Why FOSS projects are using proprietary, privacy invasive infrastructure?
As you can easily notice, today many open source projects are using some services, that are… sus.
For example, Github is the most popular place to store your project code and we all know, who owns it. And not to forget that sketchy AI training on every line of your code. Don't we have alternatives? Oh, yes we have. Gitlab, Codeberg, Notabug, etc. You can even host your own Gitea or Forgejo instance if you want.
Also, Crowdin is very popular in terms of software (and docs) translation. Even Privacy Guides and The New Oil use Crowdin, even though we have FLOSS Weblate, that you can easily self-host or use public instances.
So, my question is: if you are building a FLOSS / privacy related project, why using proprietary and privacy invasive tools?
A lot of people use Github because it's easy to use and popular. Not everyone wants to self host, although it would be nice if the larger projects did. What I really hate is when open source projects use something like disord for support.
I run a fairly popular open source project called Svelte Material UI, and I can tell you why I use Discord for support. My users want me to use it. GitHub too.
People want to use what they already have, and most people, even developers, don’t care that much about privacy. I would gladly self host a support forum, but tons of people would rather use a different library than sign up for my personal support forum. And the people who really care about privacy wouldn’t trust my self hosted solution either, so there isn’t really a better option than Discord, as much as that sucks.
I agree that it sucks. I would much rather use a more open platform. But my users don’t want that. Discord is convenient, people want convenience, and I want to give my users convenience (even if it means I have to answer the same questions once in a while).
Yeah, I gave up long ago to suggest ppl some alternatives. The problem PPL Here have is the discord only thing. With tools like matter bridge you could combine several tools seemlessly, but that is of course way to much trouble for smaller projects.
Having the ability to bridge doesn’t mean you always should… you are now exposing folks to Discord’s data collection + ToS as well as all the inevitable spam that flows into these rooms.
If past support questions showed up in searches, then more users would be able to help themselves and would never need to ask for support, so it wouldn't matter as much what platform it happened on.
Personally, I think it would be good if support discords were all bridged to matrix spaces (currently doable, but matrix needs locking down more than discord to stop spam as the tools to prevent and remove it are worse) and the matrix history was archived somewhere search engines could index it like mailing list archives are (currently not doable). That approach would let users use what they want without forcing anyone else to, and keeps self help as easy as it was in the days of forums.
Typically, what I’ll do is if multiple people ask the same question or need the same guidance, I’ll put it in the readme or the “Quick Guide” section of the demo site. If anyone knows a solution to make the discord server publicly viewable/searchable though, I’d happily implement it.
Right now, if you have a Discord account, you can join and view the server, and post in the support channel and forum. Maybe there’s a Discord bot I could set up to mirror the content.
I'm thinking more for the scale of something like OpenMW, as we've got more frequently asked questions than we could hope to put on an FAQ page. In the olden days, stuff showed up from our forums when people googled it, and now it doesn't, so we get loads of questions through Discord, and very rarely one from Matrix.
I can't even use discord at all because it forces me to verify with a phone number as soon as I sign up, every single time, no matter what ISP/browser/etc. I use.
Whose voices can you listen to when all of your communication options are closed? Of course the ones already on the proprietary plaforms are more okay with it. If you are worried about folks not trusting your host or sign ups, choose a decntralized service so no one has to trust it or sign up.
That’s a shame. It’s rare, but I have been reached out to before by way of email, IRC, XMPP, & Matrix. Mastodon tho isn’t a messaging app, but a migroblog that doesn’t have a good messaging UX (or encryption)… I usually dig around for an email before I would reach out over Mastodon since it’s not often the right platform.
Do you follow the project & see post about it that aren’t specifically @-ing you? I did this about a small TUI app two weeks ago in a vent, & the dev reached out to me & I immediately joined the IRC where they helped me resolve my immediate issue.
This could also be a front-end focus thing… where the average user is on a Mac & uses Twitter than the audience for TUI mail.
I have my email available too. It’s certainly easy to get ahold of me outside of Discord and GitHub.
