
Show HN: Commento: a fast, privacy-focused alternative to Disqus - adtac
https://commento.io
======
adtac
Hiya, creator here. My original post from April 2017 [1] when I released
Commento as a self-hosted software received fantastic feedback, but the single
most requested feature was a hosted service because it's not always convenient
to maintain a server. Plus, it'll never be a proper alternative to Disqus
unless there's a hosted version.

So that's what I've been working on for the past year or so. I've received
some great feedback from seasoned bloggers who are now using the service and
this has helped the the project mature so much over this period. I'm really
happy to finally announce the public release of the hosted version (it's been
in private beta for a few months now)!

Anyway, AMA!

[1]
[https://news.ycombinator.com/item?id=14202456](https://news.ycombinator.com/item?id=14202456)

~~~
doesnt_know
Product looks fantastic, well done. Always refreshing to see services actively
attempt to keep payloads small.

If there is anything to criticize about the marketing part for me it would be
the "privacy focused" bit. Personally I think in 2019 saying you're privacy
focused and then only baking that up with a privacy policy is a bit much. You
can change it at any time and "continued use of the service" is deemed to have
accepted any changes. But even then, AFAIK privacy policies aren't legally
binding right?

"Privacy focused" to me means that the business running the service has
limited or no access to private information in some way. But that's just me, I
am probably a minority.

~~~
adtac
Honestly, I always thought being privacy focused is simply not succumbing to
third-party trackers, ads, and other shady stuff. Really, the barrier for
entry to qualify as privacy-focused in the comments space is extremely low.

But you make a good point. I'll think about this to see if there are more
concrete ways to offer privacy.

And thanks for the kind words!

------
_salmon
Not sure if it was intentional, but unauthenticated users can see the email
addresses of all non-anonymous commenters on a page. Specifically, a POST is
made to
"[https://commento.io/api/comment/list"](https://commento.io/api/comment/list")

Might want to hide those since this is supposed to be privacy-focused.

~~~
adtac
Fixed! Thanks, I'll patch this upstream soon enough :)

I actually had the provision to omit the email in these requests [1], but I
forgot to unset the email before responding.

[1]
[https://gitlab.com/commento/commento/blob/master/api/comment...](https://gitlab.com/commento/commento/blob/master/api/commenter.go#L9)

------
shade
Cool project! I'm actually in the process of rebuilding my personal site as a
static site and if I decide to add comments back in (I'm torn on this), this
looks like it's going to be pretty high on my list.

As an aside, I was looking at your source on Gitlab, and if I'm reading your
Dockerfile correctly, it's a really nice example of using multi-stage builds
to build within Docker but produce a final image that doesn't have the full
build system in it. This is something I'd been intending to look into for a
personal project, so thanks for saving me a bunch of time. :)

~~~
MrSaints
Wow, never thought someone would pay attention to that! I was the original
contributor
([https://github.com/adtac/commento/pull/109](https://github.com/adtac/commento/pull/109))
for that change, so happy to answer any questions.

~~~
adtac
Hey Ian! :)

~~~
MrSaints
Hey! And congrats, hope you're well :) The company I was previously working
for is still using Commento, great job!

------
tyingq
_" I'm very happy to offer free, perpetual Commento.io access in exchange for
non-trivial patches."_

That's very cool. I wonder if anyone else does that.

------
gidan
Shameless plug, there is also GraphComment —
[https://graphcomment.com/en/](https://graphcomment.com/en/) — with similar
features, and some different ones too. We respect privacy and don’t sell user
data.

Disclaimer: I work for this company, as you might have already guessed.

~~~
RomanPushkin
Also, do you have SSO feature?

~~~
gidan
Yes we do! It's available on plans starting at 19$/month though.

------
ahallock
Looks really good. One issue I've had with third-party services like this is
authentication. I don't want my users to have multiple logins just to comment.
Is there a way to use my main site's authentication?

~~~
adtac
SSO is a planed feature. It's still pending design, but basically here's how
it'd work: you'd be required to make a request to the Commento API when
someone logs into your website or creates a new account. You will be a given a
session token that should be served to the user so that they're identified
when they load a page. No ETA on when the feature would be available, sorry!

~~~
Semaphor
SSO or Facebook & Twitter OAuth would be a requirement for us.

I followed the OAuth Plugin issue [0]

I also wanted to create a new issue for SSO, but Gitlab thinks I'm a spammer,
so they blocked me from creating one with the cancer that is ReCaptcha.

[0]:
[https://gitlab.com/commento/commento/issues/80](https://gitlab.com/commento/commento/issues/80)

~~~
tpxl
A comment elsewhere in the thread says Twitter OAuth will be added soon.

>OAuth is supported, so you don't need a new account. If you have a
Google/Github account, you're good. I'll be adding more providers soon too
(Twitter/Gitlab).

------
foxhop
I'll drop my service in this thread too:
[https://www.remarkbox.com](https://www.remarkbox.com)

I offer a free-forever plan and then monthly or yearly plans for customizing
the look and behavior of the comments.

Great for static sites.

