Thoughts On Privacy And Neopoligen
This is a "thinking-out-loud" post. I'm not sure about the ideas here. The purpose of this post is to write things down which helps me solidify my thinking. It's also to get feedback because I'm a staright, white, dude, who's been able to afford taking two years off to work on a personal project.
There are cavets for everything here that are worth discussing, but I'm not digging into them in this version of the post. For example, the idea I mention below that folks tend to behave better in public. That's not always true, but having to throw in that caveat on everything would break the overall vibe of this piece. Those discussions need to be had. Just at a different time.
- First off, Neopoligen itself isn't deisnged to serve websites publically. There are ways you can use it to do that, but you shouldn't (e.g. I'm not vetting the app to have security designed to handle traffic from the outside world. The server it comes with is only desinged to show you content from while you're on your own computer.)
- That said, I'm thinking about the websites in general and how the design goals of Neopoligen fit into that.
- Neopoligen builds "static websites" that are nothing but a colletion of files designed to be uploaded to a server and served to other folks as is. There is no concept of authentication or authorization built into the app. That means any functionality for preventing access to pages is the soley responsibility of the server the site is hosted on.
- Authenticaiton and Authorizationauthauth is hard to get right and gets very complicated very quickly.
- The way I'm leaning is to recommend that folks take one of two approaches with the privacy of their Neopoligen sites:
- Make it 100% public
- Put 100% of it behind some auth service.
- One of the things I'm thinking about is that if you're site is fully public you'll act like everything you do on it is in public because it will be. I think we tend to be better behaved when we're in public.
- If a site is set up to only protect some content behind passwords and not others it makes it more complicated to think about and you have to constatly be making that decision. That's a friction which is something I don't like, but more importatly once something's been public you can't really take it back.
- Of coures, not being able to pull things back in that were put out "privately" is also not realistic. I'm not aware of any tech that can fully protect content once it goes out even if it's behind passwords or whatever. The reason is not the tech, it's other people. Anyone you give allow to access your stuff can copy it. There are ways to try to prevent that, but none of them are without their flaws. For example no matter what you do if someone can open a photo on a screen they can see they can use their phone to take a photo of the screen itself and get a pretty good copy.
- That leads me to the more general guideline of making your website 100% public.
- But, if you're running a business off it (i.e. your concernts about folks who get access to your content in an un-authorized manner are more financial than about personal safety) then adding authenticaiton systems into the mix makes a lot of sense.
- And yes, those statements, kinda contridicted themselves, but that's part of why I'm writing this. To find those contridictions. And, of course, a key point there is that the circumstances and different and that's why the guidelines are so different.
I've got some more thoughts on this, but I'm beat after a long day so that'll do to get started.