Colibri – chat platform built on the AT Protocol for communities big and small | Better HN

Colibri – chat platform built on the AT Protocol for communities big and small | Better HN

103 comments

rvrb1mo ago

Users in a Discord server/local community on tools like Discord naturally expect that their actions within that community are private in so far as they trust everyone in the community (including the operator) to keep it so.

By using ATProto, Colibri fundamentally makes all of your communication within any community completely public to everyone on the internet.

That’s fine for something like Twitter, where the product sets the expectation of such a thing. You can imagine how big of an issue this is when you try to do it in a trusted community model. Add on that Discord is used by kids who likely don’t know this and you can see why this is dangerous.

I consider this not only just a liability but bordering negligence. It is fundamentally broken, at an architectural level

consumer4511mo ago

I agree that is borderline negligence, and by far the biggest issue with AT and Bsky. Here is what I believe to be the most recent discussion on that topic:

https://github.com/bluesky-social/atproto/discussions/3363

quasigod1mo ago

Theres more recent updates on it in a blog post from Bluesky head of protocol: https://dholms.leaflet.pub/3mhj6bcqats2o

consumer4511mo ago

Very cool! Thanks for sharing that.

verdverm1mo ago

The current conversations are around how to do permissined data properly on atproto. I have a prototype, but Bluesky hasn't participated in the community effort and looks to be doing their own thing. They also took Bain Capital "funding" (private equity) which was the breaking point for me. They could have set up subs for nothing and made more than that, hard fumble imo.

theturtletalks1mo ago

Having something like circles from the Google+ days would be needed if ATProto is going to go anywhere. Is it possible in the protocol?

Multicomp1mo ago

Yeah having the messages be e2ee by default and then extending it out to one or more groups depending in which circles are currently included for messages could let atproto act like an encrypted group chat with crisscrossing group chats per message, which can ratchet up and along with the new enceyption keys each message/batch of 10 messages/hour/day until that client is dropped from a group or a group is dropped from a conversation, then the keys change and pfs prevents old clients from continuing to read future messages.

Sure you can see that users emit messages in the pds but you dint know if its for your former group or other activitt

louisescher1mo ago

Fair point! A different user has already pointed out that this isn't disclosed enough on the landing page, and I'll be adding a section to clarify that, both on there and in the app itself.

I think one of the replies here already linked the current proposal for private data spaces, which I'm hoping will become implemented later this year. At that point, people will have the option of either having their community be 100% public, or confined to a more Discord-style data storage, where people can still join, but not everyone can "just read" the messages

steveklabnik1mo ago

Just want to chime in with, this does feel very slick, but this was the #1 question I had. I could not determine it from your site, and had to try it out to see.

One major criticism of things like Discord is that they're private, so I don't think that it's inherently disqualifying, some people might even prefer it for that reason. But it's very, very important that you're very clear about this, up front.

louisescher1mo ago

I really appreciate you chiming in, no matter how slick! New section has been added, lmk if you'd like to see this adjusted further

david_shi1mo ago

The first assumption has been long disproved since multiple full scale Discord data leaks. If it's a public server, it can be scraped.

https://www.malwarebytes.com/blog/news/2024/04/billions-of-s...

em-bee1mo ago

any discord server that offers public invites is effectively public.

rvrb1mo ago

First, the user knows this when joining a public community.

Second, the moderators can choose to remove someone who has joined the community in bad faith.

Third, it is entirely different than broadcasting every single action taken by every single user in every single community on the entire protocol to anyone with one URL.

em-bee1mo ago

the moderators can choose to remove someone who has joined the community in bad faith

unless you prevent new members from reading the chat history until given permission then they can already read everything before they are kicked out, and they can come back with a different account.

you also can not detect people acting in bad faith if all they do is read.

basically, you can't expect privacy if you don't limit members to people you know and trust. that goes for any group chat, encrypted or not.

i also doubt that discord chatlogs are encrypted on their servers.

0x4571mo ago

> First, the user knows this when joining a public community.

From Colibri: your community chats are public and visible to everyone by default.

So it's the same.

> Second, the moderators can choose to remove someone who has joined the community in bad faith.

Colibri has mod tools as well.

> Third, it is entirely different than broadcasting every single action taken by every single user in every single community on the entire protocol to anyone with one URL.

Sure, but then just don't use it?

It's really no that different from how IRC worked. Except persistent history is part of protocol and not some bots.

