From IndieWeb

State of IndieWeb Privacy was a session at IndieWebCamp SF 2014.

Notes archived from: https://old.etherpad-mozilla.org/indiewebcamp-indiepriv

When: 2014-03-07 15:30



P3K Private Messaging

  • if you hit an url, get HTTP 401, indicating auth required
  • http://aaronparecki.com/ - you can sign in on homepage, doesn't do anything different unless you have been authed for the item
  • bear: should not issue 401, should issue 404 so that you don't disclose information to potential attackers
  • bear: should have logging of access for auditing
  • Reply is just a webmention, but server would need to auth to your server; act on your behalf
  • Demo: adds pauloppenheim.com to a private post

Other Solutions

  • PGP: exchange of messages (Sandeep Shetty & Aaron)
  • Johannes: edge case: don't move the data, one server, family usecase
  • Identity - parents may control child access, but now more often still sep ident
  • Johannes: show "read" status? what if my machine reads it?
  • iMessage - difference between sent to device and read by a human
  • @gasull: bitmessage


  • Server to server - Johannes: ideal

Use Cases

  • There are lots of solutions for sending text and photos right now (SMS, iMessage, Google Hangouts, Instagram DMs, etc)
  • This gets more interesting when talking about sharing other content types, such as a live map
  • Your bank statement is available, log in to view it
  • Your lab results are in, log in to view
  • Aggregate credit card statements to budget on a category across multiple accounts

Out of time