Rendered at 05:15:23 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
rvrb 9 hours ago [-]
Users in a Discord server/local community on tools like Discord naturally expect that their actions within that community are private in so far as they trust everyone in the community (including the operator) to keep it so.
By using ATProto, Colibri fundamentally makes all of your communication within any community completely public to everyone on the internet.
That’s fine for something like Twitter, where the product sets the expectation of such a thing. You can imagine how big of an issue this is when you try to do it in a trusted community model. Add on that Discord is used by kids who likely don’t know this and you can see why this is dangerous.
I consider this not only just a liability but bordering negligence. It is fundamentally broken, at an architectural level
AbanoubRodolf 2 hours ago [-]
The structural problem is that AT Protocol repos are crawlable by design. Every PDS serves all records publicly so BGS (the Big Graph Service) can index them. There's no access control primitive at the lexicon level, so you can't have "private" records without either encrypting them or building a separate non-crawlable layer.
Bluesky solved the DM case by adding E2E encryption using the Signal protocol -- that works because it's 1:1 with a well-understood key exchange. Group chat is harder. Every membership change (someone joins, someone leaves) ideally requires a key rotation so former members can't read future messages. For a 10k-member server that's already expensive; for a large gaming community it's impractical with current approaches.
The Discord DMs aren't E2E encrypted either, for the same reasons. The difference is Discord doesn't claim to be a decentralized open protocol, so users don't think about it the same way. Colibri's marketing around ATProto creates an implied trust that doesn't actually exist at the privacy level.
consumer451 9 hours ago [-]
I agree that is borderline negligence, and by far the biggest issue with AT and Bsky. Here is what I believe to be the most recent discussion on that topic:
Having something like circles from the Google+ days would be needed if ATProto is going to go anywhere. Is it possible in the protocol?
verdverm 5 hours ago [-]
The current conversations are around how to do permissined data properly on atproto. I have a prototype, but Bluesky hasn't participated in the community effort and looks to be doing their own thing. They also took Bain Capital "funding" (private equity) which was the breaking point for me. They could have set up subs for nothing and made more than that, hard fumble imo.
louisescher 8 hours ago [-]
Fair point! A different user has already pointed out that this isn't disclosed enough on the landing page, and I'll be adding a section to clarify that, both on there and in the app itself.
I think one of the replies here already linked the current proposal for private data spaces, which I'm hoping will become implemented later this year. At that point, people will have the option of either having their community be 100% public, or confined to a more Discord-style data storage, where people can still join, but not everyone can "just read" the messages
steveklabnik 8 hours ago [-]
Just want to chime in with, this does feel very slick, but this was the #1 question I had. I could not determine it from your site, and had to try it out to see.
One major criticism of things like Discord is that they're private, so I don't think that it's inherently disqualifying, some people might even prefer it for that reason. But it's very, very important that you're very clear about this, up front.
louisescher 7 hours ago [-]
I really appreciate you chiming in, no matter how slick! New section has been added, lmk if you'd like to see this adjusted further
steveklabnik 6 hours ago [-]
Much much better! Thank you!
em-bee 9 hours ago [-]
any discord server that offers public invites is effectively public.
rvrb 9 hours ago [-]
First, the user knows this when joining a public community.
Second, the moderators can choose to remove someone who has joined the community in bad faith.
Third, it is entirely different than broadcasting every single action taken by every single user in every single community on the entire protocol to anyone with one URL.
em-bee 8 hours ago [-]
the moderators can choose to remove someone who has joined the community in bad faith
unless you prevent new members from reading the chat history until given permission then they can already read everything before they are kicked out, and they can come back with a different account.
you also can not detect people acting in bad faith if all they do is read.
basically, you can't expect privacy if you don't limit members to people you know and trust. that goes for any group chat, encrypted or not.
i also doubt that discord chatlogs are encrypted on their servers.
rvrb 6 hours ago [-]
What is your point? I feel I made the one you are making before you even responded the first time.
