Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Private Posts and Sharing #2481

cleverdevil opened this issue Jul 3, 2019 · 1 comment


None yet
2 participants
Copy link

commented Jul 3, 2019

Is your feature request related to a problem? Please describe.

Traditional silos like Facebook, Instagram, and Twitter have the concept of sharing content privately with explicitly defined audiences. This is a problem that the IndieWeb community has been thinking about for some time, and a very common friction point preventing IndieWeb adoption.

Describe the solution you'd like

Known already has the concept of marking specific content as "private," "public," or limiting content to "members only." I would propose adding the concept of "protected" content. Protected content would be available only to those people with whom the content has been explicitly shared. I would propose two ways to identify people that are granted access:

  1. IndieWeb identities. Generally speaking, these would be URLs to IndieWeb websites containing an h-card, and capable of IndieAuth. Once a piece of content is shared with that IndieWeb identity, a notification could optionally be sent via a webmention. Note: that optionality is important in case the content in question is sensitive enough that the author would prefer to send a permalink to the private post in an alternative way. Once one of these people lands on the permalink for the protected content, they would be presented with the option to IndieAuth with the Known site to gain access to the content. Once authenticated, the user would be able to navigate the Known site to see any and all content that they've been granted access to in the past.
  2. Email addresses. There are still, sadly, many people in the world without an IndieWeb presence, so an additional way to share and access content is necessary. I propose that in addition to IndieWeb identities, email addresses could be added to the whitelist for a protected piece of content. Once the content has been published, these email addresses could be sent a notification that includes a "magic link": specially crafted, perhaps expiring, link that can be used to access the content. If one of these users lands on the permalink for the content, rather than via the magic link, they would be presented the option to enter their email address to receive a new magic link.

With this mechanism in place, Known users could replicate the use case that many people use Facebook for, and make better use of their personal websites.

Describe alternatives you've considered

  • Private links – More of a "security through obscurity" method. I am not a huge fan of this approach as magic links aren't much harder, and are much more explicit and secure.
  • Adding members – I could just add all of the people I want to share with to my Known site as members, but this would be a solution that only works with Known. Instead relying on IndieAuth, other IndieWeb community members could implement the same notions for their own sites.

Additional context

  • Once this concept is implemented, Known could also add support for the emerging AutoAuth extension to IndieAuth, enabling social readers to subscribe to private content.
  • For sharing targets (both IndieWeb identities and email addresses), it would be nice to have the ability for these identities to be persisted in Known for future sharing and for the creation of groups ("Friends," "Family," "Coworkers," "Neighbors," etc.) to make sharing with larger audiences more convenient.
  • In addition, it would be fantastic if there was a way for a user to send a specially crafted webmention to a Known site to ask to be added as a "contact" or a "friend" to this address book. Think of this like a "friend request" in traditional silos. The Known user would see these requests in their notifications, and from there they would be able to accept or deny the request (perhaps sending a webmention in response), and would be able to put these identities into their groups.

This comment has been minimized.

Copy link

commented Jul 11, 2019

Unlisted posts, yes. See #937.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.