25C3 - 1.4.2.3

25th Chaos Communication Congress
Nothing to hide

Speakers
Jan Torben
Schedule
Day Day 3 (2008-12-29)
Room Saal 2
Start time 14:00
Duration 01:00
Info
ID 2873
Event type lecture
Track Science
Language used for presentation en
Feedback

Privacy in the social semantic web

Social networks based on XMPP

[[ Thank you all for your feedback. I currently register some hacking space on berlios.de so we can have a mailing list and maybe a wiki! please contact me at: jan.heuer <<ät<< uni-muenster.de ]] In the last years the static web has moved towards an interactive web – often referred to as the web2.0. People collaboratively write articles in online encyclopedias like Wikipedia or self-portray themselves with profiles in social networks like Myspace. Delicious allows people to tag their bookmarks and share them with friends. Twitter is a short status message service to tell friends what you're doing right now. The diversity of applications attracts a huge amount of users and the application can be used from any computer.

However, many people have privacy concerns with such applications but the advantages and features often outweigh them. Instead of arguing against such services we rather propose an alternative architecture based on the Extensible Messaging and Presence Protocol XMPP. Within a social network, members can link with each other in order to create a personal network of friends. Often, the number of friends is a kind of “social status” and displayed on a person’s profile page. This community aspect attracts a lot of users, especially those who are technically not very experienced. Other social applications don’t focus on linking with other members in the first place but allow their users to tag and share special content-types with others. Examples for tagged resources are photos on Flickr, bookmarks on Del.icio.us or publications on Citeulike and Bibsonomy. Both tagging and networking attracted a great deal of attention in the last years. However, people who want to use the services and share data with others have to provide them to the service maintainer. Most social networks allow to mark data as private or reduce their visibility, but this is not the issue. The main problem we see in current social networks is that private data are given to potentially not trustworthy companies. Users don't know what the companies do with their data or if they can revert their data at all. It may still exist on their servers or in backups. And users can't be sure that private data are always well protected. Security issues often occurred recently in social networks, allowing other to access private data although they were not allowed to. Though the audience of the 25C3 is probably aware of this issues, the technically less experienced people are not. Therefore a simple "don't use it if you don't like it"-rule is not satisfying. We want to show that technical alternatives to current social networks exist. We propose a network architecture where users keep the total control of access to their data. Instead of using a client-to-server architecture like traditional social networks do, we use the Extensible Messaging and Presence Protocol XMPP also known as the jabber instance messaging network. Like in instant messenger programs, people can add friends to their personal network. Once they mutually authorized each other, personal data can be exchanged. A public-private-key infrastructure on top of the xmpp communication ensures that message cannot be intercepted or read by any third party – including the xmpp server itself. The semantic part in our application are the information exchanged between the clients. We decided to use existing ontologies and schemas like FOAF (Friend of a Friend) and the Tag Ontology. In our first prototype users are able to create their personal profile and to bookmark and tag websites. Those data can then be exchanged with friends. Another feature are recursive searches of those bookmarks which allows to retrieve bookmarks of friend-of-friends (as long as they give their permission). We decided to use semantic technologies because we also wanted to show how a semantic web could look like in future. The overall goal is to develop an open, distributed system to exchange information - privately and protected. The current application is an open source prototype in Java6. The application is available as webstart application and is therefore platform independent. The network is open to other clients and other platform. Other possible applications could be Flash programs, Java applets or browser extensions. Integration into existing instant messenger program is also a possibility.

Ideas for coming features are:

  • Integrate the default "StudiVZ/Facebook" features like pin board, groups, photo-to-person links, etc.,
  • Share current location with friends (that is something I would never periodically upload to a website...),
  • integrate into local PIM applications: integrated small LDAP server for all address information of friends, RSS feed of latest content from friends,
  • OpenID provider (through an HTTP-to-XMPP interface),
  • Use the Public-Key in E-Mails, too.

Future Challenges are:

  • How can a role-based access control be integrated?
  • Once a contact is offline, its information are unavailable. How can they efficiently cached in the network?

My talk will cover some examples of privacy issues and discuss the general architecture. Unless there is concrete interest I won't discuss very research specific topics. I'll give a short introduction into the idea of the semantic web, the arising privacy issues in social networks and the idea of the web-of-trust.