Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet Spam

LOAF - Distributed Social Networking Over Email 273

FamousLongAgo writes "LOAF (List Of All Friends) is an extension to email that lets you send out address book data without compromising your privacy. LOAF appends a hash-like data structure to each outgoing email, and collects similar attachments from the people who write to you. These files can be queried to see if they contain a given email address, but they can't be reverse-engineered to reveal the list of addresses used to construct them. LOAF lets you check whether someone emailing you for the first time is a complete stranger, or appears in the address books of some of your trusted correspondents. And as a decentralized application, LOAF offers an interesting alternative to current social networking sites like Orkut or Friendster."
This discussion has been archived. No new comments can be posted.

LOAF - Distributed Social Networking Over Email

Comments Filter:
  • Please go outside (Score:4, Insightful)

    by revscat ( 35618 ) * on Tuesday August 17, 2004 @05:23PM (#9995462) Journal

    Ok, I've had it with Friendster, Tribe, and all this social networking crap. Go to a bar, go to a park, hell go to a freaking CHURCH or something but if you want to make friends then for the love of Augusta Jane Chapin STEP AWAY FROM THE BLOODY COMPUTER. People are better grokked in person, and this virtual hooey is way overrated and ultimately unsatisfactory. If you're fat and ugly, go hang out with other fat and ugly people. Whatever you are comfortable with. But you just can NOT get the same social dynamics online as you do in the real world.

    Why do you think people are such assholes online? You know, like me. Because the social dynamics are different and don't match reality. People don't have to be polite online, and you don't get to practice communications skills that make you successful in the real world.

    And since the eventual goal is to get laid the physical verbal interactions are kind of important.

    Having said that, this seems like an interesting technology, and doesn't seem as inherently annoying as Friendster. When the FAQ has stuff like this in it:

    The false positive rate for Bloom filters is determined by the number of hashing functions, the size of the filter, and the number of entries in the filter, given by the approximate formula:

    ( 1 - e^(kn/m) )^k

    It makes me go all warm and fuzzy.
    • by AuMatar ( 183847 ) on Tuesday August 17, 2004 @05:28PM (#9995504)
      If you don't like them, don't use them. I don't myself. That being said, I know a lot of ways they're superior to real life:

      *Ability to talk to people at any time. If my friend isn't at the bar, I can't talk to him. The chance he's near his computer is much higher
      *Ability to hold multiple conversations. I can hold 4 or 5 simultaneous text conversations, only 1 oral one.
      *Ability to talk asynchronousl. I can post something, he can read it later. A bar doesn't do that
      *Ability to talk to people when on the road
      *Ability to talk to people whatever the distance

      Thats a few of the advantages. Real life has its own set of advantages. Neither is obviously better than the other. Nor is either exclusive- you're allowed to do both.
      • Limits (Score:5, Interesting)

        by glpierce ( 731733 ) on Tuesday August 17, 2004 @05:40PM (#9995623)
        What you call "superiority" others would call "limiting". All of your "advantages" involve speaking to a small group of known people anywhere/anytime. In the physical world, you meet new people. New people bring new ideas, perspectives, activities, etc.
        • Re:Limits (Score:5, Insightful)

          by AuMatar ( 183847 ) on Tuesday August 17, 2004 @05:57PM (#9995758)
          And what you would call "advantages" many would call "limiting". I for one don't tend to like meeting random people, I want to meet highly intelligent, thoughtful people. There tends to be a limited number of those per geographic area. Those limitations are removed online. And meeting them online at least has an automatic intelligence filter- if they can't type english, they can be ignored as morons (or foreigners, but if they can't use english I won't be able to communicate with them in person either).

          Like I said- both have advantages and disadcantages. Thats why both exist. Use the one you want, or both of them. But don't insult someone else for prefering one over the other.
          • Highly inteligent thoughtful people? Oh, you mean the so boring you would rather have a sharp stick in the eye people?

            I know a few people who met online, and one even got married through it. I think it's fine if that's your thing, but I personally won't bother with people that won't go out drinking with me... ie the computer people... you can't really drink with an aim conversation...
            • So, people in a bar? So you mean people to stone drunk to have a conversation with in the first place?

