2014/SF/indiepriv

 State of IndieWeb Privacy  was a session at IndieWebCamp SF 2014.

Notes archived from: https://old.etherpad-mozilla.org/indiewebcamp-indiepriv

When: 2014-03-07 15:30

Participants

 * Paul Oppenheim http://pauloppenheim.com - no idea how this works, want info!

P3K Private Messaging

 * if you hit an url, get HTTP 401, indicating auth required
 * http://aaronparecki.com/ - you can sign in on homepage, doesn't do anything different unless you have been authed for the item
 * bear: should not issue 401, should issue 404 so that you don't disclose information to potential attackers
 * bear: should have logging of access for auditing
 * Reply is just a webmention, but server would need to auth to your server; act on your behalf
 * Demo: adds pauloppenheim.com to a private post

Other Solutions

 * PGP: exchange of messages (Sandeep Shetty & Aaron)
 * Johannes: edge case: don't move the data, one server, family usecase
 * Identity - parents may control child access, but now more often still sep ident
 * Johannes: show "read" status? what if my machine reads it?
 * iMessage - difference between sent to device and read by a human
 * @gasull: bitmessage

talking

 * Server to server - Johannes: ideal

Use Cases

 * There are lots of solutions for sending text and photos right now (SMS, iMessage, Google Hangouts, Instagram DMs, etc)
 * This gets more interesting when talking about sharing other content types, such as a live map
 * Your bank statement is available, log in to view it
 * Your lab results are in, log in to view
 * Aggregate credit card statements to budget on a category across multiple accounts

Out of time