Understanding the Hubzilla permissions system

Hubzilla offers a unique blend of identity ownership and decentralized access control. The way you actually use the access control system is by configuring what can initially feel like a daunting permissions system. This article provides an introduction to this core utility of Hubzilla. Once you understand the basic logic of the system, you will feel more confident in using Hubzilla to share what you want with whom you want.

First you have to understand identities

What a permission means is intuitive to most of us, but before we can talk about permissions, you have to understand who is giving permission to what. In the physical realm of everyday life, the who and what are often yourself and another person. If you give someone your phone number, it is implied that they have permission to call you. Sometimes the who and what are yourself and a company instead of another person. Your local newspaper grants you permission to read its articles if you pay for the subscription, but the newspaper does not give you permission to publish your own articles in it.

What a permission means is intuitive to most of us, but before we can talk about permissions, you have to understand who is giving permission to what.

The other important point to acknowledge here is subtle because in the physical realm, authentication is often a trivial matter. When I look you in the face and give you my phone number so you can call me, there is no doubt about who you are. And when you later call me, I recognize your voice and know that it is you. Similarly, the newspaper is delivered to your house because your house has a public, verifiable physical address, and you paid to have the newspaper delivered there. No one is worried about the neighbor’s house pretending to be at your address so it can steal the newspaper. In the digital realm, however, authentication is a more difficult problem, because the entities actually communicating and sharing information are software constructs. When I send you an email, I as a human being am not sending you anything. What is really happening is that I am sending a message to my online “proxy”, or identity, which in this case is the account with my email provider. This software identity then shares my message with your online proxy provided by your email provider. (It is worth mentioning that unless you own the domain of your email address, you don’t actually own this “proxy” identity; but in Hubzilla, even if you don’t own the server or domain of your hub, you still own your identity.)

These who and what identities are the fundamental entities in Hubzilla, and they are called “channels”. A channel represents anything that can store information and grant or deny permission to other channels who might try to access its information. Recall the examples above. Two channels might each represent a human being, and the permission involved in that scenario is the permission to place a phone call. In the other scenario, one channel would represent a human while the other channel represents a newspaper publication. The human gives permission to the newspaper to be delivered to their home, and the newspaper gives permission to the human to receive the delivery.

Permission *limits*

So what are the permissions you can grant (or deny) to connected channels? And why did I emphasize the word limits? Good questions, astute reader. Most of the permissions are straightforward “view” and “write” permissions for the different apps Hubzilla provides. You can grant channels permission to view your files and photos, your wikis, your webpages, and you can separately grant permission to edit your files, your wikis, and your webpages. If your channel is a personal one then it is unlikely you will grant write access to many people, if any; but if your channel is a collaborative forum, you probably want people to post on the channel page (i.e. “wall”), update wikis and contribute files to the group file storage. Other permissions are based more in the social networking context, like the ability to view your channel “profile”, comment on posts, chat and send private messages (i.e. “mail”), or view your connections (i.e. “contacts”).

A sampling of the available permissions supported by Hubzilla

The word limits is emphasized because, while setting all these permissions per connection may seem like enough control, it is not quite enough. You want your friend Peter to see your photos sometimes, if you share a specific photo album with him, for example, but you don’t want him to always see all your photos. But maybe there is an acquaintance Alex you are connected to that you never want to see any of your photos or files. In other words, you want to set different limits on what people are permitted to access, yet still have the flexibility to specify an Access Control List (ACL) for each individual item. Using the example of Peter and Alex above, you might create a photo album and set an ACL that includes both Peter and Alex, but because of their permission limits, only Peter will be able to see the photos. Later, you might share a photo whose ACL includes only Karen and Sarah, which will prevent Peter from seeing the photo.

Hubzilla will enforce the more restrictive access policy where possible.

As these examples illustrate, Hubzilla will enforce the more restrictive access policy where possible. This can sometimes lead to scenarios that appear to be bugs in the software but are not. A common example is where someone publishes a post that includes some of their photos using an ACL that includes everyone in their “Friends” privacy group. If some of the connections in this “Friends” group have permission to view the posts made by the channel but not have permission to view photos and files, then they will be able to read the post but will encounter “permission denied” placeholder images. It is up to the channel owner to ensure the logical consistency of what they are attempting to share with their privacy settings.

It is up to the channel owner to ensure the logical consistency of what they are attempting to share with their privacy settings.

Choosing a permission role

It’s easy to imagine how all this flexibility and freedom to assign detailed permissions can be confusing or overwhelming to people unaccustomed to thinking about such things. To help make things simpler, Hubzilla offers a set of permission roles you can choose for your channel. Depending on what your channel represents and how you plan to use it, you will have drastically different expectations about privacy and the kinds of permissions it will be granting to other channels. If your channel represents your personal self and you plan to primarily use the channel to interact with your close friends and family, you will expect that posts and photos and other shared things will be private, visible only to your loved ones. On the other hand, if your channel represents your advocacy group and you want to host a blog and a public website, then you will expect that most things should be visible to the public internet.

Depending on what your channel represents and how you plan to use it, you will have drastically different expectations about privacy and the kinds of permissions it will be granting to other channels.

You can choose from one of the available permission roles, where the general categories include:

  • Social networking
  • Community forum
  • Feed republish
  • Special purpose

Each one of these categories has one or more roles to choose from. Most people will choose a Social Networking role if their channel represents their personal self. Those more interested in something like a public micro-blogging experience might select the “Mostly Public” or “Party” Social Networking role. Those desiring more privacy by default might choose the “Restricted” or “Private” role. Another common channel type is for use as a forum, and in this case the natural choice will be one of the Forum roles.

Is that all?

That’s it! It is not as simple as pushing one big, shiny button and expecting the software to magically know everything you want it to do. Just as in the physical realm where you must think before you speak to share your thoughts with the desired level of privacy, online you must also think about who should have access to each of your publications and set the permissions accordingly. Hubzilla is the only decentralized platform today that provides the privacy tools you need to be in control of your voice online.