What Securepub does
Securepub enables a host to create an engagement where they may discuss topics and content with other members privately and securely. All members join engagements via invitation links created by the host and shared with guests.
Members are considered "invited" members until they agree to the terms of the engagement and secure their invitation link by choosing a private Userbase username and password.
Members may examine the metadata of any content shared with them, review the contents of unrestricted content and exchange comments with the host before accepting or agreeing to any terms.
Once becoming "accepted" members by agreeing to the terms of the engagement, members may review any restricted content shared with them, discuss existing topics and/or create new topics to discuss with other members.
Why use Securepub?
Securepub is intended for use cases such as:
| Scenario | How it helps |
|---|---|
| Employment negotiations | Securepub enables members to exchange documents covered by NDAs, review work samples, discuss offer details and negotiate terms privately. |
| Compliance review | Securepub members can exchange and discuss certifications, leases, registrations and other kinds of documents containing private information. |
| Private consultations | Securepub members soliciting professional, legal or medical advice can share private details with their service provider. |
| Secure side-discussions | Securepub can help people using other collaboration tools (such as Slack, Teams, WebEx or Zoom) safely share information knowing the administrators of those corporations won't be able to access or misuse their data. |
How Securepub does it
The Securepub site is a collection of Single Page Applications (SPAs) ↗︎ each of which runs entirely in the browser. All information is managed in Userbase databases created after a host signs up with a new userid and password.
To ensure users of Securepub maintain sovereignty over their data, Securepub is a "BYOUB" - a "bring your own Userbase" application. It only uses AppIds and credentials users provide to helps them collaborate. Users own and have power over their data at all times. They may freely access their data with any Userbase client which understands the Securepub database design.
More specifically, Securepub facilitates sharing and discussion by providing a thin UI above the Service Worker API ↗︎, the browser Cache ↗︎ and the Userbase SDK ↗︎ as shown below. Securepub relies on Userbase's data sharing API ↗︎ to ensure users may only access content and topics shared with them. Securepub records no information about engagement members or content apart from what is visible to members.
What is needed to host it?
Securepub is a simple collection of static html and javascript files which will work when served from a place which does not prohibit the Userbase SDK ↗︎ from communicating with userbase.com via Cross-Origin Resource Sharing (CORS) headers.
This means Securepub won't work if published from a service like Sourcehut ↗︎ which prohibits javascript from connecting to any external sites but should be fine if served from less restictive providers.
It is currently published on the securepub.org domain with GitLab Pages ↗︎.
Can I just run it locally?
Yes! Just download and extract the sp.zip file and run the
local.sh script from the extracted sp directory to serve Securepub with a local python server on
ports 8000 and 8001 or feel free to use whatever http server you prefer.
Except for URLs the bundle contains the same content served from GitLab but note that two ports are necessary to ensure content users share with each other via Securepub runs from a different origin than Securepub itself.
Note about local URLs
One practical issue running Securepub locally is that it will generate local URLs starting with
http://127.0.0.1:8000 for members when run this way. Recipients won't be able to use these directly from
their browser unless they also running Securepub locally but they can always easily they enter the URL directly from
Join page of securepub.org or any site serving Securepub.
Development mode
As described in the development section, you can also run Securepub the way the author does by
- cloning the Securepub source repository with git
- installing the prerequisite software and
- running just ↗︎
What is not completely encrypted?
While Userbase ensures all data outside the browser is encrypted so that only those with credentials can access unencrypted content, the operators of the Userbase service can see some metadata such as Userbase usernames and storage details like the size of the encrypted data. Userbase operators also have the power to delete users and databases.
What about tracking?
static pages on securepub.org
Visits to the Securepub static pages hosted on the securepub.org domain are aggregated by a Goatcounter ↗︎ script unless visitor browsers specify Do Not Track (DNT) ↗︎. These visitor aggregates are public: click here to view ↗︎
members
Within an engagement all members may view various statistics about their activity and the activity of other members. Members can see the number of read and unread comments by other members.
Securepub provides these views to help members guage interest in topics, see how active all members are and help them know if they've been ghosted by other members.
content
Securepub does not track or restrict tracking of any content shared between members other than what browsers enforce. Securepub leaves it up to members to examine content shared with them and choose whether or not to engage with it.
What doesn't Securepub do?
At present Securepub can not do the following:
| What | Reason |
|---|---|
| Author content | Securepub assumes the host can use any existing tool, service or SSG to prepare their content. Securepub makes no effort to duplicate functionality provided by services and tools like TeleportHQ ↗︎ or Zola ↗︎. |
| Work without an internet connection | Securepub is not (yet) a local first ↗︎ application. Securepub won't function when it can't connect to Userbase. |
| Charge users, meter usage or collect fees | Securepub hosts can provide their own means to do this in the content they share. They may also leverage Userbase's integration with Stripe ↗︎. |
Future versions of Securepub may add or improve support for these.