hCard versus Gravatar

My ‘avatar’ is a small image of my face that is shown next to comments that I made, to identify me, on this blog and on many social networks.

Gravatar Gravatar

I uploaded my avatar to Gravatar.com which is a service that stores the avatars of millions of people and provides them to any social media web sites that want to display them. The main reason to use Gravatar is that whenever I want to update my image, I only need to do so once, in this one place, rather than updating it on the configuration pages of every social networking system I use.

My blog, running the WordPress.org software, is one of the many systems that fetches my avatar from Gravatar. In fact WordPress, by default, seems to only allow me to use Gravatar and not even to provide an option to host my own image directly.

But why should I use a third-party service? I want to host my personal identification at my own domain.

hCard microformat microformats

There’s already an Open protocol for publishing an identifying image of myself: the hCard microformat and specifically its “photo” property*. That’s more or less the same thing as an avatar. Gravatar even provides a user’s profile data as an hCard, including their avatar, as well as providing the avatar through its own Gravatar Image Requests protocol.

Anyone can implement hCard on their own domain just by inserting some static HTML markup. I’ve done it on my own site.

So if I have my domain why should I use Gravatar rather than hosting my own hCard?

Thoughts

  • If the Gravatar Image Requests protocol is much more useful than just serving a single static image, then my domain could host a service serving my own avatar through the Gravatar protocol. Instead of popular web sites assuming that they will fetch my avatar from (conceptually) www.gravatar.com/avatar/<me@my-domain> they should then fetch it in the same way but from an address like <my-domain>/avatar/<me>.
  • Any self-hosted software, such as WordPress.org, that can fetch my avatar from Gravatar should also offer the option of fetching it directly from my domain, in order to not force me to use a particular third-party service.
  • Although it would be nice, I wouldn’t expect a silo system to offer that option. They surely gain advantages such as efficiency by using a single third-party system to provide the avatars of all their users. However, Gravatar could offer the option to act as a proxy server for my own domain.

Can we design a system that retains any significant benefits of the Gravatar system while allowing me to host my data myself?

Is there at least a WordPress plug-in that provides something towards this?

Would parts of Gravatar’s protocol be a useful complement to the hCard protocol capabilities?


  • There is also an hCard “logo” property. There is also h-card, the microformats2 successor to hCard, with corresponding “u-photo” and “u-logo” properties.

 

 

Blog bug: invalid security certificate

If you try to read this blog using an https:// URL, your browser will probably warn you that the security certificate is not valid.

Why is this? It’s because I have hosted the blog on Red Hat’s OpenShift service and I haven’t yet installed my own security certificate. When you visit https://blog.foad.me.uk the connection is redirected to a server whose real address is <something>.rhcloud.com. The web server there currently provides a security certificate that cryptographically proves the content comes from rhcloud.com but doesn’t say anything about blog.foad.me.uk.

What does the warning mean? It means the certificate, and therefore your browser, can’t prove that the content you are seeing really comes from my domain. If you are connecting through a compromised network then it’s possible a man-in-the-middle attack could present a spoof web site that pretends to be blog.foad.me.uk. A spoof web site might try to trick you into giving it your credit card details, for example.

I’m working on setting up my own certificate.

Hmm… I’ve just started reading up about it and it looks a bit more complicated than I thought.

Blog bug fixed: inability to leave a comment

If you have tried to leave a comment on this blog and it didn’t work, I apologise.

Two days ago I found out that commenting was working properly only if you were signed in (e.g. with or or ) or if you were using an https:// URL (which has its own bug). Otherwise, the “Send” button either did nothing or in some cases displayed a “wrong Captcha code” error message even though you had entered the correct code.

I haven’t been able to find the root cause of the problem. I presume it is related to the wpDiscuz plug-in which I use to handle comments.

Yesterday I disabled the Captcha feature, which seems to have fixed the problem. As a bonus, that also lowers the barrier to leaving a comment. I have other spam protection measures in place. If those prove insufficient I’ll revisit the decision.

Thanks to R for reporting the problem.

Indie Web

Have you heard about the Indie Web? The idea that our habit of always using a “silo” company like Facebook, WhatsApp or Twitter to communicate with our friends will ultimately hurt our society. The idea that we should re-decentralise the Web by taking back individual control of our data and communications.

