Public Web Comments with Cloudflare Email Workers

  • #cloudflare
  • #html
  • #likes
  • #programming
  • #replies
  • #web

Part 1: Introducing Replies

I’m thrilled to announce my next experiment in decentralized open source social networks:

Replies

Replies is a comment system for any website and can be added with 2 lines of code:

<page-replies open/>
<script src="https://catskull.net/public/js/components/replies.js"></script>

Replies is unique because it requires no sign up or any other perceivable authentication. But Replies is not anonymous.

Replies uses your established web identity - your email address. If you have an email address, you can reply. You can even reply to other replies.

Simply click the link, send an email, and you’re live.

There is nothing to sign up for. There are no dark patterns to dodge. I quite literally do not want your personal information.

I want your replies.

Part 2: How It Works

Replies is built using Cloudflare Email Workers and D1. The UI is implemented as a web component.

MIT License. Fork the code on GitHub.

When the <page-replies> component is rendered, it will ask replies.catskull.net for the Replies for that page and display them.

Gravatar is used for profile images.

The twist is that Replies piggybacks on the well-established email providers to provide identity and spam and abuse prevention. Email providers quite literally stake their business on providing safe and spam-free email to their users.

Let’s let the email providers work their magic to weed out bots. We don’t need to reinvent the wheel.

Replies requires your message be sent with valid DKIM, a name, and a message. If it’s not, it’s rejected.

There is currently no way to edit or delete Replies. If that use case become valid, I plan on relying on SSL to use an email account hosted at the same domain to manage Replies for that domain. The gravatar hash can also serve as validation for a user to edit or delete Replies.

When you send a Reply, the email worker picks it up and writes it to a D1 database. Your email is hashed for Gravatar and discarded. It’s not logged and I don’t want it.

The HTML Details element is used to easily collapse parent chains.

If you have a question, you can leave a Reply and I’ll get right back to you.

Part 3: The Emergent Web

emergence occurs when a complex entity has properties or behaviors that its parts do not have on their own, and emerge only when they interact in a wider whole.

— Wikipedia, Emergence, ret. Sep. 12, 2024

This is my solution to web centralization.

The World Wide Web was designed to freely distribute information specifically in the form of Hypertext. This revolution connected the world in ways even fantasy didn’t dare dream of.

Good-faith efforts were made to advance the web to deliver Hypermedia experiences but were hampered by opportunistic entrepreneurs who unsuccessfully championed closed formats such as Flash, Applets, and Silverlight. Bad software never lasts long.

So-called “web applications” delivered Hypermedia-like responsiveness and interactivity, but ultimately had to rely on non-standard technology to deliver those experiences. An artifact of that inferior technology was the reliance on a centralized server or database to store the stateful information. This centralization allowed a small number of web service providers to gain complete market capture. The service providers are free to harvest and sell your personal information at will. If you use a product that you’re not paying for, you are the product. With this centralization came issues of data portability and platform lock in. How can you get your precious twoots from SocialGram to FaceSpace?

Instead of proposing solutions on how to safely transfer our data from one walled garden to another, we should instead tear down the walls of the garden. I don’t want to live in a garden, I want to build my own place of refuge.

Let’s build taverns and way stations for other travelers on the World Wide Web. I’d rather have one real visitor, who inexplicably finds my lonely inn and finds refuge here, than any amount of artificial engagement held equally up next to advertising and anti-social behavior.

The browser will always win. Web standards give consumers reigns to drive the giant tech horses. It’s 2024. We have proper solutions to build Hypermedia systems. It’s completely feasible for an individual to operate their own personal social network without paying anyone any money, or giving up anyone’s personal information.

When we empower the individual creator to take complete ownership of their data, we allow for truly emergent systems. Instead of growing in confined and determined walled gardens, communities are free to emerge as they would be. There’s also no implicit trust in usership to be taken advantage of. We are strangers but we are very similar. We need to share our thoughts.

Privacy note

I’m happy to host the web component JavaScript source and you’re free to use my worker and database. They are governed by Cloudflare’s privacy policy which you should review.

I do not collect any analytics or data about your replies except for:

  • Your name as it is configured in your email client.
  • Your reply.
  • Your email is SHA-256 hashed and then discarded. The hash is used for Gravatar and it cannot be decoded back to your email.
  • The timestamp your email was received.
  • The URL of the page you replied to.

All of that data is publicly visible on the page you replied to.

I make no guarantee of service and reserve the right to block or delete your data at will. You should host your own database if you expect your data to be preserved.

I do not endorse or sponsor anything written or communicated with Replies.