Security (data, code, site, etc...)
Now putting on my $DAYJOB hat for a few minutes:
Many of the posts/comments on here indicate tailoring the site and its features for people in communities that are often underserved, underrepresented, targeted, etc... Which means security of the site, of user' data, and of the code feel, to me, to have an even higher level of importance than, say, I suspect the Ello devs are concerned about right now.
The nice thing here is that this discussion is all currently pre-code, which means, in theory, this network could have secure development/design practices baked into it from day one. Which I fear may be needed, because I could see this site, when it comes up, being a target for all sorts of folks out there (c.f. the folks running around and outing LGBTQ people on facebook).
There's been a lot of talk about the user facing features for privacy and security (block lists, trust lists, access controls, etc...). However, those fall down quickly if a person can just do the equivalent of, say, taking a &debug=true onto the end of their url and have full access to all the site's data. Or if someone can name themselves Robert'); DROP TABLE users;-- (if the code's public, the structure of the database will be public!). Even worse, instead of dropping tables, maybe someone could inject sql to elevate themselves to an administrator.
There's a wide scale of issues that would need to be considered, and I don't think this one issue is enough for all of them, but hopefully it can springboard conversation:
- keeping admin and user facing systems completely separate
- rigorous scrubbing of all user input before putting it into the database, likewise, vigorous scrubbing of anything pulled out of the database before sending it back out to a user
- folks looking at the code and design with a 'black hat' on, thinking about how they would target getting information out of the system or otherwise messing with it
and I'm sure the list can go on.