<ajordan> yeah Plumble read "welcome back ajordan" out loud to me
<rhiaro> but in irc
<ajordan> same, probably
<melody> i'm joining mumble but i'm going to be a minute, apparently it's not configured
<evanpro> I'm here
<evanpro> I keep getting bounced off the server
<evanpro> Yes
<evanpro> I'm waiting for the VoIP system with AI built in
<saranix> irc only
<evanpro> So that we can automate the first 5 minutes of calls that's about who can hear who and what is working and not working
<cwebber2> evanpro: haha
<Loqi> rofl
<evanpro> I'm going to be talking so I don't want to scribe
<cwebber2> scribenick: ajordan
<ajordan_> scribenick: ajordan_
<hellekin> yes
<hellekin> <- how
cwebber2: okay, we have several
new members
... maybe we should do introductions again?
... hello I'm chris webber, I'm the cochair of the SocialCG
along with aaronpk who couldn't make it
... and I'm coeditor of the ActivityPub standard
<cwebber2> scribenick: cwebber2
<ajordan_> muted
<drEquivalent> Imma just sit here and lurk in shadows, I think, for now.
<ajordan_> ah screw it
evanpro: ajordan_ is maintainer of the pump.io social networking software, is invited expert for the SocialWG, has worked a lot on AS2 and AP
<ajordan_> thx evanpro, that was a great intro
<scribe> scribenick: ajordan_
evanpro: so I'm Evan Prodromou,
formal cochair of the Social WG
... developer of StatusNet, pump.io and other social networking
projects
<cwebber2> note irc folks, also feel free to introduce yourselves
evanpro: I edited AS2
hellekin: hello I'm hellekin
<sandro> hellekin, you're very quite, I can kind of hear
<hellekin> OK, let me write. I can keep quiet on the audio :)
<cwebber2> rhiaro, saranix, drEquivalent: if you'd like to self-introduce on irc :)
sandro: hi everyone I was staff
contact for the socialwg
... one of them
... I don't tend to deploy software but I love to play around
with it
... *chuckles* I'll stop at that
cwebber2: if our IRC friends give
a description I'll read it off
... let's move forward
... two items on the agenda
<saranix> I'm an independant researcher for the last 5 years in decentralized social networks, and a small business consultant for open technologies
cwebber2: one is some linked data object capabilities I'm working on, quick announcement, and the other is evanpro's dating on the open web
<cwebber2> thank you saranix! I relayed via voice
cwebber2: okay so about the first topic
<cwebber2> https://w3c-ccg.github.io/ld-ocap/
cwebber2: not sure if anyone
here's payed attention at all but lemme link it
... so I'm a member of the w3c community credentials group
<hellekin> So I said I'm a former Lorea developer, maintainer for GNU consensus that aims to coordinate the federated web and the P2P systems, now working on an EU consortium called PUBLIC that I presented at FOSDEM, which aims to promote free software as a public digital infrastructure in Europe, and respond to H2020-ICT-28 call on "Future Hyper-connected Sociality".
cwebber2: I'm collaborating with
Mark Miller who's known for being sort of *the* capabilities
person
... for anyone who's not familiar with capabilities it's a
different model than ACLs, users and groups and so on
... a common metaphor is a car key
... in the future your car might scan you and say "welcome
evanpro"
... one thing you can do is delegate keys
... and you can add caveats, so you can e.g. make a valet key
that says "you can drive it, but only for 5 miles"
... and you can also add caveats for revocation, so you can
delete keys
... some interesting reasons to maybe want these things. I'm
bringing it up because our notion of who has authority over
stuff in AP is very loose
... e.g. if you send a message we kinda have implied access
control, you probably look at the headers to guess
... for email this isn't an issue because a message is just
*sent*
<drEquivalent> I'm just a (pretty mediocre) sysadmin, believer in everything decentralized and free and open, that thinks that he knows what he's doing, and sometimes thinks he has good ideas. That's the best way I can describe myself right now.
cwebber2: in AP you might
retrieve that message later
... in general not a problem but if you address a forwarding
group it can get messy
<rhiaro> oh hi sorry. I was also a staff contact for SWWG, it took over my phd thesis, and I co-edited some specs and stuff
cwebber2: but right now those
usecases aren't too important yet
... we have different usecases in the CG
... one example would be groups, or collections
... that have moderators
... maybe you have a Flickr-pool style collection, where you
want a bunch of people to be able to administer it
... there's no way to delegate access, or let people
moderate
<drEquivalent> Just want to see what SocialCG meetings are all about.