              I've made friends online, I've made friends in the real world, I've made friends at school, and I've made them at work. All methods have pluses and minuses. All are useful. If you prefer the real world method, go for it. Just realise that prefering another option is just as valid.
          • Re:Limits (Score:5, Insightful)

            by glpierce ( 731733 ) on Tuesday August 17, 2004 @06:30PM (#9996019)
            "Elitist" is the word.

            If you wouldn't "lower" yourself to speaking to anything but the-best-and-the-brightest, you're not going to learn appropriate social skills for dealing with "regular" people, which are what you're normally going to deal with in the physical world. Also, there are many places to meet "intelligent, thoughtful people"; try a bookstore, coffee shop, etc. instead of a bar, and you might find different sorts of people.
            • Re:Limits (Score:5, Insightful)

              by theLOUDroom ( 556455 ) on Tuesday August 17, 2004 @08:08PM (#9996640)
              "Elitist" is the word.

              Sorry, wrong. It's just a simple reailty.
              You can't just walk into a coffee shop and find someone to talk to about digital FIR filters, for example. There just aren't people like that everywhere.

              It's not that I won't talk to normal people about normal things, but when you want to talk find out about adjusting your sway bar end-links for zero preload, most people just nod and smile.

              One of the great things about the internet is to make it easy to find people to talk to about these things. Maybe there are only 100 people who know much about the ECU in an Mazda RX-7, but chances are, you be able to find some of them online and have a real, meaningful conversation on the subject, rather than some idiot going "Wow! That's like in 2F2F!"

              It's not elitist, to not want to waste your time and someone else's time having a one-sided discussion they won't understand. Some people just aren't that interesting to certain other people. That's just the way it is. It not because the other person considers them to be a less person, IT'S BECAUSE THE HAVE NOTHING IN COMMON, NOTHING TO TALK ABOUT.
              • Re:Limits (Score:3, Insightful)

                by Omestes ( 471991 )
                For awhile I had the same outlook as you, if people couldn't talk about "deep" matters, well then, screw 'em. Then I realized that I was actually a snob.

                Everyone has something in common, the only barriers are linguistic. If you don't talk to common man, you loose social skills, and become disconected from the reality that most of the world lives in. Plus, it is always good to get new views on things, even if you find them ignorant, or against your own.

                Thats one thing I have against cell-phone culture,
            • Re:Limits (Score:4, Funny)

              by Wordsmith ( 183749 ) on Tuesday August 17, 2004 @10:52PM (#9997394) Homepage
              Why don't you guys all meet up somewhere and talk this over. I'm sure the in-person interaction would be better. Or maybe worse. Or maybe better. Or maybe ...
        • Re:Limits (Score:3, Insightful)

          You know who hangs out at bars? Drunks. I don't want a social circle of drunks.

          It's also a hell of a lot harder to make friends without a huge common ground. If you are in college and at a bar in town you run into someone around your age in that bar, they most likely go to school and you can talk about that. When everyone works different jobs with different lives and families are scattered it's really freakin' hard to meet new people. My wife and I are dealing with this right now and it's not a minor
      • You know about this thing called "phone", right?

    • Re:Please go outside (Score:4, Interesting)

      by over_exposed ( 623791 ) on Tuesday August 17, 2004 @05:28PM (#9995509) Homepage
      I agree with you completely, but I'm not sure that's the only application/purpose of this concept. I see this as more of a spam filtering tool (at least for those with near average intelligence). If it has a subject line with RE: in it and it's not from anyone you know or anyone that knows someone you know, it's probably safest not to open it. In fact, why not expand on this technology and have the e-mail client smart enough to warn the (sub average intelligent) user that this isn't a response to anything you've sent out and is most likely not a safe e-mail to open.
    • by eln ( 21727 ) on Tuesday August 17, 2004 @05:31PM (#9995541) Homepage
      And since the eventual goal is to get laid the physical verbal interactions are kind of important.

      I think that pretty much says everything we needed to know about you.

