private posts refer to posts or portions of posts which are private to either the author or to a limited audience chosen by the author. Typical silos offer some form of private posts (or messaging, like email).This is a nascent area on the indieweb.
There are numerous use case for private posts, however here we are capturing use-cases raised by active Indieweb community members that wish to selfdogfood such features on their own site.
Allow silo friends to see private posts
From Tom Morris in IRC:
Allowing your Facebook friends to see things where you assume they *don't* have their own domain", and thus you'd need to support some form of Facebook-authentication to verify their identities before showing them the private post(s) you'd like them to see. "Similarly Twitter" friends.
Need to maintain an address book to coordinate identities across various silos, and allow users alternative authentication mechanisms (I'd be inclined to include email). Posts could be shared with individual address-book entries or predefined mailing-lists. Or dynamic lists like "Facebook friends", "Twitter friends" above, or as Aaron suggested, all the h-cards linked to from a webpage like irc-people --Kylewm.com 11:56, 8 May 2014 (PDT)
Tantek on IRC 2014-05-08:
interesting - I think tommorris was putting a bunch of thought into private posts - as he wants to do exactly that (with giving permissions to FB friends). re: address book - the minimal viable address book should be just a list of URLs of people in storage. On top of that, cache their full name and photo from their h-card at their URL (or retrieved by snowflake API from their silo profile URL). everything else should be retrieved dynamically from their personal site / profile URL. apply caching as needed. once you make your addressbook person-URL-centric, then all the permissions stuff becomes super obvious
Partial Page Privacy
During IndieWebCamp Online 2014, the question was raised of how to indicate that some or all of a page was not for public consumption.
The Use Case for this came during Ben Roberts's review of his contact page, which displays additional contacts to logged in users. The question was raised of how you would tell a logged in user that you did not want them to share contacts which were not public, as many sites, systems would automatically log in.
The proposed solution was suggested in marking up the information appropriately. Possible parameters might include
- For Eyes Only - Indicating that the information should not be distributed
- For Specified Group - Indicating some group it may be shared with
- The Absence of such markup would suggest public information
Public Page Upgrading
On IRC it was discussed 2015-09-15 about how to indicate the availability of possible private content for authenticated users on an otherwise public page.
It was suggested to respond with a "WWW-Authenticate" header, like the one used in private-webmention, to indicate the upgrade possibility:
It was also discussed that the response could include a unique URL as a rel-self to enable realtime Pubsubhubbub updates on said content.
This would enable block mechanisms based on eg. block lists to advertise both some blocked items to public and additional ones privately to certain trusted users and to have changes propagate in realtime to all clients, such as Webmention endpoints, that might have use for such data to eg. block mentions from being shown.
Red Wind has rudimentary support for private posts based on a simple list of the domains of people authorized to view a private post. The posts are viewable only if the IndieAuthed user is in the audience list.Example note from Kyle Mahan's site:
p3k (v1) has support for private posts by specifying a list of the domains of people authorized to view a private post. To view the post, the user must identify themselves with IndieAuth by signing in to the site. After signing in, a session cookie is set which identifies the user.
postly has support for private posts as of 2015-11-30, more data forthcoming.
- Returns HTTP 401 Unauthorized
- Returns WWW-Authenticate: Bearer header
- Returns Link: header for token endpoint, for authentication
- See my private webmention notes for more details
- uid for slug so no private information is leaked through the slug
We can learn from the UI that silos use to present and edit the privacy of posts.
- public (indexable)
- public (no robots / login required)
- friends of anyone person-tagged in the photo
- friends of the author of the photo
- subset of friends (curated whitelist) of the author of the photo
- only the author
When a post is shared with a specific list of friends, a small gear icon appears beside the status. Hovering over it shows a list of names who the post is shared with:
Clicking the icon shows a popover with more information and links to the friends' profiles:
TODO: find a screenshot of Google+ posts shared publicly as well as with a circle.
Wordpress enables password protected posts Here's an example - note that it leaks the title and the URL. The password is 'indie'
email, email lists
- private cc:/bcc: - author selected group
- private to a list server (listserv) - list maintainer selected group
- does any reader supports reading private posts?
Private feed for each authenticated
Given that there is a private feed for each authenticated user on each website:
- How does private feed discovery work for readers?
- A "Follow me" or "subscribe" button usually only transfers the current URL to the reader, delegating the feed discovery task (which is necessary, since the feed reader might support one feed format but not the other). The reader will not be authenticated (as it does not have the same cookies or IP as the user), so it will not see the private feed.
- Does PuSH work with private feeds?
- Do you trust your PuSH hub enough to transmit private messages in its fat pings?
- The first two issues might be solvable through the ideas of Public Page Upgrading by upgrading the normal discoverable feed to a private one after authenticating. Kodfabrik.se 11:06, 24 February 2016 (PST)
- the feed can be public without the posts in in being public. Potentially the posts can be linked from the feed, though that may leak timestamp metadata (and content in slugs if you're not careful) Kevinmarks.com 11:10, 24 February 2016 (PST)
- When sending a private message, I don't want to write my contact's domain names but select the target contacts from a list. How can Micropub clients get a list of all contacts and contact groups?