A rant

Almost every message we send or photo we post, in recent years, we do by depositing it in a silo. We give our message or photo to a company such as Facebook, and let them store it on their terms. We let them control when and how and to whom they show our message. We even let them control whether and how we can get our own data back from them*. That system works just fine, of course. You can be my Friend and talk to me; all you need to do is sign up and keep to their terms of service. As long as I accept that they may start charging me for the service at any time. And as long as I don’t care that when they eventually shut down the service my diaries and albums will be gone, and all the links to them will be dead even though I kept a copy of the data somewhere else.

The silo system works fine, as long as we don’t mind not sharing our conversation and photos with some of our real friends and family who can’t or won’t join Facebook or prefer to use another system. And as long as I’m happy to log in to a different service to read my LinkedIn messages, and another one to read WhatsApp, and can’t download all my messages into a single application and go offline and then read them.

Good old email

What happened to email? It’s the only popular Internet communication medium that is still Open in the sense that anyone can join in without having to sign up to one particular company. Email has wonderfully opened up the world by being an Open protocol. That’s hugely important.

The Internet connects us all directly. It was designed that way. Technically, each of us could directly own and control our own data, our own communications, everything we do on the Internet — our own “digital self”. But we are choosing not to, and perhaps we don’t appreciate the implications this choice will have.

You might want to read Dan Gillmor explaining Why the Indie Web movement is so important.

The movable blog

When I write a blog article like this one, I should have the choice where to store the text, and that choice should not restrict who can read it.

Can you tell where this blog post you’re reading is actually stored and being served from? If you’re a geek you’ll know how to find out, but I’ll tell you: at RedHat’s OpenShift Online service. At least, at the time of writing, it was. If RedHat ever starts charging too much for that service, I can rent another server from another company, or even buy one and put it under my desk, and move the blog data and software onto it and continue running.

How? The key here is:

The URLs of my data and of my communication channels are under my own domain name:

http://<my-data>.foad.me.uk

http://blog.foad.me.uk/this-blog-entry

When I first experimented with setting up a blog, I set it up at jfoad.wordpress.com because that’s the Easy Way and it was only a private test with about two posts. Even so, before I realised what I was doing, I’d sent my brother a link to one of those posts. Then I moved the blog to a server under my own control, which meant it could no longer be at a wordpress.com address, and so the link in his email became broken. I broke the hyperlink. I Broke The Web. Oops.

To be able to move my blog to a different hosting company without breaking the Web, my URLs need to stay the same. To achieve this, the URLs need to be under my complete control, which means under my own domain name. I learnt the lesson and moved it to blog.foad.me.uk.

When I next need to move it, I will adjust my DNS records for the URL blog.foad.me.uk to point to the new server, and so the URLs of all the posts can stay the same, and all existing links to them can remain unbroken.

Indie Web

I’ve been learning about Indie Web principles, and I’ve been playing with some specific techniques in practice, but the movement has a lot of catching up to do. Two big obstacles we need to overcome are the enormous “network effect” that makes it hard for users to escape from the dominance of the big silo companies, and the lack of good, open protocols and methods that are easy to set up and delightful to use. In order to overcome the former we’ll need to create the latter, and that’s something I’m getting interested in helping with.

Let’s go and IndieWebify.Me


* Data protection law in Europe requires Them to let Us retrieve all the data they hold about us, hence Google “Takeout”, Facebook “Download my data”, and so on. That’s something, but it does not make an Indie Web.

My Own Email Address with Forwarding

Part 5 of “My Own Email Address”.

I’ve set up my own julian@ email address with Fastmail.

I have set up my Fastmail account to forward all incoming emails to my Gmail account, where I can read them just as if they had been addressed to my Gmail address. By configuring my Gmail account to add my new address as an additional sender, I can also reply to those messages and send new messages with my new address in the “From” field. For offline use I have configured Thunderbird similarly with the new address as one of multiple sending “identities” attached to my Gmail account.

