private posts refer to posts or portions of posts which are private to either the author or to a limited audience chosen or previously approved by the author. Typical silos offer some form of private posts (or messaging, like email). This is a nascent area on the indieweb.
- 1 Use Cases
- 2 IndieWeb Examples
- 3 Silo Examples
- 4 Other Examples
- 5 FAQ
- 6 Brainstorming
- 7 Unsolved issues
- 8 IndieWebCamp Sessions
- 9 See Also
There are numerous use case for private posts, however here we are capturing use-cases raised by active Indieweb community members that wish to selfdogfood such features on their own site.
Allow silo friends to see private posts
From Tom Morris in IRC:
Allowing your Facebook friends to see things where you assume they *don't* have their own domain, and thus you'd need to support some form of Facebook-authentication to verify their identities before showing them the private post(s) you'd like them to see. "Similarly Twitter" friends.
Need to maintain an address book to coordinate identities across various silos, and allow users alternative authentication mechanisms (I'd be inclined to include email). Posts could be shared with individual address-book entries or predefined mailing-lists. Or dynamic lists like "Facebook friends", "Twitter friends" above, or as Aaron suggested, all the h-cards linked to from a webpage like chat-names --Kylewm.com 11:56, 8 May 2014 (PDT)
Tantek on IRC 2014-05-08:
interesting - I think tommorris was putting a bunch of thought into private posts - as he wants to do exactly that (with giving permissions to FB friends). re: address book - the minimal viable address book should be just a list of URLs of people in storage. On top of that, cache their full name and photo from their h-card at their URL (or retrieved by snowflake API from their silo profile URL). everything else should be retrieved dynamically from their personal site / profile URL. apply caching as needed. once you make your addressbook person-URL-centric, then all the permissions stuff becomes super obvious
- tl;dr summary: Use
WWW-Authenticateheaders and a new
<link rel>to signal to readers/subscription engines that there's a mechanism to get a bearer token to present for the subscription, and a subscriber can configure their feed reader to send said token with the request for the feed.
Partial Page Privacy
During IndieWebCamp Online 2014, the question was raised of how to indicate that some or all of a page was not for public consumption.
The Use Case for this came during Ben Roberts's review of his contact page, which displays additional contacts to logged in users. The question was raised of how you would tell a logged in user that you did not want them to share contacts which were not public, as many sites, systems would automatically log in.
The proposed solution was suggested in marking up the information appropriately. Possible parameters might include
- For Eyes Only - Indicating that the information should not be distributed
- For Specified Group - Indicating some group it may be shared with
- The Absence of such markup would suggest public information
Public Page Upgrading
On IRC it was discussed 2015-09-15 about how to indicate the availability of possible private content for authenticated users on an otherwise public page.
It was suggested to respond with a "WWW-Authenticate" header, like the one used in private-webmention, to indicate the upgrade possibility:
It was also discussed that the response could include a unique URL as a rel-self to enable realtime Pubsubhubbub updates on said content.
This would enable block mechanisms based on eg. block lists to advertise both some blocked items to public and additional ones privately to certain trusted users and to have changes propagate in realtime to all clients, such as Webmention endpoints, that might have use for such data to eg. block mentions from being shown.
Sharing only with approved followers
The ability to share posts only with approved followers (instead of publicly viewable) is a common silo feature, either as an aspect of a private account, or sometimes as part of sharing to "friends only".
Such posts are sometimes also called a "follower-only post" or a "follower-only message".
Sharing With Fewer Friends
There are many times when you may want to share something, like something vulnerable, with only a few friends, a small subset of your "friends" on any particular social media or other service.
Thoughts from (unattributed) private (but not person-specific) messages of specific examples of such times, some ambiguities added:
Where does one go / post when one feels lost or in need of connection or understanding?
Where do you post when your significant other breaks up with you and you're friends with them and their friends too on every social network?
Where do you go for support for a problem you're having with someone else in your friend group? Especially when we're so interlinked.
We're so interlinked superficially. Linked yet feeling disconnected.
In public or even friends only posts we are compelled to put on an air of invulnerability, of strength, of bouncing back from anything for fear that if we don't we won't seem attractive to others we may be dating or want to date. Or to get a job or funded or whatever we are seeking approval for.
Should you even use the indieweb / web for this?
How could private posts be better than a simple group txt message where you add the people you want to share, then share?
Or are those the same thing with just different UIs?
Would it be a goal of this use-case to replace group txt messages?
Red Wind has rudimentary support for private posts based on a simple list of the domains of people authorized to view a private post. The posts are viewable only if the IndieAuthed user is in the audience list.Example note from Kyle Mahan's site:
p3k (v1) has support for private posts by specifying a list of the domains of people authorized to view a private post. To view the post, the user must identify themselves with IndieAuth by signing in to the site. After signing in, a session cookie is set which identifies the user.
postly has support for private posts as of 2015-11-30, more data forthcoming.
- Returns HTTP 401 Unauthorized
- Returns WWW-Authenticate: Bearer header
- Returns Link: header for token endpoint, for authentication
- See my private webmention notes for more details
- uid for slug so no private information is leaked through the slug
Becky Stern supports private posts on her site with an "Unlock with Patreon" login wall as of 2019-06-01. These allow her to post backers-only content for her Patreon on her personal site, rather than locking the content to patreon.com. This feature is provided by an official Patreon Connect plugin for WordPress.
