FOAF consequences

  Sep 22, 2002

Shelley Powers' talking about it, Mark Pilgrim's talking about it. So is Sam, and Phil, Erik, Peter, Ben, Joe and Michael, just to name a few.

So far, people are sharing their own FOAF-profiles (RDF greatness) just in case someone comes up with something useful to do with it. What I think everybody is hoping for is an application that sort of ties everybody together in a web of acquaintances' aquaintances' acquaintances, and so forth.

But there will be consequences..

FOAF, or Friend-of-a-friend, is becoming a big thing, fast. And there aren't even any applications to work the actual magic on a large scale yet.

That'd be neat if you could browse people by people, right? Well you already can. They're called hypertext links, and everybody has already got 'em. You can follow the links off of your "friends" homepage to his "friends" homepages, and so on, and so forth, ad infinitum.

The difference with FOAF is that you don't have to gather the meta-information on your own, it's right there in the given person's FOAF-profile. Name, surname, email, phone number, homepage, workplace, etc. Modules are being built, extentions are being thought of, some people put down their interests, projects, specify the type of relationships, someone mentioned he wanted to reference his RSS-feed in his FOAF-profile, etc.

Undoubtedly, if FOAF continues on this path it will become a hit and extentions and modules will flourish. Anyone tapping into your friend's friend's friend's profile will be able to find out whatever data you've shared about yourself; maybe nothing more complicated than your email-address and your name; or maybe your amazon-wishlist and your rdf-feed, depending on what you choose to share.

If or when FOAF reaches a critical mass and even if you share just your email-address: imagine the spam. This sort of aggregated meta-data of friends, acquaintances, relatives, interests and email-addresses is exactly what the dark side of marketing needs to send you email in which they claim your friend thinks so and so; a friend of a friend just bought this book and since you share the same interests you might like it too.

You get the picture. Spammers might not even give two cents about what your interests are, but they will care about a vast free network of email-addresses and URLs. Even if the email-address is encoded (it is), it's only a slight disturbance to the Darth Vaders of marketing if you share what URL to scan for email-addresses.

The predicament is that for FOAF to be useful it needs to have a greater scope than the current implementations, and, with greater scope comes the attention of spammers.

Personally, I hope FOAF creates a monumental web of profiles and meta-data with which you can meet new people, people who your friends considers to be their friends and so forth. You might learn a lot, you might meet a lot of people. But if you think you are being bombarded with spam today, you might just find your inbox nuked tomorrow.

Permanent link

Previous   Next >

Comments

  1. FOAF has a method for encrypting data you wish to keep private (such as
    your email address); and you can refer to other people by using the
    sha1sum of their mailbox instead of the mailbox itself. So spam robots may
    not even find any email addresses in the FOAFweb if people make the effort
    to do it right.

    See: href="http://usefulinc.com/foaf/encryptingFoafFiles">http://usefulinc.com/foaf/encryptingFoafFiles

    Comment by Earle Martin at 02:31, 23 Sep, 2002 #

  2. The spam concern is a real one, and we've tried to take it into account in
    the FOAF designs. In addition to masking email addresses using sha1sum,
    FOAF-like techniques can be used to filter incoming spam. I get 100+ spam
    messages a day, so this is of huge interest to me! Coupled with
    SpamAssassin and other content-based tools, an aggregation of 'shared
    whitelists' (see href="http://www.w3.org/2001/12/rubyrdf/util/foafwhite/intro.html">http://www.w3.org/2001/12/rubyrdf/util/foafwhite/intro.html
    for an initial writeup and implementation) are one way of filtering msgs
    separating msgs from known (to your community) senders from unknown
    senders. The biggest hole in this strategy is then that spammers often
    forge 'From:' headers in mail. At which point I think we need to look to
    PGP-signed mail, so we're clearer on who sent what. Problem then is that
    people don't use PGP. Which was one of the drivers for making FOAF try to
    be interesting. If PGP signing FOAF is useful, maybe the effort to begin
    signing mail messages won't be such a pain, since people will have
    PGP/GPG, remember the passphrase, etc etc. Or maybe not, who knows..

    --danbri

    Comment by Dan Brickley at 02:41, 23 Sep, 2002 #

  3. Earle: I know that, as is obvious from my post, but if you for instance
    decide to share your URL you are also telling the spammers what site to
    scan for email-adresses.
    Encryption is "nice", but if the data is ever going to be decrypted and
    displayed at some point, then spammers will be able to decrypt it, too.

    So, if one decides to encrypt both ones email-adress, and ones URL, then
    there is essentially no human-readable contact information on you; in
    which case I fail to see the point of one being part of the network at
    all..

    Dan: I, of course, hope to see FOAF be a spam-free success. I truly hope
    you/we/everybody manages to pull it off successfully.

    Comment by Tomas at 17:27, 23 Sep, 2002 #

  4. Tomas: thanks for the enthusiasm! It's early days for such 'semantic web'
    apps. I'm sure we'll make our fair share of mistakes with FOAF, and taking
    care that those mistakes don't cause problems (eg. spam, privacy etc)
    should be on everyone's worry list.

    Regarding the concern that homepage URLs may increase spam, I'm not too
    worried about that. The notion of a Web homepage is so bound up with
    linking, hypertext and _findability_ that I'd be suprised if anyone had a
    'secret' homepage. And most every homepage that's linked from the rest of
    the public Web is in one of the main search engines, and hence findable
    with simple queries. Once a homepage has been found, its up to the owner
    of that page to decide whether they share their email address publically
    or not.

    My main concerns with FOAF have been to do with keeping track of
    attribution: who said what, etc. (eg through digital signatures), as well
    as with designing the vocabulary so that people don't get forced to create
    artificial taxonomies of people they know (eg. friends vs good friends
    versus colleagues).

    Comment by Dan Brickley at 23:23, 24 Sep, 2002 #

  5. In my opinion, the thing about sharing emails and urls is not that they
    reveal otherwise potentially "secret" webpages or email-addresses, but
    that they are so _accessible_.
    If FOAF hits it big, it would be silly to _not_ hook up the ol'
    email-aggregator to the "foaf network" or whatever if aggregating
    email-addresses is your business.

    Comment by Tomas at 01:03, 25 Sep, 2002 #

  6. Just stumbled across FOAF, which is a format for displaying and connecting personal metadata. It works like this: I publish my FOAF profile, you publish yours, and thus we could conceivably connect with each other -- given there was an application for ...

    Trackback from Stefan Smalla's Info Feed at 04:48, 28 Dec, 2002 #

The discussion has been closed on this entry. Thanks to everybody who participated.

Jogin.com

Devil's Advocate Extraordinaire

Ads

Recent Entries

  1. Later
  2. Penis tax
  3. Traffic
  4. Free Willy
  5. Boooring