At first I set up a regular user email account with Fastmail, and tried it out for a couple of days. Their email web interface is very good, and their whole system seems to be well designed and what I’d call “sensible”, which is a term of high praise from me. However, I decided for the time being to do a minimal migration, only changing my email address, and not also migrating my mail storage to a Fastmail mailbox and using Fastmail’s web interface. There are enough issues to deal with just changing address.

Now I am happy that the new address is stable — I am not going to be messing around in ways that will break it — I’ll want to start using it. One tedious step is to change all my registrations on web sites. That won’t be so hard, because only six months ago I went through the same process changing to my Gmail address and creating new passwords, and I was careful to save the results in my password manager so I know where to find them all this time around.

But updating registrations isn’t a high priority. It’s more important to me that I use my own address for personal communication, where people will notice it. (Maybe I should send out a mass “change of address” email, though I hate those.)

Even more important right now is to be able to use my own address on software engineer job applications.

Choosing Email Providers

Part 4 of “My Own Email Address”.

Domain Name Registrars and DNS

I already registered the domain name foad.me.uk a few years ago through my ISP Andrews & Arnold. However that no longer seems like the most cost-effective way to do it, at £45 a year for one domain name, DNS and a basic web site.

Three big American companies are often suggested: NameCheap, DreamHost, GoDaddy. A consideration for me is whether they fully offer UK domain names, including “.me.uk” and the new plain “.uk“. It looks like NameCheap does, and looks like one I would be willing to use. DreamHost doesn’t offer “.uk“. GoDaddy does but has a reputation for sleazy advertising.

In the UK I like the look of VirtualNames for just domain name registration and DNS. They offer a much smaller range of other services such as web site hosting than do the bigger American companies, which is fine if I think separation of concerns is valuable. On the other hand, managing everything would be a bit easier and perhaps cheaper at an all-in-one service provider.

I’ve also been pointed to Gandi, a large domain name and hosting company based in France, which I like because it claims to support Free Software as part of its “mission”. It looks like a good choice for me.

The main kinds of UK domain name all seem to cost from around £5 a year from most registrars, and are some of the cheapest domain names around, compared with £10 or more for “.com” or “.org”, so price isn’t much of a factor.

Professional Email Services

Among many recommendations for high quality, low cost email services, a few stand out as being very widely recognised:

  • Google Apps (all office services)
  • Zoho (all office services)
  • Rackspace (all web services) / Mailgun (email only)
  • Fastmail (email only)
  • Pobox (email forwarding)

And Dave mentioned a very interesting alternative that is based entirely on open-source software:

  • KolabNow (office services)

I have used Google Apps at work, and like it and would recommend it for work. I ran a free trial of Google Apps for my own domain, and it works of course, and no doubt works well. The price is low at about £35 a year per user for a big set of services, but if I only use it as a mailbox and then want another mailbox or two for family members, or if I want to upgrade it in any way, it could get much more expensive. Much as I like Google’s products, I was getting that feeling of being sucked in to a single vendor’s huge system and pricing whims and becoming dependent on it.

Zoho I haven’t tried, but it sounds like a smaller company’s version of much the same thing as Google Apps. I should resist being lured in to their free account just because it’s free, as no doubt I’d sooner or later need to upgrade.

Fastmail was recommended by an open-source software colleague. I’m seriously considering buying either a full email account or a forwarding service from them. It seems like they care about providing an email service: it’s been the core of their business for a long time rather than just something their business does at the moment in order to attract customers. And apparently they contribute seriously to open-source software.

KolabNow (formerly MyKolab) is based in Switzerland and touts privacy, ethical relationship with customers, not tying you in, and being entirely based on and contributing open-source software as some of its main attractions.

The others I’ve only read about; they sound fine for what they are.

Helpful Articles

These are some of the most useful articles I found that give an overview of the range of options. This gives an overview of pretty much the same list of solutions as above:

https://iwantmyname.com/blog/2015/06/the-guide-to-getting-your-own-custom-email-address.html

This about a complex migration, including moving old emails from multiple systems to the new system:

Scott Hanselman: Migrating a Family to Google Apps from Gmail, Thunderbird, Outlook …

And this about setting up redirection (forwarding), particularly with Pobox:

Eric Mill (konklone): Take Control of Your Email Address

 

Free Email Services

Part 3 of “My Own Email Address”.

