This is the exact type of experimentation and hacking I would expect from a technology that has a lot of potential and interest from devs. I hope ActivityPub and further decentralization efforts continue to gain mindshare.
I have no idea how this technology works, and I wonder what problem it solves over, say, email? Will chess-moves be public for everyone to see? Or will privacy be protected? Can the user(s) perhaps decide about the level of confidentiality?
Technically, all the messages castling.club itself generates are all public, but the rest of the thread can be private depending on user settings.
One thing that's kind of cool: Each message and game detail page can also be requested as JSON using the Accept header. For messages, ActivityPub actually requires this. But for castling.club, these documents also include SAN and FEN for the chess moves and board states. And there's a JSON-LD vocabulary to describe it: https://castling.club/ns/chess/v0
That's a very technical advantage, I suppose. And how beneficial that is in practice (outside chess) remains to be seen. :)
I think the benefit here is that the moves are public, so people can easily spectate ongoing games and review old ones. That is difficult to solve by email alone
Yeah, true. But after the whole Facebook debate, I think future social technology needs stronger privacy protection built-in. If the only option is to share with everybody, then I suppose that's a bit simplistic and probably not what people need/want.
> after the whole Facebook debate, I think future social technology needs stronger privacy protection built-in. If the only option is to share with everybody, then I suppose that's a bit simplistic and probably not what people need/want.
I think one of the big problems with Facebook and the like is the idea that things can be uploaded to the Web but remain "private". It's an insidious lie IMO, and is one reason I refused to go near it.
Any "revelations" about data brokers, (mis)use, breaches, etc. are just confirmations that the premise itself is flawed (from a user privacy perspective; I know it's a lucrative business proposition).
Attempting to build "privacy" into a decentralised publishing protocol seems to me like a bottomless rabbit hole without any real solution (a bit like DRM). It's perhaps an interesting question in terms of fundamental CS research, but AFAIK no practical implementations exist even in centralised systems, so it seems counterproductive to burden protocols with constraints that aren't actually possible to satisfy.
Even encrypted email only remains private if both parties keep it that way. Privacy can't be "imposed" by an author/"owner". Consider that even proprietary silos like Snapchat have spawned tools to automatically strip their "privacy" features ( e.g. https://drfone.wondershare.com/snapchat/snapchat-screenshot-... ). An open protocol which encourages third-party clients (both human-operated and bots) would be in a much worse situation.
So you are saying that since the recipient of an email can forward it to a third party, we should abolish the privacy aspect of email altogether, and make all emails public?
> So you are saying that since the recipient of an email can forward it to a third party, we should abolish the privacy aspect of email altogether, and make all emails public?
That's absolutely not what I said, and I can't see anything in what I wrote that could be sincerely interpreted into such a weak straw man:
- My only mention of email was descriptive ("Even encrypted email only remains private if both parties keep it that way") not prescriptive ("We should do XYZ")
- The only prescriptive remark I made was to avoid delaying/constraining protocols with requirements that are difficult/impossible to actually implement. I believe that 'private sharing', as found on social media sites, is an example of such an impossible requirement.
- At no point did I say that any existing technology should be "abolished"
Based on this, I'm going to assume that your comment was not made in good faith. Even then, what you say doesn't seem to make much sense. In particular:
- Emails are public. That's why sensitive information like passwords and financial credentials should never be sent via email, unless the email body is encrypted before sending. Email transports are only encrypted opportunistically (STARTTLS), and even if a client/server enforce their connections to be secured, the message may hop between subsequent relays through unencrypted channels before arriving at the recipient. These days there are alternative mechanisms which might provide more security, e.g. composing a message in a browser connected to gmail.com over HTTPS and sending it to another Gmail address, but (a) this isn't "private" since our plaintext is being shared with a third party (Google, who is mining it to profile us; this is also why Facebook's claims of "privacy" are a lie) and (b) it's unlikely that any email protocols or formats would actually be used in such a setting; Gmail/Exchange/etc. are more like self-contained messaging platforms, which interoperate with email.
- I don't understand what "abolish" would even mean, in the context of email. Encrypting emails, whether it's with GPG or pen + paper, is not something that any centralised authority can 'turn off'; it's purely at the whim of the users. If we include steganography as a "privacy aspect" then it's not even possible to know if it's being used or not.
