... they can cut off the connection and cancel any further conversation
... and that's really the tech that dating sites have, there are lots of variations
evanpro: the way that people typically make money is hosting the profiles, charging someone to put up the profile
... they'll charge for search, extended search, specific kinds of searches
... they'll charge at match time
... and also messaging is a place that people tend to put monetization at
... so e.g. you can only send 3 messages, messages to 5 people a month, or something like that
evanpro: dating is very popular, 13 percent of american adults are on online dating sites
... 50 percent unmarried
... very big part of the population
evanpro: it's a big part of people's lives
evanpro: can we skip the scribing for something I have a huge slide deck for
<ajordan> sounds great
<cwebber2> relationship to job search is interesting
<cwebber2> I do think that many people on dating sites do want to be pseudononymous until they get connected also
<cwebber2> but I've never used one so I don't actually know for sure!
<cwebber2> evanpro: I think there's a language of privilege that comes with open technologies of "you just put your name out there and put it out there" and that ignores some of the privacy and security needs of people different walks of life... we want to be respectful of that
<cwebber2> evanpro: I'm taking myself off constant discussion but I wanted to get through this
<saranix> unfortunately, with the proliferation of facial recognition, it is impossible to be pseudonymous. People just do a search and find your real social media page these days...
sandro: so I probably have 100 comments/suggestions
... I'll start with a question: why does IAC not do any kind of cross-site connectivity? seems like it would be a win for their business
<cwebber2> saranix, that's a real challenge yeah :|
evanpro: that is a super good question
... I don't know
... if I was to speculate my guess would be that it's because they have different market segments that they address with those different brands
... e.g. young urban people with tinder
... alternative people with okcupid, older people with Match
... but I do not work there so I don't really know why
cwebber2: go ahead melody
melody: I also have about a million comments/suggestions trying to boil it down here
<hellekin> Won't q because I didn't fixed sound, but a suggestion to look at Attribute-Based Credentials to use zero-knowledge connection to find matches.
melody: I see there could be some real concerns with visibility in terms of how much reach you want your profile to have in a situation like this
... if people are closeted, or have other privacy concerns, it seems like there's a real risk of allowing kind of infinite spread and searchability of these profiles compared with a traditional social media profile
evanpro: uhhhh yeah I think that's a *really* important question
... there are some interesting parts of that
... I think that for someone say in NYC even having the plainest "I'm a 34 year old man looking to meet other men" would not feel like a big exposure and putting yourself at risk
... but if you're in a small town, there are only so many 34-year-old men
... so what we would think of as completely anonymous information could be hard for someone to reveal
... that said there's a point at which the data is not sufficient to make a match
... if it just comes down as I'm a man looking for other men, I don't know if that's enough for someone else to decide they want to pursue
<cwebber2> hellekin: do you have more specific comments on how that would work?
evanpro: I think also you'd kinda mentioned having stuff all over the web
<cwebber2> ZKP are great, but how would you do that in practice?
evanpro: search engine visibility is pretty important too
... I think robots.txt might handle a lot but there are some tricky parts in there
<saranix> also, let's not forget that profile criterea may not be the best way to find a romantic match. How often are we surprised to find we fall in love with someone who has attributes we would've thought were deal-breakers?
