danbri’s foaf stories

Matt Kane resurfaced on Bristol’s underscore mailing list  with this intriguing snippet, after some travels around the middle-east: ” … discovered N95s (not mine) cannot be taken into Syria”.

I asked for the backstory, which goes like this:

Quite a palaver. Got the train from Istanbul to Syria (amazing trip!). At the border they didn’t search the bags of “westerners” but asked us all to show our phones and cameras. They glanced at them all quickly, checking the brand (”Nikon, ok. SonyEricsson, ok”). One guy had an N95 and they led him off the train. His sister informed us that they’d said it wasn’t allowed in Syria, and that if she knew her brother he’d not give it up without a fight. Despite being on contract, he argued with them for an hour and a half, even calling the embassies in Damascus and Ankara. In the end he gave it up, with a promise that they’d send it on to the airport from where he was leaving. A few days later we’re chatting with a barman and spot his phone - an N95, and yes, he got it in Syria! A few days after that we found out the full story from our hotel owner in Damascus. Apparently the CIA gave a load of bugged N95s to high-ranking Kurdish officials in Iraq, many of which were then smuggled into Syria and given as gifts to various shady characters. After the Hezbollah guy was assassinated in Damascus a few months ago, the Syrians set about trying to root out spies, which led to this ban on bringing N95s into the country. Apparently.

This is the first I’ve heard of it, but searching throws up a few references to rigged N95s as “spy phones”.

Somewhat-unrelated aside: I don’t believe the relevant functionality is exposed in the N95’s widget APIs yet. I had trouble making it vibrate, let alone self-destruct after this message. But at least widget/gadget/app security is getting some attention lately. It can’t be too long before “spy widgets” on your phone become a real concern, particularly since the exposure of phone APIs to 3rd party apps is such a creative combination. I should be clear that AFAIK, Nokia’s N95 widget platform is free of such vulnerabilities currently, and any “spy phone” mischief so far has been achieved through other kinds of interference. But it does make me glad to see a Widgets 1.0: Digital Signature spec moving along at W3C…

I was really very impressed by Obama’s speech this week. And somewhat suprised to hear a major US politician speak on complex, subtle issues in thoughtful, nuanced terms. For non USAmericans, I think it’s often hard to empathise with US-style patriotism; in particular, the seeming impossibility of seeing the US as anything other than a shining beacon of goodness, as the world’s policeman. Watching the warmongering, flag-waving television news in the US in 2001/2 terrified me, and left me feeling like an alien in a strange land. But this speech did give me a vivid sense of an America that one could admire, even aspire to live in, and one that was a lot more honest with us all about its failings and difficulties, as well as justifiably proud of its many strengths. I really think this was a landmark speech, and one that shows the US at its best.

I was reading around the various responses, and so here’s a quick link-dump. Daily show; The Onion; Andrew Sullivan; Juan Cole; Fox News.

And also Daily Kos quoting of all people Mick Huckabee:

And one other thing I think we’ve gotta remember. As easy as it is for those of us who are white, to look back and say “That’s a terrible statement!”…I grew up in a very segregated south. And I think that you have to cut some slack — and I’m gonna be probably the only Conservative in America who’s gonna say something like this, but I’m just tellin’ you — we’ve gotta cut some slack to people who grew up being called names, being told “you have to sit in the balcony when you go to the movie. You have to go to the back door to go into the restaurant. And you can’t sit out there with everyone else. There’s a separate waiting room in the doctor’s office. Here’s where you sit on the bus…” And you know what? Sometimes people do have a chip on their shoulder and resentment. And you have to just say, I probably would too. I probably would too. In fact, I may have had more of a chip on my shoulder had it been me.

Quite so. And Huckabee deserves praise for acknowledging this. A similar perspective would bring some rationality to foreign policy discussions too. Understandably, most of the commentary we’ve seen on this speech have been on US domestic politics. But one point that seems to have gone underemphasised in the commentary I’ve read (even beyond The Onion!) is that for all the folk inside the US sympathising with Wright’s “God Damn America” outburst, there are hundreds or thousands or more out here in the rest of the world who are frustrated, angry and outraged by the actions of successive US governments. Giving the world a US president who seems capable of acknowledging this and beginning to address it would be a breath of fresh air. Elect him already! :) (and not that guy who jokes about killing my friends, please…).

