
Show HN: JavaScript-free personal bio hosting - mrkn1
https://plumebio.com
======
elondaits
I really hate the statement "built-in privacy: this site does not use any
javascript", because privacy is not specifically violated by JS, and you can
track (or 3rd-party track) without JS just fine. Their site clearly does not
need JS, but this misinforms their audience about privacy and safe browsing.

Also, according to their Privacy Policy, they collect your IP (for
Geolocation) and browser type... two pieces of data that are, in a great
percentage of cases, enough to identify someone.

~~~
superkuh
I really hate the people talk about 'collecting' IP addresses or getting their
"IP address exposed". There is no risk in anyone knowing this, not to privacy,
not to security. This is how the internet is meant to work. A bunch of equal
nodes.

Just because mega-corps and wireless telcos have gimped the wildly popular
mobile computers and taken away their ability to interact (no ipv4, no ports,
not much beyond web) doesn't mean interacting directly is bad or unsafe or
giving away some 'secret' information.

No, we need more people directly interacting with other people via the
internet protocol. We desparately need widespread ipv6 adoption so that
everyone can have their own IPs and expose them all to each other in the
emergent network we call the 'net.

This 'IP as privacy risk' is scaremongering and very unhealthy.

~~~
devwastaken
Absolutely not. You are entirely wrong on this one to a level of causing
dangers to others. An IP address, to a court, to officers, is you. That's not
an opinion, that's a fact. Proven by the countless number of times people have
doxxed YouTubers by simply calling in fake terrorist threats to their police.
ISP's know where that IP is routed to, and they will cooperate with
authorities. Police can track even cellphones in real-time 10 years back.

Plenty of civil cases use just IP's to prove copyright infringement. That's
how BitTorrent cases catch infringers, regardless of who actually did it.

Watch Leonard french on YouTube, copyright attorney, it doesn't matter to
judges in Pennsylvania wether an IP is a person or not. They say it is, and
thats good enough.

That's why discord was created. So everything is proxied and safe for
streamers and anyone online. Maybe you don't involve yourself so you don't
know any better, but I've seen it happen, personally, friends get stalkers
from the online world simply because the game they played was P2P, or the
server admin for vent/teamspeak was a total creep with their friends.

It's not how it should be, but that's how it is.

~~~
saagarjha
Discord itself has a fairly concerning policy with regards to cooperating with
law enforcement.

------
adingus
I like the idea but I don't see how being Javascript free is a good value
proposition here. If I'm looking to hire or find additional information on a
person, the way the page is implemented won't be important to me (especially
if Im outside of the tech industry).

~~~
mcny
Personally, I think no JavaScript means no third party tracking. Also
requiring a .edu email is a good start.

~~~
flavor8
> Also requiring a .edu email is a good start.

Not really, unless the intent is to discriminate against immigrants to the US
/ people outside the US / people who went straight into a career from high
school.

~~~
mbreese
It looks like the service is targeted at students (US based) and academic
researchers. If this is the case, the the email filter makes sense...
especially for a launch. It’s not perfect, but a good start.

Why assume nefarious motivations?

~~~
mikro2nd
Not necessarily nefarious, just myopic.

------
harryvederci
Nice! I'm creating something similar[0] in Clojure, as my first attempt at a
Clojure project. It's still super early stage, but the author of plumebio is
free to run it and get inspiration from the generated CV html/css page.

If I have more time, what I'd strife for with this project is to become a
competitor of LinkedIn (e.g.), but with only private profiles. Companies are
then charged when they query for people with skills/certificates that they are
interested in. Or they'll pay a subscription for unlimited querying. Users
know they are not tracked by the platform itself, and companies that query
users agree to a (TBD) license that limits their usage for HR goals.

It'll provide public statistics on what companies query for, so if users with
Java experience see that Kotlin is queried more than Java, they'll have an
indication of what skill to invest their time in. (Just an example.)

[0]
[https://github.com/harryvederci/resumator](https://github.com/harryvederci/resumator)
(Any Clojurians that find this subject interesting, feel free to contribute.)

