Robb Knight
Maker of web things, Lego builder, sometimes blogger, sporadic pizzaiolo, fortnightly podcaster. Cat dad and human dad.
Permalink
Wouter's post about retiring their webmention server is an interesting write-up on how complicated webmentions and indieweb functionality in general can be but one point from it has stuck with me since reading it:
...people mentioning or replying to your link via Twitter suddenly appear as a mention on your site. Great stuff, right? Except those people have no idea their avatar and text is being yanked. I’ve questioned these practices before and it’s clear that they’re built without thinking too hard about privacy.
Until this point I also hadn't considered the privacy aspect of using webmentions like this. Assume someone, @userX for example, replies to one of my toots about a post I've written. Bridgy will pull in that reply with the avatar, username, and the reply content for me to display on that post as a reply. As it's setup right now, that reply will live forever on my post regardless of what @userX does with their original version of the reply. Should I be periodically checking if a reply has been deleted (or edited for that matter)? In theory, that could be hundreds or thousands of links to check.
Secondly, not everyone even knows that this is happening when they reply to a toot where the site owner has webmentions enabled. Should there be some extra step to say "Are you happy for this to show up on this post"? That seems like a good way to kill the whole concept but maybe we should? I don't know.
Yes the replies are set as "public" (or at least I think Bridgy only picks up public ones) but public doesn't mean "do whatever you want and copy it forever".
For all the effort that's been put into making webmentions work I'm now wondering if I should even be doing it. I certainly wouldn't want anyone to feel like their posts are being taken without their permission or used in a way they never intended.
Analytics powered by Fathom
@robb @jefklak Interesting. I think the privacy thing concerns me less, as people have chosen to publicly reply to my thread - but I do agree with the suggestion that the webmentions are usually not very interesting!
@robb @jefklak the first time I revisited a post and saw I was on the page for that post, I thought "huh that's neat!". And it is!
But I think the idea that it can't be deleted is concerning. I also feel like a social media response may not equate to the same thing I'd leave as a comment on a blog post, but that line is a bit blurry perhaps.
@rardk64 Indeed (and you're reaction was one of the ones I thought of, I remember you mentioning it).
I _can_ delete specific mentions, but there's no real "process" for it, I would just need to add some kind of filtering to remove people or those comments.
@robb @jefklak I didn't think about it much, but I guess this is another reason why me just fetching directly from the original server, on demand is good enough lol.
@robb this is a reason I stopped showing comments on my posts, nor do I store them anymore. I feel uncomfortable doing so without consent. It’s ok if they live inside the service, but outside of that… no. It’s difficult.
@robb @jefklak
Despite several attempts at deploying web mentions it has defeated me each time but in the back of my mind has always been the fear of someone spamming the feed. I’m sure it isn’t a problem yet because the sites that implment it are small and the backlinks are not giving any benefit. But it does feel like a system waiting to be abused!
Still annoyed that I am too feeble to implement it though!
@robb @jefklak this is very interesting! When I first saw the social interactions at the end of your posts I thought "wow, how cool this is and how many interactions”, but then I thought that those people don't know that their photo and their comment are there. I think there should be explicit permission from the user to put their data/comment on your website. Perhaps for a blog it could be enough to show anonymous things, such as the number of interactions that the post is having in Mastodon, automatic links to the threads in case the user wants to participate in the conversation...
@robb @jefklak I tend to land on “people who post things in public forfeit some rights” just like I can take a picture of people walking down a public street. That said, I personally have little interest in the yank-and-publish elements of webmentions versus the “Jason personally would like to know if you mention one of his posts”. I like that I can exclude webmentions from appearing on my blog while having backend knowledge of them.
@robb Yeah, I came across this recently - to test a search engine I searched for my screen name, and a blog post by someone else popped up near the top. Turns out they were using webmentions, and I liked the post on Mastodon.
It felt weird. If I comment on a blog, I expect that to show up on the blog. But if I like or reply to a Mastodon post? I don't really expect that to escape the fediverse, despite knowing Webmentions exist. Especially if I can't unlike or delete a comment.
@robb @jefklak yeah i'm not a fan. at best it should be an embed, so that you're not permanently storing people's data
@robb @jefklak There was a recent similar conversation here about the IndieWeb’s desire to ActivityPub anything and everything.
https://bix.blog/2024/01/11/activitypub-is-to-the-indieweb-as-a-i-is-to-silicon-valley/
ActivityPub Is To The IndieWeb As A.I. Is To Silicon Valley?@simoncox @robb @jefklak I've heard that spam is a problem for some people. It's not surprising. Anything that amounts to an open end point is going to get spammed sooner or later. To me this is a huge turn off. I don't have the desire to deal with yet another source of spam.