That Discord communications can be exfiltrated in this specific set of circumstances (again, something I already said) does little to change that Colibri is implemented in the least privacy preserving way possible, short of publishing directly to every news and intelligence agency on your behalf, and does little to make that very clear in the first place.
em-bee 6 hours ago [-]
you said: Users in a Discord server/local community on tools like Discord naturally expect that their actions within that community are private in so far as they trust everyone in the community (including the operator) to keep it so.
my point is: you don't get that in a public discord. and i believe that most discord servers, those for games anyways are public. only small team discord servers are private. privacy on discord is an illusion. i also would not trust discord to keep any messages private even from a private server.
you seem to imply that just by looking like discord colibri promises the same privacy options as discord. why? colibri does not present itself as a discord alternative. and although the line "privacy when needed" was misleading, in the FAQ they clarified that there is no private data. (to be sure i checked the site as it was 2 weeks ago: https://web.archive.org/web/20260311020805/https://colibri.s... )
verdverm 4 hours ago [-]
> the moderators can choose to remove someone who has joined the community in bad faith
This is one of the challenges of building a Discord alternative on atproto. Allow access or not, how moderation works, and having shared ownership that can change.
eximius 9 hours ago [-]
Private channels in public servers exist. I'm almost entirely on private servers.
verdverm 5 hours ago [-]
This is one of the challenging aspects about defining permissioned spaces on atproto. In essence, you have a completely separate database per user (sits next to their repo) with which you can do permissioned public->private spectrum. Nesting more privacy inside another permissioned space requires breaking the typical permission walking chain, eg. in Google Docs, if you have access to a folder, you have access to the subfolders.
avtar 11 hours ago [-]
Please consider adding screenshots of the UI that provide an idea of what the experience will be like without having to log in using Bluesky or other credentials.
louisescher 10 hours ago [-]
Done! Thanks for the suggestion, that's a good idea.
avtar 10 hours ago [-]
Thanks for the quick fix :) Nice to see more Discord alternatives these days.
A few other landing page issues if you feel like addressing them:
- Attempting to navigate with the Tab key results in tab order following nav elements once, where focus indicators aren't visible, and then the same elements get iterated over again but this time focus indicators are visible.
- Tab order doesn't include screenshots and jumps to the FAQ
- Clicking a thumbnail shows the larger image but without any elements for closing the overlay
- Pressing Esc doesn't close the overlay
- No skip links on any of the pages
louisescher 9 hours ago [-]
I don't know how I can keep forgetting about keyboard users. Thanks for bringing this to my attention, I'm working on it!
singpolyma3 10 hours ago [-]
I assume it looks the same as literally every other chat app
Muhammad523 9 hours ago [-]
Yeah. Lots of discord-like free-software(as in freedom) chat apps are spawning. I think it's clear that whichever becomes the most popular will not be about who has better code but rather about who manages to get a stronger community around their project.
sensen 11 hours ago [-]
This looks neat, but should I be concerned about the permissions this is requesting for my account? Bluesky: Manage your profile, posts, likes and follows
louisescher 11 hours ago [-]
Hi! We're doing that to allow you to update your profile from within the app. Not doing anything else besides that. If you have concerns, take a look at the source code:
https://github.com/colibri-social/colibri.social
czbond 10 hours ago [-]
Very interesting project.
From a product uptake perspective, I could suggest that since a user is still building trust when they begin use - to only require as few permissions as needed. I'd punt that profile update requirement out personally for another method later.
An example might be when a user has used your app for N sessions, or after N months.
iamnothere 10 hours ago [-]
They should prompt the user for permission when they use a feature that requires it, explain why, and allow them to cancel if desired. Have seen this pattern used many times elsewhere.
louisescher 8 hours ago [-]
Good idea, will implement that! Maybe a button or something to refresh your permissions when/if you want to edit your profile via Colibri makes sense.
verdverm 5 hours ago [-]
If that's all you are doing, then narrow the permission set for oauth. No need to have access to posts if you aren't touching them.
jFriedensreich 9 hours ago [-]
It's impossible to consider ATproto apps usable until the horrific oauth situation is fixed. It's still not possible to adjust oauth permissions to something restrictive dynamically so every app needs a new account which kind of defeats many of the interop promises, if apps even allow it (colibri requires invite code)
Is there anything like this but more of a reddit style layout?
