Oh, you’re right - I thought the functioning of that ‘invite by email’ link had been changed to open a new email in your email client with a unique URL in it. It’s not great, although there is in actual fact no privacy leak, as Diaspora doesn’t store such information. Someone receiving one of these emails is not that know that, of course, so it may be that the functioning of this link should be changed to avoid anyone having the impression that their email address has been abused.
The problem is indeed cultural. People have been conditioned by the likes of Facebook and Gmail to expect that the only important thing is how convenient something is to them, and to consider nothing else. This is a bad thing. The question is, does Diaspora decide that there’s no hope of changing people’s bad habits and thereby facilitate the abuse of other people’s private data by its users, or does Diaspora decide that its founding principle of respecting privacy and data security is above all important and so not add ‘features’ which might be ‘convenient’ for the user but which encourage bad behaviour? I would say 100% the latter. If Diaspora becomes like Facebook, there is absolutely no point in Diaspora existing at all.
You may well think a lot less of the privacy aspect of an email address than I do, but should it therefore be made easier for you to give away other people’s email addresses to third parties? Those people, some of them at least, might consider their email address a more private thing than you do, and might have entrusted you with their email address. You might well therefore be breaking their trust by giving their email address away to third parties.
Facebook is without a doubt the most convenient way ever invented to give away all your private data, and all those of your friends and family as well. Yes, it’s very convenient, but in my opinion it’s a very convenient way of doing a very bad thing.
In Diaspora we shouldn’t simply think ‘people expect to do x, because they have been conditioned to expect this by Facebook, Gmail etc, and it’s technically possible to do x, so we should do x’. We also have to think about what it is best to do, ethically as well as technically.
Diaspora has to respect the privacy and data security of each and every of its users, because it has promised since the first day it was proposed 3 years ago to do exactly this. I say that this is a somewhat hollow promise if it doesn’t by extension respect the privacy and data security also of people who are not a part of the network - i.e., there should be nothing in Diaspora which encourages privacy leaks.
Convenience is important, but convenience should only be catered for where it can be done without infringing on the promises of respecting privacy and data security of everyone, not just the individual user in question.
It is a cultural issue, but we should not encourage a bad culture by creating technical means to facilitate bad behaviour. We should encourage and foster a better culture by building software which helps people to interact in better ways.
You remember incorrectly about the Facebook connect tool, by the way - all it does is allow a Diaspora user to connect their own Diaspora account with their own Facebook account, and post from their own Diaspora account to their own Facebook account. No one else’s accounts or data are involved in any way.