LOAF - Distributed Social Networking Over Email

FamousLongAgo writes "LOAF (List Of All Friends) is an extension to email that lets you send out address book data without compromising your privacy. LOAF appends a hash-like data structure to each outgoing email, and collects similar attachments from the people who write to you. These files can be queried to see if they contain a given email address, but they can't be reverse-engineered to reveal the list of addresses used to construct them. LOAF lets you check whether someone emailing you for the first time is a complete stranger, or appears in the address books of some of your trusted correspondents. And as a decentralized application, LOAF offers an interesting alternative to current social networking sites like Orkut or Friendster."

Please go outside

[revscat]

Ok, I've had it with Friendster, Tribe, and all this social networking crap. Go to a bar, go to a park, hell go to a freaking CHURCH or something but if you want to make friends then for the love of Augusta Jane Chapin STEP AWAY FROM THE BLOODY COMPUTER. People are better grokked in person, and this virtual hooey is way overrated and ultimately unsatisfactory. If you're fat and ugly, go hang out with other fat and ugly people. Whatever you are comfortable with. But you just can NOT get the same social dynamics online as you do in the real world.

Why do you think people are such assholes online? You know, like me. Because the social dynamics are different and don't match reality. People don't have to be polite online, and you don't get to practice communications skills that make you successful in the real world.

And since the eventual goal is to get laid the physical verbal interactions are kind of important.

Having said that, this seems like an interesting technology, and doesn't seem as inherently annoying as Friendster. When the FAQ has stuff like this in it:

The false positive rate for Bloom filters is determined by the number of hashing functions, the size of the filter, and the number of entries in the filter, given by the approximate formula:

( 1 - e^(kn/m) )^k

It makes me go all warm and fuzzy.

Re:Please go outside

[AuMatar]

If you don't like them, don't use them. I don't myself. That being said, I know a lot of ways they're superior to real life:

*Ability to talk to people at any time. If my friend isn't at the bar, I can't talk to him. The chance he's near his computer is much higher
*Ability to hold multiple conversations. I can hold 4 or 5 simultaneous text conversations, only 1 oral one.
*Ability to talk asynchronousl. I can post something, he can read it later. A bar doesn't do that
*Ability to talk to people when on the road
*Ability to talk to people whatever the distance

Thats a few of the advantages. Real life has its own set of advantages. Neither is obviously better than the other. Nor is either exclusive- you're allowed to do both.

Re:Please go outside

[over_exposed]

I agree with you completely, but I'm not sure that's the only application/purpose of this concept. I see this as more of a spam filtering tool (at least for those with near average intelligence). If it has a subject line with RE: in it and it's not from anyone you know or anyone that knows someone you know, it's probably safest not to open it. In fact, why not expand on this technology and have the e-mail client smart enough to warn the (sub average intelligent) user that this isn't a response to anything you've sent out and is most likely not a safe e-mail to open.

Re:Please go outside

[eln]

And since the eventual goal is to get laid the physical verbal interactions are kind of important.

I think that pretty much says everything we needed to know about you.

I don't go in for these sites either, but to say that personal relationships online are any less valid than personal relationships in any other setting is ludicrous. Just because your only goal in life is to get laid doesn't mean that's the case with everyone else on the planet. Sometimes, we like to talk to people because we find them interesting, not because we think we might be able to score with them.

You're right that the social dynamics online are different, but you can't completely dismiss a manner of human interaction because it's different than what you're used to. But then, if all you're after is picking up drunk women in bars, then you can go ahead and spend your life doing that. You would have to be pretty shallow to consider that kind of lifestyle anything but "ultimately unsatisfactory" though.

Of course, there's a certain irony in your comment coming from a Slashdot subscriber.

Re:Please go outside

[greg_barton]

But you just can NOT get the same social dynamics online as you do in the real world.

I think that's the point. Maybe some people don't WANT the same social dynamics you get in the real world.

Re:Please go outside

[shadowmatter]

Indeed, Bloom Filters are the shit.

These days, in my spare time, I'm writing a p2p program -- think of it as a swarm-download system, like BitTorrent, on an overlay network topology, like eMule (only eMule uses Kademlia, and I'm using Pastry). It has been shown, here and here, that Bloom Filters can drastically reduce the traffic generated when searching peer to peer networks. I recently coded a Java implementation of a Bloom Filter for my p2p program, and it works great in testing. (But the p2p program isn't anywhere near done, so don't ask about it ;)

Furthermore, Bloom Filters can be compressed -- see Michael Mitzenmacher's work here. The idea that you can compress a Bloom Filter is a little counter-intuitive, because the size of the bit vector and the number of hash functions are derived using calculus to maximize the compactness of the set, for a given false positive rate -- thus, in this state, it is non-compressable (it is "already compressed" by simply being an optimal Bloom Filter). To compress a bloom filter, you must choose a large bit vector, and a non-optimal number of hash functions, then apply the compression algorithm (typically arithmetic coding). Because the bit vector is so large, it is sparsely populated -- and so compression works.

Often you can save 10% and 20% on the size of your bloom filter, while having a lower false positive rate. Score!

