[foaf-dev] Re: privacy and open data

Peter Ansell ansell.peter at gmail.com
Thu Mar 27 03:25:39 GMT 2008 

On 27/03/2008, Karl Dubost <karl at w3.org> wrote:
> First to clear up any misunderstanding, I'm not against the Semantic
>  Web or the Web in general. It's quite the opposite.
>
>  Le 27 mars 2008 à 10:52, Peter Ansell a écrit :
>
> > You could not have a social life, and become a hermit. That might stop
>  > them being able to annotate your photo with details about you.
>
>
> binary statement -> black or white. I advocate opacity, which means
>  continuous variabilty. Think about trees in a forest with fog, how
>  details disappear when you are farther from the tree.

The value in the Semantic Web I think is in the details more than the
forest. It is more about knowing that this leaf is attached to this
tree which grew from this seed which could be classified as being this
species, as opposed to, This forest contains these types of trees, of
which we know some properties about them, but not enough to be able to
say that this tree grew from this seed.

>  > Are you an enemy of the government? If not there is nothing to be
>  > worried about. IngSoc is good! (by definition)
>
>
> binary statement again. You have to hide parts of your information in
>  this context, you might have to lie in another context, and you might
>  have to say the truth in another.

I think the utopia which assumes machine understandable means
consistent has to fade sometime. It has gone on too long already.

>  > Why would you say that you don't want your email to go to a Google
>  > Mail address. You are posting to a public mailing list... You have a
>  > public identity. Nabble.com doesn't necessarily ask permission to
>  > republish data from public mailing lists, other than to add their
>  > address to a mailing list.
>
>
> Again binary statement :)
>  You can choose to have a public expression when you send an email to a
>  public mailing-list that you know is totally open, you take the
>  responsibility of doing it.
>  When you send a private email to someone it is another matter. Google,
>  Yahoo!, Microsoft and some few others are big concentrators of
>  information.
>
>  When I send a paper mail to a person of my choice. The envelope is
>  sealed. The post office (or government etc.)  usually doesn't open it.
>  the communication is between me and the person. With electronic
>  communications, the content of my mail is used.

True, but it is so much harder to deny something when it passed in
plaintext through so many routers, any of which could legally have a
short term cache on it I presume, along with the long term storage at
the commercial email provider of your (or their) choice. Do people
reveal details of their personal life to this level without a basis on
security.

>  > I definitely do not agree with the premise that once a triple always a
>  > triple, things should be able to be deleted or denied, but you can
>  > only do that once you have identity and trust, where do you propose we
>  > start?
>
>
> I guess we agree that Identity and Trust are not technical.
>
>  Identity is a way to identify something in a particular *context*. For
>  a group of friend, I'll have a nickname. For my parents a name, for my
>  employer another one, in my city, maybe some people are identifying me
>  by a name or a physical description. They are *all* part of identities
>  given (or chosen) for me. One big issue with identity is the survival
>  of the written statement. People were easily changing names, locations
>  were easily changing names. As soon as you write it down. It means you
>  move it from oral culture to written culture. Memories get a bigger
>  life span. You do not refer to the oral culture, but the written
>  culture impose the oral one. You solidify it. It has benefits in some
>  circumstance, it has also constraints. You are giving up flexibility.

The semantic web is IMO, about the significance of identity in the
global context. It depends partly  on the mechanism with which you
intend to distribute that information also. Anyone can make up a
locally unique URN and use it for themselves and their family to
identify things, but when you wish to publish that information for
others on the broad Semantic Web to use you must reveal it explicitly,
although you could quite validly only give certain pieces of
information to people after they authenticate their identity to your
desired level of trust. Flexibility is the reason I advocate a dynamic
Linked Data web that goes away from the idea of databases that you sit
down in one place and query when need be. You have to give up some
query performance however, which is not desirable for some who wish
the Semantic Web to mean their big data silo that they store trillions
of triples in.

>  Our written culture is the ossification of our identity.
>
>
>  Trust is another interesting social mechanism. It is a shortcut for
>  interacting socially. Basically I should doubt about everything around
>  me. Is my chair stable? Can I use this pen without hurting me? Can I
>  give money to this person before I get the object in my hand? etc.
>  etc. Trust is a semi-conscious decision that you decide to stop
>  controlling things because you rely on laws, on other people, on
>  experience, etc. It's why it's also very hard to build, and very easy
>  to loose.

I guess that is the reason why people constantly argue over how many
standard deviations of risk to allow in a certain security scenario,
when really they know they can never eliminate the risk entirely.

>  Where do we start? Is it possible to have an open social network
>  (based on foaf or something else) without having
>
>  * granularity of the information
>  * access control of the information
>  * cryptography, protection of the information
>
>  My "utopian" FOAF resource, let's say an URI
>  http://example.org/foaf.rdf
>
>  Mr Smith asking it  would get "name" and "email"
>  Ms Boo (a friend of mine)  asking   it  would get "my address"
>
>  only the relevant part of the file would be accessible depending on
>  the acls (system with pgp keys?)

Of course for this system you would have to move away from static RDF
files which were used to bootstrap the semantic web onto dynamic web
applications which include security and respond based on the results
of the authentication. FOAF particularly is rather ill-used in this
way as people are encouraged to use static files.

Overall though, it sounds remarkably like the privacy constraints that
I find in Facebook right now. ;-), excepting the insistence on
representing the information in FOAF so it is machine understandable.
Utilising a Facebook RDF proxy is not a viable alternative though, as
the proxy is assuming an identity, without telling their
friends/networks that they are allowing others to circumvent the
protections.

Cheers,

Peter Ansell

More information about the foaf-dev mailing list