- Open-source as much as possible
- Use modern versions of simple, reliable, "boring" technology
- Keep the site lightweight
- Code quality is a priority
- The site is the main mobile interface, not an app
- No limits to logged-out browsing
Open-source as much as possible
Similar to the "privacy by default" principle that comes from Privacy by Design, my goal is "open-source by default". That is, the default state of all code for Tildes should be open-source. There should need to be a strong justification to not open-source something.
Tildes is licensed under AGPLv3. My reasoning for this is that it seems to be the only established license that will ensure the code (and anything built on top of it) will always remain open-source.
This isn't because I believe that Tildes's code is valuable or to prevent it from being "stolen". It's intended as a commitment, similar in many ways to organizing as a non-profit. It means that anyone that contributes code to Tildes can do so knowing that it can never be closed off, for profit, or any other reason.
I recognize that there are many companies that consider AGPL-licensed code too risky to use, but I don't think that's much of a concern for a project like Tildes. I think that would be an important consideration when choosing a license for something like a library, but it's not very relevant for a service that will probably not be widely re-used.
Use modern versions of simple, reliable, "boring" technology
There should need to be an extremely compelling reason to use a new or less-known technology to implement something if it could also be done with one of the reliable ones already being used.
This will, also, make it easier for people to understand and contribute to the open-source code when there are fewer pieces involved and the ones being used are generally well-known and well-documented.
Here are some of the main technologies being used on Tildes:
Keep the site lightweight
The average file size and "weight" of web sites has become a bit ridiculous. In April 2016, it was pointed out that the average page was now larger than the game DOOM. About a year later, Dan Luu did some testing and went into this in more depth after noticing that the majority of popular sites on the web wouldn't even load on a slow/unreliable connection. Since he wrote that article, page weight has grown by another 20%.
Code quality is a priority
Especially as an open-source project that wants contributions, it's important to ensure that Tildes's code is generally high-quality, easy to understand and modify. Similar to deliberately choosing simple technology, code should also be written simply whenever possible.
The quality of Tildes's code is kept up through code review and enforcing strict code style (by using Black) and commenting standards, as well as additional tools like mypy to require that all functions use Python's new type-annotation system.
The site is the main mobile interface, not an app
Tildes is a website. Your phone already has an app for using it—it's your browser.
Tildes will have a full-featured API, so I definitely don't want to discourage mobile apps overall, but the primary interface for using the site on mobile should remain as the website. That means that mobile users will get access to updates at exactly the same time as desktop ones, and full functionality should always be available on both.
No limits to logged-out browsing
Tildes won't have limits or roadblocks to browsing the site without logging in. Sites that do that are usually "growth hacking"—trying to boost their user numbers by using tricks to force people to register even if they don't really want to. Since Tildes does not care about growth, there's no reason to do this.
In fact, from a technical perspective it's far easier if more users are logged-out. It's often possible to serve all logged-out users the same static copy of a page, which is very lightweight to do.
The idea is that the essential part of a site should also be the most reliable—the HTML. The "higher" layers are still important for adding design and interactivity, but the site shouldn't completely fall over without them, because they might fail or not be applied for various reasons.
Zero third-party scripts/assets during normal use
Currently, the only page that includes any third-party assets at all is the one that redirects to a Stripe Checkout page when making a donation. This may be required again for some other donation methods or other very specialized uses, but in general there shouldn't be any third-party scripts or assets used on the site.
This means that when people are using Tildes, their device is communicating only with Tildes servers, not other companies that are tracking and collecting their data.
Tildes has been built to be used 100% over HTTPS. It has an A+ from the SSL Labs test, and uses HTTP Strict Transport Security (HSTS) to ensure it's always accessed securely, including being on the HSTS preload list.
Restrictive Content Security Policy (CSP)
Tildes utilizes an extremely restrictive Content Security Policy to eliminate the possibility of cross-site scripting (XSS) and various other web exploits.
XSS attacks, generally, happen if a malicious user discovers a way to get a <script> tag onto the site (usually by finding a loophole in how user-submitted text is processed). With the restrictive CSP used on Tildes, even if someone does discover a hole and manages to inject a script, the CSP will prevent it from having any effect.
The CSP on Tildes is quite close to the most restrictive one possible (while still allowing the site to use self-hosted scripts, images, etc.), and gets a perfect score on Mozilla's Observatory test.
You can propose changes to this page by editing the copy of it available in the wiki for the ~tildes.official group on Tildes itself.