Private/Protected Posts was a session at IndieWebCamp Brighton 2019.
Notes archived from: https://etherpad.indieweb.org/privatepost
- Session: Private/Protected Posts
- When: 2019-10-19 15:30
- Video: ▶️40:43s
- Tantek Çelik
- Rosemary Orchard
- Sebastiaan Andeweg
- Aaron Parecki
- Jack Tomaszewski
- Lewis Cowles (remote)
- David Shanske (remotely lurking)
Is private or protected a better term?
Silos have turned the term "private" to mean "friends-only"
- "private messages" are misleading
- Discourse calls it "private message"
- Slack/Twitter calls it "direct message"
"cryptographically secure" is sufficient for "private" posts
"protected posts" mean other people can see the posts somehow
- Lewis Cowles Aaronpk shared a great example earlier, which I was able to find a browser addon / extension to work with. It wasn't ideal experience, but it did cut out a lot of the L33t user only effect I've seen from other platforms
- Lewis Cowles Fallback is perhaps a nice thing to consider with this.
- Lewis Cowles Token splitting seems to be a way this is approached, but it's difficult compared to having a dedicated structured envelope which is not susceptible/ is less susceptible to user-error (apologies on spelling)
- Lewis Cowles A search appliance may leak if private information is shareable, however it would be possible to inform the query based on the state of logged-in / has key / part of the permitted
Sebastiaan Andeweg has two protected post mechanisms currently
- anyone can log in to his site and see all of his checkins, which are not visible publicly
- posts can be restricted to be visible by specific people after they log in
Uses for unlisted posts?
- Tantek Çelik mentions a reply to a specific post that is not syndicated anywhere and is not in any lists, that is visible only in the context of the post being commented on
- Lewis Cowles question for Tantek. If there were a mechanism to reference / embed the post being commented on (optionally within an encrypted envelope), would that meet the need?
- Lewis Cowles so not simplistic enough for me to be reductive
Quill (should) support:
- Protected (requires some form of authentication)
- Private: Only author can see this
Another option could be Encrypted: where it is encrypted with PGP keys, we concluded that this should be a separate option "beyond" private.