Show HN: Discuo – Anonymous discussions with infinite branching and 24h lifespan
discuo.comI built Discuo, a unique discussion platform that combines: - Infinite thread branching: conversations evolve naturally in multiple directions - 24h post lifespan: all content auto-deletes after 24 hours - No account needed: just start posting or commenting instantly - Complete anonymity: no tracking, no personal data collection - Minimalist design: distraction-free, focused on pure discussion
Originally created for developers to share progress and discuss code, it evolved into a platform covering various topics while maintaining its minimalist essence.
Another thing with the 24h autoclean is it kills slow boards.
The fastest rapid fire message boards are also the most chaotic, with the lowest signal-to-noise. There's a certain comfyness in smaller places, outside the containment imageboards, that you won't have if you just clone slash pol slash and force the conversations to be even shorter and meaningless that they already are over there.
What about the reverse: a post only shows up after 24h after submission? :-)
You might actually be on to something here...
Until a bunch of people try to find a thread about insert newsworthy event here, only to find there isn't one, create their own, and suddenly a day later there's hundreds of dupes.
Or even worse! Everyone knows how the platform works and assumes someone already made a thread about the newsworthy event, just to find out, 24 hours later, no one had made one!
For me that would be desired outcome. Recent events are not worth coverage. Recency is not value.
Thanks for your feedback and just to respond to you: As I said below, after several returns I've updated the site and removed the automatic deletion feature after 24h but I'm thinking of adding an option when creating a post.
If your unique attribute is the 24hr auto delete, and you drop that because some HN people don't like it, you've removed your unique attribute. Probably not the right call.
Not at all, I'm planning to make it optional and I'm listening to people. Not just from here. I launched the project 3-4 days ago and I've had quite a few private messages [with arguments] which have led me to think that it's pretty fair.
Sure. I mean, I often hate the unique attributes people come up with, and I wouldn't use their product because of it. I certainly also hate yours ;P. But... would I use something that has no unique attributes? Probably also not! And, honestly, it is maybe better to first decide if I am even in your target market or not... (and in this case: I am not; my opinion is so different from your instinct that anyone similar to me simply do not matter for your design).
The subtitle says "a minimalist discussion platform" yet the form is inert without Javascript.
Luckily there’s an easy fix, enabling JavaScript like a regular human being :p Honestly curious though, do you generally browse the web without JavaScript?
Yes, I do. The day uMatrix finally stops functioning will be an awful day. Excluding cute PoC sites, and demos; sites that function without javascript are objectively superior every way to sites that can't function without js. Though I admit that's correlative more than causative.
Also, the point isn't to be a regular human being, it's to be a hacker, or engineer, or, [other]. Why be boring (regular) when you can be good at something instead?
Interesting, and completely agree with both your remarks, but how does it relate to disabling JavaScript? What are you getting out of it, other than making the web less usable for yourself?
You mean other than the reduced risk of compromise from the latest js engine exploit? Or that it also prevents some xss injection? Or that often many sites will still function with most external scripts disabled, i.e. it disables spyware that many sites don't need to install, but still do?
Besides all of that, it makes the web more usable in most cases. Not more functional, more usable. I don't want your site to hijack my browser scroll, nor do I want your modal popups to interrupt me. Plus, I like knowing the level of competency of the site's developers. If it doesn't function at all without enabling a half dozen external scripts/sites, even if I still want to use your site. Which is then unlikely, I know to lower my expectations about how much I can trust you or your site.
How about loading the table row you just added instead of reloading the entire page, table and all?
I'm against bloated apps and ads, in favor of using forms and HTMLs strengths, but JS is the tool and not the cause of poor design. A web developer that doesn't use it is offloading their identity based allergy onto the users bandwidth.
Plus you can make modals without JS
> How about loading the table row you just added instead of reloading the entire page, table and all?
Show me a single site that uses js in this way. But, and here's the trick... it has to *actually* use less network bandwidth. My issue isn't with js as a web development tool. My issue is with js when it's the wrong tool.
> A web developer that doesn't use it is offloading their identity based allergy onto the users bandwidth.
That's an interesting hypothetical, but I'd be willing to be more user bandwidth is consumed by needless JS scripts, than by all the engineers that you'd call "allergic" to js.
> Plus you can make modals without JS
Show me one that triggers when I scroll too far, or move my mouse outside of the window that doesn't use js?
All of your claims lack evidence... there's plenty of things that sound great in theory, but have been toxic and user hostile every time someone has actually tried to apply said theory.
