subdomain

From IndieWeb


A subdomain typically refers to a domain with one more "name(dot)" component than that which someone actually has registered which is often seen indieweb sites with a family name domain like joel(dot)franusic(dot)com, or on silos like matt(dot)wordpress(dot)com, or sometimes for hosting files elsewhere like images.yourdomain.

Most writing about IndieWeb assumes people will have their own second-level domain, like tantek.com, used just for themselves.

Why

  • family-name domains. If you are able to register your family-name as a domain, you may want to use a subdomain for your given-name.
  • multi-hosting. You may want to host portions of your site (like large static files like images, video, audio) on a separate hosting service than the rest of your (text, HTML, CSS, JS) site, e.g. on a images. or media. subdomain rather than say, directly embedding AWS URLs in your images, for easier migration of such files/resources (without having to change all your content linking/embedding them).
  • staging. You may want to live test an update to your site before deploying to your main domain, and some use staging. or test. or sometimes dev. subdomains to test new or experimental updates to a site before deploying it to the main domain.

Deprecated:

  • www. Some sites use a "www." subdomain to indicate their website. This is redundant as anything served over http(s) is already a website.
  • blog. or other function-based differences. Some sites use a "blog." subdomain to indicate their blog. This has bad security properties since it is not the same origin as other things on your site. Instead, use a subdirectory like /blog/.
    One possible reason for this if you are using a completely different hosted-CMS service for your blog (like WordPress.com or micro.blog) and don't want to put your entire domain on that hosted CMS service.

IndieWeb Examples

Joel Franusic

Joel Franusic uses joel.franusic.com as a way to separate given and family names, thus allowing for other subdomains for other Franusic family members.

Ben Roberts

Ben Roberts uses ben.thatmustbe.me - likely as a "domain hack" that reads as an English sentence.

David Shanske

David Shanske uses david.shanske.com as a way to separate given and family names.

Martijn van der Ven

Martijn van der Ven used martijn.vanderven.se for a while but went back to using a path. Other family members are still on subdomains.

Lewis Cowles

Lewis Cowles has many non-canonical websites linking to their domain using the canonical representation tag to denote their primary, and legacy domain. lewis.cowles.uk is their attempt to have a longer-term and perhaps more accurate representation of their current nation, family name and their own name, separated as a subdomain from their family domain.

Silo Examples

The following silos give users subdomains:

The following silos used to use subdomains but switched away:

  • Slack used to use a per-team/community subdomain but, in 2019, switched to hosting everything under a single multi-tenant app.slack.com endpoint.
This was for multiple reasons, the largest/most publicized one being for some of their performance improvements (since now multiple "teams" can share resources and a JS interpreter/Electron context/etc. for a single user on multiple teams). This also has some positive privacy side-effects:
  • Monitored networks can no longer trivially see which Slack communities someone is connected to (via packet inspection), since all identifying components of URIs are behind a TLS session
  • A network can't firewall off specific communities without removing access to all of Slack

Service Examples

Services that use or used subdomains and have switched to using paths instead or vice-versa.

Former service subdomain examples

In 2022, Google switched their Maps service from using a subdomain to using a path:

  • 2022-11-24 Smart Move, Google

    … maps.google.com now redirects to google.com/maps. This implies that the permissions I give to Google Maps now apply to all of Googles services hosted under this domain

Subdomain advantages disadvantages

Pros:

  • reduced cost and admin effort
  • each subdomain can be hosted at a different provider, allowing more flexibility for each person on the domain

Cons:

  • In a hypothetical example of alice.example.com, alice is dependent on example.com, although the dependency can potentially be very small, with example.com just managing a DNS "A" record for alice, pointing to alice's server.

Path alternative

Example: http://example.com/alice instead of http://alice.example.com/

If you use a URL with a path as your identity, your identity is vulnerable to the owner of the domain, and that any other site/path at that domain has CORS access to your identity.

If you are the owner of the domain, you should just use it directly without a path.

If you cannot or do not want to use just your domain, consider a subdomain instead of a path.

Path alternative advocates claim:

  • Advantage of path alternative: reduced cost and admin effort

However there is no escaping the downsides of path based identity:

  • Disadvantage: alice is locked into example.com; there's no way alice can leave.
  • Disadvantage: example.com can't allow alice to host arbitrary content without endangering their other users, because of the browser same-origin policy.

Indieweb Path Examples

  • Known multi-user sites provide paths instead of subdomains, because the configuration challenge for users to set up wildcard subdomains on shared hosts is too great. This is one challenge associated with shared hosting.
  • Martijn van der Ven has his identity at https://vanderven.se/martijn/.

Silo Path Examples

The following silos give paths to users instead of subdomains:

Other Path Examples

The following other sites use paths instead of subdomains:

  • Google Maps uses (since 2016-11-??) www.google.com/maps instead of maps.google.com which it used from launch 2015-02-08 until 2016-10-??, and which now redirects to www.google.com/maps.
  • ...

Former Silo Path Examples

The following silos used to use paths for identity, and explicitly switched to using subdomains:

Conclusion

It seems okay to use subdomains for personal profiles as long as the 2nd-level domain holder makes a sufficient guarantee of subdomain portability. That is, they must let users change their DNS "A" records in perpetuity for no more than a minimal charge.

This seems reasonable with families, and perhaps also with fraternities, colleges, and other organizations to which one naturally has a life-long membership.

At some point, there may be companies willing to offer this kind of service with a plausible very-long-term commitment.

Note that taking advantage of free hosting that offers free subdomains leaves a lot of control of the domain in the hands of the host, putting your url at risk of a whole lot of things. Similarly, universities, etc, tend to not provide long-term stability.

Avoid www subdomain

Avoid using "www." on your domain.

  • It introduces an unnecessary security scoping (see above)

See Also