FOAF additions

[crschmidt]

Alright, I'm putting together updates to the FOAF information for the next version. I can't make any promises as to when it will go in, live, or even be passed onto a developer - this is a very rough draft of changes that I'm working on making.

Let me know if there's anything I missed.

Additions:

Comments

[crschmidt]

The ability to switch your profile on/off described in the post would achieve almost exactly that. The only information that would be included before the FOAF file cut off would be a hashed reference of your mailbox (which no tools could use to identify you anywhere else, since no where else provides that kind of information) and a link to an external FOAF file, if provided.

The reason for the mailbox record is so that tools that want to combine all FOAF files for a user would have a unique key on which to do so. So, your foaf file would be something like:

foaf:person
foaf:nick: crschmidt
foaf:document: http://www.livejournal.com/users/crschmidt/info
mbox_sha1sum:218ynhini52hui35289
rdfs:seeAlso (if defined): http://crschmidt.net/foaf.xml
/foaf:person

Since the page can only be reached by going to a URL which contains the username already, the foaf:nick and foaf:document fields really don't provide any extra information - it's just a stripping of the URL that any tool can do, but it provides simple information there. That way, users can visit the URL in question and see about the user, but tools can't go any farther with the information.

Does that seem like an adequate compromise?

[jamesd]

People quite often use different accounts specifically to prevent connecting work (my boss is great)/ friends (I hate my boss)/ strangers(insert silly example) entries. Humans might notice identical email addresses if someone is foolish enough not to use different emails. That risk is far, far lower than automated tools potentially looking for identical hashes across many accounts and then presenting a list of associated accounts.

The nic isn't the same as the account, I think. It's extra information and if the user has said block FOAF, it shouldn't be provided through FOAF.

I agree that the document field is reasonably harmless. It does serve to confirm that the account exists, though. That's more information than I want disclosed through FOAF. More on that in my other reply.

[crschmidt]

The nic? If by that, you mean the nickname, it is the same as the account name. (I know. I wrote the code that creates the file.) crschmidt has a foaf:nick of crschmidt, etc. What indicates to you that the nick field is different than the account name?

There are already tools available to do exactly what you described: go across many accounts and link them together. The fact that they can now do this wihtout obtaining your actual email address doesn't matter.

To say that "The information I provide now is more hidden than this" isn't really true. Your email address is public on your userinformation. If you'd like, I can take 5 minutes and write a regular expression for you that will give you all the user information fields in a nice form. Heck, I could convert it to FOAF. No problem. The information in question is all available, and easily parseable, and has been for years. There are many tools, quizzes, and other online sites that not only spider, but catalog this information.

I think in the end, it comes down to the fact that you're using a public journalling service which offers public information that you don't want available. The question you may want to ask yourself is why, if you want privacy, you're using a publically available journal and journalling service.

[jamesd]

I was believing that your user is crschmidt and your nick is "Chris Schmidt". If the FOAF nic is crschmidt, I agree, no additional problem.

Other tools are covered more in my other reply. Yes, unfortunately LJ doesn't return a 404 to all bots for all user pages which have no bots set. Would be nice if it did but it's hard to identify every possible user agent or bot and avoid mistaking one for the other. I assume that LJ only bothers to block bots which generate problems or complaints.

I haven't gone looking for sites which catalogue my user info in spite of the robots instruction not to. Probably not worth telling me any - my next step would be abuse complaints about them. Gentlemen's agreements to respect conventions are fine, but there always will be some who abuse them and need to be stopped more directly.