Slightly OT but if I'm ever in need of a comprehensive list of alternatives to services, I'm just going to post that I'm building one. I just knew when I saw this post that the thread would be full of preexisting projects.
If you're ever in need of alternative methods of finding alternatives to services, you could always check out the alternatives to AlternativeTo page: https://alternativeto.net/software/alternativeto/
Neat! I checked out your source code, and if there's one comment I have, it's the way you query for comments. Currently, response times are around 300-400 ms for just 79 bytes of data. That's likely because you recursively fetch nested comments from a serverless function, which potentially has to make multiple network request to talk to the database. Coincidentally, a past Disqus employee has a great write up on the faster solution (recursive CTE): https://cra.mr/2010/05/30/scaling-threaded-comments-on-djang...
Regardless, great work! Choosing Svelte to hit that 4.7kb mark is super sweet!
Coral is definitely more focused on larger communities than it is for smaller sites. Mainly because of the multi-tenant, multi-site, and moderation features that allow it to be used for larger organizations!
(We're also hiring to work on this open source project!)
I wonder how many people who are using comments don't need comments. I have seen so many places where comments are enabled but even good comments are not replied to, especially when the post is from 5 years ago.
Also, trying to ensure the correct quality of comments is time-consuming. If someone asks "Why would I use C#?", it might seem low quality and won't be published but what if someone asks "You are using C# but Go would make a lot of this easier", it might warrant publishing and even a reply but how many people really want to start a long discussion with a stranger about the merits of different languages?
I would suggest that always show on screen the label of the input, is not a good practice put the label inside the input and make it disappear when the person start typing.
Absolutely. I was curious to see this practice encouraged by a document about UX design and the linked page actually lists all sorts of drawbacks for it and encourages using labels at the top or at the left of the input (right aligned to make the label close to the input).
When i click on "try it now", then click the browser's back button when seeing "log in with github" I and up at https://cusdis.com/dashboard and get a 500 error page.
Commento doesn't work. I tried to integrate it with my site a while ago. Didn't work. Got some server error. So I tried to contact the guy behind it. He didn't respond.
I'm the guy behind it. Was this with commento.io or were you self-hosting? I'm truly sorry it didn't work out, but if you want to shoot me another email, I promise to respond this time.
So there's a whole bunch of improvements actively going on the behind-the-scenes (essentially a Commento v2) and I hope to announce things soon. I know support has been lackluster and I intend to turn that around too. It's certainly not dead :)
> So I tried to contact the guy behind it. He didn't respond.
Did you buy support from the author? As the author of an unrelated open source project, I receive an enormous amount of messages from people feeling entitled to receive support for free on the pretext it's open source. Answering and following up on those message could well be a full time job in itself except it doesn't pay for my bills
I am sure the creator of Commento is happy you are here exacting vigilante justice against his customers for their imaginary entitlement.
I signed up for a free trial of his commento.io service, and immediately tried to integrate it with my static site.
When I ran into difficulties (bad responses from commento.io) I contacted support.
If I had got it working, I would have gladly paid him, and I would still be paying him.
I think I was within my rights to request a modicum of support during the free trial period for a paid product, and then to not pay for it when I did not receive a response.
In this context, I find your story about some open source project you have to be quite irrelevant.
The main advantage to Disqus (and other hosted solutions) is that their spam protection applies across all comment sections. You'll never get that with an open source solution.
Also one account where I can see all the comments I've left on the various sites with their replies. And if I feel like it, I can easily remove old comments - even after my nickname and/or email changed, I've deleted all my cookies and/or got a whole new system. I just need to be able to log into my Disqus account. And the site I'm commenting on doesn't know my email address.
You could use a closed source spam protection API from an open source project. Best of both worlds. Oh that is actually what Wordpress does with Akismet
Abuse is an arms race, so I'm not certain it can entirely be "open source". Someone has to man the servers to adapt as the assault develops. There can be tools that are open source, but without a foundation that is running services, it's just a bunch of dead end code.
Absolutely. I agree the key is less code than rapidly updated data. Source networks, browser headers, client behavior, target links, content markers. Spammers may be awful, but some of them aren't stupid. IF they discover something isn't working, then they'll change up their approach. And it can't be an open service, because you're just helping the smart ones to hide better.