evanpro: I'm not sure what a minimal amount of data that's enough to make a dating decision (I'd like to pursue this, find out more about this person) is without exposing you
... I think that might be up to each person sometimes
<Zakim> cwebber, you wanted to talk about search and to talk about pseudononymous -> more information "flow"
cwebber2: *reads hellekin's comment* I don't know much about it myself but I'd be interested in learning more
... sometimes we talk about the upsides and downsides of the fact that in a decentralized system people can set up as many profiles as they want
... it can be bad, people can use that to abuse
... but in this case I wonder if it may be very useful
... it might actually be that you make multiple profiles and the profile you give initially... say you have some kind of oracle that connects you
... you give some of your information but not all of it, but once you match, you reveal your primary profile
<Zakim> sandro, you wanted to ask about how to get critical mass
sandro: so I have a lot to say on the thread melody started, and the one cwebber2 started
... I'll start with the one melody brought up
... Evan I don't think the minimal info approach is really gonna work... I mean, profiles that don't have somebody's face clearly shown... on some really sex-only you can get away with just a body shot but with relationships you have to show your face and now with face-recognition tech your face is just as good as your name
... I don't think you can go with just technical security
... what's stopping somebody from building a bot that gets on each of these systems and crawls it and extracts data for use in e.g. blackmail
... I think what's stopping them is active countermeasures by the service, and also legal countermeasures
... terms of service
... and between those they probably handle most of the threats
... I don't think we can do much about active countermeasures, it's really hard to tell if someone's hitting thousands of decentralized servers
... maybe we could use the really big nodes
... I think the more interesting one is the ToS
... "if you're accessing this site you can only use it for dating"
... I don't know how to make that stand up in court but I think it's doable
... and if it's made clear in the vocabulary, etc. then we can get the moral high ground
... anyone who writes a crawler is clearly being a bad person
... should I do cwebber2's topic?
<cwebber2> just wanted to note that expressing Terms of Service is being explored in the Verifiable Credentials folks
cwebber2: uhhhhhhhhhhhhhh suuuuuure
<evanpro> I think it's noon? Are we done?
sandro: this kind of comes back to the first and last of Evan's questions... if you block somebody you need to stop them from just making another account
sandro: I think the way to do that is we have our existing social graph
... if I want to make a dating profile I set up a new profile somewhere and I have me or one of my friends endorse them
... I as a real person who many of you know know who this pseudononymous person is
... they'll deanonymize in court but otherwise they're okay
... I think that solves the problem Chris raised and allows blocking to work
<cwebber2> poll to ask if we're willing to extend... 15 mins? 30 mins? can't extend?
<sandro> I could talk about this for hours :-)
<cwebber2> ok with extending 15-30
<ajordan> I could extend 30 but would prefer 15
<hellekin> I will skip the last part, but I'm open to discuss more asynchronously.
evanpro: idk if we need to go a full 30 minutes
... if this is something the group's interested in, what's next steps?
cwebber2: why don't we ack melody first
melody: I wanted to speak a little bit about the way centralized services handle the thing I brought up earlier
... siloing acts as a shiled a lot
... one of the reasons someone getting on an lgbtq specific service or whatever is that there's a certain level of assurance anyone else who's on there is on there for the same reason
... and if your profile's visible to them you're sort of sharing the same level of risk
... there's almost a sort of like... mutual risk there
... it's a similar thing... okcupid has a "I don't want to see or be seen by straight people"
... so if you're in the closet only people who take on the risk of setting their profile of being a not-hetero person can see you
<sandro> +1 melody Mutual Risk, Mutual Revelation --- replicating this will be important
melody: I think replicating some aspect of that is probably going to be important even in a decentralized setting
evanpro: I think there are definitely some interesting aspects to that
<sandro> evanpro: Sometimes people circulate screencaps, ...