I’m digesting some of the reactions to Google’s recently announced Social Graph API. ReadWriteWeb ask whether this is a creeping privacy violation, and danah boyd has a thoughtful post raising concerns about whether the privileged tech elite have any right to experiment in this way with the online lives of those who are lack status, knowledge of these obscure technologies, and who may be amongst the more vulnerable users of the social Web.

While I tend to agree with Tim O’Reilly that privacy by obscurity is dead, I’m not of the “privacy is dead, get over it” school of thought. Tim argues,

The counter-argument is that all this data is available anyway, and that by making it more visible, we raise people’s awareness and ultimately their behavior. I’m in the latter camp. It’s a lot like the evolutionary value of pain. Search creates feedback loops that allow us to learn from and modify our behavior. A false sense of security helps bad actors more than tools that make information more visible.

There’s a danger here of technologists seeming to blame those we’re causing pain for. As danah says, “Think about whistle blowers, women or queer folk in repressive societies, journalists, etc.”. Not everyone knows their DTD from their TCP, or understand anything of how search engines, HTML or hyperlinks work. And many folk have more urgent things to focus on than learning such obscurities, let alone understanding the practical privacy, safety and reputation-related implications of their technology-mediated deeds.

Web technologists have responsibilities to the users of the Web, and while media education and literacy are important, those who are shaping and re-shaping the Web ought to be spending serious time on a daily basis struggling to come up with better ways of allowing humans to act and interact online without other parties snooping. The end of privacy by obscurity should not mean the death of privacy.

Privacy is not dead, and we will not get over it.

But it does need to be understood in the context of the public record. The reason I am enthusiastic about the Google work is that it shines a big bright light on the things people are currently putting into the public record. And it does so in a way that should allow people to build better online environments for those who do want their public actions visible, while providing immediate - and sometimes painful - feedback to those who have over-exposed themselves in the Web, and wish to backpedal.

I hope Google can put a user support mechanism on this. I know from our experience in the FOAF community, even with small scale and obscure aggregators, people will find themselves and demand to be “taken down”. While any particular aggregator can remove or hide such data, unless the data is tracked back to its source, it’ll crop up elsewhere in the Web.

I think the argument that FOAF and XFN are particularly special here is a big mistake. Web technologies used correctly (posh - “plain old semantic html” in microformats-speak) already facilitate such techniques. And Google is far from the only search engine in existence. Short of obfuscating all text inside images, personal data from these sites is readily harvestable.

ReadWriteWeb comment:

None the less, apparently the absence of XFN/FOAF data in your social network is no assurance that it won’t be pulled into the new Google API, either. The Google API page says “we currently index the public Web for XHTML Friends Network (XFN), Friend of a Friend (FOAF) markup and other publicly declared connections.” In other words, it’s not opt-in by even publishers - they aren’t required to make their information available in marked-up code.

The Web itself is built from marked-up code, and this is a thing of huge benefit to humanity. Both microformats and the Semantic Web community share the perspective that the Web’s core technologies (HTML, XHTML, XML, URIs) are properly consumed both by machines and by humans, and that any efforts to create documents that are usable only by (certain fortunate) humans is anti-social and discriminatory.

The Web Accessibility movement have worked incredibly hard over many years to encourage Web designers to create well marked up pages, where the meaning of the content is as mechanically evident as possible. The more evident the meaning of a document, the easier it is to repurpose it or present it through alternate means. This goal of device-independent, well marked up Web content is one that unites the accessibility, Mobile Web, Web 2.0, microformat and Semantic Web efforts. Perhaps the most obvious case is for blind and partially sighted users, but good markup can also benefit those with the inability to use a mouse or keyboard. Beyond accessibility, many millions of Web users (many poor, and in poor countries) will have access to the Web only via mobile phones. My former employer W3C has just published a draft document, “Experiences Shared by People with Disabilities and by People Using Mobile Devices”. Last month in Bangalore, W3C held a Workshop on the Mobile Web in Developing Countries (see executive summary).

I read both Tim’s post, and danah’s post, and I agree with large parts of what they’re both saying. But not quite with either of them, so all I can think to do is spell out some of my perhaps previously unarticulated assumptions.