cwebber2: I'm not trying to push this as a "we gotta do it now", just as a "if you run into these things, maybe it's a good idea to look at this spec"
evanpro: I have a question, I'm queued
<sandro> drEquivalent, they vary quite a lot :-) Welcome.
evanpro: so the way I'd do
soemthing like this is with oauth tokens
... define a bunch of scopes, you have to have this scope on
this token, etc. and give out tokens to people based on auth
from the user
... how are LD capabilities different from this?
cwebber2: great question
... so you can use OAuth tokens in a very ACL way or a very
capabilities way
... if you hand out oauth2 style bearer tokens, that's very
similar to a capability
... but you can't do some things
... you can't do ??? and you can't attenuate it
... there's an interesting project called macaroons from Google
which is a big inspiration for LD capabilities
<evanpro> https://research.google.com/pubs/pub41892.html
<evanpro> haw
cwebber2: how they work is
they're kinda like bearer tokens that you hand out
... but they can do revocation and such
... one nice thing with LD capabilities is that the mechanism
we have ties in nicely with LD signatures, so you don't have to
provide a separate HTTP header component
... it can kinda flow around the linked data system that we
have
... another interesting side effect is that with bearer tokens
if you intercept them you have access to them, same with
macaroons
... not the same thing with LD capabilities, you can have it in
public
... for example someone in the community credentials group is
using this for blockchain, so you can see everything public but
you can't do anything unless you have the private key
... those are the differences, not saying oauth2 bearer tokens
aren't the way to go, just giving a contrast
... *reads off drEquivalent's IRC description*
... *reads off hellekin's description*
<hellekin> thank you
<evanpro> scribe inception
cwebber2: nobody on the speaker
queue
... just wanted to put that out there as something for people
to think about
... let's move on
... evanpro I think this is you?
<saranix> http://theory.stanford.edu/~ataly/Papers/macaroons.pdf <- non-google link for macaroons
cwebber2: lemme take myself off push to talk
evanpro: okay
... so I've set it up so I'm now constantly making noise, sorry
about that
<evanpro> http://slides.com/evanpro/dating-on-the-open-web-7#/
evanpro: I've got a presentation
about it, I made it at Mozilla's MozFest in October of last
year
... about using AP for dating on the open web
... I think it's actually a really interesting opportunity for
open web tech to start making a real difference in real
people's lives
... and presenting a real contrast to silo'd software
... it's a usecase we don't talk about a lot but is actually
pretty important to people's lives
... I've dropped the link so people can follow along
... just to be clear there's a page that's specfically for this
in-person discussion, I kept it in just for other
discussions
... sex and dating is a big world, it's important to keep in
mind that people come from all walks of life, let's not be
judgemental
sandro: can you say slide numbers?
<sandro> I'll do that
evanpro: when we talk about online dating it's about finding people and making connections
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/2
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/4
evanpro: typically people you
don't already know, it's how you *make* connections
... on slide 4, necessary set of logos
... it's a very important set of functionality
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/5
evanpro: lots of variation, e.g.
quick relations on tinder, longer relationships, different
interests, people of color, lgbtqa folks, etc.
... most of them have very similar functionality
... first you define a profile, often pseudononymous
... trying to give enough of a description of yourself
... but not enough that your pseudonymity could be broken
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/6
evanpro: the next important part is defining your own search criteria, who are you looking for
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/7
evanpro: blockers e.g. you don't
want to date smokers
... gender preferences, etc.
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/8
evanpro: next functionality is searches, you want to make descisions about who you contact
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/9
evanpro: next slide, there's
usually a way to express attraction, "I'm interested in dating
you, I'd like to discuss further"
... next slide, there's usually in-band messaging
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/10
evanpro: people can preserve
pseudononymous identities but still learn more
... next typically these conversations move out of band
... e.g. sharing phone number, location, etc.
