[rdfweb-dev] partly anonymous web communities
Bernhard A. M. Seefeld
seefeld at gna.ch
Sun Jul 6 14:50:04 UTC 2003
>> For me, the difference is that if you I use the real mailbox to
>> generate the hash, I can verifiy that that given profile actually is
>> the person I think it is by information he/she has given. You're
>> right,
>
> I'm not sure we're disagreeing here. A foaf:person without a
> cleartext e-mail
> address, using a hashed one, is useful only to someone that already
> knows their
> e-mail address. Thus if a 'new person' wants to see if people they
> know are
> 'already in foafspace' they can hash up the address and search for it
> as a key.
I think we agree, here. What I want to point out is, that in the event,
that someone outs someone's address (the social faux pas you are
talking about), there is IMHO a big difference if that outing can be
verified or not. If I use the real mbox and someone outs one of my
users, everyone is able to tell that this outing is indeed correct. If
I don't use the real mbox, then that's just an unverified claim like
every other claim I can put on a webpage today.
Unfortunately, if I want to prevent this, I also prevent lookup by
email address. The FOAF profiles could still provide other clues that
would make finding a person in foafspace stable enough for the searcher
but not everyone else. Providing a picture (as this community does)
will help me recognize my friends easily but data miners will have a
problem. Clues like birthdate, etc. will facilitate matching against
what is in my brain but defeats losing anonymity.
> I don't think there's any reliable way to "prevent" someone from making
> relationship information. This is true in the real world and it's
> certainly
> going to be just as much of a problem in the foafspace. The same ways
> the real
> world says "that guy doesn't know me" is just as applicable here.
> Thus my past
> questions of *proving" foaf provencance.
I agree, I don't think you can prevent this. But there are two levels
of compromising: Where I just claim things and where a third party can
verify a claim by looking at the owner's (possibly even signed) FOAF
file.
> The value of hashing the persona URI is that it makes it completely
> anonymous as
> to even the community itself! That way if a third party came across
> this
> pseudonymous foaf:person and saw that it had a persona URI hash they
> wouldn't be
> able to even tell what community it was representing. That way only
> users of
> the community that would 'know' to hash the persona URI and then
> search for it
> could make the association. Now, that outside party, on "discovering"
> the foaf
> persona URI structure could certainly make a hash of it themselves and
> search
> foafspace for it. This is where the 'hide in plain sight' aspect of a
> persona
> URI hash is not completely private. Were someone to accidentally put
> their
Ah, I think I get it. This is an interesting idea.
This would even allow me to expose a membership in a "secret" community
in my real non-anonymous FOAF file.
>> The reason I thought that mbox is the primary way to identify people
>> is, that I got the impression, that all the tools like foafnaut seem
>> to
>> work that way, but I might be wrong? Will these tools handle my foaf
>> files if there is neither a foaf:mbox nor a foaf:mbox_sha1sum
>> property?
>
> That one tool doesn't suit your needs shouldn't prevent you from
> working around
> it. Some tools started with using unhashed addresses. Most still
> support using
> an unhashed address as the search query. There has been effort in
> some of them
> to avoid needlessly exposing addresses to the 'public'.
The underlying question is wether generating all these FOAF profiles
without mbox and mbox_sha1sum would still be a valuable contribution to
foafspace now and/or in the future.
If the trend would be, that the more widely used foafspace navigators
will (or already?) support cross-referencing with properties like
foaf:homePage, then I could do it today without adding anything new and
completely in the spirit of FOAF.
If however, mbox / mbox_sha1sum will be expected to do something useful
in the foreseeable future, then I would be inclined to add mbox_sha1sum
of almost nonexistent mailboxes (almost nonexistent because they would
never be used outside navigation in foafspace).
>> From the perspective of a tool writer, who wants to maximize linkage:
>> One should check for all inverse functional properties in the used
>> namespaces and use them to link. (I'd guess a general inference engine
>> would work that way, anyway?) This in turn would make a generalized
>> "that hashed URI refers to me" property unnecessary, as usually that
>> URI will also have a deeper meaning (like being a mailbox, homepage,
>> picture, IM-id, etc.).
>
> I think so but I'm not exactly sure what you're saying here.
In the first part of this paragraph I wondered how a toolwriter should
interpret the spec in terms of implementing cross-reference.
In the second part, I thought that a generalized hashed URI mechanism
is probably unnecessary, because you would always want to qualify what
that URI means anyway (and thus using a more specific property to
provide it). OTOH, your secret membership idea would be exactly a use
case for a hashed URI without a more specific meaning.
Cheers,
Bernhard
-----
Bernhard A. M. Seefeld, http://www.bernhardseefeld.ch/
More information about the foaf-dev
mailing list