We’re both looking forward to seeing those of you who can join us in Portland.
Checked into Bistro Burger
Ryan Barrett, the man behind Bridgy and someone I probably pester entirely too often, announced on Thursday that he was shuttering Bridgy for Facebook entirely, as recent Facebook API changes had made it impossible for the service to work.
So now, if I want to post to Facebook, I would have to do so myself. I’m not sure I always want to do that, so you might see even less of me there. Sometimes, I likely will. And I won’t be able to save the interactions unless I manually save them.
Oh, well. Guess there is always Twitter.
While this is very WordPress centric, there are a lot of discussions here relevant to a broader Indieweb audience about adding new types of posts to your site, trying to design things flexibly(although a developer’s guide is probably needed), etc.
Links
- Do I know anyone interested in building #indieweb tech or federated services? I’m having trouble conceptualizing some things without having people to bounce ideas off of. https://twitter.com/davidlaietta/status/995485455675162626 That’s what this is all about! I have always been an outsider to that community and want to find good ways to enter and get involved, but I am also trying to find ways to make ActivityPub based projects more accessible to the average web user.
- IndieWeb Summit https://2018.indieweb.org/
Disclaimer: Some of this is my interpretation and opinion. Anything technical is a fact as I understand it.
A webmention consists of two properties. A source URL and a target URL. So, when I link to a page on another site, a webmention is sent to that page if it supports it, telling it that I linked to it. The webmention plugin on the target side then generates and displays a link showing that site name(which it extracts from the title of the page) linked to that posts. Even under GDPR, linking to another site is not a personal data violation. Therefore, that is fine.
Now, there is a debate as to whether storing the IP address of the webmention is storing data. Webmention doesn’t actually need to do it…but WordPress does it for new comments by default. WordPress itself is looking into anonymizing that data to avoid the issue, and even though I myself don’t agree with that interpretation of the GDPR for personal use, as it doesn’t add anything to the presentation, I was going to, when the new functions are added, ensure they are applied to webmentions, which is a type of comment.
If you are concerned about data collection, the second plugin, Semantic Linkbacks, which is separate, is not required. But, I think the experience of Semantic Linkbacks is worth installing. Semantic Linkbacks reads the URL of the page that sends you the webmention for more information.
So that means it goes and looks at your page for your site name and author name, and instead of the generic page title, it tries to format your webmention as a better comment. It finds the name of the author of the page, the site name, title, etc.
But, webmentions require affirmative action. You have to link to me. Someone has to send one. If you didn’t want that outcome, why install the plugin that has this feature? So, if you have a privacy policy, you probably should outline that you receive webmentions and what you do with them…namely, display them.
So, the data that Semantic Linkbacks extracts does include information if your site is marked up to support it. So, if your author image is marked up as such, it will note this so it can display it. The image on your site is one you yourself chose to represent you. Same with the other information. It is basically trying to represent the link you made to the site accurately.
Any site that receives webmentions should respect any request to remove their display or purge the information. But webmention itself allows for this. If you send another webmention, it will update. So, if you take down the page, send another webmention and it will purge the comment. There’s even a form built into the Webmention plugin for that.
Under GDPR t0 my understanding, you have a right to see what data a site has on you and get a copy of it…we have that covered because the data is a copy of the page you yourself created. You have the right to correct incorrect data…there’s the update webmention functionality.
And if we didn’t, WordPress is building in tools for data export, deletion, and anomymization…regrettably though, they use email address as a way to extract comment and user data…something the plugin doesn’t collect.
I won’t speak for Matthias Pfefferle, who authored the plugin and has been kind enough to put up with my submissions to it, but he’s given me the impression that he takes this very seriously. And even though I don’t agree with the way people seem to be applying GDPR concerns to this, I respect their concerns enough to try to address them through plugin enhancements that will allow better controls over this.
As another side note, the WordPress Core team, who is scrambling to add GDPR tools to WordPress itself, didn’t consider Pingbacks and Trackbacks, built into WordPress, to be something to address as a GDPR concern to my knowledge. Webmention functions the same way as those two in terms of what it does, although it is a newer specification.
With the GDPR regulations coming into effect in Europe May 25th, privacy seems to be on everyone’s mind. This week, we tackle what webmentions are, using them for backfeed, and the privacy implications.