~~~
Shared404
Interesting idea for a business model. How would you get users on board
though?

~~~
harryvederci
For now I'm creating it as a tool that I'll use to generate my own CV +
website, so even without the whole "compete with the likes of LinkedIn" idea,
I'll get value out of the time I invested in it.

The next phase will be to share it with colleagues and friends, to get some
early feedback going. Then I'll expand it from a self-hosted website (/ tool
to generate your CV from your local machine) to a hosted platform where people
can sign up.

Then I'll probably first market it to a business sector (/ Reddit groups e.g.)
with a higher-than-usual amount of privacy-concerned people. Then branch out
if it's successful.

Note that I'm just brainstorming here, it's not like I've done something like
this before myself.

What I'd like even more than trying to turn this into a profit-oriented
company is to do something more philosophical/political. Hear me out:

1\. Create the Resumator tool, and turn it into a platform, as described
above.

2\. Create a charity organisation that owns the platform, uses the generated
income to maintain it, and invests into other like-minded charity
organisations.

3\. Get governments to support the platform + foundation. They could even
self-host Resumator themselves, and make it mandatory for recruitment to be
done through the platform. Right now, if a Dutch organisation needs a Java
developer, they can create an "easy apply" LinkedIn vacancy. A (probably also
Dutch) Java developer now has to spend spare time (or even time in which they
are supposed to be working for their current employer) searching LinkedIn for
that vacancy. If they click it, the organisation that posted the vacancy pays
Microsoft (/LinkedIn) money. So a Dutch employee was less productive because
they had to search for a new job instead of just getting an offer, a Dutch
company had to pay money to hire that employee, and now the previous employer
will pay LinkedIn (/competitors) money. When will the government realise that
this money that is going to $usa_based_company can go to its own tax paying
citizens?

0\. And at the very least, create an API standard for CVs. It's strange to me
that it's 2020 and we still have to share PDFs to get a job, where each CV has
a different layout, and the person reading it has to look for the relevant
section again and again. And often after that, we still have to create a
Workday/whatever account and put in the same information again.

Edit: Oh and no more of this "talking to independent recruiters" nonsense.
Companies can query for profiles themselves, no need to add more middle-men in
between that add no value whatsoever.

~~~
Shared404
Seems like a solid plan. Good luck, I'd love for this to take off.

Edit: Bah, brainfart. Do you have a repo where I can follow this?

~~~
harryvederci
Thanks! This is the repo:
[https://github.com/harryvederci/resumator](https://github.com/harryvederci/resumator)

------
Abishek_Muthian
Congratulations on the launch!

I would like to inform anyone working on such bio website that there is a need
gap for a universal employee verification system which works to independently
verify employee experience even if the former company has shut its shop[1].
LinkedIn could have addressed that problem, but it chose to become another cat
videos platform(I personally have nothing against cats).

[1][https://needgap.com/problems/54-better-employee-
verification...](https://needgap.com/problems/54-better-employee-verification-
system-verification-employment) (Disclaimer: My problem validation platform)

~~~
CaptArmchair
I clicked on your link and read the problem. It's the problem of asserting
authenticity of a claim all over again, and doing it in way that can be
trusted by both parties.

An applicant makes a claim about a former position, but there's no way of
verifying the veracity of that claim. There's no notarized and properly
archived record which allows verification of the authenticity claim.

So, any 3rd party service that claims to be able to verify authenticity
invariably acts as a neutral, impartial, trusted authority. In essence, this
what a notary or notary public does in the analogue world.

If such a service would be a private business, it's impartiality can and will
automatically be contested - as per your example in the link. You could look
towards the public administration and set up a publicly governed system (e.g.
tied to public pension rights) which registers employment. But such a system
would also come with a few fundamental questions regarding trust and privacy.
And finally, you could look into a distributed network of actors verifying
each other through block chain technology, but that still doesn't solve the
problem of governing those actors and how they behave.

In my corner of the world, employers are legally obliged to hand out a signed
form to leaving employees that confirms their erstwhile employment. It's
entirely up to employees to produce those copies when asked to verify the
claims they make on their resume, and employers are free to take this into
account as a formal condition to consider an applicant. It's also up to
applicants to seek and reach out to their previous employers and secure a
document if they didn't receive one, even when those have dissolved. This
system puts the responsibility entirely with the employee, which may,
arguably, be the best of all the bad options out there.

~~~
Abishek_Muthian
Good points, I agree with all of them. A private organisation which hosts a
universal employee verification system requires utmost trust and
accountability. Making organisations accept its authority on it as a private
organisation would itself be a huge problem to solve.

>In my corner of the world, employers are legally obliged to hand out a signed
form to leaving employees that confirms their erstwhile employment.

It is common in my region as well. But the issue as the person who posted the
problem says, is the 3rd party independent verification companies which verify
past experience of a candidate on behalf the future company; they have no idea
about how a email system works and require email from a company which has long
gone.

------
weltensturm
How does "built-in privacy" hold up when the bios are basically public?

It looks like the generated links are just based on the person's name as well,
so it would be pretty easy to find a lot of people fast. Letting the user
generate UUID (or something) based URLs that are valid for a limited time only
should be standard.

------
OmarShehata
I am suspicious at the lack of a "pricing" tab. It's free of ads, they won't
sell my data, they're "here to help me" \- so who's paying to maintain this?
Should I use this if I don't know it will still be around in 3 months?

------
factorialboy
This webapp seems extremely trivial, unless there is some long term play to
take on the likes of LinkedIn?