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/11
evanpro: they kind of step out of
the system into the real world
... or there's a second branch, one or the other or both
decides not to connect
... they can cut off the connection and cancel any further
conversation
... and that's really the tech that dating sites have, there
are lots of variations
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/12
evanpro: the way that people
typically make money is hosting the profiles, charging someone
to put up the profile
... they'll charge for search, extended search, specific kinds
of searches
... they'll charge at match time
... and also messaging is a place that people tend to put
monetization at
... so e.g. you can only send 3 messages, messages to 5 people
a month, or something like that
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/13
evanpro: dating is very popular,
13 percent of american adults are on online dating sites
... 50 percent unmarried
... very big part of the population
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/14
evanpro: it's a big part of people's lives
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/15
evanpro: can we skip the scribing for something I have a huge slide deck for
<ajordan> sounds great
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/16
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/18
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/19
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/20
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/21
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/22
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/23
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/24
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/26
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/27
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/28
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/29
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/30
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/31
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/32
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/33
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/34
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/35
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/36
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/37
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/39
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/40
<cwebber2> relationship to job search is interesting
<sandro> http://slides.com/evanpro/dating-on-the-open-web-7#/0/41
<cwebber2> I do think that many people on dating sites do want to be pseudononymous until they get connected also
<cwebber2> but I've never used one so I don't actually know for sure!
<cwebber2> evanpro: I think there's a language of privilege that comes with open technologies of "you just put your name out there and put it out there" and that ignores some of the privacy and security needs of people different walks of life... we want to be respectful of that
<cwebber2> evanpro: I'm taking myself off constant discussion but I wanted to get through this
<saranix> unfortunately, with the proliferation of facial recognition, it is impossible to be pseudonymous. People just do a search and find your real social media page these days...
sandro: so I probably have 100
comments/suggestions
... I'll start with a question: why does IAC not do any kind of
cross-site connectivity? seems like it would be a win for their
business
<cwebber2> saranix, that's a real challenge yeah :|
evanpro: that is a super good
question
... I don't know
... if I was to speculate my guess would be that it's because
they have different market segments that they address with
those different brands
... e.g. young urban people with tinder
... alternative people with okcupid, older people with
Match
... but I do not work there so I don't really know why
cwebber2: go ahead melody
melody: I also have about a million comments/suggestions trying to boil it down here
<hellekin> Won't q because I didn't fixed sound, but a suggestion to look at Attribute-Based Credentials to use zero-knowledge connection to find matches.
melody: I see there could be some
real concerns with visibility in terms of how much reach you
want your profile to have in a situation like this
... if people are closeted, or have other privacy concerns, it
seems like there's a real risk of allowing kind of infinite
spread and searchability of these profiles compared with a
traditional social media profile
evanpro: uhhhh yeah I think
that's a *really* important question
... there are some interesting parts of that
... I think that for someone say in NYC even having the
plainest "I'm a 34 year old man looking to meet other men"
would not feel like a big exposure and putting yourself at
risk
... but if you're in a small town, there are only so many
34-year-old men
... so what we would think of as completely anonymous
information could be hard for someone to reveal
... that said there's a point at which the data is not
sufficient to make a match
... if it just comes down as I'm a man looking for other men, I
don't know if that's enough for someone else to decide they
want to pursue
<cwebber2> hellekin: do you have more specific comments on how that would work?
evanpro: I think also you'd kinda mentioned having stuff all over the web
<cwebber2> ZKP are great, but how would you do that in practice?
evanpro: search engine visibility
is pretty important too
... I think robots.txt might handle a lot but there are some
tricky parts in there
<saranix> also, let's not forget that profile criterea may not be the best way to find a romantic match. How often are we surprised to find we fall in love with someone who has attributes we would've thought were deal-breakers?
evanpro: I'm not sure what a
minimal amount of data that's enough to make a dating decision
(I'd like to pursue this, find out more about this person) is
without exposing you
... I think that might be up to each person sometimes
<Zakim> cwebber, you wanted to talk about search and to talk about pseudononymous -> more information "flow"
cwebber2: *reads hellekin's
comment* I don't know much about it myself but I'd be
interested in learning more
... sometimes we talk about the upsides and downsides of the
fact that in a decentralized system people can set up as many
profiles as they want
... it can be bad, people can use that to abuse
... but in this case I wonder if it may be very useful
... it might actually be that you make multiple profiles and
the profile you give initially... say you have some kind of
oracle that connects you
... you give some of your information but not all of it, but
once you match, you reveal your primary profile
<Zakim> sandro, you wanted to ask about how to get critical mass
sandro: so I have a lot to say on
the thread melody started, and the one cwebber2 started
... I'll start with the one melody brought up
... Evan I don't think the minimal info approach is really
gonna work... I mean, profiles that don't have somebody's face
clearly shown... on some really sex-only you can get away with
just a body shot but with relationships you have to show your
face and now with face-recognition tech your face is just as
good as your name
... I don't think you can go with just technical security
... what's stopping somebody from building a bot that gets on
each of these systems and crawls it and extracts data for use
in e.g. blackmail
... I think what's stopping them is active countermeasures by
the service, and also legal countermeasures
... terms of service
... and between those they probably handle most of the
threats
... I don't think we can do much about active countermeasures,
it's really hard to tell if someone's hitting thousands of
decentralized servers
... maybe we could use the really big nodes
... I think the more interesting one is the ToS
... "if you're accessing this site you can only use it for
dating"
... I don't know how to make that stand up in court but I think
it's doable
... and if it's made clear in the vocabulary, etc. then we can
get the moral high ground
... anyone who writes a crawler is clearly being a bad
person
... should I do cwebber2's topic?
