9 May 2008

Joint iTrust and PST Conferences on Privacy, Trust Management and Security

IFIPTM 2008 Call for Participation


Joint iTrust and PST Conferences on Privacy, Trust Management and Security

June 18-20, Trondheim, Norway


The registration is now open.

Conference Program: http://www.ntnu.no/videre/konferanse/IFIPTM08/program.html

Registration: http://www.ntnu.no/videre/konferanse/IFIPTM08/registration.html

Co-located Workshops:

· Context-awareness and Trust (CAT08): http://cat08.telin.nl

· Web 2.0 Trust (W2Trust): http://www.sis.uncc.edu/~mshehab/w2trust/

· Sustaining Privacy in Autonomous Collaborative Environments (SPACE): http://secml.otago.ac.nz/privacy2008/

· Trust in Mobile Environments: http://time08.cs.ucl.ac.uk/

Please note that EUROPKI Conference will also take place in Trondheim from June 16 to June 17. IFIPTM and EUROPKI offer discounts if you attend both conferences. EUROPKI Registration: http://www.item.ntnu.no/europki08/registration.php

Hope to see you in Trondheim!

General Chairs:
Peter Herrmann, The Norwegian University of Science and Technology, Norway,
Christian Jensen, Technical University of Denmark, Denmark,

Program Chairs:
Yuecel Karabulut, SAP Research, USA,
John Mitchell, Stanford University, USA,

23 April 2008

Social Capital Gateway - literature resource

Found this by chance: Social Capital Gateway is a nice resource on the subject by PhD student Fabio Sabatini.

28 March 2008

Goodbye, Torrentspy

With my head buried in paperwork in the last week, I'm probably one of the last to find out, but file-sharing site torrentspy.com has been ordered to close shop.

For me, this is sad news indeed. The corporate motion picture muscle in the US was too burly for the guys at torrentspy, and even after hundreds of thousands of $ worth of legal battle, it was too much for one small company, and a final court order did the deed. Why did they lose? Because they refused to release information that could jeopardise the privacy of its users, that the MPAA wanted to sniff around in.

The whole business of digital copyright and DRM is getting messy, and this is just the beginning. It reminds me of something that happens in natural ecosystems and in physics, where the population or matter goes through phases of stability and chaos as it changes from one state to another --phase transition.

""Phase transition" is a term used in physics to describe the threshold between the gaseous and the fluid, the fluid and the solid, and so on. It is a point of transition, where ice begins to melt, water begins to evaporate, and vapor begins to condense. In phase transition, a system becomes dynamic and unstable, anticipating the beginning of something new." -- K. Kuwabara

The thing is, when the dust settles and we look around, where we find ourselves will probably be largely guided by who has the biggest muscle and most cash to buy muscle, dragging the rest of the population along to where they want us to go. So, if we are not vigilant, and allow ourselves to be brainwashed by the wolf pack that is the media, torrentspy's 'defeat' will be the first of many.

And don't think this is a US problem. It is now a "global village", thanks to corporate enslavement by rich companies on poorer nations. If it can happen in the US, it can happen anywhere, and if you're not careful, say goodbye to the freedom to build, share and create.

"... while new technologies always lead to new laws, never before have the big cultural monopolists used the fear created by new technologies, specifically the Internet, to shrink the public domain of ideas, even as the same corporations use the same technologies to control more and more what we can and can’t do with culture. As more and more culture becomes digitized, more and more becomes controllable, even as laws are being toughened at the behest of the big media groups. What’s at stake is our freedom—freedom to create, freedom to build, and ultimately, freedom to imagine." -- Lawrence Lessig, Free Culture

Reputation and Maintaining State

I came across Alex Bunardzic's blog on Online Identity and reading it gave me a new perspective on online reputation, and that is state. Here's a brief brain dump (if there is interest and/or further mulling over this, I will expand on this post)

Trust, reputation identity = someone's collection of attributes

... the Need to remember an object or person's history and attributes that may change over time = state management

... engineering a reputation or identity system becomes a problem of state management

... for embedded systems and connection oriented protocols, state management is already something we do here, e.g. routing algorithms in P2P nets

... the Web is inherently stateless, so maintaining state requires more work

... for engineering an efficient reputation system, the challenge is in state maintenance and optimising state retrieval.


27 March 2008

Workshop on Trust in Mobile Environments

I'll be reviewing research papers on trust and reputation mechanisms for mobile systems. This is for the Workshop on Trust in Mobile Environments. Looking forward to this as it's one of those areas that is full of creative output at the moment.

25 March 2008

Re-post: answer to "What is a mobile social network"

I answered a question on "What is a mobile social network" on a LinkedIn. My response is copied below, but visit the original post for other replies.