      I don't go in for these sites either, but to say that personal relationships online are any less valid than personal relationships in any other setting is ludicrous. Just because your only goal in life is to get laid doesn't mean that's the case with everyone else on the planet. Sometimes, we like to talk to people because we find them interesting, not because we think we might be able to score with them.

      You're right that the social dynamics online are different, but you can't completely dismiss a manner of human interaction because it's different than what you're used to. But then, if all you're after is picking up drunk women in bars, then you can go ahead and spend your life doing that. You would have to be pretty shallow to consider that kind of lifestyle anything but "ultimately unsatisfactory" though.

      Of course, there's a certain irony in your comment coming from a Slashdot subscriber.
      • "And since the eventual goal is to get laid the physical verbal interactions are kind of important."

        I think that pretty much says everything we needed to know about you.

        Which is what, exactly?

        You're right that the social dynamics online are different, but you can't completely dismiss a manner of human interaction because it's different than what you're used to.

        I don't. But I do think that some are better than others. When comparing Friendster to the real world, the real world wins hands down. Is t

        • "When comparing Friendster to the real world"

          that was your first mistake. your second was not having enough out-of-box brains to see what social networking is about.

          here's some help:
          it's not MEANT to replace the real world. it's meant to make it BETTER.

          here's another hint to help you:
          like a TELEPHONE does, like a yellow pages does.

          think of friendster as being an insanely detailed and annotated grouping of all your friend's Rolodex's, and you're halfway there.

          Come on, don't be afraid....connect the do
    • Oh, come on. (Score:5, Insightful)

      by Short Circuit ( 52384 ) * <mikemol@gmail.com> on Tuesday August 17, 2004 @05:32PM (#9995553) Homepage Journal
      Being online give you freedom. Manners, grammar and spelling aren't eliminated, they become a choice. And as a choice, they can become something to be proud of.

      Interacting with other people online has allowed me to get to know people from other countries and cultures, instead of being limited to a west Michigan culture where it's sometimes hard to find other people interested in the same things I am.

      Finally, things like email and online forums allow me to communicate and cooperate with people in other time zones. I don't have to be awake for my message to reach my buddy in Mexico. Or my friends in Africa, Europe or Asia.
    • by greg_barton ( 5551 ) * <greg_barton@@@yahoo...com> on Tuesday August 17, 2004 @05:35PM (#9995582) Homepage Journal
      But you just can NOT get the same social dynamics online as you do in the real world.

      I think that's the point. Maybe some people don't WANT the same social dynamics you get in the real world.
    • I've noticed that computer-types are usually not necessarily polite in public. Specifically I've encountered real shitheads at coffeehouses who rudely butt in to tech discussions that I'm having with friends. These aforementioned shitheads like desparaging people, claiming that others really don't know what one is talking about, or like to just stir up trouble.

      Yes, get out into the real world, but don't socialize with just other computer types, role players, math geeks, gamers, or any single stereotype.
    • On the other hand, in business communications at least, I find myself editing my words FAR more carefully in electronic form than in spoken form or face-to-face. The slightest poor word choice or unfamiliar syntax can inadvertently piss people off in text when the same misstep would go without consequence in person.

      But, at base, I couldn't care less if someone has exchanged email with my parents, the President or the Pope -- they're still strangers to me, so this has no value for the stated purpose.
    • Re:Please go outside (Score:5, Informative)

      by shadowmatter ( 734276 ) on Tuesday August 17, 2004 @06:41PM (#9996084)
      Indeed, Bloom Filters are the shit.

      These days, in my spare time, I'm writing a p2p program -- think of it as a swarm-download system, like BitTorrent, on an overlay network topology, like eMule (only eMule uses Kademlia, [psu.edu] and I'm using Pastry [microsoft.com]). It has been shown, here [duke.edu] and here [mit.edu], that Bloom Filters can drastically reduce the traffic generated when searching peer to peer networks. I recently coded a Java implementation of a Bloom Filter for my p2p program, and it works great in testing. (But the p2p program isn't anywhere near done, so don't ask about it ;)

      Furthermore, Bloom Filters can be compressed -- see Michael Mitzenmacher's work here [harvard.edu]. The idea that you can compress a Bloom Filter is a little counter-intuitive, because the size of the bit vector and the number of hash functions are derived using calculus to maximize the compactness of the set, for a given false positive rate -- thus, in this state, it is non-compressable (it is "already compressed" by simply being an optimal Bloom Filter). To compress a bloom filter, you must choose a large bit vector, and a non-optimal number of hash functions, then apply the compression algorithm (typically arithmetic coding). Because the bit vector is so large, it is sparsely populated -- and so compression works.

