What is the scope of GDPR compliance with storing these comments?
In the end I just setup a simple CGI script which takes each submitted comment, writes it to /srv/comments/pending/ and then sends me an email.
When I rebuild the blog all the comments from /srv/comments/approved are automatically inserted at the foot of the appropriate post. I have a manual step where I move the comments into the right directory "/approved" vs "/spam".
It isn't ideal, but it is simple, reliable, and works well at the level of scale I deal with at https://blog.steve.fi/
I guess it was assumed that a GDPR-compliant software infrastructure would be able to grow from the ashes, but I haven't been following, and don't know what the state of the art is. It seems people mostly offload to other platform (twitter/discord) rather than host themselves now?
I miss when websites were more participatory - I respect + envy people who still do blogs with lively comment threads.
Gitalk is one of them: https://github.com/gitalk/gitalk/
Vssue supports both GitHub and GitLab, and allows users to edit and delete their comments: https://vssue.js.org/
And there is also Gitment: https://github.com/imsun/gitment
Unless you have a high-traffic blog with lots of user engagement, I think it's best to keep your blog clean and handle comments/feedback elsewhere.
Each comment would be associated with a salted hash based on either an IP address (for anonymous comments) or an account on a social login provider (like Google or Facebook). By default, a user could only post 1 comment every 24 hours, but the blogger could then publish a whitelist of people who are exempt from that restriction.
If this were an open standard, then the blogger could switch their comment provider at a moment's notice, without losing any data.
Webmention works like this: Someone writes a reply on their blog and then sends you a Webmention. You can add it to your site or do whatever with it. It’s decentralized and there’s no vendor lock-in.
See it in action here: https://aaronparecki.com/2020/05/04/10/
You can even use services like https://brid.gy to back feed Twitter comments into Webmentions.
reading this thread makes me want to finish the reaction displayer design & script :D
Netlify also provides support for forms which could be used to accomplish this.
Can't speak to the GDPR aspect, but I don't imagine it would be much of an issue for just saving and displaying comments.
I wrote a short post how to set it up on heroku to avoid GitHub quotas problem: https://muffinman.io/running-staticman-on-heroku/
I used Staticman for a couple of years and it worked fine. But GitHub changed their API policy which broke Staticman.
Also, spam is really hard to handle with this. I had to unplug Staticman from my site because of it.
Can you clarify this / have any links? Thanks
EDIT: Ah, just tried the demo (now broken). It looks like it was allowing internet random's to post to GitHub under a single account owned by the site or the project, and I totally get why GitHub is going to pull that ASAP.
For my site, I think I might as well not add comments at all, as I haven't found them to be terribly useful. The most useful discussion happens on HN, Twitter/Mastodon and email.
Happy to answer questions.
After using Disqus for a while I decided to drop comments entirely because they're more trouble than they're worth. A quick write up about it -- https://eli.thegreenplace.net/2018/turning-off-blog-comments...
(I don't know about GDPR, though, sorry)
GDPR: People can download their personal data, and delete their own accounts, via their user profile pages.
No ads, no tracking. Open source. (I develop Talkyard.)
Not sure where I read it, but it was in the range of something around 10,000 per day/week/month.
Definitely not something to crack your head over, if you just want to host a personal blog (unless you're a celebrity?).
SOURCE: I self-host a personal blog in Germany, and had read up on it a year or two ago.
If you have the information available, on what the mentioned threshold is, please do share.
For the less than 10 visits a day my blog receives, of which 98% are bots, I'm not going to do a deep dive into GDPR policies.
In Europe, law doesn't work like in the US in the way that it's to be taken literally, but in the way that the law was intended - which is not to discriminate amateur blogs, but to enforce data protection amongst the big players, i.e. Facebook, YouTube, etc...
Therefore, I still stand by my original claim: For an amateur blog, don't crack your head over GDPR.
EDIT: Provided, of course, you don't use the tools of the big players, e.g. Google Analytics.
It works well and is simple to implement.