[rdfweb-dev] partly anonymous web communities

Bill Kearney wkearney99 at hotmail.com
Fri Jul 4 02:15:03 UTC 2003 

> Given a web-based community of anonymous profiles with descriptions and
> pictures, where each user (each profile) can list friends on this site.
> This looks like great data to publish as FOAF.
>
> The issue is that this community has grown as an anonymous system. I do
> have the user's email address, but it isn't public. FOAF seems to use
> foaf:mbox as the primary way of identifying people. Using the sha1sum
> version of the address is no solution as someone could still guess
> email addresses and then verify that a particular profile corresponds
> to a particular real person. Thus, I would have to generate some pseudo
> mailboxes' sha1sum, like username at site.com, even though mail sent to
> these addresses would never arrive (but nobody would send email there
> as nobody would know the actual addresses used to generate the sha1sum).

The idea behind using the hash is that if someone else knows someone's e-mail
address they could cross-reference that hash.  Essentially, if I already know
your private e-mail address I can make a hash and see if foafspace knows of it.
If someone doesn't know your private e-mail address using the foafspace hash
won't help them find it as they'd have the break the sha1hash.  Which is
theoretically possible but hardly worth the effort.

> Publishing this community in this mode would be just an island in
> foafspace. But I would allow some users the give up anonymity on a
> voluntary basis and then publish both sha1sums, the real addresses' and
> fake addresses'. This would establish some links to the real foafspace.
> And of course, people with a FOAF file outside the community could just
> add this sha1sum and thus tell the foafspiders that he/she is the same
> person as that previously anonymous profile over there.

There's a concept known as 'psuedonymous' identities.  It's not "you", it's the
account that the community in which it participates knows it to be.

> There are a few things I feel a little bit uneasy about:
>
> This whole "fake-email to generate a unique sha1sum" method seems a
> little awkward. Essentially this would defined the foaf:mbox_sha1sum
> element as a general guid, rather disconnected from the notion of email
> addresses.

Yeah, it does seem 'wrong' to use a faked address here.  How about providing a
relaying service for accounts?  The point of using an mbox_sha1hash is that
someone that already possesses the e-mail address can make a hash of it for
cross-referencing.

Or, I suppose, some other form of hashed cross-referencing might be worth
considering.  Perhaps a hash of a user profile page?  The trouble there would be
the complexity of defining the domain/realm of it and then the data itself.
Something along the lines of "I know about community http://example.com/cabal
and I know of a user Joe.  So I could search foafspace comparing my known key of
Joe's profile in the cabal realm and his profile URL.   The trouble is how to
markup a profile URI identifier in such a way as to be useful.

Hmmm...
    URL is http://example.com/cabal/users/joe and hashing it gives the
    string 2a38fd64922764d4ced66e9f8e5851dc683ed36e

So a mythical markup fragment could be:
<foaf:personaHash>2a38fd64922764d4ced66e9f8e5851dc683ed36e</foaf:personaHash>

Then anyone in the 'cabal' group could 'know' to build a URL in that manner,
hash it and then search for matches in the foafspace.

> This would generate a large number of FOAF profiles of real people
> without a easy way to find the email address (the community allows to
> contact those people through a web interface though, so I don't see
> much problems here).
>
> Some people in this community would have a foaf profile outside and
> would appear as dupes until they give up anonymity in this community
> (very rare now, but that might change someday?).

The *extremely* tricky thing to avoid is expressing anything in the pseudonymous
profile that leaks anything of the 'real' profile.  Triples, by their nature,
have a way of aggregating such that links can be made.  Be *extra* careful to
*never* do this, even if a user requested it.  Let them make that mistake on
their own in their own foaf documents.

> So what do you think? Would this practice be a good way to populate the
> foafspace or not? What conditions should a web community fulfill to
> participate in this way?
> (the site I'm thinking of would be just a few 1'000 profiles (the
> others are not connected), but others might add much more profiles in
> the same way)

The good thing would be have /more/ foaf triples come online.  So yeah, it
sounds like a good idea.

-Bill Kearney

More information about the foaf-dev mailing list