I’m hoping that the current push toward AutoAuth and trying to use it as a basis for private webmentions and the obvious next steps of private feeds and private WebSub will change that. I do worry that IndieAuth/AutoAuth are kind of hard to do in piecemeal ways though.
And of course once you get into an integration between auth stuff and content stuff you also need to worry a lot more about content management and how it integrates, as well as this seeming fundamentally incompatible with static site generation.
I think in a world where SSGs can be supplemented with third-party endpoints that use client-side JavaScript there could be a world where some level of privacy can happen via clever use of client-side includes of data at non-public unguessable URLs.
Which isn’t great for privacy in general (and like, Publ has had “privacy through obscurity” since day one) but it’s at least better than nothing.
Also this thread should have been a blog post but I’ve given up on Micropub for now and twitter is easier than ssh+vi.
Oh also Mastodon’s “private” posts really suck from a bunch of standpoints. No ability to backfill or even view on web without being on the same instance, and Mastodon’s actual privacy controls go in the wrong direction, so it’s still necessary for a separate vent account.
(to clarify it's because I was posting from my phone, because trying to use my laptop in a swervy train makes me very nauseous.)
This is a sentiment I very much agree with and it’s unfortunate that the main reason Mastodon switched from OStatus (which is very IndieWeb-esque) is because it made it slightly less inconvenient to pretend to have private posts. Which aren’t even implemented that well.