Bill Kearney

Having feedback from aggregators when RDF syntax errors occur is really useful. Jim Ley's aggregator for foafnaut used to do this, but we're in the process of replacing that tool since Jim's gone off travelling. Now that I've added OWL annotations to the FOAF RDF vocabulary, there are a few other checks that can be performed, eg. that nothing is declared to be both a Person and a Document.

Regarding the use of people's email addresses, let's not be too strident in either direction there. Many people choose to keep their email addresses hidden from general public knowledge, or at least obfuscate the spelling when writing their addresses in public documents. Many people choose to make (at least some of) their email addresses publically known, via HTML, LDAP, email etc mechanisms. Many many others don't give these issues much thought at all, perhaps because they have no notion of how spammers and email harvesting works.

There are certainly many people who get annoyed by mailbox-ofuscation, eg. of the form "please mail me at mailto:danbri@REMOVETHISIFYOUARENTASPAMMER.danbri.org form. It is sometimes called anti-social, bad netiquette etc.

I think we can respect both perspectives, by observing the rule that it is only polite to circulate a non-obfuscated form of a mailbox if you are confident that the owner of that mailbox is happy with this practice. I know dozens of people who expose their mailboxes publically, and I'm not planning to bother hiding their mailboxes when I mention them in RDF. But for strangers and folk who I know prefer the more private approach, I will do my best not to expose their information.

I take the view that mailbox-hiding is a temporary stopgap, and we need to move towards filtering/whitelist and digital signature approaches instead.

I'm not willing to get into assumptions on who wants me to do what. I'd much rather err on the side of caution and NOT expose anyone else's e-mail address in my foaf documents. I find doing that would cause more harm to foaf than good. It'd make foaf (incorrectly) look like a resource for spamsters to abuse. You and I know it's not the case but we're not the ones that need convincing.

I do agree that the obfuscation tactics of putting bogus text into the otherwise valid addresses is a bad idea. The point here is to have software and data documents HELP the legitimate users in building and maintaining contact networks.

I also agree that making more use of digital signature, PKI and whitelisting is a good idea. I'm looking forward to being able to use foaf-sourced networks as a filter value factor on spam handling. To be able to, more or less, have my spam filtering software inquire of my foafspace who's a legitimate participant. The point being to have their participation in foafspace be a factor that adds positive 'weight' to how my spam blocker filters messages. If they're part of my foafspace network and their addresses and data can be programmatically verified then it's very likely I'd want my spam filter to let that message get to my inbox. This without expecting to be to sole filtering mechanism. Things like killfiles or trust networks are also likely to continue to be useful.

FOAF should probably not allow email addresses or people you know. The relationship should be "I know person X as identified by a magic cookie X'{well, poor, etc}".

Foaf already does this. You use an MD5 hash of their e-mail address. See my foaf file for examples of such.

The use a hash isn't perfect but it's a whole lot better than clear e-mail addresses. The advantage is anyone can create said hashes and they'll all mean the same thing. That is, if I have someone's address and I hash it, when you come across that hash you can look it up in your list of known people and their hashes. This way the 'awareness' of people can be shared without feeding spamsters.

As to the well/poor aspects of how you 'know' someone that can be accomplished in a numbers of ways. I have a couple of schema designed for this. There are also others. It's a new area so things haven't quite settled out yet.