Warning signs with social media platforms


In the aftermath of the issues with the major social media platforms, there have been a number of initiatives to reclaim social networking in a way that makes sense for people, with safety and personal control being at the forefront of a lot of peoples' minds.

However, many of these initiatives which have often showed up out of the blue have a bunch of red flags, and somehow people aren’t noticing them when they decide to commit wholeheartedly to a new platform. I think it’s worth sharing some of those warning signs, as someone who’s been around the block a few times.

Read more…

đź’¬ Re: Mastodon is the new Google Reader Notes


In reply to: Re: Mastodon is the new Google Reader

Why use ActivityPub when RSS still exists, and when IndieWeb adds social functionality to traditional, non-ActivityPub blogging?

Even at its best, ActivityPub is a very difficult standard to implement, with a lot of really hairy edge conditions and an at-best-mediocre experience for things that don’t fit neatly into its model, and Mastodon’s particular implementation of ActivityPub isn’t, y'know, great. (And I’ve written a bunch more about my thoughts on this as well.)

Basically I’d love to see more people support IndieWeb, using RSS/Atom and ideally also h-feed as the syndication formats, and to that end, I’d say that micro.blog is a better choice of “new Google Reader.”

I’m warming up to ActivityPub


While Publ is still going to be an IndieWeb-first platform (simply because it’s so much easier to integrate – having modular Lego bricks and a pick-and-choose functionality set that is as simple as adding it to one’s HTML templates is a very compelling approach), I’ve had some good discussions regarding ActivityPub lately and it’s starting to seem a bit more possible to add that as an add-on for Publ.

Read more…

A long-winded IndieWeb ramble I wrote on the train back from Portland


(This is a somewhat-edited version of a disconnected ramble I posted on Twitter/Mastodon while on the train home today. I feel like putting this somewhere that I own it, but am not in a good enough mental state to actually write it properly.)

Yesterday at IndieWeb Summit, someone – Aaron, I believe – mentioned that one of the big differences between IndieWeb initiatives and ActivityPub is that IndieWeb is made up of simple building blocks you can pick and choose while ActivityPub frontloads a lot of complex work. This is a sentiment I very much agree with and it’s unfortunate that the main reason Mastodon switched from OStatus (which is very IndieWeb-esque) is because it made it slightly less inconvenient to pretend to have private posts. Which aren’t even implemented that well.

Mastodon’s “private” posts really suck from a bunch of standpoints. There’s no ability to backfill or even view on web without being on the same instance, and Mastodon’s actual privacy controls go in the wrong direction, so it’s still necessary for a separate vent account. As usual I don’t know if this is a problem with ActivityPub itself, or an artifact of how Mastodon shoehorned its functionality into ActivityPub, but either way, the end result is that Mastodon’s post privacy isn’t really all that useful, nor is it really all that private.

So, right now ActivityPub is the darling of the fediverse, but I’m hoping that the current push toward AutoAuth and trying to use it as a basis for private webmentions and the obvious next steps of private feeds and private WebSub will change that. I do worry that IndieAuth/AutoAuth are kind of hard to do in piecemeal ways though (well, okay, IndieAuth becomes really easy using IndieLogin but I don’t want to see a single endpoint become what everyone on the Internet relies on). And of course once you get into an integration between auth stuff and content stuff you also need to worry a lot more about content management and how it integrates, as well as this seeming fundamentally incompatible with static site generation.

At the Summit there was definitely a lot of compromise that people were doing, such as using Javascript libraries to introduce externally-hosted dynamic IndieWeb stuff onto statically generated pages. I think in this world where SSGs can be supplemented with third-party endpoints that use client-side JavaScript there could be a world where some level of privacy can happen via clever use of client-side includes of data at non-public unguessable URLs. (Although the ideal solution for that is to use the third-party APIs to generate webhooks that then trigger a file change → git commit → commit hook → build/redeploy.)

Non-public unguessable URLs aren’t great for privacy in general (and I mean, Publ has had “privacy through obscurity” since day one and there’s several reasons why I rarely use it anyway) but it’s at least better than nothing.

Read more…