      Often you can save 10% and 20% on the size of your bloom filter, while having a lower false positive rate. Score!

      A very nice, very interesting survey of all the applications of Bloom Filters can be found here [psu.edu].

      - sm
    • I think you're missing the point of Friendster.

      for example, let's compare something like finding a roomate to share an apartment with.

      In real life, or without social networking, it's like this:

      -have to bother all of your friends, over email, on the phone, at a party, etc. to spread the word. that means *requiring* your friends/family to keep an ear out for you, which they might not remember.

      -go thru craigslist and spend days interviewing freaky random people who might not turn out to be good roomate ma
    • by EvilTwinSkippy ( 112490 ) <yoda@nOspam.etoyoc.com> on Tuesday August 17, 2004 @06:58PM (#9996213) Homepage Journal
      As I sit here slashdotting in one hand and playing interference with my infant on the other, I contemplate the social scene for new dads.

      (Tends to screaming kid.)

      Well I guess I could hire a sitter. (No sweety, not the iBook!!!!) a;dfogadlogjs;ldug wsorutspritgsagu9o uapouigfa oczvj zfj jozdo zdzolaeroprasjo; jgd oj j drg

    • I am a Brasilian, and as you probably have heard we had invaded orkut. :-) We do love social networks, we are very social, even the most nerd ones here do go out and meet people in bars (ok Brasil is very big, and my experience is most with Rio).

      We also love the internet and every new gadget or service. This does not stop us from meeting in bars and in person, just the oposite, I've seen Orkut making people more social and meet more people in person in a few months then in years I have known them. I myself
    • People are better grokked in person, and this virtual hooey is way overrated and ultimately unsatisfactory.

      I'd say that depends on where you hang out online. There's a forum I frequent where members make an effort to periodically get together in real life. I've met some really neat people that way, and made friends in places that I might not normally visit. Now if I ever have to go to Greenville or Newfoundland or Israel, I know I've got friends there.

      Of course, the purpose of this forum is to discuss a
  • by kiltedtaco ( 213773 ) on Tuesday August 17, 2004 @05:23PM (#9995464) Homepage
    These files can be queried to see if they contain a given email address, but they can't be reverse-engineered to reveal the list of addresses used to construct them.

    Or so they thought, untill they heard about the sha vulnerability.
    • Okay, I'll bite. It's impossible to reverse a hash function which accepts an input larger than its output - the number of possible results, in an ideal hash with an unrestricted input size, is infinite. Hashes may, however, be vulnerable to collisions, where just one input data is found that produces a given output data. This may or may not be the original input (probably not), but it doesn't matter for many cryptographic uses - it's broken all the same.
    • by flonker ( 526111 )
      Get one of those "1 million email adresses" CDs they keep emailing me about, and check each one to see if it's in the list.

      What is the expected benefit of "These files can be queried to see if they contain a given email address, but they can't be reverse-engineered to reveal the list of addresses used to construct them. " again?
  • Spam blocking uses? (Score:5, Interesting)

    by LoudMusic ( 199347 ) on Tuesday August 17, 2004 @05:24PM (#9995469)
    I've refreshed the /. page a few times and still see no comments. How strange.

    Anyway, how would something like this hold up in a spam blocking function? How easy would it be to get onto the LOAF list? And if the contents can't be listed, how are you to know that it's not chalk full of the bad stuff? How do you know that you aren't emailing to people whom you don't wish to receive your mails?
    • by Sparr0 ( 451780 ) <sparr0@gmail.com> on Tuesday August 17, 2004 @05:47PM (#9995681) Homepage Journal
      There is no central list. The concept is that you append a list of YOUR friends to the end of each email you send. No one can read the list alone, but they can check if specific addresses are in it. So when someone new emails you, you check their address against all the known-good LOAF hashes youve recieved, this will tell you if they are a friend of a friend of yours.
    • Anyway, how would something like this hold up in a spam blocking function?