@teleclimber @robb @jefklak
Exactly.
@robb @jefklak The biggest concern of those raised is the privacy one for the case where someone writes something horrendous and it gets “mentioned” and then deletes it, yet it remains among the “mentions.” Thanks for the thought-provoking piece. I want to noodle on this some more.
@robb @jefklak interesting thoughts. I suppose a blog post is part of the www and therefore might show up anywhere else on the web as a link and quote.
But a fedi post is part of a subset of the web, with its own set of implied rules and expectations. So treating it like it's part of the broader www is incorrect.
If using a fedi post, one should follow the original network's rules and expectations.
1/2
@robb @jefklak I wonder if there could be a flag one can set on posts that says "ok to use externally"? Kind of like the opt-in search feature we got recently.
You would depend on the broader www to respect your wishes, but at least you could express your wish.
@teleclimber @robb @jefklak hmmm, how does the problem space change when you follow a blog with activitypub enabled like Wordpress can, for example.
When you converse with a post from there you are sending direct acti9ns to that activitypub network node.
You might even not know that it is a website in a more traditional sense and not a mastodon site.
@robb Yeah I agree with that thinking. My web ethos is hard into consent, where you can only do with data what someone knows and has given permission to.
Webmentions imo violate that, collecting, storing and distributing someone's content without their consent (at least every implementation I've seen).
I never really got them to be honest. I want control over what appears on my site, and I want control over where my content appears. Webmentions doesn't align with those.
@robb @jefklak it’s definitely a bit thorny. I like it myself. Part of me thinks is a recontextualization of these interactions with ActivityPub, the “your replies show up on another instance under that post” feels totally different but is fundamentally the same.
@robb @jefklak i think it’s a compelling argument!
@sophie @robb @jefklak I've written about that some months ago: https://mariohamann.com/showing-mastodon-reactions-on-a-statamic-website
That was my final take on it: "Posts live in the context of their platform, and even if it's public, that context always matters." I removed my webmentions in the end.
Here are some other voices on that topic: https://indieweb.social/@mariohamann/111352290763786309
Showing Mastodon Reactions on a Statamic Website@mariohamann This is a nice implementation I might do it like this going forward
@robb @jefklak Let’s see what happens if I set this post as “Unlisted.” In my opinion, using Mastodon that’s how I would indicate I don’t want this to show up via extended services (non-fedi ones).
@robb
Me: greatly appreciating this thoughtful discourse on #IndieWeb privacy considerations
Also Me: relieved to maybe have a reason* to remove at least one technical roadblock to ever making my #PersonalWebsite
*other than my complete & utter ineptitude
@jefklak
indieweb personalwebsite@EmilyMoranBarwick @robb @jefklak I bet the last thing you are is inept!
I thought the idea of webmentions was cool but never went looking into it. So much of my personal site's decisions hinge on "is it too complicated? Then I won't bother!" even if later on something I earlier thought sounded like too much, becomes something I later build into it :)
@sarajw I'm honestly pretty stuck in the liminal space of knowing enough about WebDev to want to make my site unique, but not enough to jump the "assumed knowledge" gap of most unique-website-making paths
Also up against the desire to "keep it simple" but the reality that most "how to keep it simple" discourse in the webdev world starts with "simple" things like the command line
@robb @jefklak
@EmilyMoranBarwick @robb @jefklak I'm happy to help with any gaps that are putting you off - not that I can fill them! But I think it's helpful to just put *something* up even if it gets torn down and rebuilt several times before it settles... Or replaced annually!
@sarajw much appreciated ;) atm I am not even sure where I’d start. I think a great deal of “wanting to get it as right as possible before taking a step” comes from having been through the nightmare of “undoing” a bloated monster site (it’s still a monster).
As a non-dev, undoing something is rarely simple…so the idea of just doing something and changing it later is daunting ;)
@robb @jefklak The privacy question seems to be one of those cyclical discussions with webmentions, but I think there are a few things that are worth considering.
1. Webmentions do not equal backfeed. Lots of people do pull in content from "silos" using bridges (aka backfeeding responses), but you can use webmentions in a purely site-to-site manner, and in that context permission is implicit.
2. The webmentions spec supports deletions, as do many clients. Again, the issue here are bridges...
@robb @jefklak ...and,
3. Bridges are only strictly needed with closed services, like Twitter or Facebook. Open systems like Mastodon are different. Sure, you can still use a bridge to backfeed from Fedi services, but you can also turn any website into a Fediverse server and host. As that is the case, I really struggle to understand why people are happy for their replies to propagate between huge Fedi instances but the moment it's a single user node, that seems to be an issue.
