Saturday, September 18, 2010

[wyctpvpm] Untagging yourself from distributed social networking

Consider a replacement for Facebook which is a distributed hash table, using cryptographic signatures to manage identity and read permission; the details still need to be worked out, though the design principle is no single central entity controls everyone's information.

Is it possible to untag yourself from a picture for such a system?  My first thought is, of course not, because it is very difficult to delete anything from a robust distributed hashtable.

The simplest third party tags consists of someone else inserting a piece of data into the DHT consisting of a pair: the hashcode of the picture and your unique identifier, possibly cryptographically signed by them.  Such a tag cannot be easily deleted.

We thwart such tagging by avoiding ever giving out a globally unique identifier for yourself.  Each of your friends knows you by a different identifier, and that identifier is only useful if one has the friend's private key.  It's sort of a graph duality: the edges between nodes carry labels, not the nodes themselves.  I don't know how to make this work.  It seems it might not work because, even if you don't give out a globally unique identifier, there's no stopping someone else from forcefully creating one for you.

Another untagging mechanism might be chaff: whenever you tag yourself, you create a private key with which you can, later, produce countless fake tags of yourself, very difficult to distinguish from the original, effectively untagging yourself.

No comments:

Post a Comment