evanpro: I know people who screencap dating profiles and send them around... being on silos isn't a great protection
... the thing I got on the queue to talk about was reputations
<saranix> they don't have to be silos though. it can be a web of seekers and matchmaking nodes. People submit to multiple matchmakers which handle the profile screening and selective reveal
evanpro: if I get a message from someone or a match offer, that I would have some automated way of finding out if the person is abusive or a spammer
... and has been reported as that in the past
... or "this person has been reported as wonderful to date"
... it's a whole other level of functionality there but it's actually not a big part of a lot of dating systems I've seen
<evanpro> so: reputation systems
evanpro: it would be a benefit, it's kind of a cool part of that
cwebber2: so the thing I wanted to say was
... directly to respond to Evan's suggestion for making claims about another user, if you're going to look at that in a system the verifiable credentials data model might be a good thing to look at
... that's being built for saying "this entity says _this_ about some other entity"
... it might be a good way to express it, plus it's JSON-LD
... there may be downsides too, reputation systems have upsides and downsides
... it can be great until people use reputation systems to say bad stuff about good people
... I don't know if there's any way around that
... I wanted to see if evanpro could bring us forward on the "where to from here" topic from earlier
<cwebber2> fwiw, here's the Verifiable Credentials Data Model https://w3c.github.io/vc-data-model/
evanpro: yeah so I think that what I would really like to see is what would next steps be
... for me as a technologist I would kind of do next steps of create a profile hosting service
... either with pump.io or with another system I find, Mastadon maybe
... and then a search service to implement search
... just a proof of concept
... the q there is whether it would be visible and useful
... and what the role would be here at the CG
... my feeling would be to start implementing first and get finer-grained definitions later
<Zakim> cwebber, you wanted to mention verifiable credentials may be a good data model
evanpro: and if it's applicable enough to report back to the CG, do that as things develop
cwebber2: uhh yeah +1 to the general direction you laid out evanpro
<Zakim> sandro, you wanted to wonder how one could get critical mass
cwebber2: as cochair of the CG I can say I would appreciate holding those conversations and hearing updates here
sandro: so I'm all in favor of code first cuz I love coding and it's fun and you learn a lot
... at the same time there's all these other social issues we've been talking about
... I think you could build a completely functional system but people might not use it
... dating systems have an even worse critical mass than social media
... you can get friends to switch but not with dating sites
... I'm just wondering, why would people use this system
evanpro: I think being able to make that case is really important
... part of the success of Mastadon is that it's provided a real alternative to people concerned about harassment on e.g. Twitter
<saranix> critical mass in a decentralized world looks like "city xxx queer bbs", "west coast masochists", etc.
evanpro: it's less about tech exploration and more about social experimentation
... I think that more worrying than having nobody on it would be to get people on it who feel they're having their security or privacy violated
... "I didn't realize my real name or telephone would be on this account when I set it up"
<Loqi> cwebber2: lol
melody: I think your instinct that it's worse to have something where people whose security and privacy is being violated rather than something no one will use...
<saranix> to put it more generically, really, you have 2 forces of attraction: geography, and mutual attribute match -- the pools are finite.
<sandro> Caught between a Ghost Town and a Mine Field
melody: I think the minimum viable feature set for a system like this is probably gonna be more extensive than you might anticipate
<evanpro> sandro: That's a good headline
melody: there's going to need to be some really robust ways of dealing with incoming messages from people who just absolutely do not fit your criteria who will message you anyway
... and I don't think that reactive blocking is going to be enough to handle this
... that's the kind of thing that immediately puts women off of a lot of online dating systems and has them opting out
cwebber2: thanks melody, go for it sandro
sandro: I'm just starting to have an image in my head for how to approach this
... trying to learn from this
... just imagine this as a network of Mastadon servers
... the server admin would take responsibility for the environment on that node and the behavior of the users on that node
... obviously there's a complicated politics among the admins then, as to who they decide to federate with
... but I think that *might* work
... I'm just thinking about some of my social groups and whether there might be someone who might take that central hub role
<saranix> cwebber2: thx
sandro: you'd have to separate the technical from the management
... they put people on it and then make sure people behave reasonably and then they federate
<evanpro> I need to drop out
<evanpro> I'd love to keep talking further
cwebber2: well so we've gone over the 15 minutes we agreed to, sounds like we can keep talking about this for ages
... so we'll cut it off
... if people have further things to talk about on this issue... one thing that was mentioned very briefly by evanpro was search engines
... maybe that's a good topic for future meetings
<evanpro> Thanks Chris!
cwebber2: thanks everyone for showing up and have a good one!
<sandro> cwebber2, I noticed that Mastodon is getting a version of search around now
<ajordan> thanks cwebber2! and see ya evanpro
<ajordan> evanpro: btw, I got pump.io stickers :-)
<sandro> might be good to have a discussion on how they're doing it
<hellekin> evanpro: ABC is currently researched by Dyne in the DECODE EU project.
<tantek> enjoy cwebber2!
<sandro> okay cwebber2 ?