2014/SF/indiepriv

State of IndieWeb Privacy was a session at IndieWebCamp SF 2014.

Notes archived from: https://old.etherpad-mozilla.org/indiewebcamp-indiepriv

When: 2014-03-07 15:30

Participants

• Paul Oppenheim http://pauloppenheim.com - no idea how this works, want info!
• ...

Notes

P3K Private Messaging

• if you hit an url, get HTTP 401, indicating auth required
• http://aaronparecki.com/ - you can sign in on homepage, doesn't do anything different unless you have been authed for the item
• bear: should not issue 401, should issue 404 so that you don't disclose information to potential attackers
• bear: should have logging of access for auditing
• Reply is just a webmention, but server would need to auth to your server; act on your behalf
• Demo: adds pauloppenheim.com to a private post

Other Solutions

• PGP: exchange of messages (Sandeep Shetty & Aaron)
• Johannes: edge case: don't move the data, one server, family usecase
• Identity - parents may control child access, but now more often still sep ident
• Johannes: show "read" status? what if my machine reads it?
• iMessage - difference between sent to device and read by a human
• @gasull: bitmessage

talking

• Server to server - Johannes: ideal

Use Cases

• There are lots of solutions for sending text and photos right now (SMS, iMessage, Google Hangouts, Instagram DMs, etc)
• This gets more interesting when talking about sharing other content types, such as a live map
• Your bank statement is available, log in to view it
• Your lab results are in, log in to view
• Aggregate credit card statements to budget on a category across multiple accounts

Out of time