On Wed, 2010-06-23 at 10:21 -0400, Matt Lee wrote: > On 06/23/10 09:16, Ted Smith wrote: > > > Interesting. Diaspora makes the URL secure with OpenPGP - it seems like > > a major loss to not have *any* protection on that level. It's hard to > > say we care about privacy more than Facebook when we don't offer > > comparable protection of user data. > > To be clear, we're talking about assets here... so, if you go to: > > http://gnusocial.biz/a/e27255274fc02a83b06379d6cc918856f526a8cb.jpg or > whatever, once that URL is out there, we don't propose doing any other > checking on that URL, but I think there's a possibility for us to give > people an option to regenerate that URL. >
That's less hand-wavy than I originally thought, but what do you mean by "asset"? Are we abandoning human-readable URL's? To be fair, Facebook might do that, but it still seems like a lose. It doesn't seem like it would be that hard to require authentication for privacy-protected resources. It seems like that has to happen at some point - especially if we want any homepage (like identi.ca/user) that has both public and private data.
signature.asc
Description: This is a digitally signed message part