I feel like what you need to understand is that most people use closed source, commercial services and don’t care about avoiding non-privacy centric services. It’s not like a this kind of developer/that kind of developer thing. You and I are a rare kind of people, even in the developer community.
If I focused on only providing support through privacy focused venues, I would be excluding the people not willing to sign up for those things, which is a vastly larger group than you might think. Much larger than the group of people who wouldn’t sign up for Discord. Additionally, it’s harder to moderate spam on open, federated platforms. So I’d be adding more work for myself that will take up time I could be using to develop SMUI.
I understand why people want to advocate for privacy focused and federated services. I want to too. But my goal as an open source maintainer isn’t to cater to those people or advocate for something like Matrix, it’s to help my users.
And yes, I search around the web once in a while to see what people are saying about SMUI outside of the official channels.
I think there is a disconnect on what folks want to use, what they know they can, & what they actually use. I have talk to a lot of ‘normies’ that do value their privacy (else Apple would not try to turn it into a marketing point), but they don’t understand the alternative or how much data is truly getting leaked. Sure there are the I just use what’s convenient type but when you compare A to B, so long as B has most of the features they rely on or can work around will take the one with better privacy.
For me, I feel as a software maker, I have a duty to advocate for these freedom-focused platforms since I have a better understanding of how software & data collection works. I have friends that ask for suggestions around these thing since they know I can be a trusted authority on what might actually be best for their data, or even making compromises on something not ideal like Signal (or Matrix). Additionally, if I believe that if my projects are worthy of free or otherwise moral software, I want to practice what I preach & use/support those services--and the values they represent by making sure the freedom of users are respected too. I would even go so far as to hedge that the types of users that care about tech in this way are more likely to pitch in & be closer-knit than the fly-by, can’t-be-asked-to-use-anything-but-Discord type.
As for spam, I am in one PL IRC chatroom, & it gets flooded from spam from the Discord bridge. I would say popular platforms have a greater chance at spam than one that is less popular--in the way Linux has less viruses, not due to vastly superior architecture, but less users.
Ultimately, it’s not that I don’t see your point of meeting the users where they are instead of making the change you want to see in the world (or maybe you don’t care that strong for doing that sort of thing), but fundamentally I disagree with that sort of compromise. …Now to the point that if a project only offers Discord, I outright dismiss it as not having values that align with mine & will seek an alternative, even if it’s worse or has a smaller community.
You know, my code is open source. You’re welcome to fork my project and run your own version with a privacy centric support forum. Maybe you’ll be successful.
You’re partly right though. I care more about serving my community than proselytizing to them. Not that I won’t proselytize to them, but it’s far more important to me to make sure they can use my software library for their projects than to make sure they use only privacy centric services.
I’ve dealt with a lot of people like you, who want to shame me for the decisions I’ve made. I’m pretty thick skinned, so it’s not going to push me away from the open source or privacy centric communities. But it does push some people away, so you should change to a different tactic. It’s kind of like the difference between telling someone how bad they are for eating meat vs telling them how easy and tasty certain meat alternatives are. One of those methods is basically guaranteed to backfire.
I hear a lot of the folks in here not shaming you specifically but the general direction that a lot of projects are in. It’s nothing against you personally… especially with the “free” in “freedom” to do what you wish. They, & I, feel underserved--not just that but it feels ironic given the topic in question is free software. Occasionally I talk about sports still on Reddit despite it ’cause that sort of community I wouldn’t expect to understand why moving might benefit their community or understand the tools for migrating, but those in software I assume would.
No but it does solve people not wanting to bother making an account for your effectively single-user self-hosted instance just to open a PR. I could be up and running in like 10 minutes to install Forgejo or Gitea, but who wants to make an account on my server. But GitHub, practically everyone has an account.
I could be up and running in like 10 minutes to install Forgejo or Gitea
You could maybe do that but only because you already know how unlike most developers and you completely dismiss any active maintenance like updates, moderation, debugging performance issues, resizing storage,...
ForgeFed solves a storage issue with Forgejo too… no Git object dedup means that the storage starts to balloon if you require all patches be in the form of pull requests on your server.