A very nice, very interesting survey of all the applications of Bloom Filters can be found here.

- sm

Spam blocking uses?

[LoudMusic]

I've refreshed the /. page a few times and still see no comments. How strange.

Anyway, how would something like this hold up in a spam blocking function? How easy would it be to get onto the LOAF list? And if the contents can't be listed, how are you to know that it's not chalk full of the bad stuff? How do you know that you aren't emailing to people whom you don't wish to receive your mails?

Re:Spam blocking uses?

[Bingo+Foo]

Correct, And since your List Of All Friends is appended as a hash and not plaintext, no one can "pinch" your LOAF, so to speak.

Spam filter?

[Daniel_Staal]

Could this be used in a spam filter? A somewhat adaptive whitelist?

Not that it would solve anything, but it could be useful...

Re:Spam filter?

[Soko]

Hmmm... Mail Expurgated Against Tenative List Of All Friends - MEATLOAF!!!

MEATLOAF - the Anti-SPAM!

Yech. Time to go home.

Soko

Dictionary attack?

[Sheetrock]

Create a huge (a@a.com, b@a.com, c@a.com, etc.) list of 'friends' and check the hashes in that list against everything you receive via LOAF?

You don't need to reverse it if you can brute force it.

Re:Dictionary attack?

[GillBates0]

RTF About Page

They've included a nice analysis of the types of attacks including the Ex-Girlfriend attack, Marc Canter attack, and Dictionary Attacks in the writeup

The configurable false positive rate can make Bloom filters resistant to dictionary attack, but it also renders them less useful. Given a false positive rate of c, and a dictionary with k elements, a dictionary attack will result in ck false hits. This rate goes down if you can collect multiple filters from the same user that are either 1) of different length, or 2) use different hash functions (salts, in our implementation). False positives in either case will be different, so for n filters the false positive rate will drop to c^n.

This implies that the truly paranoid should use a presized filter large enough to contain as many correspondents as they ever expect to have on record, and an invariant set of salts. Under those conditions, collecting multiple filters will not change the false positive rate. A mostly empty large filter might have an unacceptably low false positive rate, so you would want to pad the list of real emails out with random data, to maintain a constant ratio of on/off bits as well.

The tradeoff with a high false positive rate is that the filter will be less useful to legitimate recipients. An intriguing possibility is that of sending out very inaccurate filters that are updated on a regular basis (for example weekly) so that a user has to accumulate a certain number of the filters in order to run queries with a good degree of certitude. This spreads private information over several filters and ensures that an eavesdropper who intercepts only one file will find it of very limited value.

And most importantly they say: Of course, the truly paranoid would be crazy to use LOAF.

Re:Dictionary attack?

[JohnFluxx]

of course! How stupid of these people.
I'm sure that with email addresses being around 15 characters, with around 40 different letters, that's only 40^15 different emails to try.
That's 1 million million million million combinations.
Shouldn't take too long to try.

just hope your name isn't

a766a602 b65cffe7 73bcf258 26b322b3 d01b1a97 2684ef53 3e3b4b7f 53fe3762 24c08e47 e959b2bc 3b519880 b9286568 247d110f 70f5c5e2 b4590ca3 f55f52fe effd4c8f e68de835 329e603c c51e7f02 545410d1 671d108d f5a4000d cf20a439 4949d72c d14fbb03 45cf3a29 5dcda89f 998f8755 2c9a58b1 bdc38483 5e477185 f96e68be bb0025d2 d2b69edf 21724198 f688b41d eb9b4913 fbe696b5 457ab399 21e1d759 1f89de84 57e8613c 6c9e3b24 2879d4d8 783b2d9c a9935ea5 26a729c0 6edfc501 37e69330 be976012 cc5dfe1c 14c4c68b d1db3ecb 24438a59 a09b5db4 35563e0d 8bdf572f 77b53065 cef31f32 dc9dbaa0 4146261e 9994bd5c d0758e3d

(http://www.mail-archive.com/cryptography%40metzdo wd.com/msg02554.html

FWD:FWD:FWD:FWD: LOAF !

[lateralus_1024]

Send this email to your LOAF within 3 minutes or suffer a tragic loss next week!

It's a spammer's dream.

[techno-vampire]

All you need to do is join a few mailing lists with people on it that use this. Then, you run you CD of email address through it, looking for hits. This gives you a much smaller list, but they're all confirmed, known good addresses. The cool thing, from the spammer's perspective is that you don't have to go out and harvest, people go out of their way to give you their friend's email addresses.

You clicked/deleted WHAT?!?

[Donoho]

LOAF lets you check whether someone emailing you for the first time is a complete stranger, or appears in the address books of some of your trusted correspondents.

What's the difference? Some of my most trusted confidants have systems riddled with spyware and viri. They're great people but Horrible users. I rarely give out my real email address for that very reason.

0wned Machines & LOAF-OKed viruses

[G4from128k]

LOAF sounds wonderful until someone creates a LOAF-exploiting virus. If a friend becomes infected, their 0wned machine can send virus messages (with the friend's LOAF signature) that have a very high chance of being read and thus spreading through a LOAF network.

