[foaf-dev] [Fwd: [FriendFeed] Re: FOAF tweaks]

Julian Bond julian_bond at voidstar.com
Fri May 9 13:39:04 BST 2008


Simon Reinhardt <simon.reinhardt at koeln.de> Fri, 9 May 2008 13:51:32
>Julian Bond wrote:
>> Friendfeed profiles are pretty thin but they've got email  addresses. 
>>Could they put in mbox_sha1sum?
>
>That's a potential privacy threat and should not be used without 
>allowance of the user IMO. But how do you explain that to users?

I suspect we've had this debate before. Yes, because email addresses 
often follow common layouts it's possible to guess the mbox_sha1sum and 
then check it. It's not hard to work out that I'm 
julian.bond at ecademy.com and check it against my mbox_sha1sum. but then 
it wasn't hard to guess even without it.

 From a practical POV, I've been churning out FOAF from Ecademy for 3 
years. It's all contained mbox_sha1sum for every entry. If the user 
allows world+dog to see their email on the html page, I put that in the 
FOAF as well. I haven't had a single complaint. What I have had is a few 
complaints that the FOAF is spidered and then appears elsewhere so 
there's a user option to turn it off completely. Default is to produce 
it.

So basically, I just don't see a significant security issue with 
including mbox_sha1sum. YMMV.

-- 
Julian Bond  E&MSN: julian_bond at voidstar.com  M: +44 (0)77 5907 2173
Webmaster:          http://www.ecademy.com/      T: +44 (0)192 0412 433
Personal WebLog:    http://www.voidstar.com/     skype:julian.bond?chat
                         Do Not Expose To Heat


More information about the foaf-dev mailing list