~~~
DarthGhandi
You need js to copy everyone's clipboard ;)

------
memset
I think this is a neat project - congratulations on getting it out there.

I would _love_ for the page to have more polish - maybe you could do it all
using CSS and not JS :) about.me does a good job of this. I say this as a
grudging backend developer: the "designy-ness" really does work to help any
page seem more credible.

Curious: is it your intention to make money with this project? On the one
hand, awesome that you're doing this for free and presumably trying to get
users. On the other, I myself would worry that the service "might go away one
day", and although charging doesn't prevent that, it may be useful to find
some way to better communicate the trustworthiness of your application not
just in terms of privacy, but longevity too.

Nice work!

~~~
Shared404
I actually really like this look, see [https://git.sr.ht](https://git.sr.ht)
or [https://100r.co/site/home.html](https://100r.co/site/home.html) for
similar aesthetics.

------
solarkraft
> Academic email (.edu), to verify your affiliation.

Uh, why? And since it's just a free text field, what makes it better than me
just hosting something on my own?

------
tyingq
There appears to be some issues with scrubbing input data (or escaping it when
output): [https://imgur.com/a/IUBHLsa](https://imgur.com/a/IUBHLsa)

------
rushikesh98
Can you support ".ac.ccTLD" as well? Many countries [1] use that for
educational institutes.

    
    
        [1]: https://en.wikipedia.org/wiki/.ac_(second-level_domain)

~~~
foepys
If OP really only wants to allow academic email addresses, they could use the
domains from JetBrains' swot repository:
[https://github.com/JetBrains/swot/tree/master/lib/domains](https://github.com/JetBrains/swot/tree/master/lib/domains)

~~~
captn3m0
This likely uses swot as the data source, but offers an API as well:
[https://github.com/Hipo/university-domains-
list](https://github.com/Hipo/university-domains-list)

------
GrumpyNl
I would be surprised if a page like that needed JS at all

~~~
skinkestek
No ordinary pages _need_ JS.

Sadly the majority of newer ones never seems to have got that memo.

~~~
GrumpyNl
So true, that could be a simple static html page.

------
amelius
I'd love to see something like this replace LinkedIn. But I guess it needs a
few more features before that happens.

~~~
whalesalad
Microsoft owns LinkedIn and GitHub. GitHub has “profile readmes” now. I expect
us to (unfortunately) trend this direction.

------
sally1620
Most people would just use their github profile and readme. It tells a better
story.

------
upofadown
It would be nice if there was something like this that worked with PGP
identities. The public version could just be indexed off the fingerprint. The
private version would have to involve signing something, probably just the
fingerprint.

~~~
ytjohn
Keybase doesn't do this explicitly, but would be in a good position to do so.
It's all about identities, including PGP keys. The profile page currently only
shows your identities elsewhere, but they do have a "public folder" which
could host a bio. They would need to do something similiar to Github profile
readmes so that a specific folder or files show up on your profile. They might
even have that as a feature and I'm just not aware of it.

\- profile page: [https://keybase.io/ytjohn/](https://keybase.io/ytjohn/)

\- public folder: [https://keybase.pub/ytjohn/](https://keybase.pub/ytjohn/)

\- github profile readme: [https://www.aboutmonica.com/blog/how-to-create-a-
github-prof...](https://www.aboutmonica.com/blog/how-to-create-a-github-
profile-readme)

UPDATE: They do let you create a homepage with an index.md or index.html.
([https://ytjohn.keybase.pub/](https://ytjohn.keybase.pub/)). However, you
would be on your own getting the information from your profile page onto your
public webpage. You would just be hosting a static page and not benefiting
from the verified identity portion on the profile page.

~~~
searchableguy
After zoom acquisition, I ditched keybase and I think a lot of keybase users
feel the same way. [0]The original blog post didn't inspire much confidence in
the future.

0] [https://keybase.io/blog/keybase-joins-
zoomffering/](https://keybase.io/blog/keybase-joins-zoomffering/)

------
munna77
how to find new people . Even after creating new account it is not showing any
people or explore page

It is remaining as the same but with log out button that's it nothing is
coming up

------
6510
Put your name on the website and tell the user who you are. The privacy pitch
is silly if the user is to share his data with faceless nameless entities.

------
benrapscallion
The “Mark” example links to papers where Mark isn’t an author.

~~~
julianlam
Fake it 'til you make it! I imagine they don't actually have a published
author on the site yet?

------
janaagaard
I know this is pretty harsh, but seeing justified margins immediately makes me
hit the back button.

~~~
pyentropy
Do you mean container margins? The text is left justified and I don't see any
difference between that site and HN.

~~~
montroser
The text is treated with `text-align: justify`, which can look pretty rough in
small screen sizes where you have fewer words per line. In my opinion, it both
looks bad and hurts readability.

