Privacy-focused lightweight commenting engine
Remark42 allows you to have a self-hosted, lightweight, and simple (yet functional) comment engine, which doesn't spy on users. It can be embedded into blogs, articles or any other place where readers add comments.
- Social login via Google, Facebook, Microsoft, GitHub, Apple, Yandex, Patreon and Telegram
- Login via email
- Optional anonymous access
- Multi-level nested comments with both tree and plain presentations
- Import from Disqus and WordPress
- Markdown support with friendly formatter toolbar
- Moderators can remove comments and block users
- Voting, pinning and verification system
- Sortable comments
- Images upload with drag-and-drop
- Extractor for recent comments, cross-post
- RSS for all comments and each post
- Telegram, Slack, email and webhook admin notifications for each new comment on your site
- Email and Telegram notifications for users so that they get notified when someone responds to their comments
- Export data to JSON with automatic backups
- No external databases, everything embedded in a single data file
- Fully dockerized and can be deployed in a single command
- A self-contained executable can be deployed directly to Linux, Windows and macOS
- Clean, lightweight and customizable UI with white and dark themes
- Multi-site mode from a single instance
- Integration with automatic SSL (direct or via reproxy)
- Privacy-focused
Privacy
- Remark42 is trying to be very sensitive to any private or semi-private information.
- Authentication is requesting the minimal possible scope from authentication providers and all extra information returned by them is immediately dropped and not stored in any form.
- Generally, Remark42 keeps user ID, username and avatar link only. None of these fields exposed directly - ID and name hashed, avatar proxied.
- There is no tracking of any sort.
- Login mechanic uses JWT stored in a cookie (HttpOnly, secured). The second cookie (XSRF_TOKEN) is a random ID preventing CSRF.
- There is no cross-site login, i.e., user's behavior can't be analyzed across independent sites running Remark42.
- There are no third-party analytic services involved.
- Users can request all information Remark42 knows about them and receive the export in the gz file.
- Supports complete cleanup of all information related to user's activity by user's "deleteme" request.
- Cookie lifespan can be restricted to session-only.
- All potentially sensitive data stored by Remark42 hashed and encrypted.
— The Remark42 Team