Skip to main content

Small Web sites will require JavaScript to sign in.

Why?

To protect your privacy.

We use public-key authentication (which I’m implementing as we speak) so your secret is never stored on the server and you only enter it in places you own and control.

(I can already see some folks up in arms about this because JavaScript Bad™ so I just checked in the initial copy for the page that gets displayed if JavaScript is off.)

#SmallWeb #Kitten #SmallTech #JavaScript #cryptography #authentication

Screenshot of https://localhost/sign-in in a browser. Web page contents follow: Title: Sign-in requires JavaScript Heading: What should I do? Strong: Please turn JavaScript on in your browser. If you’re using a browser extension like JavaScript Toggle On and Off (link), please make sure that it’s toggled on. Heading: Why? Strong: To protect your privacy. Your secret is yours and yours alone. You should only enter and store it in places that you (and you alone) own and control. While your browser runs on your machine and is in your control, your server might be hosted by someone else. So your server never knows or stores your secret. In case you’re interested in the technical details, signing in makes use of public-key cryptography (link). Heading: But isn’t all JavaScript evil? No. Like all code, it depends on who owns and controls it and what it does. This is a Small Web (link) site powered by Kitten (link). All the JavaScript here is free and open. You own and control this site and all of the code that powers it works to protect your interests and your interests alone.
#cryptography #SmallTech #SmallWeb #javascript #kitten #authentication
in reply to Aral Balkan

IzzyOnDroid ✅
IzzyOnDroid ✅
Honestly, if it weren't you I had stopped reading at "[turn on Javascript] to protect your privacy". Call me biased, but I'd never believe/follow that advice unless I'd totally trust™ that server (admin+machine+software). This too much reminds me of the "corporate evil" of "you'll see a certificate warning because we use a self-signed one, you can simply ignore that" – which leads to, guess what? People getting used to ignore and doing so elsewhere. Dangerous 😉
in reply to IzzyOnDroid ✅

Aral Balkan
Aral Balkan
@IzzyOnDroid Sadly, there’s been a tendency to throw the baby out with the bathwater when it comes to client-side JavaScript (especially in the FOSS world – “The JavaScript Trap”, etc.) Ironically enough given how adtech uses it, the only way we can have a privacy-respecting web (where you and you alone hold the secrets that authenticate your identity) is through client-side JavaScript. It’s basically the basis of the Small Web.
@IzzyOnDroid ✅
in reply to Aral Balkan

IzzyOnDroid ✅
IzzyOnDroid ✅

Yupp, once more: Ad-tech destroyed the web. If it weren't for them, the world would be a much better place!

* Web traffic down to 10% (no bloated elements, no bloated ads, no tracking scripts)
* Mail traffic down (same reasons plus no spam at all)
* required computing resources down to below 50% (no tracker-blocker needed, no spam filters)
* power consumption down (especially those ad panels!)
* …

When we say "hyper-capitalism destroyed the world", this is true on so many levels…