[foaf-dev] [Fwd: [FriendFeed] Re: FOAF tweaks]

Julian Bond julian_bond at voidstar.com
Sat May 10 16:05:12 BST 2008

Simon Reinhardt <simon.reinhardt at koeln.de> Fri, 9 May 2008 17:35:01
>I think the FOAF community isn't taking privacy serious enough yet. So 
>it can't be bad to repeat this discussion until they do. ;-)
>bblfish's initiative on secure and identity-based access to FOAF data 
>is a good step in the right direction.

Yeah, well we keep circling round this. The thing is there's two 
diametrically opposed use cases and user views. The first is "find my 
friends who are already here" allied to "Use the web for personal 
publicity." That approach assumes openness and the ability to do 
matching across different sites. The second is "let me use a specific 
site in relative anonymity".

>Julian Bond wrote:
>> Richard Cyganiak <richard at cyganiak.de> Fri, 9 May 2008 15:01:25
>>> mbox_sha1sum is like an “identity fingerprint” that can be 
>>>tracked across the Web. Users will be surprised that sites publish 
>>>such a fingerprint.
>>  Which is of course, exactly why it's useful. And no matter how many 
>>times I say "if you want to keep your identities separate, don't use 
>>the  same identifier, people will still do it.
>That's the point: people don't know about that. And explaining to them 
>is difficult. And then you have to decide whether you want to make such 
>a feature opt-out or opt-in.

Like I said. Offering a switch, defaulted on, as to whether you want to 
publish FOAF and respecting other privacy switches so that no data is 
published in FOAF that isn't also published in world readable HTML seems 
to work. And that isn't that hard to explain.

>Probably. I don't think it's good to publish the OpenIDs people use to 
>login or post on blogs either. When you publish an e-mail address, 
>there are two bad things about it: you can be spammed and stuff can be 
>related to your identity. When your OpenID gets published, you cannot 
>get spammed, but the other problem still remains.

Increasingly as people use OpenID delegation, their OpenID *is* their 
home page. I really don't see the problem.

>Among British and American people though I don't observe this that 
>much. I just hope that Scott McNealy's "privacy is dead - deal with 
>it!" isn't a common view. :-P

Back to my comments at the start. One group of people relish the 
publicity. Lack of privacy is not a problem for them because they want 
to be public. The opposite group of people want to be able to post on 
the web and retain anonymity. That can be done if you really work at it. 
Scott's comment takes aim at the naivety of the middle ground. The 
people who think they can take part in public forums while retaining 
privacy and are then surprised when they are actually public and not 

Back to the original issue. FriendFeed adding mbox_sha1sum to their 
FOAF. My view is that mbox_sha1sum is good enough obfuscation to get 
over most of the objections to posting mbox. And in practice it works 
well enough with not much downside. I'd like to see included.

Julian Bond  E&MSN: julian_bond at voidstar.com  M: +44 (0)77 5907 2173
Webmaster:          http://www.ecademy.com/      T: +44 (0)192 0412 433
Personal WebLog:    http://www.voidstar.com/     skype:julian.bond?chat
                         Do Not Expose To Heat

More information about the foaf-dev mailing list