I wrote a self-hosted "comment server" a few years back, but in the end found it was more annoying than useful.
In the end I just setup a simple CGI script which takes each submitted comment, writes it to /srv/comments/pending/ and then sends me an email.
When I rebuild the blog all the comments from /srv/comments/approved are automatically inserted at the foot of the appropriate post. I have a manual step where I move the comments into the right directory "/approved" vs "/spam".
It isn't ideal, but it is simple, reliable, and works well at the level of scale I deal with at https://blog.steve.fi/
Hmm, I actually got an idea from your comment and the other comment suggesting to off-load the comments to a social site such as HN or Twitter: maybe instead of hosting the comments yourself, you just have a script that automatically aggregates comments from multiple sites and displays them on your site. I am not sure this is allowed by the Twitter/HN terms of use though.
I thought about just letting people send an e-mail with an ID that associates it to a blog article, but I'm worried that it increases the barrier of entry too much..
The best balance of usability, Freedom, and civility for me has been relying on people to email me, then sometimes—and with permission—edit their comment into my posts/pages.
That's what I do. Each of my pages has a comment link, it's just a mailto:. If I think the comment is useful, I'll append it to the comment section with my reply.
I changed my blog to be static. I don't trust any of these embedded comment systems, and don't don't want to risk the legal burden of hosting comments myself. I killed off a small community this way, which felt not great :(
I guess it was assumed that a GDPR-compliant software infrastructure would be able to grow from the ashes, but I haven't been following, and don't know what the state of the art is. It seems people mostly offload to other platform (twitter/discord) rather than host themselves now?
I miss when websites were more participatory - I respect + envy people who still do blogs with lively comment threads.
It would be nice if there were a service where people could write their comments and have them expire after, say 24 hours, but the blogger could run a script which downloads them before that happens. By having a local copy of the comments, the blogger could check them and include the approved ones into their static content.
Each comment would be associated with a salted hash based on either an IP address (for anonymous comments) or an account on a social login provider (like Google or Facebook). By default, a user could only post 1 comment every 24 hours, but the blogger could then publish a whitelist of people who are exempt from that restriction.
If this were an open standard, then the blogger could switch their comment provider at a moment's notice, without losing any data.
That open standard exists, it’s called Webmention. You can use a free Webmention server like https://webmention.io and download comments with your API. Comments are just webpages where people respond to your blog.
Webmention works like this: Someone writes a reply on their blog and then sends you a Webmention. You can add it to your site or do whatever with it. It’s decentralized and there’s no vendor lock-in.
Webmention is the current standard for doing what trackbacks did, and simplified. Webmention doesn’t require any sort of RDF or special code like trackbacks. Verifying a Webmention only involves looking in the HTML for any link to the page being mentioned.
Webmention works like this: Someone writes a reply on their blog and then sends you a Webmention. You can add it to your site or do whatever with it. It’s decentralized and there’s no vendor lock-in.
I just finished setting up brid.gy for my blog a week ago. while I havent handle and display the comments or reactions to the posts, it is satisfying to see the response from my friends on twitter or mastodon about my contents.
reading this thread makes me want to finish the reaction displayer design & script :D
> GitHub changed their API policy which broke Staticman.
Can you clarify this / have any links? Thanks
EDIT: Ah, just tried the demo (now broken). It looks like it was allowing internet random's to post to GitHub under a single account owned by the site or the project, and I totally get why GitHub is going to pull that ASAP.
For my site, I think I might as well not add comments at all, as I haven't found them to be terribly useful. The most useful discussion happens on HN, Twitter/Mastodon and email.
Plug for the platform that I work on, Coral[0]. We support newsrooms in many regions (including those that need to be GDPR compliant). You can self host the application on Heroku pretty easily with the button or run on a server if you like too.
I had a blog with comments. But spam made it painful to administer. Almost nothing beats spam except for very sophisticated captchas but then normal people also have trouble writing comments. So I have no comments on my blog now. If you want to "comment" you'll have to email me directly.
That’s actually a good question. Yes hosting static htmls have been super easy for a decade. (Might have been getting harder recently actually lol) But managing comments always have been a headache.
Can you clarify this? When you said this I assumed it was allowing internet random's to post to GitHub under a single account owned by the site or the project, and I totally get why GitHub is going to pull that ASAP (have seen that and got in rows over that before). But I just checked and it looks like you have to authorise the app and hence Utterances is posting under your GitHub account?
Come on people, the OP asked for a self-hosted comments solution. The number of OT replies is excessive, particularly when the same OT reply is repeated by several people.
I'd be far more worried about spam and malicious content than GDPR. Always assume someone will be trying to cram ads, pornography, and viruses into anything you create that allows user content.
Most of your issues seem to have been with Disqus and not with comments on your page in general, though I agree it's probably not worth attempting these days. Blog posts can be linked on FB, Twitter, Reddit and other places and those pages can deal with spam and their monetization better on their own premises, while you are not confined to one particular flavour of filtering/censorship for user comments (as with one service like Disqus). OTOH I don't particularly like the idea of actually interacting with Twitter/FB users as a blogger.
Your blog is very useful and knowledgeable I have read it for many yrs, and I think if someone has to reach out to you for asking any question surely they will reach out on twitter than blog comments.
I thought once of using NNTP for comments (the blog messages themself can also be readable with NNTP). You can have a link from a static web page to separate page that displays read-only comments, and has instructions to post (you could also use iframe, although I do not recommend that; a normal link would do better, I think). That is what I wanted to do, at least.
Datensparsamkeit! There are more reasons to wanna to be in control of the data if your users instead of selling it off easily (e.g. the trust of your users). Additionally it can feel good to just know what happens instead of telling yourself: "I use google analytics like everybody else — that must be okay"
I actually develop my own solutions, there is no third-party analytics involved in my blog, the only "analytics" I do, is to keep track of which IP visits what resource, the only cookies that are set on my blog are session and chain IDs.
If you have the information available, on what the mentioned threshold is, please do share.
For the less than 10 visits a day my blog receives, of which 98% are bots, I'm not going to do a deep dive into GDPR policies.
In Europe, law doesn't work like in the US in the way that it's to be taken literally, but in the way that the law was intended - which is not to discriminate amateur blogs, but to enforce data protection amongst the big players, i.e. Facebook, YouTube, etc...
Therefore, I still stand by my original claim: For an amateur blog, don't crack your head over GDPR.
EDIT: Provided, of course, you don't use the tools of the big players, e.g. Google Analytics.