- Example post from 2019-06-01
- Posts with Protected visibility only appear if a user is authenticated, but they are unrestricted beyond that.
- Example: Protected Post Example
- Posts with Private visibility only appear if a user is authenticated AND they are in the audience list
- Example: Private Post with Audience Example
- If you want access to the above post for testing purposes, reach out to me in chat
- Example: Private Post with Audience Example
- Currently Eddie supports authentication with his website through IndieAuth
- Other forms of authentication Eddie is working on:
- Email Magic Link
- Twitter Login
Publ also now (as of 2020-08-14) provides a mechanism for retrieving a bearer token to provide to a feed reader; this can be seen on fluffy's site, although at present no known feed readers support this (but it is tested working in cURL, at least).
We can learn from the UI that silos use to present and edit the privacy of posts.
- public (indexable)
- public (no robots / login required)
- friends of anyone person-tagged in the photo
- friends of the author of the photo
- subset of friends (curated whitelist) of the author of the photo
- only the author
When a post is shared with a specific list of friends, a small gear icon appears beside the status. Hovering over it shows a list of names who the post is shared with:
Clicking the icon shows a popover with more information and links to the friends' profiles:
The posts themselves do not have a "private" or not setting per se, but rather as a whole are the same as the privacy of the account. The time of post does not matter, e.g. posts that look private when an account is private are made public when an account is switched the public and vice versa.
You must be logged into Instagram to view private posts (posts from private accounts where you've requested access and they've granted access).
If you are not logged in, when you try to view a private post (e.g. by following a hyperlink to a private post permalink) you may see (as of 2017-01-22) a confusing message like:
Sorry, this page isn't available.
The link you followed may be broken, or the page may have been removed. Go back to Instagram.
On Swarm, people can checkin "off the grid", which shows the checkin only to the user themselves (with a lock-icon).
TODO: find a screenshot of Google+ posts shared publicly as well as with a circle.
Wordpress enables password protected posts Here's an example - note that it leaks the title and the URL. The password is 'indie'
LiveJournal / Dreamwidth
A classic example (and possibly the first): users are able to put their followers into specific friend groups who would have protected access to private posts. On LiveJournal this functionality was rather limited (IIRC, you could only set up one protection group unless you paid money) while on Dreamwidth all users have access to many access groups.
LiveJournal also by default provides you an access group of "friends," which included everyone you followed (the much-more-reasonable inverse of the "followers" group that Mastodon provides); Dreamwidth by default provides two groups, "friends" and "follows."
- Note that my knowledge of LJ is based on having used it not-very-much ages ago, and seeing the interface now would require accepting an objectionable terms of service update. — fluffy
email, email lists
- private cc:/bcc: - author selected group
- private to a list server (listserv) - list maintainer selected group
- does any reader supports reading private posts?
Most of the current attempts at this have been trying to provide feeds that show different contents when fetched with some form of authentication. (e.g. server-indieauth). This is challenging for a number of reasons, and there haven't been many implementations at all yet. Maybe instead we could try a version of friends-only posts that works via WebSub delivery, avoiding the authenticated feed fetching problem entirely.
Private feed for each authenticated
Given that there is a private feed for each authenticated user on each website:
- How does private feed discovery work for readers?
- A "Follow me" or "subscribe" button usually only transfers the current URL to the reader, delegating the feed discovery task (which is necessary, since the feed reader might support one feed format but not the other). The reader will not be authenticated (as it does not have the same cookies or IP as the user), so it will not see the private feed.
- Does PuSH work with private feeds?
- Do you trust your PuSH hub enough to transmit private messages in its fat pings?
- The first two issues might be solvable through the ideas of Public Page Upgrading by upgrading the normal discoverable feed to a private one after authenticating. Kodfabrik.se 11:06, 24 February 2016 (PST)
- the feed can be public without the posts in in being public. Potentially the posts can be linked from the feed, though that may leak timestamp metadata (and content in slugs if you're not careful) Kevinmarks.com 11:10, 24 February 2016 (PST)
- There are also plenty of ways in which the feed URL might be inadvertently shared with others; for example, readers which provide Atom sharing feeds will echo the originating feed's URL in the item, including for public items. So a privileged reader sharing a public item will still expose their private feed URL. This is why I abandoned the idea of per-user feeds in my own work. Beesbuzz.biz (talk) 02:07, 29 June 2020 (PDT)
This requires a bit of thinking to see how we can make this possible with statically generated content (conversations in https://etherpad.indieweb.org/privateposts)
Could be done client-side? Could be done with long URLs that aren't easy to guess/discover (https://indieweb.org/unlisted)?
Jamie Tanna has documented some options and a solution he is planning on building, in https://www.jvt.me/posts/2020/08/26/static-site-private-posts/
- When sending a private message, I don't want to write my contact's domain names but select the target contacts from a list. How can Micropub clients get a list of all contacts and contact groups?
- private account
- iceberg post
- https://github.com/tootsuite/mastodon/issues/712 - Mastodon issue regarding the challenge of a UI (and protocols!) for actually federating private posts (likely because no one has actually made it work, despite a few historical iterations of claims)
- 2010-07-21 Brett Slatkin: PubSubHubbub for Private Feeds (co-author of PubSubHubbub) may have some ideas worth exploring