Re: Do you have any private parts off your site?
I'm a Team Lead and Solutions Architect during the day, lazy "Dev Sec Ops" at night with a passion for selfhosting and data privacy. Free and Open Source advocate since 2005, I sporadically write Blog or Gemlog posts and share short notes and bookmarks on my website.
Sara wrote an insteresting article about having private parts in our personal website that I suggest you go read first. But the main idea of their post is about having a private area on your personal site.
Even though this isn’t something I’ve thought about before, I liked the idea. There are things that I could/would share with just a subset of people that I don’t want to publish publically or see in my post timeline. Even less see bots crawling them. Things like specific responses to others, books and manga in my library (granted my manga collection is “public” on my gemlog), or more complex and personal thoughts.
A good example would be a response to Ben’s post: 15 books that made an impact. While I’m not comfortable sharing these publically, I’d be happy to exchange with Ben about some of them and share my own list. I can do it via email, but if I want to exchange on the same topic with someone else, having a post hidden somewhere might be even better!
For me, having a private area on this blog would mainly be for sharing content that I could have shared by email to some reader that may be worth keeping in a form of a post instead of “being lost” in my mail client. Not private thoughts or information of course, but topics that could bring to in depth discussion. Everything published here, even in a private area must not contains things I don’t want to be online. That rule would still be true with a password protected area.
I haven’t such a private area on my site yet, but I wanted to share my brain dump about having one… I’m not saying I will or will not do it though. At this stage, this is mainly food for thoughts.
Starting with some basic rules for such feature:
- Not visible on the website git repository
- Not listed in the sitemap
- Not easily findable URL
- Ability to change easily links location
I’m not sure though if I would want a real private area protected with a password, or just hidden links that are not easily found. I go back and forth on this idea.
In favor of using a password protected area:
- Easy-ish to implement at nginx level to simply protect a path (eg:
/private/). Question would then be: unique password for everyone or maintaining a list of users/passwords. The later being something I really don’t want to do. - I would care less about URL being known as long as people wouldn’t be able to access it without a password
- I could even list some of them publically that may spark interest to some and start a nice email conversation that would make me share the password with said person.
In favor of the “no password”:
- Easier to share when needed (no need to create a new user/password or to remember the shared password)
- Simpler, no nginx config to do or maintain
- Funnier, as it almost sounds like an easter egg to find.
Having said that, what are the options?
- Move the git repository to private, that would be the easiest, but the least prefered option.
- Create a private git repo that contains html or even text files copied as is after current deployment workflow. Would be the easiest but not a very clean method.
- Create another git repository for private content and have only this repo being private. This could have worked if sourcehut builds started via a git push could be private, but it doesn’t seem to be the case…
- Other not found yet…?
I’m out of ideas for now, but I’ll let my brain think about it in the next days or weeks to see if a/ I find a suitable solution, and b/ if I want to implement it on this site…
At least, it was fun to think about it :).