In this short proposal I wonder if it’d be possible to add a bit more structure and privacy to an open social network.
An alternative to the above social networks is FOAF (Friend of a Friend). It’s based on an open Web data format (RDF/XML), so just like one’s home page it’s decentralized and very extensible. However, as I discussed a few years ago with Dan Brickley, the privacy implications of its openness are all the more severe. While my profile and friends are in someway limited to the gated community of one the services above, in FOAF my information is available to the whole world.
… This introducer key sits in a secured portion of my friend’s profile. The simplest approach is for my friend to include it directly within his secured profile such that if he’s willing to release the information he considers non-public to someone, then he’s also released a third of the information necessary to get my profile key and consequently my email address. In effect, if 3 out of 5 of my friends are willing to share their non-public information (e.g., email address) to someone, they can then also get my email address.
Joseph Reagle on 2003-10-01
For IRC discussion.
libby on 2003-09-29
What a great idea Joseph :) Very cunning. I think it would work well, with a good UI.
However, I have a concern with introducing any encrypted data into FOAF, which is that data which is harvested, decrypted and perhaps smushed might then be (possibly accidentally) rebroadcasted, unencrypted.
I guess we would just have to be more careful with harvested data, but I’m not sure we have the infrastructure yet to deal with unsmushing for example.
Jim Ley has a related issue:
<JibberJim> My biggest concern is smushing against the private data - for example if I want to keep my Superhero and Geek identities seperate other than to my fellow superhero community, that sorta means smushing at runtime or seperate DB’s.
Having said that, I’d love to see an implementation of what you suggest, and give it a go…
Marc Canter on 2003-09-29
Gee - that’s sounds like a great idea. . pause . OK you conviced me. But wait! We’ve already started. :-) We call it the PeopleAggregator. We ain’t done yet, but...... keep checking http://peopleaggregator.com - and YES - control over fOAF files is part of it. As are granularities of relationships.
Joseph Reagle on 2003-09-28
True, true. FOAF is the domain of the geeks until someone comes along and decides to build a user-oriented service on top of it. A cryptographic threshold scheme would have to be completely abstracted away!
anders on 2003-09-28
i agree that FOAF has problems with privacy and your proposal would be a clear improvement on it. when i first started looking into it, i saw the plaintext email addresses and quickly lost interest.
however, what i’d be really interested in seeing is a FOAF like distributed system with the ease of use of the centralized ones.
one of the key reasons that social network services like friendster have been much more popular than FOAF is the ease of use. all you need is an email account and the ability to fill in forms in a web browser and you’re in. to use FOAF, you need to be able to put a file on a webserver and either edit XML by hand or find and install one of the tools that others have written. the usefulness of a social network is directly related to the size. a network of just the hardcore web geeks who can setup FOAF will be extremely limited.
adding encryption to the mix would only make it even harder. i’ve never even been able to convince any of my friends or coworkers to start PGP signing/encrypting their email (even my girlfriend, who is paranoid about identity theft and obsessively shreds every piece of paper with her name or address on it).
at the same time, any user of friendster can testify that there are serious scalability problems with a centralized architecture, so some kind of distributed version would be a welcome improvement.
Trackback from Raw on 2003-09-29
Joseph Reagle has a novel proposal for bringing Web of Trust to FOAF, using a kind of threshold logic. For…