Location via proxy:   
[Report a bug]   [Manage cookies]                
Remark42

Privacy-focused lightweight commenting engine

Remark42 allows you to have a self-hosted, lightweight, and simple (yet functional) comment engine, which doesn't spy on users. It can be embedded into blogs, articles or any other place where readers add comments.

  • Social login via Google, Twitter, Facebook, Microsoft, GitHub, Apple, Yandex, Patreon and Telegram
  • Login via email
  • Optional anonymous access
  • Multi-level nested comments with both tree and plain presentations
  • Import from Disqus and WordPress
  • Markdown support with friendly formatter toolbar
  • Moderators can remove comments and block users
  • Voting, pinning and verification system
  • Sortable comments
  • Images upload with drag-and-drop
  • Extractor for recent comments, cross-post
  • RSS for all comments and each post
  • Telegram, Slack, email and webhook admin notifications for each new comment on your site
  • Email and Telegram notifications for users so that they get notified when someone responds to their comments
  • Export data to JSON with automatic backups
  • No external databases, everything embedded in a single data file
  • Fully dockerized and can be deployed in a single command
  • A self-contained executable can be deployed directly to Linux, Windows and macOS
  • Clean, lightweight and customizable UI with white and dark themes
  • Multi-site mode from a single instance
  • Integration with automatic SSL (direct or via reproxy)
  • Privacy-focused

Privacy

  • Remark42 is trying to be very sensitive to any private or semi-private information.
  • Authentication is requesting the minimal possible scope from authentication providers and all extra information returned by them is immediately dropped and not stored in any form.
  • Generally, Remark42 keeps user ID, username and avatar link only. None of these fields exposed directly - ID and name hashed, avatar proxied.
  • There is no tracking of any sort.
  • Login mechanic uses JWT stored in a cookie (HttpOnly, secured). The second cookie (XSRF_TOKEN) is a random ID preventing CSRF.
  • There is no cross-site login, i.e., user's behavior can't be analyzed across independent sites running Remark42.
  • There are no third-party analytic services involved.
  • Users can request all information Remark42 knows about them and receive the export in the gz file.
  • Supports complete cleanup of all information related to user's activity by user's "deleteme" request.
  • Cookie lifespan can be restricted to session-only.
  • All potentially sensitive data stored by Remark42 hashed and encrypted.
— The Remark42 Team