I'm on a Facebook group and we're actively trying to get off of all Meta platforms, and wanted to see whether I could start up my own platform using an open source platform - but I think something like Reddit would be more suitable as opposed to a massive chat UI.
louisescher 7 hours ago [-]
Hi! We've got Forum-Style channels planned, similar to Discords, would that work for you? It'd still be a single text channel, and you could have multiple of them per community.
ebbi 7 hours ago [-]
Thanks for the reply! I'm not too familiar with Discords forums so will do a bit of digging
verdverm 3 hours ago [-]
The comments are not trees like Reddit. It's more like a list of questions you click into for a thread. Basically a channel where the top level is a list of threads, has more permanence than threads in normal chat channels.
10 hours ago [-]
10 hours ago [-]
schlu 8 hours ago [-]
I totally understand that words and ideas get reused. But when I see Colibri, I think rest stop on the freeway (autoestrada) here in Portugal!
righthand 1 hours ago [-]
> This implementation is almost entirely vibe-coded for the purpose of being able to quickly get started with development of the main application. It will be re-written in the near future to take advantage of Tap and be reworked to include all user data storage as well as any OAuth capabilities, which currently reside within the website's backend. If you are interested in helping with this, start a discussion on this repo!
Is there something like this on top of nostr too? I'd much rather see nostr because it's truly open.
verdverm 5 hours ago [-]
Does Nostr have private content? That's a required feature for a chat platform.
wolvoleo 4 hours ago [-]
Well it could just be E2EE'd right? That's more of a required feature IMO.
PS: I'm not sure if Nostr has this but bluesky currently doesn't.
verdverm 4 hours ago [-]
Key distribution puts a limit on scalability for E2EE, eg: Signal / Telegram user limits
There is an E2EE messaging system that works with atproto DIDs, based on MLS, called "germ". People who have accounts can have them associated with the Bluesky profile for easy association. They only had a iOS app last I heard, so most people cannot use it.
jonashus 10 hours ago [-]
Where is data stored? Bluesky? My PDS? Your PDS, for free?
Also, feel free to DM me (@colibri.social) on Bluesky if you want to migrate to the Colibri PDS! We do host one ourselves.
the_axiom 10 hours ago [-]
Only my own messages are in my PDS? Or the entire chat?
How is the chat displayed if messages are scattered among multiple PDSes?
What about the community metadata, where is it stored?
louisescher 8 hours ago [-]
Your own messages are on your PDS. The chat, the category, community and all metadata are stored on the PDS of the person who created the community. The chat is then displayed via our app view, which keeps a live index of all messages and provides some endpoints to collect them!
louisescher 12 hours ago [-]
Hi, person behind the project here, thanks for the cross-post!
em-bee 10 hours ago [-]
where can those of us who are not on bluesky get an invite code for an account?
louisescher 8 hours ago [-]
Feel free to E-Mail me via the PDS's account:
pds@colibri.social
I'll send you a code!
todotask2 11 hours ago [-]
You're welcome! Cool project!
louisescher 11 hours ago [-]
Ty!
isodev 11 hours ago [-]
“Your data isn’t trapped on our servers” - where is it then? Who can access it?
“Open social” is so much bs compressed in a couple of buzzwords.
But that’s not where you want your chats now is it? E2EE? And how does it keep it all private since apparently the Bluesky bros haven't figured that part out?
> But that’s not where you want your chats now is it? E2EE? And how does it keep it all private since apparently the Bluesky bros haven't figured that part out?
