My blog engine is now privacy-first

2026-07-15BloggingEngine UpdatesWebDevAccessibilityTransparency

A quick behind-the-scenes update on the blog engine itself. Since I launched this thing I've quietly added a bunch of features, and most of them share a theme: being transparent about how the site is made, and not leaking your data to third parties in the process.

I built this engine myself, with AI help, which is rather the point. So none of this is a changelog - these are choices I made on purpose. Quick tour of what changed.

A real transparency label

Every page now carries a small AI transparency label in the footer. It says, in plain terms, what a human did and what the AI did on this site - ideation and the actual writing are mine, the AI helps with engine development and polishing. This matches the whole spirit of the AICare toolkit I wrote about earlier: if I'm going to use AI, I should say so, out loud, where you can see it.

Automatic alt text for images

Every image I drop into a post now gets a written alt text - the description a screen reader reads aloud, and the thing you see if an image fails to load. It's generated automatically at build time by a vision model, but only when I haven't written one myself. If I write my own, mine stays.

The point is accessibility. I was forgetting to write alt text by hand, so I made the engine refuse to forget.

YouTube embeds that don't spy on you

When I link a YouTube video, it now shows up as a proper playable embed instead of a plain link. But it does NOT load YouTube's player - or its cookies, or its tracking - until you actually click play. Before that it's just a thumbnail served from my side.

So you can read a post with a video in it and YouTube never knows you were there unless you decide to watch.

Comments, powered by Mastodon

The big one. Posts can now have a comment section - and it's just Mastodon.

When I publish something, the engine posts a toot linking to it. Any replies to that toot become the comments under the article. No comment database, no Disqus, no third-party embed watching my readers. The comments load from Mastodon only when you click a button, and I sanitize everything before it touches the page.

If you want to comment, you reply to the toot. Your comment lives on your own Mastodon account, on your own instance. I don't own it and can't hold it hostage. That feels like the right way round.

Credit where due: I adapted this approach from Carl Schwan's excellent write-up, "Adding comments to your static blog with Mastodon". I changed a fair bit to fit this engine, but the core idea is his.

Smaller things

Link previews: posts now generate a proper preview card when shared (the image + title + summary box you see on Mastodon, LinkedIn, etc). If a post has its own image it uses that, otherwise a default.

Images are now self-hosted too - anything I reference gets copied into the site instead of hotlinked, so nothing breaks or leaks later.

The common thread, if there is one, is that I'd rather the site be a little more work for me and a lot more transparent with you. Next thing on my list is watching to see if anyone actually replies to that first toot.

Comments

Replies come from Mastodon. Reply to this post to join in.