A screenshot shows a Diaspora user's homepage. Credit: Diaspora

A privacy-focused rival to Facebook, called Diaspora, released its project code last week, providing a glimpse of how it will look and function. The site closely resembles Facebook, but there's a key difference: users store and control all their own data.

Diaspora operates as a decentralized network. This means that users' data--photos, friend lists, statuses, etc.--are hosted on their own computers, or on servers they have access to, which are called "seeds". Diaspora lets users connect directly to other "seeds," and choose what data they want to share, and with whom, to build their social network. Data transferred over Diaspora will be encrypted (except for photos, for now).

The project was launched in April by four NYU students who obtained around $200,000 in funding in June via the fundraising program Kickstarter.

Diaspora may just be a welcome alternative to Facebook for many people. This year Facebook made a succession of a backlash from users.

But first Diaspora will need to address some of the security flaws hackers have found in the system. The alpha release is slated for October, and is expected to include Facebook integration, allowing unhappy users to easily jump ship.

It's well-known that Google amasses large amounts of data about the people who uses its services. Though the company says it's careful to anonymize that data, and to safeguard what it collects, a talk given this week at Defcon, an underground hacker conference in Las Vegas, illustrated how information can leak out of Google's repositories regardless of the company's intentions.

In a talk titled "How I Met Your Girlfriend," security researcher Samy Kamkar (best known as the author of a worm that struck MySpace two years ago) described a series of attacks that could be used to find a person's physical location. The beginning of the talk focused on making contact with the target in order to convince him or her to visit a website of the attacker's choosing. Once the victim clicks the attacker's link, Kamkar showed how to manipulate Google into revealing his or her location.

As part of Google's StreetView effort, the company sends cars to drive through neighborhoods, taking photos and collecting data, including on WiFi networks in an area. The company has come under fire for some of the WiFi-related data it collects, but Kamkar says that hasn't included much concern over the MAC addresses Google collects--these are identifiers that are unique to devices using a given network.

Through triangulation, Google determines and stores the longitude and latitudes associated with these MAC addresses. This information can then be used to power Web services that make use of a person's location, including location services built into the Firefox browser. Kamkar says he was able to fool Google into revealing a target's location information after the target visited his website. He did this by tricking the victims browser into revealing data that then allowed him to impersonate that person when requesting the information from Google.

Leaving aside the technical details of Kamkar's attack, his narrative underlines a key concern with the personal information that modern Web companies store. Regardless of how a company intends to treat that data, providing it's accessible in some way it may be possible for an attacker to gain unauthorized access to it.

China has blinked in its tense battle with Google, renewing the search giant's license to use its Chinese Internet address, Google.cn.

Thus caps seven months of intrigue that started in January, when Google announced it had been the target of China-based hacking, and intensified in March when the search giant carried out its threat to stop acceding to Chinese censorship requirements. At that time, Google started rerouting search traffic from Google.cn to its uncensored Hong Kong site, Google.com.hk. For users, this meant that search terms they entered would no longer be blocked by Google, as required in China as a condition of operating an Internet company there. But some resulting search returns could still be blocked, as always, by China-based filters run by the Chinese government. This re-routing to Hong Kong caused great irritation in Beijing, which called the approach "unacceptable." So Google's most recent move was to make Google.cn a simple landing page with an unusable search field. Clicking anywhere on the page, however, still took visitors straight to Google.com.hk where they can conduct their searches.

The "extra click" was a subtle difference, but apparently all Beijing needed to save face and not take the drastic step of actually blocking Google from using any Chinese web addresses. Such blockage would certainly have brought on global condemnation over the further closure of China's Internet, which is censored, mainly by means of self-censorship by China-based companies. The question now is whether Bejing's next move will be to add Google.com.hk to its list of blocked sites. "They didn't block it after the redirect took place in March. If they wanted to block it, you'd think they would have done it then," says Rebecca MacKinnon, a China Internet expert who is a visiting fellow at Princeton University's Center for Information Technology Policy. "But they could always block anything, at any time in the future, for any reason."

While the political stakes were high for China, the corporate ones for Google were quite high as well. Last week, Yasheng Huang, a professor of Chinese economy and business at MIT's Sloan School of Business, wrote me to say that "if Google does not get this license it will have collateral damage to its other operations in China. It operates an R&D center in China and its sales team will be hampered to sell ad space on its website. It will be marginalized further. The Internet, as global and as cross-border as it is, still has geographic roots."