I should have outlined this originally… Likely safer (for Bridgy and the end user) would be to follow the model of posting to WordPress via email (or services like Reading.am which allow posting to it via custom email addresses). Bridgy could provide users with a private hashed email address like 123xyzABC@brid.gy which could be linked to their particular account to which they could manually (or automatically) forward the relevant Facebook notification emails. Upon receipt, Bridgy would know which account sent it and could also match it to the user’s post URL as a check before sending the appropriate webmentions.
This would leave Bridgy free from being the potential source for security leaks and put the onus on the end user. You’d naturally need to have the ability to reset/change the user’s hash in the case that they accidentally allowed their custom email address to leak, although generally this isn’t a huge issue as emails which don’t match the user’s account/endpoints would be dropped and not send webmentions in any case. (In some sense it’s roughly equivalent to my being able to visit https://brid.gy/twitter/schnarfed and clicking on the
Poll now or
Crawl now buttons. It’s doable, but doesn’t give a bad actor much. You’d probably want to rate limit incoming emails to prevent against mass spam or DDoS sort of attacks against Bridgy.)
A side benefit of all of this is that those who have kept their old email notifications could relatively easily get much of their past missing back feed as well. Or if they’re missing back feed for some reason, they could easily get it by re-sending the relevant emails instead of some of the current manual methods. Perhaps allowing preformatted emails with those same manual methods could be used to do back feed for Facebook or other providers as well?
We could also put together some forwarding filters for common platforms like gmail to help people set up autoforwarders with appropriate keywords/data to cut down on the amount of false positive or password containing emails being sent to Bridgy.
The one potential privacy issue to consider(?) is that this set up may mean that Bridgy could be sending webmentions for private messages since users get both private and public message notifications whereas the API distinguished these in the past. To remedy this, the comment URL could be tested to see if/how it renders as a test for public/private prior to sending. Separately, since Bridgy doesn’t need to store or show these messages (for long?), private messages could be sent, but potentially with a payload that allows the receiving end to mark them as private (or to be moderated to use WordPress terminology). This would allow the user’s website to receive the notifications and give them the decision to show or not show them, though this may be a potential moral gray area as they could choose to show responses that the originator meant to be private communication. The API would have prevented this in the past, but this email method could potentially route around that.
Manually testing this on my site generally seems okay, but I think it contains a logic error because it is returning what must be a false positive.
I see the message in the admin UI and can click on the test which returns the message “Alternate Header Found. You are good to go.” However, when attempting to actually log into Monocle, I get the same 403 error saying that it couldn’t find the bearer token, and it won’t let me log in. So obviously I’m not “good to go.”
From a UI perspective something like “Your headers are properly configured and accessible.” may be better than the “You are good to go” which may be a more difficult construction for non-English speakers. Additionally wrapping that message in an anchor that will redirect to their admin UI might be nice.
There’s no reason you can’t have multiple websites. Several of us do it for a variety of reasons:
I’ve been running versions of both for many years and they each have their pros and cons. In terms of IndieWeb support they’re both very solid. Why not try them both for a bit and see which appeals to you more? Depending on your skill level and what you’re looking for in your site you may find one easier to run and maintain than another.
Personally I’ve used WithKnown (I’ve used it for multiple sites since it started) in a more “set it and forget it” mode where I just post content there and worry less about maintenance or tinkering around. On my WordPress site I tend to do a lot more tinkering and playing around, particularly because there is a much larger number of plugins available to utilize without writing any of my own code. Lately I am kind of itching to play around with Drupal again now that it has a pretty solid looking IndieWeb module (aka plugin).
The @unpaywall has a pretty useful web extension for many of these cases: https://unpaywall.org/
Content doesn’t always need to be public. On my WordPress-based commonplace book (aka my website), a huge amount of it is either private or password protected for smaller groups. Would something like that have worked in your case?
I like that old school Blogroll you’ve got! I wish I could have kept mine small enough for a sidebar:
Ben does an excellent job (in a short space) encapsulating what the VC world is and how it works. He also provides some insight into ways forward for those who might want to build businesses or infrastructure that have an indie web flavor.
I agree with him that we should ultimately be looking for more zebras instead of unicorns. This model is a much better method for building value and particularly for building long term societal value.
In sum, Ben seems to be saying that it won’t be easy–but what process of business building ever is? This may seem to paint a less-than-rosy picture, but keep in mind that Ben also doesn’t touch on the sea change of individual people who are personally choosing IndieWeb solutions for their online identities, presences, and communication. And it’s just this audience of people which Jeffrey’s piece was trying to reach out to. At the same time a lot of that audience is also most likely to begin building out businesses based upon these things, and here Ben’s expertise will stand in good stead.
Ultimately I’m sure this technology will continue to build until it reaches a full boil, and this will make it much easier for a wide array of creative and service businesses to be built upon it.
For those considering businesses who’d like a leg up, especially if you’d ever written a Twitter client of any kind, take a look at the Micropub and Microsub concepts. I’ll bet that with some modular pieces (and potentially pre-existing ones), you could add these to that old client and bring it back to life for a growing universe of more than 10,000 active websites and a potential universe of millions more. Based on the reaction to my recent presentation of some example Micropub use cases at a WordCamp, there is a huge group of people who are excited to see and use these tools.
Thanks for writing this all out for us Ben.
Welcome to the IndieWeb Jeff!
Great job David!
To clarify a bit, while I use and promote a lot of the WordPress IndieWeb plugins and often contribute documentation or small bug fixes, I didn’t write or maintain any of them. The bulk of the credit for all that hard work goes to fantastic developers like Matthias Pfefferle, David Shanske, Ryan Barrett, and many others.
I notice you’re a Drupalista. Would it help to know that Kristof De Jaeger has already done a huge amount of the work for you? See: https://www.drupal.org/project/indieweb
And Dries has been writing a lot about it over the past year as well.
Building toward an independent web isn’t something one does overnight anyway. Small incremental steps will eventually win the day. I like the way that Brent Simmons describes what he’s working on and why. Perhaps that could be a useful model in addition to the related idea of itches?
If it helps you might take your passions for “diversity, inclusion, equity & justice” and inject them into the space? I would always welcome help in those areas for the broader community.
I’m not far away over in Pasadena, so I’m sure we’ll bump into each other at upcoming local Camps. Happy to have coffee and chat outside of that. Let me know if you have any Micropub or #IndieWeb related questions.
I’ve got the same Hallmark Channel Christmas movie affliction. I’ve created a list of common Hallmark Movie “things” that I often use as a drinking game, but as you highlight, I really ought to have it as a larger Bingo card. I’ll have to start working on it soon though as I expect this year’s “Countdown to Christmas” will start sometime just after Labor Day.
I do wish you had the time to write the Hallmark Christmas movie book–it would make a fascinating read. I’ll bite at the question about why the “dead parent” is your favorite, but I’d be more interested in your take on the premier of this past years’ Memories of Christmas which breaks some of the traditional molds. Like all the rest of their originals, I’m sure(?) they’ll rerun it in subsequent years.
It turns out I know two of the writers of the Memories of Christmas production. At least one of them mentioned a Hallmark Movie “playbook” though she didn’t indicate if it was one internally created by the network or if it was her own as I suspect that she’s got the same affliction some of us other “fans” do.