The challenge with any computer-based social network is not the "do I trust my friend" question but the issue of "do I trust my friend's computer that is sending me this message"? Perhaps all computers need a tamperproof hash that encodes their OS patch/AV update/spyware/firewall defense state. That way the message recipient can assess the trustworthyness of the sending machine.

Re:Yeah, right..

[AuMatar]

If they're doing it the right way, it can't be. For example, you could assign every address a random but calculatable value (for the hell of it, lets use the value of the product of all the ascii characters in their name). Thats a pretty random variable. You can check if an address matches it by caluclating its value and comparring, but you cannot reverse the process (due ot multiple possible matches). The cost you pay is that false positives are possible. In the above example, with 32 bit values, you have a 2^-32 chance of a false positive.

Oh, come on.

[Short+Circuit]

Being online give you freedom. Manners, grammar and spelling aren't eliminated, they become a choice. And as a choice, they can become something to be proud of.

Interacting with other people online has allowed me to get to know people from other countries and cultures, instead of being limited to a west Michigan culture where it's sometimes hard to find other people interested in the same things I am.

Finally, things like email and online forums allow me to communicate and cooperate with people in other time zones. I don't have to be awake for my message to reach my buddy in Mexico. Or my friends in Africa, Europe or Asia.

Limits

[glpierce]

What you call "superiority" others would call "limiting". All of your "advantages" involve speaking to a small group of known people anywhere/anytime. In the physical world, you meet new people. New people bring new ideas, perspectives, activities, etc.

Re:Limits

[AuMatar]

And what you would call "advantages" many would call "limiting". I for one don't tend to like meeting random people, I want to meet highly intelligent, thoughtful people. There tends to be a limited number of those per geographic area. Those limitations are removed online. And meeting them online at least has an automatic intelligence filter- if they can't type english, they can be ignored as morons (or foreigners, but if they can't use english I won't be able to communicate with them in person either).

Like I said- both have advantages and disadcantages. Thats why both exist. Use the one you want, or both of them. But don't insult someone else for prefering one over the other.

Re:Limits

[FirstTimeCaller]

You know who hangs out at bars? Drunks. I don't want a social circle of drunks.

That's OK. We don't want you either.

Re:Limits

[glpierce]

"Elitist" is the word.

If you wouldn't "lower" yourself to speaking to anything but the-best-and-the-brightest, you're not going to learn appropriate social skills for dealing with "regular" people, which are what you're normally going to deal with in the physical world. Also, there are many places to meet "intelligent, thoughtful people"; try a bookstore, coffee shop, etc. instead of a bar, and you might find different sorts of people.

Re:Limits

[theLOUDroom]

"Elitist" is the word.

Sorry, wrong. It's just a simple reailty.
You can't just walk into a coffee shop and find someone to talk to about digital FIR filters, for example. There just aren't people like that everywhere.

It's not that I won't talk to normal people about normal things, but when you want to talk find out about adjusting your sway bar end-links for zero preload, most people just nod and smile.

One of the great things about the internet is to make it easy to find people to talk to about these things. Maybe there are only 100 people who know much about the ECU in an Mazda RX-7, but chances are, you be able to find some of them online and have a real, meaningful conversation on the subject, rather than some idiot going "Wow! That's like in 2F2F!"

It's not elitist, to not want to waste your time and someone else's time having a one-sided discussion they won't understand. Some people just aren't that interesting to certain other people. That's just the way it is. It not because the other person considers them to be a less person, IT'S BECAUSE THE HAVE NOTHING IN COMMON, NOTHING TO TALK ABOUT.

Re:Limits

[jskiff]

BS in Computer Engineering, UIUC. No masters, I'm applying for phd programs next fall
1580 SAT
34 ACT
National AP Scholar (requires completing 8 full semester equivalent AP tests while in high school, and getting a minimum score of 4/5 on all of them. A 4 is equivalent to an A in a college course)
National Merit Finalist
ACM Member of the Year, UIUC branch. Awarded for my work on the tutoring program
2nd place biology and 5th place computers JETS Illinois State championship
3rd place biology and 5th place computers WYSE Illinois State Championship (they renamed it my second year)


Job outsourced to India: Priceless...

but, what if..

[Keruo]

you don't have any friends?

Oh Boy, Longer Emails!

[tarsi210]

Gee...hasn't anyone else noticed what else we get with LOAF? Longer shit on emails!

Unless the application (which it might, I haven't checked) filters the LOAF signature, we'll have a nice influx of three-word emails with 25 lines of crap at the end of each, plus headers, plus the 50-line signature that I flamed you about last week, plus your cutsey signoff, plus the last 14 messages you've quoted in the discussion thread because you were too fucking lazy to edit them off, plus a poorly-rendered ASCII-art picture of Britney Spears showing her hot grits, plus...

Well. You get the picture. I can't wait until I can be on mailing lists that have 95 LOAF signatures at the end of each email because they were running Outlook and it couldn't filter them out.

Any way to stick those babies in a header? At least they can be hidden, then. The bandwidth is just a victim anyway.