Our software should do its best to actually delete any data that the distributed state wants to see removed. It's a normal part of the functionality but we should underscore the importance of deletion in the specs, hoping that developers will code accordingly. In some cases we may even ask for disk wiping (unrecoverable deletion).

Actually, since we intend to enforce the legitimacy of our software legally, it's at least a breach to operate a node that doesn't honor data deletion requests.

I think that's as good as it gets. Software that doesn't respect your civil right for data deletion becoming illegal. And if you try to mess with us we'll send Richard Stallman after you.

A person's devices can share private channels, used by just one person but distributed over all of her pieces of equipment, so they can share common configuration data. Each device has its own key but each owner has a master key that generated those keys and can revoke them anytime as described in the threats document. This functionality is based on PSYC's concept of state utilizing the pubsub mechanism.

It is actually interesting for any kind of software, as many of them become more useful when synchronized over multiple devices. secushare will offer easy APIs for applications to make use of this.

Additionally, all data which has been distributed to friends, so they can view and enjoy it, is also available for you to recover from or to install a new device with. You wanted them to see your profile? They now have your profile in their database, so they can give it back to you. You wanted them to see your photos? They have a copy of your photos so you can get them back (unless they didn't want them and opted out of them, but hopefully not everyone will have done so).

Even better if you use multiple devices from the start. If you don't mind having all your social data on both a phone and a laptop, then you already have a basic backup strategy and wherever you go, you already have your essential digital things with you. No need to share them with a hostile cloud.

The pure PSYC way would be to allocate custom pubsub channels for each file. Your basic channels do not allow you to send big files. You can offer extra channels for amazing big things and depending on the trust they have for you they either opt-in or you can "force" them in and they can opt-out again (and if they didn't like your initiative they might reduce their trust in you).

With GNUnet we additionally have the option of using its file sharing functionality. In that case we can anonymously push the file into the network, then send the file sharing retrieval hash code to the intended recipients. Either way, this will happen completely automatically, easier than getting bluetooth file transfers to work.