Region: New York

Map

Brainstorming on Implementing Vouch, Following and Blogrolls

Vouch is an extension to the webmention protocol. Webmentions usually have two parameters…source and target. Target is the URL on your website  that the Source URL is linking to.

The vouch parameter is a third URL to help the target determine whether or not they should accept the webmention. This should block automated spam and aid in moderation.

Several people have implemented receiving vouches. It is relatively easy  to look at a vouch URL and see if it links to a third-party who you have approved of in the past.  While there are more advanced things you can do, that is the basic summary of the protocol.

The harder part, and less implemented by others is sending of vouches. Where do you find people who have been approved by people you have approved of? It would really help if we had some more discussion on this.

So, at the Indieweb Summit, we talked about this a bit, after which I implemented a primitive Vouch receiver. My solution was to use a manually curated domain whitelist that I’d previously built as my source for acceptable domains.

There are some suggestions on where to get this list. Several people generate a list from referrers. This sent me down the road of looking as to whether I’d want to implement refbacks to add more mentions to my website…except there is a lot of noise. Refbacks are basically the same as webmentions, except the source is gleaned from the  referrer header that sites send when a page is accessed.

Even if I  have a list of sites that I approve of, I would have to crawl them to find links from them to other sites. So, I think we should all help each other out on this.

That means we need to post our list of approved domains somewhere on our site. That used to be quite popular. It was called a Blogroll. It was sites you read, followed, or recommended. There are other terms for it. But, this is a perfect place to get a nice list, and if we publish them, then we can help the Vouch cause.

But the problem is, how do you tell a Vouch receiver where your list is. There are some brainstorming items about blogrolls and following/follower lists

  • Follower lists marked up with rel=”follower” or rel=”following”
  • Contact lists marked up with rel=”contact”
  • Follow Posts marked up with u-follow-of

Follow posts would create an h-feed of follow posts that could be used to generate a list. You can have a specific page on your website, but there isn’t a way to indicate this to someone looking for it.

There is rel-directory, which is the reverse direction. It indicates that the link is to a directory in which the current page is listed. What we seem to be missing is a property that says that a page is a feed of followers that can be placed inside an h-card or on a home page.

u-follow-of is a proposed property that indicates that an h-entry is considered a follow post, which is a post indicating you have followed someone, then a feed of follow posts could be parsed and read by a reader. If you add in the XFN relationships to that, you can build even more detail.

The reverse relationship would, in theory, be u-follow, which would be a URL to the follow post of the current URL(the thing being followed).

Feeds are identicated by rel=”feed” to link from your homepage to those feeds. But there is a lack of indicating what type of feed it is, such as rel=”blogroll” or rel=”following”.  I’m not sure, and need more discussion about what to use for this.

But, this has the ability to solve a lot of problems. Imagine I…

  • Post Follow posts when I follow someone
  • Use this to generate a blogroll/followers list
  • Send webmentions when I follow someone so they can build relationships
  • Use that list as a vouch list. Use other people’s blogrolls/followers lists as a means to generate vouch lists…which reduces the implementation cost of Vouch.

Needs work, but suddenly I want to do Follow posts.

Privacy

I admit to a certain amount of frustration on the subject of privacy lately. It seems, in all aspects of my life, both personal and professional, the new data privacy regulations that the EU rolls out May 25th are a theme in every discussion.

I don’t live in the EU, and I know that the European view on privacy is very different than the American one. Anything I say below is my opinion.

I am also an archivist and librarian by education, if not by profession. We learn about the past by reading the materials of the day. The fact that email is so easy to keep and delete makes things difficult for us to archive for the future. Does the right to privacy mean we lose the ability to look back, because we don’t want to remember?

Historical concerns aside, let’s think about today. In the majority of states in the US, only one party partipating in a phone call is required to record a conversation and even post it. Privacy is very lopsided. There is no such thing as absolute privacy.

For me, keeping a copy of communications I was a party to is perfectly acceptable. My website is where I keep my copy. It is not covered by privacy regulations. I have no business agenda there. I will not sell your data or use it for anything else but archiving that conversation.

The thorny issue is whether or not I have the right to display that information publicly. This is because I am, in some cases, copying that data from another service. For example, Twitter or Facebook. Those services got permission to store that information and you have the right to manage it. But you may not know that I have copied it to ask me to remove the public display of your image.

But how is that different than someone creating a screenshot of the post? Which was public information at the time?

As a private individual, I think it is mandatory that I post a policy about what I do. And that I will hide or remove information on request. As a developer of Indieweb tools, I think I should give people the option to not store information if they so choose.

So, I am going to build the tools for people to not collect data. I am going to stop what I am working on and do some of this right now. But I still will. I am going to try to better secure that data. I am going to be clearer about it. That is the lesson I can take away from this and should. That we need to think about privacy impact.

I hope those who are more concerned about this tell me through my site they don’t want me to share our public conversations that they were happy to put in a public forum. I will then restrict them to my eyes only.

In Indieweb terms, I support webmention deletion. If the original source changes and you send a webmention, my site should remove or update my copy.

Disclosure: Your responses to this may be captured for archival purposes. Please advise me if there is an issue.