<cwebber2> just wanted to note that expressing Terms of Service is being explored in the Verifiable Credentials folks
cwebber2: uhhhhhhhhhhhhhh suuuuuure
<evanpro> I think it's noon? Are we done?
sandro: this kind of comes back to the first and last of Evan's questions... if you block somebody you need to stop them from just making another account
<evanpro> OK
sandro: I think the way to do
that is we have our existing social graph
... if I want to make a dating profile I set up a new profile
somewhere and I have me or one of my friends endorse them
... I as a real person who many of you know know who this
pseudononymous person is
... they'll deanonymize in court but otherwise they're
okay
... I think that solves the problem Chris raised and allows
blocking to work
<cwebber2> poll to ask if we're willing to extend... 15 mins? 30 mins? can't extend?
<sandro> I could talk about this for hours :-)
<cwebber2> ok with extending 15-30
<ajordan> I could extend 30 but would prefer 15
<hellekin> I will skip the last part, but I'm open to discuss more asynchronously.
evanpro: idk if we need to go a
full 30 minutes
... if this is something the group's interested in, what's next
steps?
cwebber2: why don't we ack melody first
melody: I wanted to speak a
little bit about the way centralized services handle the thing
I brought up earlier
... siloing acts as a shiled a lot
... one of the reasons someone getting on an lgbtq specific
service or whatever is that there's a certain level of
assurance anyone else who's on there is on there for the same
reason
... and if your profile's visible to them you're sort of
sharing the same level of risk
... there's almost a sort of like... mutual risk there
... it's a similar thing... okcupid has a "I don't want to see
or be seen by straight people"
... so if you're in the closet only people who take on the risk
of setting their profile of being a not-hetero person can see
you
<sandro> +1 melody Mutual Risk, Mutual Revelation --- replicating this will be important
melody: I think replicating some aspect of that is probably going to be important even in a decentralized setting
evanpro: I think there are definitely some interesting aspects to that
<sandro> evanpro: Sometimes people circulate screencaps, ...
evanpro: I know people who
screencap dating profiles and send them around... being on
silos isn't a great protection
... the thing I got on the queue to talk about was
reputations
<saranix> they don't have to be silos though. it can be a web of seekers and matchmaking nodes. People submit to multiple matchmakers which handle the profile screening and selective reveal
evanpro: if I get a message from
someone or a match offer, that I would have some automated way
of finding out if the person is abusive or a spammer
... and has been reported as that in the past
... or "this person has been reported as wonderful to
date"
... it's a whole other level of functionality there but it's
actually not a big part of a lot of dating systems I've
seen
<evanpro> so: reputation systems
evanpro: it would be a benefit, it's kind of a cool part of that
cwebber2: so the thing I wanted
to say was
... directly to respond to Evan's suggestion for making claims
about another user, if you're going to look at that in a system
the verifiable credentials data model might be a good thing to
look at
... that's being built for saying "this entity says _this_
about some other entity"
... it might be a good way to express it, plus it's
JSON-LD
... there may be downsides too, reputation systems have upsides
and downsides
... it can be great until people use reputation systems to say
bad stuff about good people
... I don't know if there's any way around that
... I wanted to see if evanpro could bring us forward on the
"where to from here" topic from earlier
<cwebber2> fwiw, here's the Verifiable Credentials Data Model https://w3c.github.io/vc-data-model/
evanpro: yeah so I think that
what I would really like to see is what would next steps
be
... for me as a technologist I would kind of do next steps of
create a profile hosting service
... either with pump.io or with another system I find, Mastadon
maybe
... and then a search service to implement search
... just a proof of concept
... the q there is whether it would be visible and useful
... and what the role would be here at the CG
... my feeling would be to start implementing first and get
finer-grained definitions later
<Zakim> cwebber, you wanted to mention verifiable credentials may be a good data model
evanpro: and if it's applicable enough to report back to the CG, do that as things develop
cwebber2: uhh yeah +1 to the general direction you laid out evanpro
<Zakim> sandro, you wanted to wonder how one could get critical mass
cwebber2: as cochair of the CG I can say I would appreciate holding those conversations and hearing updates here
sandro: so I'm all in favor of
code first cuz I love coding and it's fun and you learn a
lot
... at the same time there's all these other social issues
we've been talking about
... I think you could build a completely functional system but
people might not use it
... dating systems have an even worse critical mass than social
media
... you can get friends to switch but not with dating
sites
... I'm just wondering, why would people use this system
evanpro: I think being able to
make that case is really important
... part of the success of Mastadon is that it's provided a
real alternative to people concerned about harassment on e.g.