I also browse with disabled JS by default, enabling it on selected sites for selected JS sources. It has several advantages:
1) Web is much faster.
2) Often JS makes continuous CPU load, raising speed of CPU fan to noisy levels.
3) Sometimes JS is used for animations, i hate animations on web pages.
4) Sometimes JS is used to auto-play videos (although recent Firefox with proper settings ca block that even with JS enabled in most cases), i hate auto-play videos. That was my primary reason to switch to disabled JS in the past.
5) Often cookie and other pop-ups are implemented with JS and do not show when JS is disabled (while the web still works).
6) Most ads disappear even without ad-blocker.
Ads. Tracking scripts. Interface hijacks. Dynamics that change the page as I read it. A myriad of other poorly executed ideas that someone who considers themselves "very clever" thought were good at the time but only make my experience worse.
Developers should stop using javascript everywhere things can be done without it. Point.
Why?
For the same reason you shouldn't rent or buy or use a backhoe when it's a shovel of dirt. For the same reason you shouldn't stand up multiple 8U rack mount servers to run your homeassisstant instance that would be happy on a raspi zero.
I would love it if web devs would stop externalizing the costs of their bloated apps onto their users. Make web devs care about resource utilization. How much bandwidth, electricity, and time is wasted on poorly written applications?
More like you shouldn't use a backhoe and charge passing people for its fuel and put your backhoe in the middle of the walkway. It brings negative value to the end user. If you don't care for your end user - fine, but then you can't expect them care for you or your product either.
Great idea! Some feedback:
- The 24 hour horizon means you could get away without namespace functionality like categories entirely, especially when self-hosting for a small-to-medium-sized group.
- It's tiring to read sites with all monospace fonts. I can see how it might be useful if most posts contain a lot of code, though.
- Do you expect this to be open sourced?
As I said below, after several returns I've updated the site and removed the automatic deletion feature after 24h but I'm thinking of adding an option when creating a post. Thanks for your feedback, and I don't think it will be open source for the time being! If the site is doing well and there's a lot of demand for it, why not rethink!
Wow, been thinking about creating the same thing for a while now. What did you build it with? I'd definitely love to see some of the code!
Tbh the 24 hour horizon also means that you can do without a persistent db and store everything in memory (as managed db are typically the most complex / expensive part of the stack)
Only if you’re ok with an empty page after server restart.
If it'a controlled restart, you can dump your memory onto a file when shutting down, then reload the dump when you restart. If it's a crash, yes, you will lose everything. Or you can do Append Only File persistence like Redis, in which case you won't lose anything in each case.
> dump your memory onto a file when shutting down, then reload the dump when you restart
To me this sounds like building your own db but worse.
Agree for the dump idea, but AOF persistence is quite easy to do (literally open a file and append).
Of course you'll have to choose the right data structures in memory, but that can be ad hoc to your app, so considerably less complex than a general purpose database.
The only problem is when you go out of memory, but if you have an eviction strategy (i.e. a 24 hours life per post), you don't need to scale for a long time.
We’d still need code to load the data back, also to continously test that code (or debug in production), plus handle data migrations. There might be more use cases. A regular db might be simpler at this point, depending on the project’s setup.
Loading the data back is just reading the log file and applying every record one after the other (ignoring records outside the time horizon). Sure you will need to maintain the code, but it's not as complex as writing a database from scratch, as you suggested.
This is a beautiful platform. Care to describe the tech stack you're using?
UX nit: "post anonymously" looks like a button, and I pressed it a couple of times before understanding it's just a switch.
Thanks a lot! I used nextjs, tailwind, prisma all deployed on a vps :)
Thanks for your comment, I'll fix it
I would love to participate in a small community like this. Problem is that they usually fail to gain inertia and become abandoned quickly. They also become filled with spam unless actively moderated.
The title of this post should be changed to reflect the fact that the one interesting thing about it is no more
This is a very cool idea and your work is awesome! Do you have an X account or something like that so I can check out what you are up to? I know the point of this website is being anonymous, but I feel like you should have a way to promote your hobbies or work, you know?
I like the idea of branching discussions. I imagine this would be great for text messengers. If there was a workable platform for building messengers (hello, Matrix?), I’d likely already have prototyped something up.
How are you going to avoid all the problems - moral, legal, and ethical - that other image boards face?
A moderation system has already been set up and used for several bans, and it works well. If there are more and more visits, I'll recruit someone for 24/7!
