I'm helping on Scuttlebutt (a p2p social network) and we're looking for feedback and advice like: what are your privacy needs? How would you like blocking to work?

If you'd like to help with a survey or phone/video chat, please let me know by DM or at

This is an anti-commercial open source project. We want to make something accessible that meets the needs of people who have been harassed online and want a safer space to hang out with friends, and don't want to be dependent on Twitter/Facebook.

@cinnamon My biggest sticking point with SSB has been that there's no equivalent of a private Twitter/Facebook account; an account where posts don't reach father than your immediate friends. If all your friends only connect with each other you kinda-sorta get that, but as soon as someone connects to a pub server everything becomes public.

@jamesgecko @cinnamon yes, controls on post dissemination would be great. obviously you can’t FORCE others to not disseminate, but you can include annotations that allow compliant peers to do the right thing. the extra step, of asserting readability only within a trusted set, would involve some keypair stuff: encrypting messages so even if the post goes public, it’s indecipherable except within the trusted set.

@garbados @cinnamon TBH, I'd be okay with just the annotation initially, as long as all the major clients eventually supported it. Even with encryption, there will always be the chance that a recipient could post a screenshot to a public feed or whatever.

I have dumb questions about the second part of your post. If I had a hundred friends and I posted a private message, would I sign the message for a hundred different keys and include them all? Or is this something like broadcast encryption?

@jamesgecko @cinnamon you would sign it a hundred times, or, you would distribute a shared key ahead of time and sign it to that. you would still have to sign the shared key message a hundred times, so, you can only frontload the effort and doing so means having to sign another hundred messages to rotate to a fresh key.

this is complicated in architecture but that’s what software is for: to simplify tedium and complexity through routine


block: refuse to receive or exchange messages about a blocked peer. drop all blocked content from disk. this protects against illegal number attacks, which is crucial.

mute: squelch a peer, removing their messages from your UI. allow “timed” mutes, so that you can put someone in “timeout” from your perspective, without ejecting them from your network altogether. you may still exchange messages on the muted peer’s behalf.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!