Group: GNU Social/Project Comparison
From LibrePlanet
Group:GNU Social Project Comparison
Contents
In "The Cloud"
Commodity webhosting approach
Pros
- Deployable on commodity webhosting.
Cons
- Commodity webhosting often happens on virtual machine farms. Encryption, security and privacy are not safe on virtual machines.
- A federation of such servers cannot handle as much traffic as applications using optimized protocols rather than HTTP.
Projects
| Commodity hosted services | Code maturity | Distributed protocols used | Features | Privacy support |
|---|---|---|---|---|
| StatusNet | Production | OStatus, OpenID, FOAF | Microblogging | None |
| Crabgrass | Production | None | Social networking with a focus on collaboration within and between groups. Wikis, task lists, asset management, photo galleries, decision making. AGPL, Ruby on Rails. Primary emphasis is on privacy. | Simple permissions |
| Diaspora | Starting | (OAuth, OpenID planned) | Planned | Planned |
| Elgg | Production | FOAF, Pubsubhubub, REST API, Global Identifiers, RDFa, activitystrea.ms | Profiles, microblogging, streams, groups, plugins | Excellent |
| Cyn.in | Production | none | Profiles, streams, groups, wikis, blogs, event calendars, image/audio/video galleries, crowd rating and voting, people directory | Profiles, customizable access control |
| Lorea (a group of extensions on Elgg) | Production | Elgg supported federation technologies (openid, activitystrea.ms, pubsubhubbub), foaf+ssl working on: ostatus (60% production), xmpp/psyc (50% development), rdf+sparql (10% development) | Same features as production elgg + group mailing lists, tasks, calendar, subgroups, tagclouds. Although, each network can decide which fuctionalities to include. | Excellent |
| Pinax | Production | OpenID | Wiki, groups, forums, bookmarks | Seems basic |
| Open Atrium | Production | Planned? | Blog, calendar, group collaboration, docs, case tracking | Seems basic |
| SMOB | Production | FOAF | Microblogging | None |
| BuddyPress | Production | None | Members, groups, blogs, forums | None |
| Daisychain | Proof of concept | Proof of concept | Proof of concept | |
| Partuza (Apache Shindig) | Proof of concept | OpenSocial | Profile | |
| The Appleseed Project | Alpha | Planned | Profiles, photos with tagging | |
| Socknet | Alpha | OpenID | Messaging, gossip (?!) | |
| Get6d | Alpha | 6d | None | |
| Knowee | Alpha | OpenID, FOAF | Address book | |
| Dutch | Alpha | OpenID | Group blogging | |
| eXo Social | Alpha | OpenID, OAuth, REST, RPC | ||
| DiSo | In development | activitystrea.ms | ||
| MOVIM | In development | XMPP | ||
| Jappix | Production | XMPP | Instant messaging, Groupchats, Presence, Activity, Mood, Tune, Geolocation, (soon Micrblogging and Activity stream), Profiles | Excellent |
| HelloWorld | Brainstorming | OpenID | ||
| OpenCollab | Stable | None | RPC-API, Applications, Blogging, Groups, Profiles, Jabber-Notification | Buddylist |
| Kopal | In development | Invented | ||
| RSSN | Brainstorming | In development | ||
| Noosfero | Production | Planned | Content management, tagging, regular social networking stuff (friends, communities), blocks("widgets"), blogging, RSS import, image gallery, categories, adding custom themes, news portal, i18n/l10n. Developed in Ruby/Rails, License AGPL3 | Users can put their profiles (or communities) as private and them only their friends (or members) can see it |
| Mistpark | Production | DFRN, openssl {invisible secure handshake authentication}, Atom, ActivityStrea.ms, webfinger, PuSH, LAMP (PHP), BSD license. | richtext status posting (configurable length limit or unlimited), photos, albums, links, video, location, like/dislike, public and private personas w/ ACL publishing controls, distributed 'wall-to-wall' posting (single-sign-on w/o passwords), one-way and 'shades of grey' relationships | Excellent - unlimited private profiles and conversations which may be restricted to specific friends/contacts/groups and completely separate from the "public profile" and associated message feed. Group pages have associated ACL's which restrict conversations to members of those groups. |
Suggested protocols: MINE Project, NoseRub, OpenSocial, DFRN for apps
Non-free software
- iSocial: supports OpenID, OAuth, OpenSocial, etc.
- Persona: Actually a paper discussing mechanisms; unclear whether authors would want to patent their processes
- Safebook: Another group of papers
Federation of Servers approach
Pros
- Existing infrastructure of servers. Familiar traditional Internet architecture.
Cons
- Still putting a certain degree of trust into servers, but we don't want unencrypted trust networks stored on servers, and can we trust SSL keys to be safe on servers in future?
- Even if we only let them see encrypted messages, we would still trust our servers to carry our social graph.