The main thing is training a model. Every time you mark something as spam or off topic, it trains a model so that it can identify similar things in the future. You can train your own model, but it will work better with a lot of data.
Open sourcing it would be hard, because you'd have to trust everyone else to classify things correctly, or you'd have to review every input yourself. A spammer could easily sneak in a lot of false positives or false negatives to throw the entire model off.
Why is spam score always weighted as a single outcome and never as a population-based result? I mean, you’re processing more data, I get it, but it feels like that would be a model much more resilient to tampering, bad actors, and just different social norms.
For example, if one set of users started rating a specific subset of posts as spam, then those users could be bucketed together into a “doesn’t want to see message type A” group while others, who minded other messages, would be bucketed into a “No B-messages” group.
This would need to be applied selectively, as it could easily result in an echo chamber for normal discourse, but I would’ve given my left arm to have that sort of filtering available in the game during my WoW days. Those city spammers were unbearable!
I, of course, would have fallen into the “I don’t care how great a deal your Thunderfury, Blessed Blade of the Windseeker, is, I’m just here to socialize” bucket.
> Open sourcing it would be hard, because you'd have to trust everyone else to classify things correctly, or you'd have to review every input yourself.
There's not a way you could choose which people/groups you trust (and don't) to classify spam correctly? Don't open source adblockers work like this?
Don't they use some reasonably reviewable methods, like regular expressions? And, more importantly, reviewable volumes? Also, an ad blocker can always have a debug mode, where it can show you a rule that removed the element.
With ad blocking you have none of that. Gigabytes of text go into training, kilobytes of inscrutable numbers go out. And all the debug info you get is how certain the computer sounded saying no.
Disqus has passable spam and toxicity detection (the latter via a third party) but many sites don't bother to make use of it. As a result a great many disqus comment sections are absolute cesspools of spam, bigotry, and threats of violence.
Sadly not anymore. There are click farms in third world countries that will solve 10 captchas for a penny. Not to mention how many people will just not leave a comment if presented with a captcha.
reCAPTCHA v3 just gives you a score, and you have to decide what to do with it. This means that you should never under any circumstances use reCAPTCHA v3 as a gate with no alternative—otherwise you will certainly be preventing real users from using the system with no recourse, which will regularly have at least theoretically dire legal consequences.
Also, I get the impression that reCAPTCHA v3 is waaaaay less smart than people think. At a small scale, it’s near trivial to tweak your browser so it’ll give scores at opposite ends of the spectrum.
You’re confusing multiple badly named products by Google. You’re thinking of Invisible reCAPTCHA rather than reCAPTCHA v3.
reCAPTCHA v2 is the “I’m not a robot” checkbox widget followed by challenges if Google doesn’t like you.
Invisible reCAPTCHA is reCAPTCHA v2 but the site initiates verification instead of the user being given an “I’m not a robot” checkbox widget to click; but if Google doesn’t like you, it’ll still trap you in the purgatory¹ of puzzle solving. Site operators can then blame Google, for all the good that does. “Invisible reCAPTCHA” is a bad name for the product, because it’s not invisible.
reCAPTCHA v3 never presents a challenge for you to solve, but decides a score (in practice, I’ve only seen 0.1, 0.3, 0.7 and 0.9) where higher means Google’s feeling more friendly towards you, and it’s up to the site operator to decide what to do with that score—whether to simply deny access to people that Google doesn’t like (catastrophically bad and widely illegal, as it blocks legitimate users with no recourse) or to do something else. But now the liability for blocking real people is clearly with the site operator and not Google. But of course far too many people will ignore Google’s “don’t gate on this alone” direction and just see the higher version number and assume it must be better than reCAPTCHA v2. “reCAPTCHA v3” is a bad name for the product because it’s not a CAPTCHA, as there’s no challenge; it’s straight fraud detection.
They shouldn’t have called it a “challenge” there. It’s not a challenge; it’s just executing the verification function. Chalk up another one for harmfully incorrect terminology. (Admittedly “verification” is also an overloaded term, as it gives you a token which your backend subsequently needs to verify.)
(As they confirm near the start of the document, “reCAPTCHA v3 will never interrupt your users, so you can run it whenever you like without affecting conversion.”)
