[foaf-dev] [Fwd: [FriendFeed] Re: FOAF tweaks]
Julian Bond
julian_bond at voidstar.com
Fri May 9 13:39:04 BST 2008
Simon Reinhardt <simon.reinhardt at koeln.de> Fri, 9 May 2008 13:51:32
>Julian Bond wrote:
>> Friendfeed profiles are pretty thin but they've got email addresses.
>>Could they put in mbox_sha1sum?
>
>That's a potential privacy threat and should not be used without
>allowance of the user IMO. But how do you explain that to users?
I suspect we've had this debate before. Yes, because email addresses
often follow common layouts it's possible to guess the mbox_sha1sum and
then check it. It's not hard to work out that I'm
julian.bond at ecademy.com and check it against my mbox_sha1sum. but then
it wasn't hard to guess even without it.
From a practical POV, I've been churning out FOAF from Ecademy for 3
years. It's all contained mbox_sha1sum for every entry. If the user
allows world+dog to see their email on the html page, I put that in the
FOAF as well. I haven't had a single complaint. What I have had is a few
complaints that the FOAF is spidered and then appears elsewhere so
there's a user option to turn it off completely. Default is to produce
it.
So basically, I just don't see a significant security issue with
including mbox_sha1sum. YMMV.
--
Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173
Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433
Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat
Do Not Expose To Heat
More information about the foaf-dev
mailing list