It honestly depends. Right now, Colibri is meant to function for communities that are public anyway. If you're a streamer, an open source dev community, Colibri can help you with talking to people who don't want to be locked in by big corporations. As the E2EE and private data, the Bluesky people have posted a new proposal for that only a few days ago, which I'm already thinking about how to implement: https://dholms.leaflet.pub/3mhj6bcqats2o
But, yes, for now, chats are public. Private data will hopefully be a thing soon on the network.
eximius 9 hours ago [-]
This probably needs a bigger callout. A user who isn't familiar with ATProto doesn't even know to ask this question and the design space from its contemporaries (e.g., discord, slack, etc) suggests that chats are nominally private if folks aren't a member of the channel.
It's a very cool product but you have to let people know their messages aren't private.
louisescher 8 hours ago [-]
Yep, good feedback. I'll look into it. Will add a new section on the landing page or something.
Edit: Section has been added!
iamnothere 10 hours ago [-]
Thanks for building this, UX is nice and should encourage people to switch from Discord. Bsky only is a bit disappointing as it is still heavily centralized. I would love to see a system like this that can also set up channels over Nostr and the Fediverse. Fragmentation is starting to become an issue with decentralized and federated social.
louisescher 10 hours ago [-]
We've taken a look at co-supporting ActivityPub as well actually! And yeah, the fragmentation is an issue. But I honestly think we might see at lease some level of interop between these fragments in the coming years, even if it's just some parts of the protocols and specs going in the same direction.
cmxch 8 hours ago [-]
So does it have the same hermetically sealed qualities that other atproto implementations have (BlueSky)?
louisescher 7 hours ago [-]
Sorry, not quite sure what you mean when you say "hermetically sealed qualities", could you elaborate?
imiric 11 hours ago [-]
Interesting project, but...
> BUILT ON OPEN STANDARDS. PRIVATE WHEN NEEDED.
> Running a private group chat? As soon as the AT protocol supports private data, we'll work on implementing it and giving you the option to create private communities.
Not exactly "private when needed" then, is it? It's disingenuous to even mention this in the marketing copy.
louisescher 11 hours ago [-]
Valid point! I'll get that section removed for now and either reword it later, or re-add when the protocol supports it.
verdverm 4 hours ago [-]
The problem for atproto will be getting a permission system that can enable enough parity with Discord that it has a competitive experience.
I was working on this, taking a break from atproto, re: bluesky "leadership" who defacto decide what does and does not get into the protocol via the PDS used by 99% of users.
By using ATProto, Colibri fundamentally makes all of your communication within any community completely public to everyone on the internet.
That’s fine for something like Twitter, where the product sets the expectation of such a thing. You can imagine how big of an issue this is when you try to do it in a trusted community model. Add on that Discord is used by kids who likely don’t know this and you can see why this is dangerous.
I consider this not only just a liability but bordering negligence. It is fundamentally broken, at an architectural level
Bluesky solved the DM case by adding E2E encryption using the Signal protocol -- that works because it's 1:1 with a well-understood key exchange. Group chat is harder. Every membership change (someone joins, someone leaves) ideally requires a key rotation so former members can't read future messages. For a 10k-member server that's already expensive; for a large gaming community it's impractical with current approaches.
The Discord DMs aren't E2E encrypted either, for the same reasons. The difference is Discord doesn't claim to be a decentralized open protocol, so users don't think about it the same way. Colibri's marketing around ATProto creates an implied trust that doesn't actually exist at the privacy level.
https://github.com/bluesky-social/atproto/discussions/3363
I think one of the replies here already linked the current proposal for private data spaces, which I'm hoping will become implemented later this year. At that point, people will have the option of either having their community be 100% public, or confined to a more Discord-style data storage, where people can still join, but not everyone can "just read" the messages
One major criticism of things like Discord is that they're private, so I don't think that it's inherently disqualifying, some people might even prefer it for that reason. But it's very, very important that you're very clear about this, up front.
Second, the moderators can choose to remove someone who has joined the community in bad faith.
