| app_modules/database | ||
| images | ||
| people | ||
| settings🔒 | ||
| 💕 | ||
| .gitignore | ||
| Footer.fragment.css | ||
| Footer.fragment.js | ||
| Header.fragment.css | ||
| Header.fragment.js | ||
| index.fragment.css | ||
| index.page.js | ||
| jsconfig.json | ||
| LICENSE | ||
| Main.fragment.css | ||
| Main.layout.js | ||
| Navigation.fragment.css | ||
| Navigation.fragment.js | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
Place
Your Place on the Small Web – a place you own and control – where you can be as private or as public as you like.
Core principles
Place is Small Technology and adheres to the Small Technology Principles.
Based on those tenets here are some core design principles for Place:
-
A place is owned and controlled by a single person.
Your place is an extension of your self.
You create it, you control it, and you’re responsible for it.
You can have multiple places you use to explore aspects of your self. Or you can choose to remain anonymous. Place does not care about reflecting what is on your state-issued ID in the slightest.
Technical translation: Your place exists at your own domain and on your own server.
Posts, media, etc., live in the place of the person who created them. i.e.,
-
You and you alone are responsible for hosting them.
-
You have control over whether or not you broadcast comments/replies on your posts.
-
Notifications of posts, replies, etc., are just that: notifications. These messages contain links to resources, not the resources themselves.
-
Following on from the previous point and tying into the first two points, you can delete a post, piece of media, etc., and it is deleted for everyone.
-
-
Communities are made of collections of individuals.
A community, on the Small Web, is the self-curated relationships between individuals who all individually own and control their own means of communication.
On the Small Web, public space is not a place, it is the interconnections of places owned and controlled by individuals.
Technical translation: Individuals must have the tools to spontaneously and non-hierarchically organise into groups based on shared interests, etc. In addition to follow-based connections, people can use hashtags for categorisation of posts / following interests. Hashtags are open to everyone and prone to being spammed or used for harassment so you must also be able to mute hashtags.
-
Private means private.
On the Small Web, private means private and private is private by default.
Technical translation: Anything that is “private” is end-to-end encrypted.
-
The threat model is for everyday people; not activists or secret agents.
TL;DR: This is not for you if you are the specific target of a nation state.
The Small Web exists to provide a alternative to the Big Web that respects human rights, including the human right to privacy. It is, however, still web based. It is for everyday people who use technology as an everyday thing. It’s not for activists whose lives may be in danger or folks playing James Bond.
While there are things you can do to decrease the likelihood of being compromised at the web hosting layer (like self-hosting your place on your own hardware in your own home), if you have an elevated threat model, you are far better off using a dedicated private messaging application like Signal.
Technical translation: We strike a balance between usability and privacy/security to provide an alternative to the Big Web and mainstream social media that is private by default but could be hacked by state-level actors who compromise upstream service providers like web hosts if seeking a valuable enough specific target.
For more details, please see Kitten’s threat model.
-
Freedom of speech does not mean freedom to compel anyone to listen to you.
On the Small Web, you have freedom of speech. Freedom of speech does not mean you have the right to compel anyone to listen to you or to harass people.
You’re free to publish what you like on your own place, limited by the laws of the legal jurisdiction you are in.
Since you own and control your own place, there is no one who can moderate what you say on your place.
However, freedom of speech doesn’t mean freedom from the consequences of your actions. At the very least anyone can block your place and not hear what you have to say. While you have freedom of speech, everyone else also has the freedom to not listen to you.
Moreover, while you might own and control your own place, there will be chain of other entities involved in making your place available on the Internet. Depending on how much you’re self-hosting, these may include your Small Web host (e.g., small-web.org), the VPS host and DNS service used by your Small Web host, etc. All of these entities will have their own terms of service. So, for example, if you start posting fascist crap on your site and your place is hosted by Small Technology Foundation on small-web.org, we will shut your ass down in no time at all.
