[rdfweb-dev] Newbie trying to catch up

Bill Kearney wkearney99 at h...
Mon Dec 23 15:10:23 UTC 2002

> I already had a flag to say whether the user wanted their email address
> publicly exposed. If they don't I just write out the SHA1, if they do I
> write out the address as well.

Is this defaulted to not visible?

And if personA has foaf:knows of personB,C and D, are you sha1 encoding the
addresses anyway? If a user wants to expose their own mailbox that's one thing.
But having them expose the mail of others, regardless of how the other user set
it, seems like a bad idea. To clarify, userA and userB hide, userC does not.
userA publishing userC *should* hide it. userC publishing userA should also
hide it. I'd be worried that assuming userC not being hidden allows userA and B
to publish would be a bad idea.

A rule of /always/ use hashes when publishing the addresses of anyone other than
yourself seems like a prudent plan. The hash then becomes the
search/facet/pivot point for linking all this.

If anyone needs it I made a hash generator:

And yes, at some point if the spammers start taking known addresses and hashing
them they could reverse-index which addresses are known to be valid and then
spider outwards. By that time, however, we should be well on our way to using
signed messaging. That and forming armed mobs to start tar and feathering the
spammers. In the meantime, making use of foaf-specific custom e-mail addresses
might be one extra layer of tracking or obfuscation.

-Bill Kearney

More information about the foaf-dev mailing list