Comparing blog comment systems with privacy features

I am looking for an embedded comment system heavy on privacy features, light and fast, that I can self host in Docker. Time to get installing!

Comparing blog comment systems with privacy features

As part of the long process to piece together blog life in the aftermath of Wordpress, I've created this blog, but so far have not attached a comment system. I would really like one, allowing fellow techophiles to make their mark, ask questions, aid refinement, and add value with comments.

I have avoided the temptation to go with an easy choice, being Disqus. It's been popping up all over blogs for many years, as a de facto choice to inject code and leave it to do it's own thing, hosted by them. But, now, Disqus feels very much like the "old" web model of free services in return for harvesting personal information, something I will go to great lengths to avoid. Even the Ghost "Integrations" page warns about its 2017 purchase by an ad-tech company.

I am looking for an embedded comment system heavy on privacy features, light and fast, that I can self host in Docker. Time to get installing!

High level filtering of comment system options

I am not averse to paying for things of value, but given that this site earns nothing and won't have a lot of traffic, free is the name of the game. I skimmed the specs of a few product options, but most either have a payment or some sort of shortfall in privacy or technology.

My key criteria for the evaluation:

  • Open source, ideally
  • Light and fast
  • Privacy focussed with no inherent tracking
  • Self-hosting, or cheap hosted options
  • Can be self hosted in a Docker container where applicable
  • The icing on the cake: Akismet anti-spam integration

Some of the systems I am looking at allow import from Disqus or Wordpress, but that's not high up my priority list. I am also not too worried about markdown or images - I just want it for text comments.

I am going to compare:

  1. CoralProject Talk
  2. Replybox
  3. Commento
  4. ISSO
  5. Remark 42

At the end of the post you will find a comparison table.

Comment system memory footprint test

To get a feel for the memory footprint of all of these, I am going to run a minimal test install with Docker into a standard server image I have with Ghost behind a Traefik proxy. As part of the test I will attempt to embed the self hosted comment system into the default blog.

I will reset the server from a snapshot before starting each. On replacing from a snap, my memory usage excluding caching varies but is typically around 290MB.

Option 1: CoralProject Talk


Hats off to the Coral Project. It's something of a corporate coalition, however, committed to the Mozilla Manifesto and all the ideals that go with it. With the New York Times and the Washington Post among it's sponsors (and users), it's been built with the intention of really being used on large scale news sites.

The Coral Project go beyond the technology, with much thought and real research on building, moderating and managing a community.

In addition to the application container, separate ones are needed for Mongo and Redis. While this is pretty heavy for a small blog, it is outstanding for a large one, allowing all sorts of scaling options. So let's do a docker build of an empty system and see. I change the docker images to the latest versions, and the Redis one to an Alpine, as the sample docker-compose file in the Coral documents is out of date.

After some reconfig of my docker-compse.yml for Traefik, I soon had a Coral Talk container trio running, and the code injected into my ghost pages. As expected the memory footprint was much higher with an uplift of 261MB, and the disk footprint increasing by 1,309MB.

Intriguingly the Coral Talk system invited me to whitelist origin domains with internal addresses such as "localhost:3000" which might allow comments to be injected without Ghost having to reach the local comment server via the public internet (step "2" in the diagram) - a savings on data charges. It's showing some enterprise-grade cred.

A super solid offering with industry backing guaranteeing a long development life, a great UX, let down only by a slightly high server and client footprint, and lack of anonymous commenting. Also concerning is the tracking granted to Google on every page impression with the use of Google fonts, earning Talk a privacy downgrade in the table to "Partial".

Coral Project Talk browser load test

Talk was not a great performer at the front end, increasing my page load time from 1.6 seconds-ish to over 3 seconds, helping itself to add time to reach out to Google fonts and font-awesome. The JS payload of Talk is 541KB.

The only saving grace is that a lot of the load activity happens below the line - readers will probably see / read the article long before they scroll to the comments section.

Option 2: Replybox


ReplyBox is a hosted option, but the free tier and strong privacy focus are what attracted me.

At the time of writing there is a 10,000 impression soft limit before charging is applied, which is $10 a month for the first 100,000 and $5 for each 100,000 after that.

I didn't actually try this with my own account, because they never sent an activation email when I tried to register. This is a good example of one of the problems with hosted services, even paid ones, your service is provided at their whim and their capability. There is an option to resend the activation email, but I have already lost interest in depending on it.

Replybox browser load test

With the payload touted as 17KB it's not likely to slow your page down, although geography of your web server will really make a difference here as it will have to reach to the ReplyBox servers to inject the page comments.

I ran their own demo page through WebPageTest and checked their stats. Something is calling Google fonts which could be their web site, or the plugin, an automatic privacy downgrade to "Partial". The payload of the JS is indeed small but 50% of the calls and bytes were to Gravatar, although that was towards the end of the 4 second page load.