This is not public communities, not for small group of friends sharing edgy memes and discussing national security.

eximius1mo ago

Private channels in public servers exist. I'm almost entirely on private servers.

verdverm1mo ago

This is one of the challenging aspects about defining permissioned spaces on atproto. In essence, you have a completely separate database per user (sits next to their repo) with which you can do permissioned public->private spectrum. Nesting more privacy inside another permissioned space requires breaking the typical permission walking chain, eg. in Google Docs, if you have access to a folder, you have access to the subfolders.

avtar1mo ago

Please consider adding screenshots of the UI that provide an idea of what the experience will be like without having to log in using Bluesky or other credentials.

louisescher1mo ago

Done! Thanks for the suggestion, that's a good idea.

avtar1mo ago

Thanks for the quick fix :) Nice to see more Discord alternatives these days.

A few other landing page issues if you feel like addressing them:

- Attempting to navigate with the Tab key results in tab order following nav elements once, where focus indicators aren't visible, and then the same elements get iterated over again but this time focus indicators are visible.

- Tab order doesn't include screenshots and jumps to the FAQ

- Clicking a thumbnail shows the larger image but without any elements for closing the overlay

- Pressing Esc doesn't close the overlay

- No skip links on any of the pages

louisescher1mo ago

I don't know how I can keep forgetting about keyboard users. Thanks for bringing this to my attention, I'm working on it!

singpolyma31mo ago

I assume it looks the same as literally every other chat app

Muhammad5231mo ago

Yeah. Lots of discord-like free-software(as in freedom) chat apps are spawning. I think it's clear that whichever becomes the most popular will not be about who has better code but rather about who manages to get a stronger community around their project.

subscribed1mo ago

Nash.

There are always quirks and edges. Like using Bluesky itself, there's a number of viable apps for them (some better, some worse), they're all slightly different. There was a large number of Reddit apps, every single one very different.

jFriedensreich1mo ago

It's impossible to consider ATproto apps usable until the horrific oauth situation is fixed. It's still not possible to adjust oauth permissions to something restrictive dynamically so every app needs a new account which kind of defeats many of the interop promises, if apps even allow it (colibri requires invite code)

verdverm1mo ago

Permission sets have existed for some time now

https://atproto.com/guides/permission-sets#permission-set-de...

throwawaymobule1mo ago

Those are set by the site requesting the login though.

I believe what they are referring to is custom permissions set by the person logging in, regardless of what the app itself requested.

e.g. login, disable all writes, all attempted repo writes using that oauth token fail.

verdverm1mo ago

It sounds more like they are referring to the prior atproto transition:* scope that had no restrictions, which was horrible, re: every app needs a new account

Today, apps can limit the permissions they request during login. I don't see the dynamic, assuming they mean something where during approval you can deselect options, as a horrible situation. That's something very few apps do even outside of atproto.

sensen1mo ago

This looks neat, but should I be concerned about the permissions this is requesting for my account? Bluesky: Manage your profile, posts, likes and follows

louisescher1mo ago

Hi! We're doing that to allow you to update your profile from within the app. Not doing anything else besides that. If you have concerns, take a look at the source code: https://github.com/colibri-social/colibri.social

czbond1mo ago

Very interesting project.

From a product uptake perspective, I could suggest that since a user is still building trust when they begin use - to only require as few permissions as needed. I'd punt that profile update requirement out personally for another method later.

An example might be when a user has used your app for N sessions, or after N months.

iamnothere1mo ago

They should prompt the user for permission when they use a feature that requires it, explain why, and allow them to cancel if desired. Have seen this pattern used many times elsewhere.

verdverm1mo ago

If that's all you are doing, then narrow the permission set for oauth. No need to have access to posts if you aren't touching them.

righthand1mo ago

> This implementation is almost entirely vibe-coded for the purpose of being able to quickly get started with development of the main application. It will be re-written in the near future to take advantage of Tap and be reworked to include all user data storage as well as any OAuth capabilities, which currently reside within the website's backend. If you are interested in helping with this, start a discussion on this repo!

https://github.com/colibri-social/appview/blob/main/README.m...

tannhaeuser1mo ago

Not sure who the target audience for this is?

ActivityPub (Mastodon etc) has already very granular permissions wrt. who to federate with, which posts to make public, edit or withdraw posts after initial creation, etc. catering to EU privacy and moral/personality rights demands.

For closed group chat, there are many alternatives.

Discord is after all a video chat app designed to be used during a gaming session first and foremost.

subscribed1mo ago

See, for you it's that, for me it's strictly text app with good notifications and messages delivery, convenient group management, etc.

