As far as I can tell, this means we need a mechanism where users can report posts and/or comments they find offensive/illegal, so a human being can make a judgement based on their own values, laws, and TOS. A mechanism which as far as I can tell we have already.
Exactly.
Additionally from an infosec perspective, not encrypting user data on pods is a serious security fail.
It is routine to encrypt passwords, but not any other part of the database. It would make most web applications unusable. The continual encrypt/decrypt cycle would nearly paralyze a server (pod) that has more than a very minimal amount of activity (including activity federated from other pods).
Do you store the keys on the server, or do you make podmins enter the keys every time there is a reboot? Because it would certainly be hard to run most SELECT x WHERE … queries when the contents of the database are just opaque blobs.
So it is not just Diaspora that doesn’t do this. It is nearly every site anywhere.
The other question i have is Diaspora Pods & TOR? Why isn’t this being done?
That is up to the individual podmin and that person’s hosting company. Some hosting services forbid TOR. Some hosting services may allow Tor hidden services, but forbid relays or exit nodes. Tor is not a magic wand, so those who choose to host Tor services, relays, exit nodes should take the time to understand the implications of what they are doing first.
… maybe you could even have people teach users about security, things like steganography for example
Steganography is security by obscurity. As soon as someone who can intercept your messages suspects that you are using steganography, hiding secret messages within the content of other files or messages, the content of your hidden messages is in danger. Naturally, it depends on the resources available to your presumed attacker, but if you assume that a government agency or one of the large telecoms that carry the data has an interest in it, they will get the hidden message.
That being said, individual users on various pods can (and have) discussed steganography. It is definitely not something that should occupy the time of Diaspora developers (that is, D* should not add a data-hiding tool), but it is certainly of interest to some users.
I would recommend that we restrict the conversation to the topic described. If you wish to discuss security or steganography please open another topic.
I don’t think conflating the NSFW tag with content inappropriate for minors relieves one of any legal liability (I don’t think there is liability in most countries including the US). Can you cite the specific US and international laws that say that a website cannot show pornographic content to minors and is liable for damages if it does? I would think most porn sites would have serious legal troubles if this is the case.