There is also a hungry call to at 1.3 seconds load penalty, which I think is the login and auth system. If it's a contender for you, the best would be to sign up for a test and try it out, it does have good privacy features.

Option 3: Commento


Commento ticks a lot of boxes for me. Initially the thought of having to use PostgreSQL was a little concerning for performance, but for my express build test with no content, and using the Alpine PostgreSQL image, the memory usage cost was 44MB and the disk increase was 142MB, which is not too much of a hit.

Creating the application and database containers and fronting with Traefik was reasonably painless.

Once up and running, the dashboard is nice enough, and multiple sites can be added and served from the one instance. There are options for email notification on comment, with separate options for anonymous vs. logged in. Moderation takes place on each blog page while logged in with a Commento moderator id.

Commento browser load test

With a touted 11KB JS payload Commento fared very well in the page load test, adding a mere 300 milliseconds to an (not logged in) impression. All calls were made to the Commento server with no external extra outbound calls. My total page load time is a respectable 1.839s.

Option 4: ISSO


ISSO is a light and small comment system, using only SQLite with a tiny footprint. If you are tight on server resources, ISSO is a great choice. There is no official Docker image for ISSO but there is a fairly widely used Alpine-based one here. Spinning up involves manually creating a basic config file.

From what I can tell there is no Akismet integration so moderation might have to be completely hands on. There is an admin moderation panel which can be enabled under the /admin path off the main domain.

I got the embed in place, but actually had a bit of trouble getting ISSO to accept comments so I am not sure how effective the moderation process is. It's a bit concerning considering how fast I managed to get the two bigger systems up and running and taking comments.

ISSO browser load test

As you would expect, the payload was tiny and the page speed only increased by milliseconds. There were no additional external calls.

Option 5: Remark 42


Remark 42 ticks the boxes for small, light, privacy focussed, and it seems to be under active development. I would expect that since I published this, the features have improved a lot. It's the smallest server memory footprint at 10MB.

The UX is tight with up/down votes, proxied and cached avatars, comment sublinks.

It took a while to get the Docker install running, but was fine once in place. Somewhat annoyed at being forced to auth against a third party, in this case I set up with Github. Anonymous comments are permitted, although even with the config flag enabling it, I could not find how to get it working. There is a power API available, which is fine, although I am looking for something a little more user friendly.

Remark 42 browser load test

The total load time was a hair under two seconds, with some subsequent load below the line for (proxied) GitHub avatars. Even then with two comments it was under 2.2, though I imagine with a dozen or more comments from different users the late loading coud add up. Most of it is below the line and shouldn't slow down users getting their eyes on your main page content.

The calls were well behaved and minimal reaching beyond the remark server. It does load a fair bit so it would pay to get your Remark server in the same data centre as your blog server.

Comment system result comparison table

Feature Coral Talk ReplyBox Commento ISSO Remark 42
License Open source
Apache 2.0
Free tier Open source
Open source
Open source
Self Host Y N Y Y Y
Akismet Y Y Y N N
Community Y N Partial N N
Privacy Partial Partial Y Y Y
Docker Y N/A Y Y Y
Anon N N Y Y Y
Moderation panel Y ? N Y N
Memory 261MB N/A 44MB 38MB 9MB
Disk 1309MB N/A 142MB 82MB 38MB
Page load 3.1s ? 1.83s 1.80s 1.99s
Notes Used by news sites.
Needs Mongo + Redis
Up to 10k hits free. Needs PostgreSQL. Uses SQLite. Uses BoltDB.

The chosen comment system

I have been burning much brain wattage on the decision. Talk was excellent but a little too bloaty at the front end, doesn't support anonymous comments, and having Google fonts doesn't help for privacy concerns.

ISSO is cool and super lightweight, but without a community around it, might not go the distance.

Remark 42 was also a real contender but the forced integration with a third party auth provider and general fiddliness around back end management deters me. I get the feeling a year from now, if the current pace of change keeps up, it will be a very slick product.

Even though it doesn't have a moderation panel, I am won over by the anonymous comment function, nice front end UX, ease of setup behind Traefik, Mozilla endorsement, and Akismet integration, so I am going to go with Commento, and hope that Adhityaa manages to keep it alive and with enough community interest to keep it updated for the future.

Also considered..

Discourse - the Docker Hub image is more that two years old. I am not a fan of the UX. It used to need it's own separate subdomain, which I don't want.

Mouthful - seems no recent development.

Talkyard - cool but very server hungry, smallest memory footprint 1.7GB. Can be upscaled to full Forum use. If I was going to go for a full forum platform in future, or something with revenue, I would be looking a lot closer.

Schnack - trouble finding Docker repository. Seems a small user base.

Main photo courtesy of Jason Dent on Unsplash

You are welcome to comment anonymously, but bear in mind you won't get notified of any replies! Registration details (which are tiny) are stored on my private EC2 server and never shared. You can also use github creds.