A way to solve this dilemma is to allow for more servers to run on the user's computer – then it is fine if the server is involved in group encryption maths, storage of the web of trust and personal data of our friends or even private key encryption on the user's behalf. Essentially bringing XMPP and PSYC into a more P2P mode of operation. This works with PSYC – for XMPP it may need some tweaking.
Projects
| Federated services | Code maturity | Distributed protocols supported | Features | Privacy support |
|---|---|---|---|---|
| XMPP | Production | XMPP | Instant messaging, supports extensions | Excellent |
| OneSocialWeb | Beta | XMPP | Microblogging, profiles | Seems great |
| Google Wave | Beta | XMPP | Messaging, microblogging, instant messaging | Seems great |
| Mycelia | Development | XMPP | Wiki, bookmarks | |
| PSYC | Production | PSYC, XMPP, HTTP, IRC, some FOAF | Conferencing, messaging, microblogging, profiles, trust metrics | Yes |
On Your Computer
Peer-to-peer (P2P) / Distributed Hashtable (DHT) approach
Pros
- No doubt peer-to-peer is the approach that respects privacy the best, as it allows any social interaction to be end-to-end or group encrypted. Some technologies even make it hard to observe who is communicating with whom.
Cons
- Needs a special strategy for message delivery when a source goes offline (servers, DHT and/or group communication redundancy)
Projects
| P2P services | Code maturity | Distributed protocols supported | Features |
|---|---|---|---|
| GNUnet | Production | GAP | Filesharing, Chat |
| I2P | Production | I2P | Pseudonymous Publication, IRC, Filesharing |
| Tahoe LAFS | Production | None | Filesharing |
| CSpace | Production | Invented | IM |
| Angelapp | Beta | None | Filesharing |
| RetroShare | Beta | Invented | Filesharing, chat, forums |
| The Circle | Ceased development | Invented | IM, IRC |
| Syndie | Alpha | None | Forums |
| Netsukuku | Not in production | Netsukuku protocol suite | Wifi mesh network |
| Peerscape | Production | None | Filesharing, chat |
| @versionvega | Beta | Pastry | Chat, Voting, Reading/Writing Texts, "Web Overlay" |
Non-free P2P networks
| P2P services | Code maturity | Features |
|---|---|---|
| LifeSocial | Proof of concept | Profiles, photos, etc. |
| PeerSoN | Brainstorming | Collaboration, file sharing |
| Opera Unite | Production | Photos, wall, music and filesharing. Capability for groups or global news pages is quite limited |
| Osiris | Production | Forums (Developers have announced that they will open the source code soon). |
Social desktop applications
Pros
- allows for end-to-end encryption for people and groups, without browser
- heavy integration in the computer desktop experience
- allows for much richer interactions beyond traditional social networks (like file sharing)
Cons
- could be done in an unsafe client/server way, so be careful to get it right! Get it right probably means to do it in a P2P way (see section above)
Projects
| P2P services | Code maturity | Features |
|---|---|---|
| Nepomuk for KDE | Beta? | Metadata sharing |
| Social Desktop for KDE | Beta? | Authentication to issue tracking services, KDE forums, news feed |
In-browser profile + certificates approach
Pros
- Authenticate at any website using a secure profile stored in the browser.
- Profile is always stored locally; external websites can't fake it.
- The statements above indicate a lack of understanding of how FOAF+SSL operates. FOAF+SSL securely includes a link to a profile in requests made by the browser. The profile itself can be hosted on commodity web hosting. Some browsers are now starting to bundle web servers, so in that case, the profile can be stored in the browser (I believe Melvin Carvalho has experimented this way), but that's not the usual situation.
Cons
- Adds a layer of complexity without solving the problem, since creating a forum/microblogging still requires some kind of hosting.
- You need to surf to web sites to pick up profiles and information waiting for you, there is no real-time notification stream.
- You cannot do group encryption.
Protocols
- FOAF+SSL for RESTful p2p authentication - libraries in php, java, perl, python, and Apache module available.
Projects
- No browsers implement FOAF+SSL so no projects have been initiated
- The statement above indicates a lack of understanding of how FOAF+SSL operates. Browsers don't need to do anything to support it; FOAF+SSL leverages the HTTPS support that already exists in browsers. (That said, many browsers could benefit by improving the user experience of their certificate management dialogue boxes!) FOAF+SSL thus already works in all major browsers and has since day one; more details.
- Lorea project already supports foaf+ssl
Distributed Node Architecture
This architecture entails separating an end-user's GNU Social node into five components. See here for more. This essentially brings all of the approaches (and thus existing solutions) mentioned above into a big picture and defines a framework for them to interact.
Pros
- Allows end-to-end encryption for people and groups and anything else
- Allows the use of arbitrarily many transport protocols such as HTTP, XMPP, or PSYC for relaying data between nodes
- "Future proofs" by defining protocols between components and not making assumption about the structure of other aspects of the node
- Allows users to access the same account using different client programs (web browser, dedicated app, MeMenu, etc.)
Cons
- Possibility of over-design
Projects
