Regular readers have probably noticed that I never joined in on the hype about Diaspora after posting a link to one news story about it a few months ago. And in light of the recent brouhaha over the media’s role in elevating Haystack to a status it certainly did not deserve in light of subsequent expert evaluation, I think I was wise to wait. It seems that Diaspora, touted as an open source and more privacy-friendly social network than Facebook, may have major security problems of its own. Jaikumar Vijayan reports:
The team behind Diaspora this week released a pre-Alpha version of their source code on the open-source hosting site GitHub. The code is designed to spur development activity around the platform.
The code release was accompanied by a warning that it is by no means bug free. “We know there are security holes and bugs, and your data is not yet fully exportable,” Diaspora said in announcing the Alpha release.
Even with that caveat, though, early reviewers have been unsparing in their criticism of Diaspora’s security features — or lack thereof.
“Basically, the code is really, really bad,” Steve Klabnik, CTO of CloudFab, wrote in his blog Hackety Hack. “I don’t mean to rain on anyone’s parade, but there are really, really bad security holes” in the code.
Read more on Computerworld.