@robb @jefklak And yes, that means an IndieWeb site can also be a Mastodon host and can respect delete requests via either protocol. Or it can refuse those requests. Just like any other Fediverse node.
Because let's be clear: deletions in any open protocol are always going to be at the whim of both network effects and host instance functionality. If you lack control of the entire system, that means you cannot be sure of exactly where content ends up.
I'm not saying that's good or right, but...
@robb @jefklak ...it is how Mastodon, Lemmy, etc. all work. And people don't seem to have an issue with that. It's interesting, and also why I don't think webmentions are as big of a concern as some current discourse makes them out to be. But maybe that's just me or maybe I'm missing something♂️
@EmilyMoranBarwick If you want, I can spew a load of opinionated advice at you, or just leave you to your own devices
Yeah as a non dev I get it, what's annoying is that the structurally simpler sites can be less usable unless you're willing to dive a bit into the code side. It's worth it, maybe, but then I'm a dev so I'm already on the other side...
@EmilyMoranBarwick In case I haven't already pitched it to you, I've been really happy since I moved to Bear Blog recently.
It's a good, no-BS managed solution with enough features to let you create a unique site without being too complicated.
https://bearblog.dev
Here's my website with its custom theme: https://dheinemann.com
You certainly can build a bespoke website, but after doing that for years I realised it got in the way of me actually writing.
ʕ•ᴥ•ʔ Bear Blog@sarajw RE: willing to dive into code...that's what also keeps me in a liminal space. I WANT to have access/understanding of the code (I'm not into "ready-made" stuff) BUT my knowledge isn't robust enough to fully implement code myself
I'm up for input, but felt I needed to get a clear handle on what I want the site to be/do first...so I'd started a Notion page to "gather my thoughts" & it's now a Notion wiki with all the chaos & organizational devolution expected when combining Notion & ADHD
@dHeinemann Thank you :) I have delighted in the design of your blog! Bear is one of the many options on my list of things!
I also (ideally) want to be able to feature non-bloggy stuff like my visual art. And have the ability to do some fun out-of-the-box designing/content structuring approaches that some dynamic/robust CMSs would allow for...but then those can be overkill for so much as well...and would mean a LOT more "learning time" for me before ever getting the dang thing going. :)
@EmilyMoranBarwick Thanks!
Bear Blog is geared for writing, and might not suit visual art. You can include images in posts, but it probably won't do the kind of structuring you're looking for.
I've heard good things about Ghost - that might suit. You can host it yourself, or pay for managed hosting.
https://ghost.org
Ghost: Independent technology for modern publishing@EmilyMoranBarwick lolol. Totally get that kind of chaos even if I reckon I'm not ADHD myself!
There's not a thing wrong with starting small (one single hand written page even if it's all copied code) and building from there. If you want a blog, and you don't mind writing in markdown as opposed to having a web based post editor, then it's simpler to build and get it hosted.
I do recommend just making one page first. Just a landing page. Upload it somewhere easy and free like Neocities.
@dHeinemann I did poke around in Ghost on a trial. Would be its own learning curve (as everything is!)
I'm really drawn to Statamic...I like that it's Flat File & starts with the minimums & you only add what you need. BUT...the kind of infinite customizability is itself overwhelming. Plus I'm not familiar with the command line and PHP templating...
I have a tendency to overcomplicate ANYTHING I touch :)
@sarajw Yeah I have been considering hand-making an HTML "home page" just to put into the universe while I continue my endless meandering toward my "real site"
I’m also rubbish at knowing what's ACTUALLY necessary until I'm too deep in & then have to "undo" a bunch :)
I do want to have a blog, but also want to show visual art & other things. So would need more than Markdown. Ideally, also have tags/filters/search kinds of things
@EmilyMoranBarwick Nothing is necessary, or mandatory, and there's nothing wrong with having extra frivolous pages just for fun :)
I don't think anyone who has built their own website started off with a fully formed one - they seem to unwrap one feature at a time. Often with lots of "undo"ing and refactoring along the way!
People like @lynnandtonic can put out an awesome new site annually, but I suspect the underlying structure doesn't get wholly renewed each time.
@knowler So this is interesting - your post _does_ get pulled in just like any other mention regardless of setting.
I definitely need to rethink how this works completely.
(In the mean time, do you want me to remove this reply from showing up?)