Hi Paul,

Yours is a timely post, and I think your comment spans two broad issues: user experience in a mobile app, and adding a mobility dimension to social networking.
It is getting so much easier now to develop apps for mobile devices, but developers who can build great user experience for the mobile user are still few and far between. Web browsers on mobile devices like the S60 (which uses the same WebKit browser platform as Android) have improved tremendously, and I think this has made developers a bit lazy. This won't last long though as user sophistication will drive the demand for better user experience on mobile devices.

And as you said, eventually "you either need a mobile application or a Web site that has been optimised for mobile phones". I agree, but I think it is becoming increasingly irrelevant whether the app is native to the device or web-based, and platforms like Google Gears and Adobe AIR are blurring the line even further as they let you function online and offline seamlessly.

I see some or all of the following factors (depending on app) as important for user experience, some already mentioned in the replies:

- The ability to discover the user's context and location, either automatically or manually input by the user, and use them to enhance the app's features, like answering your ‘where are you’ question. We don't have to wait for GPS phones for this - look at what the Google Maps people can already do with base-station triangulation: http://www.google.com/mobile/gmm/mylocation/index.html

- Making full use of the device's capabilities, taking into account how the user will be using the device. For example, thumbing instructions on the number pad would be better than scrolling to a link using the arrow keys.

- A built in reputation system that will allow the user to query on the trustworthiness of objects and people within vicinity, giving the user an opportunity to gain a comfortable level security before interacting with them.

- The ability to pick up where you left off on your desktop app/wired network and continue your interaction while mobile, as in Pekka's reply.
If you can have an app with those features, an amazing set of opportunities opens up for social networking, like those in the replies and many more yet to be conceived!

To answer your questions...

1. What mobile social networking sites do you like/dislike? As a user, I like Facebook, because it allows me to be lazy at keeping in touch, while at the same time being able to do just that, and to let my friends know what I'm up to at various effort levels (status update, at the very least... send a message if i'm feeling chatty, or post a blog if I have something to get off my chest). As a developer, I dislike Facebook, because while it does give me access to the largest online social network, it is still a closed ecosystem.

2. What’s the one feature you’d like to see in order to get you to use one? Actually, I would like to see my social network opened up and integrated into (or accessible from) all the apps that I'm currently using. I want to be able to forward an email from my Gmail account to a group on Facebook or advertise for post a contract job for a freelance photographer on my Flickr network straight from my Basecamp project page.

@Peter: WiMAX is coming, slowly but surely :). Our WiMAX projects are mainly focused on rural access but our infrastructure partner is part of a group that has just deployed the first mobile WiMAX pilot in Kent: http://tinyurl.com/35g93b

Blogged with the Flock Browser

24 March 2008

Reputation-based systems: a security analysis

This was a paper I co-wrote with a bunch of other contributors working in the trust/reputation and security space: "Reputation-based systems: a security analysis" (PDF). It is a position paper on security issues in reputation systems.

A nice thing that we did in this paper was that we identified concrete use cases for reputation systems to frame our discussions, rather than talking in general but unusable terms that papers of this sort can tend to become. The use cases covered are online markets, P2P networks, spam filters and PKI (my primary area of contribution). The principal threats were then derived from looking at threats to the reputation systems used in these use cases.

Here's the abstract:

ENISA Position Papers represent expert opinion on topics ENISA considers to be important emerging risks or key security components. they are produced as the result of discussion among a group of experts who were selected for their knowledge in the area. the content was collected via wiki, mailing list and telephone conferences and edited by enisa.

This paper aims to provide a useful introduction to security issues affecting Reputation-based Systems by identifying a number of possible threats and attacks, highlighting the security requirements that should be fulfilled by these systems and providing recommendations for action and best practices to reduce the security risks to users.

Examples are given from a number of providers throughout the paper. These should be taken as examples only and there is no intention to single out a specific provider for criticism or praise. The examples provided are not necessarily those most representative or important, nor is the aim of this paper to conduct any kind of market survey, as there might be other providers which are not mentioned here and nonetheless are equally or more representative of the market.

This paper is aimed at providers, designers, research and standardisation communities, government policy-makers and businesses.

Blogged with the Flock Browser

Flock wins Web Award, Community Category

Sometime mid last year I blogged very briefly about my discovery of Flock. I said I would write more about it, but as with all great products that turn into indespensable tools, it merged into my background of online interaction, transparently holding up my silver platter of social network goodies right there in my browser.

Not surprisingly, this year, they are winner of Best in Community at SXSW.

For me, Flock has been my default browser since I started using it, with my Blogger, flickr and twitter accounts always on and ready for the next post directly within the browser.

I do have one gripe with it - the del.icio.us bookmarker. It doesn't show me the recommended and community tags for a particular link, which I do miss. It is really useful to see what tags you already have and what other people are using to tag the same link. I use del.icio.us a lot and for it I still use the del.icio.us Firefox add-on.

Blogged with the Flock Browser

15 August 2007

Visual jQuery

Best jQuery manual I've seen so far: Visual jQuery, by Yehuda Katz. Nice work.

Blogged with Flock