~~~
aitchnyu
Nodes is a term for geeks.

If I have commented and then verified my email I want unverified nodes as a
todo.

" Welcome to Remarkbox. You have unverified comments. Please check they belong
to you and verify them. You will then be notified if somebody replies to them.

[x] I suggest something better / 1 days ago / foo.com/blog/a-good-choice

[x] I am stuck at X / 2 days ago / foo.docs.com/product/intro

[These are my comments, verify them] "

Login state should be represented in a consistent place. If I am not logged
in, there is a email field at the bottom. If I am logged in, there is my
username at top. A gravatar would have helped.

~~~
foxhop
Thank you for finding and documenting these usability issues!

I would like to discuss this further, could you please reach out to me?
[https://russell.ballestrini.net/contact/](https://russell.ballestrini.net/contact/)

------
pictur
[https://github.com/posativ/isso](https://github.com/posativ/isso)

~~~
pvorb
It's self-hosted and gives your users true privacy.

~~~
adtac
You can self-host Commento too :) In fact, that was the only way until
recently haha.

------
drcongo
I personally don't have a use for this (yet) but it looks like a great project
with some worthy goals. Hope it's a success.

------
_eigenfoo
Just to throw in my two cents: there's also
[https://utteranc.es/](https://utteranc.es/). It takes a bit more effort to
get up and running, but if you're comfortable with your comments being powered
by GitHub issues, it's a great way to go!

------
lancesells
I really like this. I've blocked Disqus for years so I'm hoping you see
adoption and I can start participating in more discussions on sites I visit.

------
mdolon
Looks awesome, and something that I've been wanting myself for a while now.
I'm curious about your pricing model (pay what you want). How has that been
going so far, if you don't mind me asking? I have a couple of small projects
that I've been considering that for but I'm curious as to how it actually
plays out in the real world.

~~~
adtac
It's going pretty well actually. I originally had three different plans with
feature-walls, but I hated doing that, so I just freed it all up under one
umbrella. Stripe dashboard tells me the average subscription is around what
Disqus charges ($9), so I think it's a good idea overall. I definitely
recommend it. In my mind, if I see a product using a similar pricing, I feel
more valued because I'm given a choice. But that's just me.

I do have a custom option for enterprises because their needs are always
unique. I usually charge much higher for this (also comes with a much larger
pageview count monthly).

~~~
mdolon
Very cool, thanks for sharing!

------
aitchnyu
I checked your demo and the login workflow with email is kinda hostile.
Remarkbox, whose founder commented here, allows me to leave a comment and log
in later using magic links. Your product insists on providing details before
allowing me to post my comment. And modals could clash with other sites.

------
halfjoking
This might have been useful 6 months ago. At work I actually made a Disqus
replacement recently.

Oh that's right - I work for a media company so we want to hoard as much data
as possible.

Fullname, email, zipcode, DOB... we ask for all of that if you sign up on our
site.

------
miki123211
I really like this and hope more people adopt it. Disqus's accessibility
problems always drive me mad. It's usable but... This one's much better,
though not perfect.

------
hbcondo714
Congrats on the launch of your hosted version of Commento! I didn't see this
in either version but would you entertain the feature of adding annotations?

~~~
adtac
That's a great suggestion, thanks, I'll create an issue for this!

------
paul7986
Just a design suggestion...

Make or have a bigger/bolder logo and center it vs. making your branding small
and to the left.

------
MockObject
I'll adopt this over Disqus even just for the ability to vote down.

------
speeq
Does something like this exist for native Android / iOS apps?

------
hombre_fatal
That's a great looking landing page. Nice work.

------
anchpop
Cool! This is exactly what I was looking for.

------
70122-_6
someone should get-the community leaders from canonical to use this in their-
stuff for 20 bucks.

------
shoobm
Disqus... Flashback 2011

------
pmoriarty
Does it require javascript?

If so, I'd be interested in finding yet another alternative that does not.

Allowing javascript to run in one's browser is itself a concern for both
privacy and security.

~~~
FraaJad
The major attraction of commenting systems like this is their compatibility
with static websites, but on the downside, they require JS to post to a third
party site.

Someone _could_ build a commenting system purely based on a CGI model, but
then you would have to host the CGI on your server, and forward the comments
to a third party service and back.

~~~
pmoriarty
Why need a third party be involved at all?

Why can the comments just be hosted on one's own site and still not require
javascript?

~~~
akoncius
how that would work for static websites? let’s say I generate website from
markdown files, and server (let’s say hosted on Amazon S3) does not support
any backend languages. so how your suggestion would work?

~~~
walterbell
To submit a comment, you could be sent to the 3rd-party commenting service,
which requires a decision by user to enter comment into 3rd-party site. That
site then connects to your private source code repo, generates the updated
file and pushes it to S3. If your site is hosted on github, the commenting
service could submit a PR to your repo, which would automatically update the
site after the PR comment is merged.

