[foaf-dev] [Fwd: [FriendFeed] Re: FOAF tweaks]

Simon Reinhardt simon.reinhardt at koeln.de
Fri May 9 16:35:01 BST 2008

Julian Bond wrote:
> I suspect we've had this debate before.

I think the FOAF community isn't taking privacy serious enough yet. So it can't be bad to repeat this discussion until they do. ;-)
bblfish's initiative on secure and identity-based access to FOAF data is a good step in the right direction.

Julian Bond wrote:
> Richard Cyganiak <richard at cyganiak.de> Fri, 9 May 2008 15:01:25
>> mbox_sha1sum is like an “identity fingerprint” that can be tracked 
>> across the Web. Users will be surprised that sites publish such a 
>> fingerprint.
> Which is of course, exactly why it's useful. And no matter how many 
> times I say "if you want to keep your identities separate, don't use the 
> same identifier, people will still do it.

That's the point: people don't know about that. And explaining to them is difficult. And then you have to decide whether you want to make such a feature opt-out or opt-in.

> Back To FriendFeed and sites like them. If it's not mbox_sha1sum, is 
> there some other IFP that could be used? If say, they were an OpenID 
> consumer, and that was published in the foaf, and further the user used 
> the same OpenID for different personas across two websites, we'd be back 
> to the same problem again, wouldn't we? Isn't this an argument against 
> IFPs and smushing in general?

Probably. I don't think it's good to publish the OpenIDs people use to login or post on blogs either. When you publish an e-mail address, there are two bad things about it: you can be spammed and stuff can be related to your identity. When your OpenID gets published, you cannot get spammed, but the other problem still remains.

Now with giving people URIs the situation is different. People can refer to you using the URI but usage of that might stay low. But as long as you don't decide to owl:sameAs the different URIs you were given, it won't normally be done by other people and then there's no connection. Some site might provide you with the ability to explicitly link your other online identities to the one you have on it. Also you could explicitly connect via foaf:holdsAccount (make that an IFP?). And I think all this is easy enough to explain to people (it's not much different from "claim your blog" on technorati). But explaining the implications of secretly publishing identifiers for their profiles which can be traced over the Web *implicitly* is much harder.

Maybe this is an i18n problem after all. :-)
For historical reasons Germans have always had a strong dislike of being given numbers. This seems to change a bit lately through the Internet as well as new legislations. Among British and American people though I don't observe this that much. I just hope that Scott McNealy's "privacy is dead - deal with it!" isn't a common view. :-P


More information about the foaf-dev mailing list