If i wanted video chat app I'd to for twitch.

Orygin1mo ago

> If i wanted video chat app I'd to for twitch.

Twitch barely has any semblance to what Discord offers. It's one to many, while Discord is many to many.

louisescher1mo ago

Hi, person behind the project here, thanks for the cross-post!

todotask2OP1mo ago

You're welcome! Cool project!

louisescher1mo ago

Ty!

em-bee1mo ago

where can those of us who are not on bluesky get an invite code for an account?

louisescher1mo ago

Feel free to E-Mail me via the PDS's account: pds@colibri.social

I'll send you a code!

imiric1mo ago

Interesting project, but...

> BUILT ON OPEN STANDARDS. PRIVATE WHEN NEEDED.

> Running a private group chat? As soon as the AT protocol supports private data, we'll work on implementing it and giving you the option to create private communities.

Not exactly "private when needed" then, is it? It's disingenuous to even mention this in the marketing copy.

louisescher1mo ago

Valid point! I'll get that section removed for now and either reword it later, or re-add when the protocol supports it.

verdverm1mo ago

The problem for atproto will be getting a permission system that can enable enough parity with Discord that it has a competitive experience.

I was working on this, taking a break from atproto, re: bluesky "leadership" who defacto decide what does and does not get into the protocol via the PDS used by 99% of users.

ebbi1mo ago

Is there anything like this but more of a reddit style layout?

I'm on a Facebook group and we're actively trying to get off of all Meta platforms, and wanted to see whether I could start up my own platform using an open source platform - but I think something like Reddit would be more suitable as opposed to a massive chat UI.

louisescher1mo ago

Hi! We've got Forum-Style channels planned, similar to Discords, would that work for you? It'd still be a single text channel, and you could have multiple of them per community.

ebbi1mo ago

Thanks for the reply! I'm not too familiar with Discords forums so will do a bit of digging

verdverm1mo ago

The comments are not trees like Reddit. It's more like a list of questions you click into for a thread. Basically a channel where the top level is a list of threads, has more permanence than threads in normal chat channels.

avtar1mo ago

Maybe Lemmy without federation?

ebbi1mo ago

This looks very promising! Thanks for the lead.

BodyCulture1mo ago

We need more aggressive laws to prevent privacy destroying platforms. Every person who creates a website or platform that advertises any kind of private communication but does not fully encrypt user data must go to jail. This cancer needs to be stopped.

pjc501mo ago

At the moment there's a much higher risk of legislation banning E2E.

gzread1mo ago

So email providers should go to jail...?

swampdick1mo ago

"For public private conversations" Go home guys

jonashus1mo ago

Where is data stored? Bluesky? My PDS? Your PDS, for free?

louisescher1mo ago

Hi, I've just added an FAQ entry about this: https://colibri.social/faq#where-is-my-data-stored

Also, feel free to DM me (@colibri.social) on Bluesky if you want to migrate to the Colibri PDS! We do host one ourselves.

the_axiom1mo ago

Only my own messages are in my PDS? Or the entire chat?

How is the chat displayed if messages are scattered among multiple PDSes?

What about the community metadata, where is it stored?

louisescher1mo ago

Your own messages are on your PDS. The chat, the category, community and all metadata are stored on the PDS of the person who created the community. The chat is then displayed via our app view, which keeps a live index of all messages and provides some endpoints to collect them!

gavmor1mo ago

Cool, was thinking of building this myself. Glad you beat me too it. It's a nonstarter without E2EE for my use-cases, unfortunately.

schlu1mo ago

I totally understand that words and ideas get reused. But when I see Colibri, I think rest stop on the freeway (autoestrada) here in Portugal!

isodev1mo ago

“Your data isn’t trapped on our servers” - where is it then? Who can access it?

“Open social” is so much bs compressed in a couple of buzzwords.

tjuene1mo ago

> where is it then?

it might be on https://bsky.social, https://npmx.dev/pds or sitting next to your router in your living room in the form of a raspberry pi (https://atproto.com/guides/self-hosting)

isodev1mo ago

But that’s not where you want your chats now is it? E2EE? And how does it keep it all private since apparently the Bluesky bros haven't figured that part out?

louisescher1mo ago

https://colibri.social/faq#where-is-my-data-stored I've just added a new FAQ entry to explain this in a bit more detail.

> But that’s not where you want your chats now is it? E2EE? And how does it keep it all private since apparently the Bluesky bros haven't figured that part out?

