Security and Privacy on Social Networks and the Semantic Web
While the MD5 hack that puts e-commerce sites at risk by faking security certificates received most of the attention at the 25C3 conference in Berlin today, another interesting talk about using XMPP to ensure privacy and security on social networks by Jan Torben Heuer caught our eyes as well. Heuer demoed a social bookmarking service named Diki, which implements some of his ideas, though in the long run, the developers are planning to take this prototype and develop a full-blown social network with a focus on privacy and encryption around this.
Heuer argues that ensuring privacy on social networks is almost impossible, due to the centralized architecture of these networks, where all your information is controlled by one corporate entity, and where the user has to simply trust the service provider without having any control over what this provider does with the information.
As an alternative, Heuer proposes to use a decentralized network based on XMPP, where data is only exchanged between friends and transmissions are encrypted. One might argue that XMPP still relies on servers, though it is surely a more decentralized system than the monolithic reliance on one service provider.
The talk mostly focused on the technical and privacy aspects of sharing semantic data like Friend-of-a-Friend (FOAF) information through an XMPP network, but it also introduced the Diki bookmarking and tagging application, which you can download and start from here.
Diki
Diki is the first implementation of these ideas and is available as a Java application that allows you to create a new account, import your delicious bookmarks, rate your friends' bookmarks, and which automatically encrypts your communication by using the OpenPGP standard. It's clearly still a prototype, but it raises a lot of interesting questions.
If you want to delve deeper into this topic, you can download the presentation here (PDF), or read the actual paper (PDF). If you have some bandwidth to spare, you can also download this presentation and all others from this week's Chaos Computer Congress from here.
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
Expecting Privacy and Security on internet literally amounts to daydreaming. These two things last as far as your nosetip.Your privacy and security lasts till the time you are not found by others or others decide not to look for you on net...
Posted by: Anita CM | December 30, 2008 10:16 PM
It does seem like XMPP is becoming more like SMTP when used in this way, doesn't way? I like the notion of a privacy-centric social network, but one wonders how to balance the benefits of transparency with such a potentially security-paranoid model. It's a trade off to be sure, and one I think people should be able to make for themselves. Still…one wonders.
Posted by: Meitar Moscovitz | December 30, 2008 10:45 PM
"...Heuer proposes to use a decentralized network based on XMPP, where data is only exchanged between friends and transmissions are encrypted. One might argue that XMPP still relies on servers, though it is surely a more decentralized system than the monolithic reliance on one service provider."
Oh YES! Excellent.
Its important to note why I am a big fan of this - it helps us take our time and attention back from those that profit from it (!!!).
PR and Marketing people have discovered the value of "buzz" and are making a fortune with it - and giving us users nothing in return.
This GMPP model would put control of "buzz" in our hands that we could then sell access to the Marketers.
Posted by: Todd | December 31, 2008 4:01 AM
interesting article, would like to see results posted here as well.
Posted by: social networking web design | January 2, 2009 11:21 AM