Twitter
<saranix> critical mass in a decentralized world looks like "city xxx queer bbs", "west coast masochists", etc.
evanpro: it's less about tech
exploration and more about social experimentation
... I think that more worrying than having nobody on it would
be to get people on it who feel they're having their security
or privacy violated
... "I didn't realize my real name or telephone would be on
this account when I set it up"
<Loqi> cwebber2: lol
melody: I think your instinct that it's worse to have something where people whose security and privacy is being violated rather than something no one will use...
<saranix> to put it more generically, really, you have 2 forces of attraction: geography, and mutual attribute match -- the pools are finite.
<sandro> Caught between a Ghost Town and a Mine Field
melody: I think the minimum viable feature set for a system like this is probably gonna be more extensive than you might anticipate
<evanpro> sandro: That's a good headline
melody: there's going to need to
be some really robust ways of dealing with incoming messages
from people who just absolutely do not fit your criteria who
will message you anyway
... and I don't think that reactive blocking is going to be
enough to handle this
... that's the kind of thing that immediately puts women off of
a lot of online dating systems and has them opting out
cwebber2: thanks melody, go for it sandro
sandro: I'm just starting to have
an image in my head for how to approach this
... trying to learn from this
... just imagine this as a network of Mastadon servers
... the server admin would take responsibility for the
environment on that node and the behavior of the users on that
node
... obviously there's a complicated politics among the admins
then, as to who they decide to federate with
... but I think that *might* work
... I'm just thinking about some of my social groups and
whether there might be someone who might take that central hub
role
<saranix> cwebber2: thx
sandro: you'd have to separate
the technical from the management
... they put people on it and then make sure people behave
reasonably and then they federate
<evanpro> I need to drop out
<evanpro> I'd love to keep talking further
cwebber2: well so we've gone over
the 15 minutes we agreed to, sounds like we can keep talking
about this for ages
... so we'll cut it off
... if people have further things to talk about on this
issue... one thing that was mentioned very briefly by evanpro
was search engines
... maybe that's a good topic for future meetings
<evanpro> Thanks Chris!
cwebber2: thanks everyone for showing up and have a good one!
<hellekin> ditto
<sandro> cwebber2, I noticed that Mastodon is getting a version of search around now
<ajordan> thanks cwebber2! and see ya evanpro
<ajordan> evanpro: btw, I got pump.io stickers :-)
<sandro> might be good to have a discussion on how they're doing it
<hellekin> evanpro: ABC is currently researched by Dyne in the DECODE EU project.
<tantek> enjoy cwebber2!
<sandro> okay cwebber2 ?
This is scribe.perl Revision: 1.152 of Date: 2017/02/06 11:04:15 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00) Succeeded: s/that/it/ Succeeded: s/linked data stuff/linked data object capabilities/ Present: sandro cwebber2 hellekin rhiaro ajordan evanpro saranix melody Found ScribeNick: ajordan WARNING: No scribe lines found matching ScribeNick pattern: <ajordan> ... Found ScribeNick: ajordan_ Found ScribeNick: cwebber2 Found ScribeNick: ajordan_ Inferring Scribes: ajordan, ajordan_, cwebber2 Scribes: ajordan, ajordan_, cwebber2 ScribeNicks: ajordan, ajordan_, cwebber2 WARNING: No "Topic:" lines found. WARNING: No date found! Assuming today. (Hint: Specify the W3C IRC log URL, and the date will be determined from that.) Or specify the date like this: <dbooth> Date: 12 Sep 2002 People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report WARNING: IRC log location not specified! (You can ignore this warning if you do not want the generated minutes to contain a link to the original IRC log.)[End of scribe.perl diagnostic output]