Skip to content
This day’s portion

Webmentions and privacy

Webmentions provide a means for websites to notify each other when they link:

A Webmention is a notification that one URL links to another. For example, Alice writes an interesting post on her blog. Bob then writes a response to her post on his own site, linking back to Alice’s original post. Bob’s publishing software sends a Webmention to Alice notifying that her article was replied to, and Alice’s software can show that reply as a comment on the original post. W3C webmention Recommendation, 12 January 2017

As such, they’re a theoretically important part of the indieweb; instead of liking each others’ tweets, Facebook posts etc. on proprietary, billionaire-owned platforms, we can communicate across our own blogs.

Of course, in reality webmentions mainly allow us to track – and publish – how many likes and reposts we get on Twitter, Facebook, Mastodon etc. That’s pretty cool, but can just serve as a social signal. Look how popular I am with my 76 likes.

Anyway, I think webmentions – or rather, the process of duplicating online comments in another context, such as your website – pose several privacy questions. You could argue that once you’ve published something online, you can’t control where it’ll appear and that’s just what the internet is like. Someone could screenshot that tweet, or the Wayback Machine will take a snapshot. To a large degree, whether this is a concern for you depends on how much you want – or are able – to respect the original author’s right to edit or delete their comment.

When I post a link from here to Mastodon or it’ll send a webmention back should someone respond, whether that’s with a comment, like or repost. It’s good to be able to collect responses in one place, but the respondent probably isn’t aware I’m doing that. Isn’t this a bit, well, rude? You may well have a public social media account, but I’m willing to bet you’d respond differently on social media rather than in the more formal setting of a website – your social media account at least feels more intimate, or hidden even.

It certainly feels more temporary. Although we should be aware that publishing anything online anywhere creates a permanent record, it’s more findable by a search engine and presented more starkly as a comment on a blog post.

More serious questions are raised when we consider what happens if a comment is edited or deleted on social media. Thomas provides a possibly worrying example of someone who transitions after they make a comment that generates a webmention. Your implementation becomes important – is the commenter’s name and image updated, or does the pre-transition identity show, thereby linking the two? Similarly, let’s say you make a drunken, spectacularly ill-judged response to my website post (hard to think which one it would be, but bear with), and delete it from Mastodon, expecting that to be the end of the matter. Do websites respect your deletion, or continue to show the unexpurgated comment?

I’m not really sure how I feel about this, and I don’t even know whether the API honours edits and deletions, and whether my implementation does a lot of caching. I should test. What do you reckon? And yes, feel free to leave a webmention.

Liked this?

Consider subscribing to the RSS feed. That way, you’ll get notified whenever I post anything new. If you’re not sure about RSS feeds, I wrote a guide to RSS.

Previous post

Next post


Add a comment

Required fields marked * I won’t publish or share your email address. Privacy statement.

Comments are moderated and won’t appear straight away. Subscribe to the comments feed to see when new comments are published.


I have been mulling this over but the discussion on the other site to which you linked has me wondering who has the burden of responsibility. Maybe we need to remember that with great power comes great responsibility. The Internet gives us a platform that many of us would not have otherwise had. This can and has worked against many people but maybe that’s why we need to choose our words more carefully. We shouldn’t expect that our comments are being disseminated and archived beyond the confines of the platform on which we are posting, but we need to consider that it is happening regardless.

I have seen a number of screenshots of deleted tweets and no one ever questioned the ethics of taking a screenshot, but the controversial tweets remained subject to scrutiny. All in all, this is a pretty nuanced issue but ultimately when one engages in public discourse, maybe he forgoes his right to be forgotten. I say this as someone who wishes that he could erase his digital paper trail from time to time.



Yes, it’s a tricky one. I think it’s true to say that once you publish something online you probably have to accept that you’re not going to retain control of it.

But that’s quite passive if you’re the person wresting control of the comment from its author: my intent may be different from, say, the person screenshotting a tweet, but I’m still taking it without explicit permission.

I’m quite attached to webmentons on this website, not so much because of the social signalling (I get at most a handful), but because I managed to implement the damn things. But that’s not a reason in and of itself to keep them.


If I had a social media account, I would probably do the same regarding Webmentions. It’s a cool idea and like I mentioned before, it’s pretty much the only utility that any of us are going to get out of it since it isn’t implemented anywhere and it’s tedious to use manually. When I see a blog with mentions, they are from social media almost 100% of the time.

I think that there’s also something to be said about “owning” those reactions and replies. If Facebook were to shut down or if the Fediverse were to suddenly implode, you still a copy of the responses to a piece that you wrote. I am likely getting too tangential however as I know that a big part of the discussion at hand is mirroring comments to a personal site without the express permission of the social media users. Things that I said on IRC a really long time ago are probably logged on hundreds, maybe even thousands of hard drives somewhere and that is kind of disconcerting, but at least most people knew that by using IRC, you were inadvertently agreeing the possibility of that happening.


Comments and replies to this post from other sites and services, such as and Mastodon.

Likes (1)


Replies (4)

😷 Jan Wildeboer

@leonp What you discuss in your post is one of the reasons I use the purely client-side approach. If a comment/reply gets deleted, it won't show up on the next page load. I don't have to worry about that. @jwalzer

😷 Jan Wildeboer

@leonp You won't get all the comments, agreed. But you do get the link to the toot so you can still read it all :) @jwalzer


@jwildeboer @jwalzer That’s fair enough. I guess the other downside to clientside comments is that you don’t get them if javascript isn’t working.