1 / 14

Privacy Concerns of FOAF-Based Linked Data

Privacy Concerns of FOAF-Based Linked Data. Peyman Nasirifard, Michael Hausenblas and Stefan Decker Trust and Privacy on the Social and Semantic Web The 6th Annual European Semantic Web Conference (ESWC2009) Heraklion, Greece June 1st 2009. Agenda. Spam Spam fighting Context-aware Spam

avalon
Download Presentation

Privacy Concerns of FOAF-Based Linked Data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy Concerns of FOAF-Based Linked Data Peyman Nasirifard, Michael Hausenblas and Stefan DeckerTrust and Privacy on the Social and Semantic WebThe 6th Annual European Semantic Web Conference (ESWC2009) Heraklion, Greece June 1st 2009

  2. Agenda • Spam • Spam fighting • Context-aware Spam • FOAF and Context-aware Spam • Scenario • Discussions • Possible Solutions • Conclusion

  3. Spam • We all know those unwanted emails • Congratulations! You have won the national Lottery. • Our company wants to hire you • Save upto 50% ... • 97% Of all email is Spam [4] • Spam produces 17 million tons of CO2 [3] • A study into spam has blamed it for the production of more than 33bn kilowatt-hours of energy every year, enough to power more than 2.4m homes [3]

  4. Efforts Against Spam • In 2004, Bill Gates promised a world without SPAM by 2006 [1] • Bill Gates receives 4 million SPAM per day [2] • Now it is 2009 and we receice lots of SPAM • Spam Fighting • CAPTCHA • Email Hider (e.g., tinymail) • Email Icon Generators • But some spammers hire people to circumvent above techniques [5]

  5. Spam vs. Context-Aware Spam • Spam • Please buy our product • Context-aware Spam • Your friend (Tim Berners-Lee) is using our product and he recommends it to you • Context-aware Spam has high click-through rate, as it looks more realistic and relevant • More CO2 • More Time • More overhead • Possibility for spreading malicious links

  6. Semantic Web and Spam • Publicly-available structured data help spammers • FOAF: Structured data for social networks • Friends • Interests • Contact details • Honest information is what spammers are looking for! • We create FOAF profiles taking into account that they are used by „machines“ • Machines are cool, but what about spammers?

  7. Scenario • Cookbook: Context-aware Spam using FOAF • Ingredients • A Common search engine • A RDF parser • A bit HTML parsing and hacking techniques • Recipe: It is a recursive method (see the paper for details) • Find FOAF profile of the seed • Get SHA1 and friends list • Find potential emails of the seed • Use HTML parsing techniques (see the paper) • Use SHA1 hash code of the email • Based on the granularities of the information, send suitable spam using suitable SMTP server • Result: Our seed clicked the link!

  8. Our Technician Took It Serious! Hi, all.I have just received a worrying-looking piece of spam. It seemed to come from another DERI member and contained a link to the ESWC2009 website. It is highly likely that someone has hacked into the ESWC2009 website and is using it to send emails with links to an infected page on the same site. Until further notice, please do not click on any links pointing to eswc2009.org, especially if these have been sent to you via email. STI2 are investigating the situation. We will keep you informed.

  9. FOAF vs. Online Social Network • Finding users’ email from online social networks could be very difficult • Crawling heterogeneous and highly customizable social networks (e.g. MySpace) offers a huge overhead for spammers • Someone may generate fake user profiles with incomplete names within online social networks, whereas FOAF is considered to be “reliable”, as they are hosted on personal homepages and/or automatically generated from reliable data.

  10. Possible Solutions • Digital Signatures • Could obstacle some sort of Context-aware Spam, but not all. • Our Survey showed that even „professional“ users do not use DS regularly • Do you use it? • Looking at email headers (e.g., RFC 4408) • Only technicians are potentially familiar with that • Free public SMTP servers are still vulnerable • Remove SHA1 hashcode from FOAF • Could lead to malfunctioning of inverse functional property • Use various hashing functions within FOAF • Make it more difficult for spammers, but feasible • Mask person‘s name and/or friends‘ name and/or interests • Then why FOAF?

  11. Conclusion • We presented how FOAF profiles can be used by a spammer • FOAF could lead to prodcuing more CO2 by making spam more intelligent • Think twice before putting much information in your publicly-available FOAF profiles • We presented some solutions that could obstacle context-aware spam partially

  12. References • [1] http://www.cbsnews.com/stories/2004/01/24/tech/main595595.shtml • [2] http://db.tidbits.com/article/7911 • [3] http://news.bbc.co.uk/2/hi/technology/8001749.stm • [4] http://news.bbc.co.uk/2/hi/technology/7988579.stm • [5] http://www.ibm.com/developerworks/web/library/wa-realweb10/ • [6] Image sources: http://www.unstoppable-fat-loss.com/ and http://www.peternjenga.com/blogs/greenkenya/pollution/air-pollution-in-kenya-both-urban-and-rural/

  13. Thank You! Q and A

More Related