• There is no huge difference in principle between “normal” HTML Web pages and XFN or FOAF. Textual markup is what the Web is built from.
• FOAF and XFN take some of the guesswork out of interpreting markup. But other technologies (javascript, perl, XSLT/GRDDL) can also transform vague markup into more machine-friendly markup. FOAF/XFN simply make this process easier and less heuristic, less error prone.
• Google was not the first search engine, it is not the only search engine, and it will not be the last search engine. To obsess on Google’s behaviour here is to mistake Google for the Web.
• Deeds that are on the public record in the Web may come to light months or years later; Google’s opening up of the (already public, but fragmented) Usenet historical record is a good example here.
• Arguing against good markup practice on the Web (accessible, device independent markup) is something that may hurt underprivileged users (with disabilities, or limited access via mobile, high bandwidth costs etc).
• Good markup allows content to be automatically summarised and re-presented to suit a variety of means of interaction and navigation (eg. voice browsers, screen readers, small screens, non-mouse navigation etc).
• Good markup also makes it possible for search engines, crawlers and aggregators to offer richer services.

The difference between Google crawling FOAF/XFN from LiveJournal, versus extracting similar information via custom scripts from MySpace, is interesting and important solely to geeks. Mainstream users have no idea of such distinctions. When LiveJournal originally launched their FOAF files in 2004, the rule they followed was a pretty sensible one: if the information was there in the HTML pages, they’d also expose it in FOAF.

We need to be careful of taking a ruthless “you can’t make an omelete without breaking eggs” line here. Whatever we do, people will suffer. If the Web is made inaccessible, with information hidden inside image files or otherwise obfuscated, we exclude a huge constituency of users. If we shine a light on the public record, as Google have done, we’ll embarass, expose and even potentially risk harm to the people described by these interlinked documents. And if we stick our head in the sand and pretend that these folk aren’t exposed, I predict this will come back to bite us in the butt in a few months or years, since all that data is out there, being crawled, indexed and analysed by parties other than Google. Parties with less to lose, and more to gain.

So what to do? I think several activities need to happen in parallel:

• Best practice codes for those who expose, and those who aggregate, social Web data
• Improved media literacy education for those who are unwittingly exposing too much of themselves online
• Technology development around decentralised, non-public record communication and community tools (eg. via Jabber/XMPP)

Any search engine at all, today, is capable of supporting the following bit of mischief:

Take some starting point a collection of user profiles on a public site. Extract all the usernames. Find the ones that appear in the Web less than say 10,000 times, and on other sites. Assume these are unique userIDs and crawl the pages they appear in, do some heuristic name matching, … and you’ll have a pile of smushed identities, perhaps linking professional and dating sites, or drunken college photos to respectable-new-life. No FOAF needed.

The answer I think isn’t to beat up on the aggregators, it’s to improve the Web experience such that people can have real privacy when they need it, rather than the misleading illusion of privacy. This isn’t going to be easy, but I don’t see a credible alternative.

Apparently the UK government are revisiting the idea of net censorship, in the context of anti-terrorism.

UK Home Secretary Jacqui Smith as reported in the “Guardian, Government targets extremist websites“:

Speaking to the BBC’s Radio 4 Today programme before her speech, Smith said there were specific examples of websites that “clearly fall under the category of gratifying terrorism”. “There is growing evidence people may be using the internet both to spread messages and to plan specifically for terrorism,” she said. “That is why, as well as changing the law to make sure we can tackle that, there is more we need to do to show the internet is not a no-go area as far as tackling terrorism is concerned.”

This could go really wrong, really fast. Will we be allowed to read Bin Laden texts online? Hitler, Stalin? Talk to people who sympathise with organizations deemed terroristic? Who live in countries in the ‘axis of evil’? Doubtless the first sites to be targetted will be the most outrageous, but we’re on a slippery slope here.

It’s pretty much impossible to stop the online radicalisation of angry young men. But driving that process underground, and criminalising anyone on the fringes of the scene, will make it all the harder for calm voices and nuanced opinions to be heard. ‘Us and them’ is exactly what we don’t need right now.

My best friend, who is a lazy, apathetic bum, had a sudden attitude change when I told him that Ron Paul supports gun rights and legalization of drugs and prostitution. Almost before I could finish the sentence, he said, “Dude, I’m in.”…

“I’ve said it before and I’ll say it again: Democracy simply doesn’t work …