Third, it is entirely different than broadcasting every single action taken by every single user in every single community on the entire protocol to anyone with one URL.
unless you prevent new members from reading the chat history until given permission then they can already read everything before they are kicked out, and they can come back with a different account.
you also can not detect people acting in bad faith if all they do is read.
basically, you can't expect privacy if you don't limit members to people you know and trust. that goes for any group chat, encrypted or not.
i also doubt that discord chatlogs are encrypted on their servers.
That Discord communications can be exfiltrated in this specific set of circumstances (again, something I already said) does little to change that Colibri is implemented in the least privacy preserving way possible, short of publishing directly to every news and intelligence agency on your behalf, and does little to make that very clear in the first place.
my point is: you don't get that in a public discord. and i believe that most discord servers, those for games anyways are public. only small team discord servers are private. privacy on discord is an illusion. i also would not trust discord to keep any messages private even from a private server.
you seem to imply that just by looking like discord colibri promises the same privacy options as discord. why? colibri does not present itself as a discord alternative. and although the line "privacy when needed" was misleading, in the FAQ they clarified that there is no private data. (to be sure i checked the site as it was 2 weeks ago: https://web.archive.org/web/20260311020805/https://colibri.s... )
This is one of the challenges of building a Discord alternative on atproto. Allow access or not, how moderation works, and having shared ownership that can change.
A few other landing page issues if you feel like addressing them:
- Attempting to navigate with the Tab key results in tab order following nav elements once, where focus indicators aren't visible, and then the same elements get iterated over again but this time focus indicators are visible.
- Tab order doesn't include screenshots and jumps to the FAQ
- Clicking a thumbnail shows the larger image but without any elements for closing the overlay
- Pressing Esc doesn't close the overlay
- No skip links on any of the pages
From a product uptake perspective, I could suggest that since a user is still building trust when they begin use - to only require as few permissions as needed. I'd punt that profile update requirement out personally for another method later.
An example might be when a user has used your app for N sessions, or after N months.
https://atproto.com/guides/permission-sets#permission-set-de...
I'm on a Facebook group and we're actively trying to get off of all Meta platforms, and wanted to see whether I could start up my own platform using an open source platform - but I think something like Reddit would be more suitable as opposed to a massive chat UI.
https://github.com/colibri-social/appview/blob/main/README.m...
PS: I'm not sure if Nostr has this but bluesky currently doesn't.
There is an E2EE messaging system that works with atproto DIDs, based on MLS, called "germ". People who have accounts can have them associated with the Bluesky profile for easy association. They only had a iOS app last I heard, so most people cannot use it.
Also, feel free to DM me (@colibri.social) on Bluesky if you want to migrate to the Colibri PDS! We do host one ourselves.
How is the chat displayed if messages are scattered among multiple PDSes?
What about the community metadata, where is it stored?
I'll send you a code!
“Open social” is so much bs compressed in a couple of buzzwords.
it might be on https://bsky.social, https://npmx.dev/pds or sitting next to your router in your living room in the form of a raspberry pi (https://atproto.com/guides/self-hosting)
> But that’s not where you want your chats now is it? E2EE? And how does it keep it all private since apparently the Bluesky bros haven't figured that part out?
It honestly depends. Right now, Colibri is meant to function for communities that are public anyway. If you're a streamer, an open source dev community, Colibri can help you with talking to people who don't want to be locked in by big corporations. As the E2EE and private data, the Bluesky people have posted a new proposal for that only a few days ago, which I'm already thinking about how to implement: https://dholms.leaflet.pub/3mhj6bcqats2o
But, yes, for now, chats are public. Private data will hopefully be a thing soon on the network.
It's a very cool product but you have to let people know their messages aren't private.
Edit: Section has been added!
> BUILT ON OPEN STANDARDS. PRIVATE WHEN NEEDED.
> Running a private group chat? As soon as the AT protocol supports private data, we'll work on implementing it and giving you the option to create private communities.
Not exactly "private when needed" then, is it? It's disingenuous to even mention this in the marketing copy.
I was working on this, taking a break from atproto, re: bluesky "leadership" who defacto decide what does and does not get into the protocol via the PDS used by 99% of users.