      That's the first thing I though when I read this too.

      This would be a GREAT antispam tool.

      The implementation would take a little thought I bet if you were to combine a tool like this with a bayesian filter, one could an order of magnitude reduction in the spam that make it past the filter.

      Some of the detail though would require a weighting mechanism for "people". This would be necessary to deal with people smart enough to us
    • Anyway, how would something like this hold up in a spam blocking function?

      Ultimately, not all that well: if everyone could go to a perfect whitelist, with user-transparent verifications and all that hoohah, all that would happen would be that spammers would start forging the addresses of real people onto their spams.

      You'd have to start combining that with SPF and perhaps some even more restrictive confirmations to really make it effective.

      (And BTW, as long as I'm already replying: the phrase you wante
  • Spam filter? (Score:5, Interesting)

    by Daniel_Staal ( 609844 ) <DStaal@usa.net> on Tuesday August 17, 2004 @05:24PM (#9995471)
    Could this be used in a spam filter? A somewhat adaptive whitelist?

    Not that it would solve anything, but it could be useful...
    • I was thinking about how it could be used to block those Windows viruses and worms that send you mail from a third party's address. Except that this works almost the same way those Melissa-ish viruses do, so your "whitelist" would probably include most of the incoming faked addresses...
    • by Soko ( 17987 ) on Tuesday August 17, 2004 @06:43PM (#9996100) Homepage
      Hmmm... Mail Expurgated Against Tenative List Of All Friends - MEATLOAF!!!

      MEATLOAF - the Anti-SPAM!

      Yech. Time to go home.

      Soko
  • LOAF (Score:3, Funny)

    by Anonymous Coward on Tuesday August 17, 2004 @05:24PM (#9995475)
    anyone else think linux on a floppy when they saw this?
    • Re:LOAF (Score:3, Funny)

      by mangu ( 126918 )
      anyone else think linux on a floppy when they saw this?


      Yes, I did. And I can't understand WTF all those "get a life" posts mean. I DO have a life, and it's Linux and the like. Why should some other form of life, e.g. interacting with the local drunks at the local bar or church or club, be any superior to the life we, Linux hobbyists, have?

  • Dictionary attack? (Score:5, Insightful)

    by Sheetrock ( 152993 ) on Tuesday August 17, 2004 @05:24PM (#9995476) Homepage Journal
    Create a huge (a@a.com, b@a.com, c@a.com, etc.) list of 'friends' and check the hashes in that list against everything you receive via LOAF?

    You don't need to reverse it if you can brute force it.

    • by GillBates0 ( 664202 ) on Tuesday August 17, 2004 @05:29PM (#9995519) Homepage Journal
      RTF About Page [cantbedone.org]

      They've included a nice analysis of the types of attacks including the Ex-Girlfriend attack, Marc Canter attack, and Dictionary Attacks in the writeup

      The configurable false positive rate can make Bloom filters resistant to dictionary attack, but it also renders them less useful. Given a false positive rate of c, and a dictionary with k elements, a dictionary attack will result in ck false hits. This rate goes down if you can collect multiple filters from the same user that are either 1) of different length, or 2) use different hash functions (salts, in our implementation). False positives in either case will be different, so for n filters the false positive rate will drop to c^n.

      This implies that the truly paranoid should use a presized filter large enough to contain as many correspondents as they ever expect to have on record, and an invariant set of salts. Under those conditions, collecting multiple filters will not change the false positive rate. A mostly empty large filter might have an unacceptably low false positive rate, so you would want to pad the list of real emails out with random data, to maintain a constant ratio of on/off bits as well.

      The tradeoff with a high false positive rate is that the filter will be less useful to legitimate recipients. An intriguing possibility is that of sending out very inaccurate filters that are updated on a regular basis (for example weekly) so that a user has to accumulate a certain number of the filters in order to run queries with a good degree of certitude. This spreads private information over several filters and ensures that an eavesdropper who intercepts only one file will find it of very limited value.