It honestly depends. Right now, Colibri is meant to function for communities that are public anyway. If you're a streamer, an open source dev community, Colibri can help you with talking to people who don't want to be locked in by big corporations. As the E2EE and private data, the Bluesky people have posted a new proposal for that only a few days ago, which I'm already thinking about how to implement: https://dholms.leaflet.pub/3mhj6bcqats2o

But, yes, for now, chats are public. Private data will hopefully be a thing soon on the network.

kmfrk1mo ago

Discord's main problem for me is that it's built around people having one and only one user, which is a huge privacy and pseudonymity mess. The only alternative that works somewhat is using the PTB version of Discord for your "alts".

If this project has genuinely decent multi-user support instead of the miserable experience of Discord, I'd emphasize and promote that first over being a Discord-like, since this genuinely improves on some of the privacy issues of Discord, despite AT Proto being public.

Better to distinguish the product from Discord rather than promoting how similar it is. Because of the public architecture, it's more similar to a forum board than Discord anyway, so you could also just as well give people another interface by showing the community as a conventional website. People may or may not like it, but it's basically what it practically is.

One of the big issues with Discord is that it takes public knowledge like wikis and makes it private instead - and beholden to the whims of mercurial mods and admins. Information being public doesn't have to be a bad thing that way.

Instead of Discord, you can give the people Discourse. :)

tl;dr: AT Proto being "open" can look like a bad thing in nominally private spaces like Discord, so promoting as something more open like an open forum board rather than a closed Discord server might be more interesting and persuasive. But I'm also a forum board evangelist.

wolvoleo1mo ago

Is there something like this on top of nostr too? I'd much rather see nostr because it's truly open.

kevinak1mo ago

There is - https://flotilla.social/

verdverm1mo ago

Does Nostr have private content? That's a required feature for a chat platform.

kevinak1mo ago

Yes. Here are some specifications that describe it: https://github.com/nostr-protocol/nips/blob/master/17.md and https://github.com/nostr-protocol/nips/blob/master/59.md

wolvoleo1mo ago

Well it could just be E2EE'd right? That's more of a required feature IMO.

PS: I'm not sure if Nostr has this but bluesky currently doesn't.

verdverm1mo ago

Key distribution puts a limit on scalability for E2EE, eg: Signal / Telegram user limits

There is an E2EE messaging system that works with atproto DIDs, based on MLS, called "germ". People who have accounts can have them associated with the Bluesky profile for easy association. They only had a iOS app last I heard, so most people cannot use it.

cmxch1mo ago

So does it have the same hermetically sealed qualities that other atproto implementations have (BlueSky)?

louisescher1mo ago

Sorry, not quite sure what you mean when you say "hermetically sealed qualities", could you elaborate?

iamnothere1mo ago

Thanks for building this, UX is nice and should encourage people to switch from Discord. Bsky only is a bit disappointing as it is still heavily centralized. I would love to see a system like this that can also set up channels over Nostr and the Fediverse. Fragmentation is starting to become an issue with decentralized and federated social.

louisescher1mo ago

We've taken a look at co-supporting ActivityPub as well actually! And yeah, the fragmentation is an issue. But I honestly think we might see at lease some level of interop between these fragments in the coming years, even if it's just some parts of the protocols and specs going in the same direction.

hipdaddy1mo ago

Use AS2.

Use AS2.

Use AS2.

Making decentralized social media?

Use AS2.

This is not chat, it’s social media with a chat UI.

You should use AS2.

AT is a joke invented by nontechnical people. They had 1 good idea (updatedAt and use of At) everything else was not good for decentralization.

AS2 is perfect for feeds of content especially when you want to nest other content e.g. a user posted a reply to a comment on a game.

AT is centralized social media with cancer, stop using it.

Orygin1mo ago

AS2 as in Applicability Statement 2? Or Action Script 2?

Edit: For the curious like myself, after more searching it seems to reference Activity Stream 2 which is a W3C standard used by ActivityPub (Mastodon, lemmy, etc)

verdverm1mo ago

ActivityPub is more of a zombie project than ATProtocol at this point. AP has plenty of problems this fresh account made to disparage omits.

I'm looking forward to a new protocol that combines the best of what we have with a robust permission system from the start.

Orygin1mo ago

Seems you wanted to respond to the OP? I was mainly inquiring about what's AS2.

> AP has plenty of problems this fresh account made to disparage omits.

Isn't that a problem with moderation instead? If ATProto becomes decentralized someday, it'll have the same issue

j / k navigate · click thread line to collapse