It would seem foolish not to look for a free email solution first, but in fact there are not many. Most of the suggestions I found from the last few years are no longer free. That suggests I should be cautious in choosing any free offering, as it will likely become paid in the future.

Registering a domain name is rarely free, and then only with an unusual top-level domain, not a common one like *.uk or *.com. Not practical for me.

There’s little need for a free DNS service as it’s often provided with domain name registration. The only one I found that I would be happy to use is Namecheap’s FreeDNS.

There are a few free email redirection (forwarding) services — e.g. Mailgun (by Rackspace) and Namecheap’s Free Email Forwarding which is available if I use their (free or paid) DNS services. I could use this to redirect my mail into my Gmail mailbox.

Incoming mail redirection is little use to me without an SMTP service, because I want to send mail from my domain as well as receive it. Free Gmail accounts used to support sending through their SMTP server but, like most others, they no longer do. The only free SMTP services I know of, that would allow sending email from my own domain, are

Zoho currently seems to be the only major provider of a free, high quality, own-domain email service. It seems to be similar to Google Apps. Of course the free account will have restrictions; I’m not sure how onerous these are.

Components of an Email System

Part 2 of “My Own Email Address”.

Plenty of articles list some steps to set up email at your own domain. It’s harder to find one that explains the principles of how it works, various ways to do it, and the pros and cons of each way.

The components we need are:

  • a registered domain name
    • foad.me.uk
  • domain name service (DNS) records
    • to direct incoming mail to my mailbox (or redirection service)
    • to prove the authenticity of outgoing mail
  • an SMTP server
    • to send outgoing mail
  • a mailbox (containing an “in-box” and other folders)
    • to receive incoming mail
    • to hold all my mail for this account (received, sent, drafts, etc.)
    • with IMAP and/or POP interface
  • (optional) a Web mail user interface
    • to send mail and access the mailbox from a web browser

The mailbox is the heart of a standard mail system. It is notable that the SMTP server for sending mail is a separate component.

Alternatively, instead of a mailbox, I could use

  • a redirection (forwarding) service

to redirect incoming mail addressed to my domain to an existing mailbox at another domain, such as my Gmail account. This kind of forwarding is not like the “Forward” function in an email client, but rather passes each incoming email message to a new server without altering the body text or subject or “From” header or (more or less) any other headers. The target mailbox will thus receive messages whose “To” address contains my domain name, not that mailbox’s domain name. The mailbox has to be willing to accept this.

No matter whether I choose to set up a separate mailbox or redirect mail into my Gmail account, my incoming and outgoing mail will look the same to other people: they will see my own email address not Google’s. It would just make a difference to the email headers which are normally hidden from view in most people’s mail readers.

The choice will, however, greatly affect how I read and manage my mail.

Each component listed above is conceptually separate, and in practice can be hosted and administered independently. However, it is usual to host some of them together, which tends to make administration easier.

I currently have both my domain registration and my DNS (as well as my web site) hosted by Andrews & Arnold. It’s usual for the mail-specific components (SMTP, mailbox with IMAP/POP interface, web interface) to be hosted by the same provider. When using redirection, however, some services support redirection of incoming mail but not SMTP for outgoing mail.

The components need to co-operate. In particular:

  • The registered domain name has an “NS” (name server) record attached to it, which tells everyone which DNS server controls the DNS records for this domain.
  • The DNS server holds the DNS records that describe all services attached to this domain name: web server, email, and anything else. For email, we need to put in “MX” records that tell other mail servers how to reach the mailbox (or redirector) for incoming mail, and other records for authentication and configuration.
  • The SMTP server needs to be willing to send mail identified as being “from” my domain name, and to “sign” it as such. It used to be common for any SMTP server that you were authorised to use, to be willing to send anything you asked it to send, but in recent years they have been much more locked down to control spam and abuse. In particular, I can’t use free Gmail account’s SMTP server to send mail from my domain name. (If I paid for a Google Apps account then it would let me do that.)
  • The mailbox needs to be willing to accept mail addressed to my domain. Of course if it’s a mailbox set up for this purpose then it will do. If I want to redirect mail addressed to my domain to my Gmail mailbox, however, I’ll need to check if Gmail will accept it.