      And most importantly they say: Of course, the truly paranoid would be crazy to use LOAF.

    • by JohnFluxx ( 413620 ) on Tuesday August 17, 2004 @05:33PM (#9995562)
      of course! How stupid of these people.
      I'm sure that with email addresses being around 15 characters, with around 40 different letters, that's only 40^15 different emails to try.
      That's 1 million million million million combinations.
      Shouldn't take too long to try.

      • Or the spammer could just use their existing lists of however many emails and look to see if any of those emails are in the list. Virus infected zombie machines would be exceptionally good at this, as it allows them to email not only everyone in your address book but everyone in the address books of those who email you.
        • So... the viruses could email everyone in your email list, plus everyone that is in your email but also in someone elses email address?
          You do realise that this isn't going to make the list of possible email addresses any bigger right?
  • by Anonymous Coward on Tuesday August 17, 2004 @05:25PM (#9995482)
    a766a602 b65cffe7 73bcf258 26b322b3 d01b1a97 2684ef53 3e3b4b7f 53fe3762 24c08e47 e959b2bc 3b519880 b9286568 247d110f 70f5c5e2 b4590ca3 f55f52fe effd4c8f e68de835 329e603c c51e7f02 545410d1 671d108d f5a4000d cf20a439 4949d72c d14fbb03 45cf3a29 5dcda89f 998f8755 2c9a58b1 bdc38483 5e477185 f96e68be bb0025d2 d2b69edf 21724198 f688b41d eb9b4913 fbe696b5 457ab399 21e1d759 1f89de84 57e8613c 6c9e3b24 2879d4d8 783b2d9c a9935ea5 26a729c0 6edfc501 37e69330 be976012 cc5dfe1c 14c4c68b d1db3ecb 24438a59 a09b5db4 35563e0d 8bdf572f 77b53065 cef31f32 dc9dbaa0 4146261e 9994bd5c d0758e3d

    (http://www.mail-archive.com/cryptography%40metzdo wd.com/msg02554.html [mail-archive.com]

  • Hmm. Too bad I don't use electronic address books. Would I be excluded from e-mailing someone who uses LOAF then?
  • by lateralus_1024 ( 583730 ) <mattbaha@gmai l . com> on Tuesday August 17, 2004 @05:28PM (#9995503)
    Send this email to your LOAF within 3 minutes or suffer a tragic loss next week!
  • by why does this feel vaguely like "Send $1 to the last ten people on this e-mail, add your e-mail address to the end of this e-mail, and forward to someone"?
  • by techno-vampire ( 666512 ) on Tuesday August 17, 2004 @05:29PM (#9995515) Homepage
    All you need to do is join a few mailing lists with people on it that use this. Then, you run you CD of email address through it, looking for hits. This gives you a much smaller list, but they're all confirmed, known good addresses. The cool thing, from the spammer's perspective is that you don't have to go out and harvest, people go out of their way to give you their friend's email addresses.
  • Virii and worms (Score:4, Insightful)

    by grahamsz ( 150076 ) on Tuesday August 17, 2004 @05:29PM (#9995517) Homepage Journal
    It doesn't seem like it'd be hard to have a worm write an arbitrary address into your address book.

    Then LOAF would propogate that address to your friends, and then spammers could use the address programmed into the worm as the from address.

    On the whole though this seems like a really nice addition to existing spam blocking systems.

    Unfortunately the cases where i recieve email from a friend of a friend are relatively rare - but that's just me.

    It also does have some privacy issues - since it'd essentially enable me to check if one of my friends happens to have my wife in his address book...
  • As an anti-spam technology, I don't see it. Quite often one gets legit email from perfect strangers.

    Apart from that... I still don't really see it. You can only check for two levels of separation.

    I like the general idea of decentralized social networking, though. The semantic web seems more hopeful than email.

  • by Donoho ( 788900 ) on Tuesday August 17, 2004 @05:30PM (#9995529) Homepage
    LOAF lets you check whether someone emailing you for the first time is a complete stranger, or appears in the address books of some of your trusted correspondents.