It doesn't appear automatically, it's programmable [1], you as a developer decide what to do with a low score, you could ask for extra verification for example. I agree with the tracking and privacy issues with ReCAPTCHA.
Not to rely on it, but I've implemented ReCAPTCHA v3 on a couple of websites and got under the impression spambots are detecting and skipping websites who have implemented it altogether.
I'm maintaining a list of commenting systems [1]. It's great to see more alternatives coming up every few months. I've just updated the list with 3 new projects from this thread.
I worry about the echo chambers people are subjecting themselves to when something with applicability as general as a commenting widget requires a GitHub account to sign in. That's narrowing it down to a subset of a subset of one's audience.
It's a trade-off. GitHub comments are free and rather easy to set up and maintain. If I had a highly developer-centric blog or even a blog supporting an open-source project, using GitHub as comments is a perfectly fine solution. But sure, this solution is limiting your target audience.
Cactus isn't really the fediverse though: I consider (maybe mistakenly) the so-called fediverse to be broadly activitypub-based, while cactus leverages Matrix.
Comments need moderation. The blockchain/decentralization ain't great for moderation... And not everything has to be "discoverable" (= have a public database)
Unless you're fine with re-inventing known best-practices ofc.
Being decentralized is orthogonal with moderation. You can for example allow people to post to some rooms that represent the blog posts threads, and keep yourself as admin and moderator there.
How would you make a comment system decentralized? Like where would they be stored? Genuine question by the way, I'm not familiar with decentralized computing.
Presumably the comments would be sharded and encrypted. Then each those chunks would have a hash generated for it, and each chunk would be stored as transactions on a blockchain, or more likely multiple blockchains for redundancy.
This is how the blockchain storage companies do it.
Decentralizing Disqus is trivial. Just go back to each blog has its own local comment system with commenter identities disconnected from all other sites they comment on or even anonymous. There's no reason you need a single global identity and storage backend for all content sources that support commenting.
It can even be otherwise identical to Disqus except self hosted.
The edit box doesn't seem to indicate what sorts of markup, or "url looking thing is converted to link", etc, is available. Might be good to have a little help box to explain what's allowed/supported, even if that's just text.
Edit: I now see the "support markdown" commit. You might want a "preview" button so people can see what they have. At the moment I see only a "Post Comment" button.
Also, does it understand the concept of canonical urls so that pages that are the same one, but with different urls, share the same comments? I searched the repo for "canonical" and didn't see anything.
Can I suggest you add something of an architecture diagram/flowchart od the website? Just a little something that illustrates what the frontend talks to, where the data is stored, that sort of thing?
Thanks for you feedback! I will add a `how it works` in the document later. But I'd like to answer your question here first.
Since Cusdis was designed for self-hosted, the data should be stored in your own server. The Docker image provides both sqlite and pgsql options. Then the comment widget that embed in your web page talks to this server through a http call, which fetch all the approved comments and display them.
The "Try it now" is a demo server that I've hosted for the people who want to just look around what is it look like, it's not scalable and shouldn't be used in production yet. It run in my vps on Digital Ocean, data is stored in this vps with a pgsql instance.
I was thinking about this recently and really like the idea. You get the benefits of spam filtering, and it would work on any device with no JS or anything (“Leave a comment”/“Reply” button is just a mailto: link).
i am working with a platform that makes this possible. it is essentially an object storage that works as a backend to your website. every object (such as a blog post) can be annotated with messages, and these messages can be sent by email, so that effectively every object gets an email address. it has a permission system to control who can create annotations which allows you to turn off email access on any object. it also has an imap interface for those with an account on the backend to access the discussions from your mail client.
the platform itself is stable and in production. the REST api needs some work to support accessing comments and a frontend for comments needs to be built.
unfortunately, i lack the resources to work on this right now with family and paid work taking priority.
the platform is licensed as GPL2. it was created by a german university, and i forked it after they stopped development on it, and added the REST API myself.
frontends using the REST API could be in any license of your choice, since the code would not be derived from the backend.
the implementation language is pike. (a language similar to python, but with C-syntax)
adding new abilities to the REST API should be easy enough, by looking at the existing API code. though i'd also like to create a graphql API.
