Follow

It is hard/difficult to create a blog that will respect visitor's privacy while maintaining the same quality as most blog platforms here in Sweden. Harder than I thought it would be.

I need to plan more.

OK. I have some difficulties deciding how an email address will be saved in a comment.

I want to add a subscription feature for comments and in order to let the website send a notification to an email address, I need to store it in plaintext. But that can be a risk if the database gets exposed to the public.

I can't think of any other solution for this, but before I move on, I want to know what you guys and gals are thinking about this. Do you have any better solution?

Please, tell me! 🙂

@TheFerridge Correct. I find it more fun and more challenging 🙂 Plus, I learn more 😁

@edgren Do you depend on visitor statistics or what part do you find difficult?

@claus Currently, I do not log anything about the visitors until they leave a comment (and they need to confirm the logging before the comment will be published).

I am a person who wants everything to be just right. To build that "perfect" system that makes at least GDPR happy. I want everyone to know how data logging should be done right compared to Facebook and TikTok.

@edgren Yeah, I can totally relate to that. On my website I decided to not log anything and I don't allow comments - I don't plan to build a "community" anyway. It feels good to have a site online without a Cookie-Banner. Just the way it should be. I like the looks of your site. Do you use ghost as CMS?

@claus Nice 🙂 The first version of my blog didn't had any comment system nor any database at all. Back then, the blog used JSON for every blog posts.

But since I want to somewhat compete with popular Swedish blog platforms, I added database support and a comment system. That comment system is far from done because of the privacy policy-thing 😂

Thanks 🙂 Na, I am using my own CMS. Was using Ghost at first, though, but I didn't like it, so I built one myself 🙂

@edgren Wow, congrats! Well done. Really cool. Seems like I can learn a lot from that.

@claus Thanks 🙂 Hehe, the source code for my blog are open, so go ahead 😊

@edgren why does it need to be plaintext? But if it really does, skip email entirely and provide RSS feeds for comments maybe.

@IslandUsurper I don't want to store email addresses in plaintext, but I don't have any other solution for it 😕

Oh! Good idea with RSS for comments. Thank you!

@edgren RSS for comments, or encrypted database and privacy policy stating that the email will be saved.

@jle Good idea 🙂 Thanks! Now I have something to go on 😃

@edgren It seems you have a solution that makes you happy (a comments rss feed?), but I'm still curious: What is/was the problem you are trying to solve? (Maybe from here in the U.S. I'm not familiar with your constraints, or maybe I also don't understand why encrypting an email address is a difficult thing.)

@MindOfJoe Yes, I have 🙂

The problem was that I wanted to encrypt or hash the email addresses that people had in their comments. But at the same time, I wanted to let them subscribe to comments to get notified when an answer has been sent.

That would be difficult if I couldn't decrypt or de-hash the email addresses. First, the address was encrypted with the password of the comment. After a while, I changed to SHA-256.

@edgren

So, in a comment/response post like this from me, @mindofjoe, to you, @edgren, if I also mentioned / cc: someone else's email address, user@example.com, what are your responsibilities?

No need to respond -- I don't mean to distract you. I suppose I am just curious about what you are required to protect or want to protect.

@MindOfJoe According to GDPR, all email addresses are considered as personal data and should be stored encrypted in order to protect it from prying eyes.

Read more: gdpr.eu/email-encryption

Here in Sweden, email addresses like hello@domain.com are not classed as personal data, while name.surname@domain.com are classed as personal data.

Read more: fosstodon.org/@wizzwizz4/10661

No worries 🙂 You don't distract me, and you should be curious. Otherwise, you would not learn stuff 😊

@edgren I've started to read the reference ~ thank you for the link! I'll revisit it this evening and maybe formulate some follow-on questions :-) #happysaturday!

@edgren do you mean like "to write a comment, please provide email, name and comment" as a means of account-less comments? (with comment and name being shown and email used for... Replies? I'm guessing)

Well depending on what tech stack you're using and if your target audience is developers, you might be able to use utteranc.es/

For a non developer blog, best you can do is not ask for email or make sure you're using best practices for the database and server security.

@edgren the rss feed for comments is a good idea, but imo is a bit of a lot of work.

Assuming you're not against JavaScript as well, you could store a "subscription id" in local storage then build an auth-less system to get notifications while on your site (assuming the user doesn't clear their browser data)

Another idea is looking into web push notifications. Tho this will mean the user needs to 1. Have a modern browser (chromium or Firefox) and 2. Has to click yes to the pop-up

@edgren to clarify, rss feeds are a lot of work for the user who wants to consume it and is not the best UX.

@Metruzanca You mean it is a lot of work for the visitors to subscribe to the posts, comments, and/or tags?

@edgren yeah, posting a comment to the have to subscribe to a new feed per blog post they've commented on

@Metruzanca Thanks. I will add a RSS feed for all the comments 🙂

@Metruzanca Good idea. Haven't thought about that solution. But since my visitors are not staying a long time on my blog (I assume), the chance of them getting a notification while on the website, are quite low.

If and when the visitors are staying much longer on my blog, I would consider adding your solution to it 🙂

@edgren yeah, that solution assumes they're at least going to return to the blog.

@Metruzanca Hm. That is true. I'll add it to my todo list. Thanks 🙂

@Metruzanca Thank you 🙂 But I have already ruled out email address from my blog 😊

I have my own comment system that I've built by myself 🙂 Please see fosstodon.org/@edgren/10664653 to see the upcoming update. If you want to see how it looks like today, you can for an example go to blog.airikr.me/en/read:60b68eb

@Metruzanca I wouldn't use GitHub for my projects anymore, though, due to privacy invading features that Microsoft have added to GitHub (AI "poking" around in the source codes to check for errors and stuff). Plus, it's Microsoft. Nuff' said 😂

My blog are built to be as privacy friendly as it can possibly get. For an example, no third-party things allowed 😅

But thank you for the tips 😊 Much appreciated 🙂

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.