    What's the difference? Some of my most trusted confidants have systems riddled with spyware and viri. They're great people but Horrible users. I rarely give out my real email address for that very reason.
  • by G4from128k ( 686170 ) on Tuesday August 17, 2004 @05:30PM (#9995531)
    LOAF sounds wonderful until someone creates a LOAF-exploiting virus. If a friend becomes infected, their 0wned machine can send virus messages (with the friend's LOAF signature) that have a very high chance of being read and thus spreading through a LOAF network.

    The challenge with any computer-based social network is not the "do I trust my friend" question but the issue of "do I trust my friend's computer that is sending me this message"? Perhaps all computers need a tamperproof hash that encodes their OS patch/AV update/spyware/firewall defense state. That way the message recipient can assess the trustworthyness of the sending machine.
    • I don't think the vulnerability that you describe is related to LOAF. The attached LOAF is not what provides trust. It's previously acquired LOAFs that can be used to provide trust to an incoming email. And nobody's computer has to be compromised in order to exploit that: anyone can say their email is from YourFriend@hotmail.com

      This isn't a replacement for Sender-ID or SPF or whatever. It's just a relatively safe way to see which of your acquaintances know each other.
  • Oh Great (Score:3, Funny)

    by data64 ( 300466 ) on Tuesday August 17, 2004 @05:30PM (#9995534)
    Now you want to tell people to "Go ahead and open all those emails with attachments" ?
  • by zoloto ( 586738 ) on Tuesday August 17, 2004 @05:32PM (#9995552)
    For a minute there, I thought this was an actual readable article about a distro that was once fairly useful L.O.A.F. [planetmirror.com] and its revival.

    Guess not.
  • This sounds like an interesting idea. I wonder if it'd be possible for someone to come up with something similar for AIM? Even though I don't like only allowing people on my buddy list to IM me, it think I'd rather only get IMs from someone who has some sort of connection to someone else on my list. That way I wouldn't have to keep turning down and blocking SnowJen15, SnowJen16, SnowJen17... SnowJen55, etc.
  • Can't use this for business. The last thing I want is my customers (or anyone else for that matter) being able to query to see if I have other specific emails in my list. Even worse, a competitor gets their hands on it, and just hammers emails at it, looking for positives.
  • by Keruo ( 771880 ) on Tuesday August 17, 2004 @05:51PM (#9995714)
    you don't have any friends?
  • ... they are sent from an address the infected person knows or at least have stored in a way or another to another address he have too. This factor should be taken in account when evaluating how "trustable" is the info or in how it could be used, else it could become useless or irrelevant.
  • Not that strong... (Score:3, Insightful)

    by ikegami ( 793066 ) on Tuesday August 17, 2004 @05:57PM (#9995759)
    You don't need to extract every email in it to break it...

    For example, if your employer got their hands on your list, they could check if you've been in contact with people at your competitors.

    It's even worse if they try and get a false positive!
  • by frovingslosh ( 582462 ) on Tuesday August 17, 2004 @05:57PM (#9995764)
    OK, I've read the article, and I still can't determine just what they are talking about. They use the term "address book" like there was some sort of one size fits all address book that all e-mail clients use. Such is certainly not the case; I use several e-mail clients and each has it's own address book (a sad fact that is even delaying my switch to Thunderbird on my desktop). What address book or address books does this thing use? What client(s) does it support?

    While IM was never mentioned in the article, my fear is that something like this is more likely aimed at IM users than others; quite an oximoron for an application designed to promote privacy and security. Also, since it seems to be based on a friend-of-friend approach, it would have to support the address book format of every friend that I excahange e-mail with, would it not? This all seems to be ignored in the article.

    • "Address book" is a misnomer - what this is based on is email addresses you have sent email to (or specifically imported into LOAF). The app monitors your outbound mail (through a sendmail wrapper, for example) and adds all new addresses to its list of seen recipients.