The reliance on JavaScript is a big turn off for me with these third-party comment systems, and why I stick with what WordPress provides by default—with a few modifications to increase privacy.
The ideal comment system for me would use the mailing list feature from SourceHut[1], with each post on a blog having their own list and using the In-Reply-To and Message-Id headers. SourceHut already exposes forms that sends emails to mailing lists and is open source, so I guess someone could probably look into their implementation to make this happen.
Honestly, I would pay a good amount of money to licence something simple like this on a per-website basis, as long as the code is open source and the back-end is self-hostable—extra points if the developer includes a well-written WordPress plugin.
I might look into writing a WordPress plugin that implements this idea. However, because I really like the idea and working with email in general—in no small part because of aerc[2]—, I am obviously biased towards it, so my opinion my not be the best one. Heck, maybe there is no market for this at all.
The biggest reason why this idea will forever live in a drawer in my mental desk, however, are the privacy and potential GDPR issues; after all, anyone who leaves a comment will now have their email address exposed. I am not sure how to resolve that one.
Oh, I'm sorry about that. French wording sometimes slips trough my keyboard (mail can only mean e-mail here, though there is the new recommended "courriel" that I quite like). Glad you figured it out x)
There are a lot of efforts to topple Disqus for precisely those reasons. I released my Disqus competitor 2 years ago and its userbase has continued to grow like clockwork every day. It may seem like a saturated market on the low end, but there's a real need for projects like these!
I did some back end work and intense moderation for a large scale commenting/discussion site. I would like to chat with you about the spam /moderation 'con' you have listed in the documentation. I have a hefty set of semipolished ideas in that space that I would be happy to give to someone who can actually use them. I couldn't find a way to send you an email or message. If you are interested, feel free to reach out security at myusername .net.
I created a paid version here at https://blogstreak.com but I don't think it's taking off. I am planning to add marketing blogs but let's see in a month.
Honest question: What separates your tool from the rather established Disqus premium alternatives? Remarkbox, JustComments, CommentBox, HyperComments, GraphComments, FastComments, Hyvor Talk and ReplyBox? Some of those have been around for a few years now.
imho the most important part of comment systems is the formula to appeal bans. False positives are going to happen and you cant just randomly remove people from communities out of convenience.
I have been tinkering about the idea of building open source disqus alternative for few months now. I guess I missed the train already:D Do you have any plans to monetise this?
That's a train with a busy time table. Every software engineer who ever wrote a comment on the web, got an idea how to make our better at some point. And it isn't a problem with a high barrier to entry.
The interesting, for me, part is the antispam. It is also silly hard, for obvious reasons. A big part of why Disqus is hard to replace is that they're doing a great job with it. Only once you clear that bar, you can think of successful monetisation.
Monetization can also be a problem if you don't provide enough tiers for users (same as any hosted web analytics alternative to google analytics).
I.e: my blog has like... 200 visits per month? I don't have comments right now - only link to twitter/reddit - but I expect I would have a dozen comments per month, tops. At this point I don't even care about anti-spam, but if a tool asks me $10 a month, I can't justify paying it. Make it $1 and I'm in.
I love this project and I'd love it more if there was a discription on landing page about WHY it is privacy-friendly (as it seems to be one of the greatest benefits).
Integrate it with ghost. There aren’t many options for us building communities on Ghost for commenting. Cove.chat but the experience is less than premium IMO.
You can enable JavaScript in Chrome the following way:
1) On your computer, open Chrome.
2) At the top right, click More. Settings.
3) Click Privacy and security. Site settings.
4) Click JavaScript.
5) Turn on Allowed (recommended).
Not to put you down, but I think you should differentiate yourself well from Discourse (https://github.com/discourse/discourse), as it is pretty popular with the open source communities.
Hi. Discourse is a discussion platform (forum), while Disqus and Cusdis are comment widget that embed to existed website (like embed in blogs). I think they are not the same.
Discourse is heavier as a forum, certainly, but it supports embedding in sites as a comment section, and will generally do useful things like "automatically create a new topic of discussion from the post."
I agree that it's exceedingly heavy for comment only use (and generally requires user accounts), but if you're trying to build a community that also has blog posts, the two do integrate very nicely.
