[Air-l] social network migration

elw at stderr.org elw at stderr.org
Wed Jul 11 08:15:26 PDT 2007 

> In general, I can see two different situations emerging form such a 
> social network aggregation schema as Socialstream: (a) users gain more 
> control of their social networking data. They have a single repository 
> of all their personal information, and selectively dole out which sites 
> get what pieces of data, etc. ;

There's a flip side to this danger; perhaps it is even more dangerous than 
the obvious problem.

There's nothing currently stopping anyone from injecting huge masses of 
falsified FOAF or RDF data into the web, allowing it to be picked up by 
crawlers, spiders, whatever.

Imagine the chaos that one could cause by introducing a set of records 
that claim X false premise about Y persons, where X is something fairly 
serious and Y are a group of important people.

[Maybe not so bad as "senator A sleeps with intern B", but the 
possibilities seem rather endless.  'Judy got picked up for underage 
drinking on 12-15-2003' might be a better example, and one more likely to 
affect the Facebook/Livejournal crowd, as aggregation services improve.]

Personal data **desperately** needs bottom-up protection from potential 
baddies.  I'm not aware of a single service that is really working on this 
- the bulk of them seem to be relying on "do no overt harm" sorts of 
principles to protect users.

This just doesn't work.

What we probably need, I think, is something like a "credit bureau" 
service for personal information.  With encryption from top-to-bottom, 
some real guarantees about reliability of the data included (e.g., the 
darn thing shouldn't have screen-scraped data in it that doesn't have a 
very clear path of provenance back to the originator or the user...), and 
mechanisms for invalidating stored data that becomes defunct or is shown 
to be more questionable than reliable.

I suppose that OpenID is a step in this direction, but even that has some 
flaws in it - avenues for deception are still available through e.g. DNS 
poisoning.

This is fun stuff to talk about, especially when we start thinking about 
the supporting infrastructure.  Bits and pieces of what would be necessary 
are already out there, but not glued together in quite the right ways, 
yet.....

I'd love to hear what others have to say.  :-)

--elijah

More information about the Air-L mailing list