      Right now there is a reference implementation for Pine/procmail, we are hoping for help with implementations for Outlook, Mail.app, and other clients.
  • you can try LOAF, I'm gonna pitch it.
  • Hmm... (Score:4, Interesting)

    by Hobbex ( 41473 ) on Tuesday August 17, 2004 @06:12PM (#9995874)
    A ``me too'' attack consists of taking someone else's filter and claiming it as your own. This does not help you get recognized by other correspondents - that determination is made by comparing your email address against their list of stored filters - but once you are 'in', it will make you appear to share many contacts with people you actually don't know well at all.

    Why not just salt the SHA1 function with the filter owners email address? That way somebody could never take my filter and claim it as their own, since the bloom filter won't match anything when the hash values are produced with their email address as the salt.

    Am I missing something?
    • No, you're right on the money. In fact this is the approach the authors (self included) do take - the email of the owner is hashed in as one of the keys, to prevent filter theft.
  • How about turning that frown upside-down, and setting up a mutually-learning system based on the addresses of everyone I filter/block?
  • by tarsi210 ( 70325 ) <nathan@@@nathanpralle...com> on Tuesday August 17, 2004 @06:22PM (#9995951) Homepage Journal
    Gee...hasn't anyone else noticed what else we get with LOAF? Longer shit on emails!

    Unless the application (which it might, I haven't checked) filters the LOAF signature, we'll have a nice influx of three-word emails with 25 lines of crap at the end of each, plus headers, plus the 50-line signature that I flamed you about last week, plus your cutsey signoff, plus the last 14 messages you've quoted in the discussion thread because you were too fucking lazy to edit them off, plus a poorly-rendered ASCII-art picture of Britney Spears showing her hot grits, plus...

    Well. You get the picture. I can't wait until I can be on mailing lists that have 95 LOAF signatures at the end of each email because they were running Outlook and it couldn't filter them out.

    Any way to stick those babies in a header? At least they can be hidden, then. The bandwidth is just a victim anyway.
    • Gee...hasn't anyone else noticed what else we get with LOAF? Longer shit on emails!

      Unless the application (which it might, I haven't checked) filters the LOAF signature, we'll have a nice influx of three-word emails with 25 lines of crap at the end of each, plus headers, plus the 50-line signature that I flamed you about last week, plus your cutsey signoff, plus the last 14 messages you've quoted in the discussion thread because you were too fucking lazy to edit them off, plus a poorly-rendered ASCII-art
  • SPAM Application (Score:3, Interesting)

    by xombo ( 628858 ) on Tuesday August 17, 2004 @06:36PM (#9996052)
    What would be great is to use this as a SPAM fighting measure. Just apply fewer points to a message that comes from a "real person" or "friend" on the network based upon their closeness to you in the social network thus reducing the possibility of the message going into the Junk box. Or, why not use the same concept to create "networks" of Spammers. So when you get a message, add them to the spam network and apply points to the message to consider it SPAM that way there's a global list spammers that could potentially weed them all out.
  • by Guillermito ( 187510 ) on Tuesday August 17, 2004 @06:48PM (#9996136) Homepage
    Looks somewhat interesting.

    I would try it myself when/if someone writes a Thunderbird/Mozilla extension for it.

    (Before you ask. No, it's not interesting enough for ME to write a thunderbird extension myself)
  • Give everyone of us another reason/method/way to LOAF!
  • by dbIII ( 701233 ) on Tuesday August 17, 2004 @07:51PM (#9996559)
    It will work for a while, then someone you know will get Kevin Bacon on their list you'll be able to get emails from anyone.

    Perhaps limit it to a couple of steps away.

  • by mat catastrophe ( 105256 ) on Wednesday August 18, 2004 @12:33AM (#9997860) Homepage

    I'm not sure if anyone else has posted this idea yet, 'cause I'm way too lazy and tired to read the whole discussion, so I'm just throwing this out there....

    It seems kind of sad and pathetic that we need something that "checks incoming mail against the address books of your friends" in an effort to get rid of email from complete strangers....

    The internet was supposed to, among a thousand other things that are now long forgotten, get strangers together who shared common bonds of interest or study. Hobbies, ideas, whatever...

    [internetisshit.org]

I have a theory that it's impossible to prove anything, but I can't prove it.

Working...