Also, remember that if your speech is deemed hate speech or incitement to violence, etc., by local authorities, you may be prosecuted.
So, really, if you’re a fascist, a TERF, etc., and you’re looking at this going “hey, this is for me… freeze peach”, it really isn’t. Quite frankly, you’re what’s wrong with the world. Being free and open source, we can’t stop you from using it and self-hosting it but know that we hope for a world where, one day, you and your toxic, inhumane ideologies will be nothing but a distant memory from the embarrassing adolescence of humanity.
Technical translation
-
Anyone can block anyone else’s place.
-
Anyone can mute anyone else.
-
You have granular and complete control over who gets to see your posts and be notified about them.
-
You have control over who can reply to your posts and whether or not they are broadcast.
-
Small Web Protocol
This is a work in progress.
The aim of the Small Web Protocol is to be as lightweight as possible and to allow it to evolve over time organically.
The Small Web Protocol uses the /💕/ namespace for data and functionality related to the person that owns and controls the Small Web place and the /🤖/ namespace for the server itself.
HTTP Status Codes
490: Follow request already exists
Returned when a follow request is received but one already exists for that domain.
491: Already following
Returned when a follow request is received but person at domain making the request is already following the domain.
Routes (implemented by Kitten)
Parts of the Small Web Protocol are implemented by default by Kitten, the Small Web development kit.
Currently, these are the following routes:
Person’s ID
/💕/id
Used locally for authentication and by people at other Small Web places to encrypt messages for your Small Web place to facilitate end-to-end encrypted communication.
- Type: HTTP
- Method:
GET - Returns: Persons’s public ED25519 signing key (
string)
Server’s ID
/🤖/id
Used to authenticate signed requests from servers during server-to-server communication between Small Web places.
- Type: HTTP
- Method:
GET - Returns: Server’s public ED25519 signing key (
string)
Routes (implemented by Place and possible other future Small Web apps)
The following Small Web Protocol routes are implemented in Place. In time, some of this functionality might be ported back to Kitten itself:
Follow request
/💕/follow/
Makes a follow request.
The OK response simply means that the request has been successfully received, not that the request is successful.
If the person at the other place manually approves their follow requests, your place will be notified via the Follow OK route if and when they approve it.
You are not notified if the person chooses not to allow your follow request.
If the person automatically accepts follow requests, the call to Follow OK should arrive instantly.
- Type: HTTP
- Method:
PUT - Returns:
200 OK
Request body:
-
message: JSON string with following fields:type: 'follow'from: The domain sending the request.to: The domain the request is for.data: The date/time request was made.
-
signature: ed25519 signature of SHA-256 hash of message string.
e.g.,
{
message: '{"type":"follow","from":"place2.localhost:444","to":"a.com","date":"2024-09-16T13:38:56.158Z"}',
signature: '34525361a27199d2de002fb7b34651d5d60cc64f6872e49e7431f6265600ff18b8b400d3227c7265049e8a1cf4d4a32f91a35448fecced6d43fe88aa6518f201'
}
Follow OK
/💕/follow/<domain>/ok/
The person who owns the server making the call has accepted your follow request.
- Type: HTTP
- Method:
PATCH - Returns:
200 OK
Follow Cancel
/💕/follow/<domain>/cancel/
The person who owns the server making the call has cancelled their follow request.
- Type: HTTP
- Method:
PATCH - Returns:
200 OK
Profile
/💕/profile/
Returns the persons profile, including name, bio, and image (url) fields. All of which could be undefined. (Fields are undefined if the person has chosen not to display that element of the bio on their place. If all three are undefined, you should display the person’ domain as their identifier.)
-
Type: HTTP
-
Method:
GET -
Returns: Profile details in JSON
{ "name": string | undefined, "bio": string | undefined, "image": string (url) | undefined }
Transport protocols
The transport protocol used when there is no following/follower relationship is HTTPS.
This is mainly used to set up following/foller relationships.
The transport protocol used when a following/follower relationship exists is WSS (secure WebSocket).