It seems cool, but why the mandatory 24 hour auto-delete?
edit: I guess if it took off, you'd incur storage costs :thinking:
Like 4chan, ephemeral posts create a different kind of community. I wonder how this plays out legally (i.e. don't you have obligations of log persistence in case a crime is reported?)
UPDATE 2: I may add an option to decide if you want your posts to be deleted within 24 hours. For the moment, no more deletions at all.
To be fair, I like the ephemeral post message board style. I was just curious of the legal implications of deleting content. I am not a lawyer, and there could be none as far as I know.
UPDATE: I've removed the 24-hour message deletion function. Posts will now remain on the platform.
Don't fall into the trap of audience capture: https://www.neuroscienceof.com/human-nature-blog/audience-ca...
Do your thing and ignore some randoms replies online. Including this one.
For sure, thanks for this advice!
I just like this concept of ephemeral post!
Thanks!
Looks nice.
Some thoughts:
- I'd fix the breadcrumbs so it's not /ai but /tech/ai.
- Seeing the crowdflare captcha gives me the ick. There should be different GDPR-compliant solution other than giving crowdflare all our info.
- Maybe tie the 24hr deletion period to the number of upvotes for a certain post. If a post gets many upvotes, add another day to its lifetime and so on
Sooo modern day 4chan.
*modern day 4chan without the impossible to solve captcha
> modern day 4chan without the impossible to solve captcha
Subject to visitor country as the captcha is a Cloudflare captcha and they aren't legally allowed to serve just whatever internet visitor
The infinite fire hydrants one?
Haha, that's true! Thanks!
Yeah I remembered same thing. btw Futaba channel (mama 4chan) has different lifespans to drop thread on each board. (ex. img.2chan.net drops thread in 1hour). Just an idea.
Thanks for the idea!
Bad idea for social marketing - by the time a post becomes popular, it disappears.
(I've removed the 24-hour message deletion function. Posts will now remain on the platform.)
Discuo just killed 4chan. #4chanIsdead
This is a pseudonymous system, not anonymous. The "anonymity" is entirely dependent on the salt. Unless you literally have no way of complying with a court order to hand over a user's IP, making any claims of anonymity is just flat out irresponsible. I hope no whistleblowers attempt to use this platform without a lot more consideration and countermeasures taken.
Sorry for the rant, I just really hate how much of a buzzword anonymity has become when nearly every claim of it falls on its face.
I'm open to discussion on how to improve the system if you have any ideas or suggestions.
Don't call it anonymous if it isn't actually anonymous.
It's anonymous.
So if you were served a technical assistance order you would have no way of complying with that? How are you using a salt that you have no way of knowing/observing/recovering? What protection measures are employed to prevent the salt from being recovered from memory or otherwise dumped via some other exploit? Please be detailed, as matters of anonymity can usually be boiled down to life changing consequences for those involved.
The system is designed with multiple layers of privacy and security: - IP Hashing: One-way SHA-256 hashing with environmental salt ; Original IPs are never stored, only hashes ; Even with server access, original IPs can't be recovered; Server memory only processes hashes, never stores raw IPs - Per-Category Anonymity: Different poster IDs per category using separate salts ; Double-hashing mechanism: first for global ID, then for category-specific ID ; Cross-category correlation is mathematically impossible ; Each context generates a unique, unrelated identifier - Technical Assistance Compliance: I can provide hashed data and salting mechanisms; I can track specific hashed IPs if required; I can ban users without knowing their real IPs; But I technically cannot reverse the hashes to original IPs
The system balances legal compliance with user privacy - I can assist investigations through hash matching while maintaining technical inability to reverse-identify users. This is not about avoiding compliance, it's about responsible data minimization. The architecture ensures I can't provide what I don't have, while still maintaining effective moderation capabilities.
How has the server been blinded from the hashing mechanism? Is this happening on different hardware, or facilitated through API calls to another server or something?
Genuinely curious as I think anonymous discussions are awesome but hate the kind of stuff that comes along with other anonymous image boards. Truly hope this is successful and results in a wonderful thriving community.
IP space is not huge, if you use the same salt for each IP it is trivially reversed.
Yeah, unfortunately until IPv6 adoption increases this will be a problem. Even the currently utilized IPv6 space is probably small enough that sufficiently motivated corporations/nation states would probably be able to crack it given the resources available, assuming it's important enough for them to care about.
I think they mean how would you make it more anonymous? Otherwise you're applying a pretty rigid definition that no system has met.
I asked for details on how the hashing is blinded but haven't heard back. There are plenty of systems where an operator cannot furnish any information about a user, for example a Tor relay operator, mix net nodes, etc.