2019/Brighton/privatepost

Private/Protected Posts was a session at IndieWebCamp Brighton 2019.

Notes archived from: https://etherpad.indieweb.org/privatepost

• Session: Private/Protected Posts
• When: 2019-10-19 15:30
• Video: ▶️40:43s

Participants

• Tantek Çelik
• Rosemary Orchard
• Sebastiaan Andeweg
• Aaron Parecki
• Jack Tomaszewski
• Lewis Cowles (remote)
• David Shanske (remotely lurking)

Notes

Is private or protected a better term?

Silos have turned the term "private" to mean "friends-only"

• "private messages" are misleading
• Discourse calls it "private message"
• Slack/Twitter calls it "direct message"

"cryptographically secure" is sufficient for "private" posts

"protected posts" mean other people can see the posts somehow

• Lewis Cowles Aaronpk shared a great example earlier, which I was able to find a browser addon / extension to work with. It wasn't ideal experience, but it did cut out a lot of the L33t user only effect I've seen from other platforms
• Lewis Cowles Fallback is perhaps a nice thing to consider with this.
• Lewis Cowles Token splitting seems to be a way this is approached, but it's difficult compared to having a dedicated structured envelope which is not susceptible/ is less susceptible to user-error (apologies on spelling)
• Lewis Cowles A search appliance may leak if private information is shareable, however it would be possible to inform the query based on the state of logged-in / has key / part of the permitted

Sebastiaan Andeweg has two protected post mechanisms currently

• anyone can log in to his site and see all of his checkins, which are not visible publicly
• posts can be restricted to be visible by specific people after they log in

https://wordpress.org/support/article/content-visibility/

Uses for unlisted posts?

• Tantek Çelik mentions a reply to a specific post that is not syndicated anywhere and is not in any lists, that is visible only in the context of the post being commented on
• Lewis Cowles question for Tantek. If there were a mechanism to reference / embed the post being commented on (optionally within an encrypted envelope), would that meet the need?
  • publics are the combined set of people who make up the readership or audience of a post https://indieweb.org/publics
• Lewis Cowles so not simplistic enough for me to be reductive

Quill (should) support:

• Public
• Unlisted
• Protected (requires some form of authentication)
• Private: Only author can see this

Another option could be Encrypted: where it is encrypted with PGP keys, we concluded that this should be a separate option "beyond" private.

Tantek mentioned Keybase: https://github.com/keybase e.g. keybase.io/aaronpk (profiles)

See Also

• 2019/Brighton/Schedule