2019/Brighton/privatepost

From IndieWeb

Private/Protected Posts was a session at IndieWebCamp Brighton 2019.

Notes archived from: https://etherpad.indieweb.org/privatepost


Participants

Notes

Is private or protected a better term?

Silos have turned the term "private" to mean "friends-only"

  • "private messages" are misleading
  • Discourse calls it "private message"
  • Slack/Twitter calls it "direct message"

"cryptographically secure" is sufficient for "private" posts

"protected posts" mean other people can see the posts somehow

  • Lewis Cowles Aaronpk shared a great example earlier, which I was able to find a browser addon / extension to work with. It wasn't ideal experience, but it did cut out a lot of the L33t user only effect I've seen from other platforms
  • Lewis Cowles Fallback is perhaps a nice thing to consider with this.
  • Lewis Cowles Token splitting seems to be a way this is approached, but it's difficult compared to having a dedicated structured envelope which is not susceptible/ is less susceptible to user-error (apologies on spelling)
  • Lewis Cowles A search appliance may leak if private information is shareable, however it would be possible to inform the query based on the state of logged-in / has key / part of the permitted

Sebastiaan Andeweg has two protected post mechanisms currently

  • anyone can log in to his site and see all of his checkins, which are not visible publicly
  • posts can be restricted to be visible by specific people after they log in

https://wordpress.org/support/article/content-visibility/

Uses for unlisted posts?

  • Tantek Γ‡elik mentions a reply to a specific post that is not syndicated anywhere and is not in any lists, that is visible only in the context of the post being commented on
  • Lewis Cowles question for Tantek. If there were a mechanism to reference / embed the post being commented on (optionally within an encrypted envelope), would that meet the need?
  • Lewis Cowles so not simplistic enough for me to be reductive

Quill (should) support:

  • Public
  • Unlisted
  • Protected (requires some form of authentication)
  • Private: Only author can see this

Another option could be Encrypted: where it is encrypted with PGP keys, we concluded that this should be a separate option "beyond" private.

Tantek mentioned Keybase: https://github.com/keybase e.g. keybase.io/aaronpk (profiles)

See Also