Distributed social networks and security

Most of you will know I'm not on Facebook. By the time Facebook came around, I'd already been on Friendster, Orkut, LinkedIn and the rest and lost the desire to really get into a new social network. That was topped off by the fact the only people I knew on Facebook were annoying trustafarian American college kids I met while backpacking in Europe, due to the at-the-time closed-to-non-American-college-kids nature of Facebook. Then the privacy problems of the service, and the fact they claimed copyright in everything you uploaded, kicked in and I've never wanted to join that particular club.

Thinking about the independent social network efforts, like Diaspora and GNU Social, I can't help but think the problems they're trying to solve are quite insurmountable, and possibly even worse in a distributed architecture.

The big problem is information leakage: some dumb kid uploading nudie photos of himself and only intending them for a specific audience that then are made available further than he ever wanted. This problem is pretty tough to beat when you're in a distributed environment.  What's to stop someone having a malicious, or infected, client that instead of honoring the "this is only available to you" flag, instead passes the information onwards?

We all know that the average consumer Windows PC is a swirl of malware and viruses, and consumers are none too good at observing information security no matter how obvious you make the steps.  The volume of spam arriving in your inbox every day is testament to the fact someone, somewhere is being suckered in by the messages contained therein.

At least with a centralized architecture, there's at least only one single point where the security must be tight.  I really don't see a way around this in an open, distributed architecture.