- The Indieweb Privacy Challenge: https://sebastiangreger.net/2018/05/indieweb-privacy-challenge-webmentions-backfeeds-gdpr/
- Webmention Specification http://webmention.net
Related IndieWeb wiki pages
- Principles https://indieweb.org/principles
- Webmention https://indieweb.org/webmention
- Privacy https://indieweb.org/privacy
- GDPR https://indieweb.org/GDPR
Privacy
I don’t live in the EU, and I know that the European view on privacy is very different than the American one. Anything I say below is my opinion.
I am also an archivist and librarian by education, if not by profession. We learn about the past by reading the materials of the day. The fact that email is so easy to keep and delete makes things difficult for us to archive for the future. Does the right to privacy mean we lose the ability to look back, because we don’t want to remember?
Historical concerns aside, let’s think about today. In the majority of states in the US, only one party partipating in a phone call is required to record a conversation and even post it. Privacy is very lopsided. There is no such thing as absolute privacy.
For me, keeping a copy of communications I was a party to is perfectly acceptable. My website is where I keep my copy. It is not covered by privacy regulations. I have no business agenda there. I will not sell your data or use it for anything else but archiving that conversation.
The thorny issue is whether or not I have the right to display that information publicly. This is because I am, in some cases, copying that data from another service. For example, Twitter or Facebook. Those services got permission to store that information and you have the right to manage it. But you may not know that I have copied it to ask me to remove the public display of your image.
But how is that different than someone creating a screenshot of the post? Which was public information at the time?
As a private individual, I think it is mandatory that I post a policy about what I do. And that I will hide or remove information on request. As a developer of Indieweb tools, I think I should give people the option to not store information if they so choose.
So, I am going to build the tools for people to not collect data. I am going to stop what I am working on and do some of this right now. But I still will. I am going to try to better secure that data. I am going to be clearer about it. That is the lesson I can take away from this and should. That we need to think about privacy impact.
I hope those who are more concerned about this tell me through my site they don’t want me to share our public conversations that they were happy to put in a public forum. I will then restrict them to my eyes only.
In Indieweb terms, I support webmention deletion. If the original source changes and you send a webmention, my site should remove or update my copy.
Disclosure: Your responses to this may be captured for archival purposes. Please advise me if there is an issue.
You use the WordPress suite of plugins. And being as I’m as regular contributor, there are a few ideas I’ve floating that I think are a good start, and invite you to contribute more.
- Add text to the Webmention form that explains how to use it to delete a mention. Since the form can be used without supporting webmentions on your own site, this is something that should be made clear.
- Add Setting to not display avatar/photo
- Add ability to edit mentions, to correct inaccurate data.
- Add setting to store more/less data.
- Add privacy policy to plugin for those who install it and add text/link to webmention form.
- Explain how to request a takedown of information.
- Periodically poll/refresh sources.
- Allow a different level of processing for ‘native’ webmentions vs backfeed run through a service like Bridgy.
This doesn’t solve all of the problems necessarily, but I think these ideas are a good faith effort in that direction.
The eighth annual gathering for independent web creators of all kinds, from graphic artists, to designers, UX engineers, coders, hackers, to share ideas, actively work on creating for their own personal websites, and build upon each others creations.
The current podcast feed on this site can be found in a variety of ways.
- Audio Posts on this Site – This is a feed of all my audio posts.
- An Indieweb Podcast – I have something called Series on my site, so this is the feed for this as a series. I probably should have a feed called Podcast.
Co-Host: Chris Aldrich of Boffosocko.com
Show Notes
Facebook has announced ending publishing by API…and David is thinking about what it means for the community and his current project.
- Facebook is ending posting via API on August 1, 2018 https://developers.facebook.com/blog/post/2018/04/24/new-facebook-platform-product-changes-policy-updates/
- Bridgy Announces the coming changes: https://snarfed.org/2018-04-26_bridgy-publish-for-facebook-shuts-down-in-august
- Buffer responds, but then checks itself: https://twitter.com/buffer/status/988915108620505088
- I’m done with Syndication. Let’s help people be themselves on the web. By Ben Werdmuller https://werd.io/2018/im-done-with-syndication-lets-help-people-be-themselves-on
- Deprecating and Replacing Bridgy Publish for WordPress by David Shanske https://david.shanske.com/2018/04/28/deprecating-and-replacing-bridgy-publish-for-wordpress/
History:
ThinkUP from Anil Dash and Gina Trapani ultimately died trying to fight the API wars with various social silos. They spent all their time trying to keep up with no guarantee that the silos would cooperate. All their engineering resources were spent trying to keep up instead of innovating on a stable platform.
Related IndieWeb wiki pages
- crossposting
- POSSE
- PESOS
- Manual until it hurts
- Brid.gy Publish
WordPress Plugins: