I think we should be cautious here. Wanting openness is good, but we should also have requirements about user privacy, even though those might conflict with the former. I propose to add the following criterias:
Any direct messaging feature must prominently display whether the communication is encrypted. If it’s not it shouldn’t suggest it is private in any way, including by labeling it Private Messages.
Users must be able to control who can see and interact with their posts, at minima it must offer an option to prevent scrapping of their posts.
Must offer an option to hide followers and following
Must not require a phone number, even for “verification purposes”
Must not ask for identification including by requiring to eneter your real name or require a verification selfie
Must accept aliases for registration
Must have good security by requiring a strong password and support 2FA
Best-case
Should offer moderation options, including choosing which content you deem offensive and which to block (excluding illegal content such as CSAM)
Transparency about moderation decision and policies
The only recommendation we should be making regarding using these platforms for private messages is don’t. We have recommendations for The Best Private Instant Messengers - Privacy Guides which should be used for all non-public communication.
Agreed, but those features are there anyway so we should require providers to be honest about them. E2EE of those is always good to have, even if it’s not as strong as proper E2EE messengers
IMO listing Social Networks under the software category is somewhat confusing. For example for mastodon I personally would expect mastodon client recommendations under this category instead of just a mastodon recommendation as the “best” social network. I’m still fine with adding it this way since the whole sidebar might be overhauled in the future as per this thread
I agree, the mastodon backend and client are a whole different story
For example I’ve seen https://elk.zone/ being highly praised as a mastodon client and better than mastodon itself but yeah.
The logic is sort of similar to our current Element/Matrix recommendation where we are not recommending any particular instance host (server provider) in this case, only the server software in general.
I agree we should just make broader changes to the sidebar beyond this.
I am not aware of any software which prevents this. See my note on Mastodon’s related privacy settings in the PR:
The other privacy controls on this page should be read through, but we would stress that they are not technical controls, they are merely requests that you make to others. For example, if you choose to hide your profile from search engines on this page, nothing is actually stopping a search engine from reading your profile. You are merely requesting search engine indexes not publish your content to their users.
You will likely still wish to make these requests, because they can practically reduce your digital footprint. However, they should not be relied upon. The only effective way to hide your posts from search engines and others is to post with non-public (followers only) visibility settings and limit who can follow your account.
For this reason I am not very interested in requiringnoindex requests as part of the criteria.
Separately from the option to have a private profile?
So we should require the option to have a fully public profile, except with hidden followers/following?
Mastodon allows this so it is not a problem, but I just want to be clear.
How would we handle social networks without followers/followings or even profiles at all?
I agree with @phnx that I would just not want to encourage this behavior actually. Interested in others’ thoughts.
These criteria are only applicable to instance hosts. We are not recommending any particular instances here, only federated software.
If PG wants to go in that direction in recommending a social media, there should be a note at the very beginning of the article. Something like: "[Intoduction-bla-bla]. Here are the main reasons we do not recommend the use of social medias in general:
A
B
C
“Although, we do understand it might be necessary in certain scenarios like D-E-F. If you’re still there, then here’s what we recommend and why. […] Here’s also a guideline on what not to do to keep your privacy: […]”
It can get really complicated fast to list all the different use cases and what to do or not to do depending on what you want to accomplish with social media.
Let’s get real though, the concept of a social media is not supposed to be privacy-friendly.
I agree, but we should focus less on anti-recommendations and more so on harm reduction regarding social media use. Also expand our existing account creation section to explain how anonymous account creation can work.
Telling someone to not pursue something is pretty much fruitless nowadays. At that point, we might as well encourage our community to stop using computers and phones.
After all, most of the harmful privacy features of social media are entirely voluntary. Perhaps someone uploads their face and real name on their Instagram profile or documents every single second of their lives (Yes, I do see the irony here in my profile lol).
See this is where I think I may just fundamentally disagree. I am not sure being a private person is equivalent to being an anti-social person
Is the harm of privately using social media in your life significantly greater than the harm of, say, scrapbooking or journaling? The medium doesn’t seem to matter as much to privacy as just who you share the content with.
Oh I absolutely agree, I don’t consider myself anti-social either. That’s not what I meant. I think this topic is a bit tricky depending on your use-case.
The first question to ask is why do you want to use social medias in the first place?
Is it to actually connect with people you know? In this case, you can forget privacy and assume every thing you do is collected. This category of use-case is what I meant. In comparison, you can expect privacy in your home, but it’s hard to have privacy at a social event.
Is it for a business?
Is it to connect with a community where you don’t need to reveal your identity? Then, in this case, you can probably have some privacy. A bit like in this forum.
Etc.
Semantics might also be more important here. What does it mean to be a “private” person? Or what does “privacy-friendly” would mean in the context of a social media? Maybe defining this could help as well.
I was referring mainly to this situation, and I don’t follow why this has to be the case if you exclusively connect to only people you know and trust with the content you’re posting.
Let’s say I self-hosted a Mastodon server, federated with absolutely nobody, limited all posts to followers only, and only gave accounts to my family. Is this not a very private social networking setup for my family?
That would require a level of trust that I simply don’t have.
Most of my friends and family don’t care about privacy. I can’t even stop my partner from posting photos of us on social medias
In your example of a self-hosted Mastodon server, it depends what you mean by your family. If it were just your close-family of like 4-6 members, then sure, but that would be a pretty specific use case. Even then, there could be a family member who takes a screenshot of a funny or interesting bit, and post it on a bigger public social media.
I can’t control what others do, including my close friends and/or family. They surely always have all the best intentions based on their own experience, growth and where they’re at in life. Based on that premise, I’m not sure that use case is possible, but if you can have that trust, then sure. But I don’t.
What does it mean to be a “private” person? Or what does “privacy-friendly” would mean in the context of a social media? Maybe defining this could help as well.