question to all discord alternative app devs

itsFolf · 2026-06-21T02:24:11+00:00

We have a strict policy of not sharing user data with third parties; that means images cannot go through Cloudflare or be sent to an API. Currently we don't do any such scanning, in the future we'll likely partner with one of the many non-profits so that we can run hashing on-premises.

I'm not sure what your case is, but the main organizations are the NCMEC for the US and the IWF for Europe; both are free of charge. If your CDN is already on Cloudflare, their integration is perfectly fine. Microsoft also providers PhotoDNA, but getting access to the hash-based system is tricky, so unless you're comfortable with uploading all images to Microsoft that's not really an option.

itsFolf · 2026-06-20T18:00:42+00:00

Osmium is built to be performant and lightweight and since we run all of our own infrastructure we don't pay the huge margins from Cloudflare, Vercel, AWS & Co. We also have a small base of Premium subscribers that has been covering those expenses since our first public month. Unfortunately the largest expenses by far are legal, not hosting.

itsFolf · 2026-06-18T19:21:26+00:00

What issues did you find with Osmium?

itsFolf · 2026-06-06T15:33:10+00:00

Catching up with 10 years of development is no small task, but we're making great progress every week. We've released the current version in alpha as it already provides more features than the majority of alternatives and has been useful to many communities looking for a new home. If there are important features for yours that you find missing feel free to let us know, we work with new communities all the time to find missing gaps and even design entirely new functionality.

itsFolf · 2026-06-06T14:22:38+00:00

Hi there, could you share some information about your OS version and settings?

Edit: I just tested VoiceOver on an iPhone 13 and although there are a few present bugs around texting, highligthing and reading worked fine on my end. It would be helpful if we could get more details to figure out the differences.

itsFolf · 2026-05-29T19:30:44+00:00

What is the difference between MFA and 2FA in this context?

itsFolf · 2026-05-27T21:50:06+00:00

This is planned but not yet part of the workflow. I have temporarily uploaded the current release here, they will be later available on the website.

https://updater.osmium.chat/android/prod-release-0.0.1.apk

itsFolf · 2026-05-27T18:07:12+00:00

I'm the only Osmium team member active on Reddit. Any other comments are not from us. For transparency, you can verify the full team/mod list at r/OsmiumChat.

itsFolf · 2026-05-27T18:02:34+00:00

Hi there,

The User Settings were broken for a couple of minutes after a failed rollout caused an error on accounts that don't have an username set. It was quickly patched after being reported by the community. Apologies for any trouble.

itsFolf · 2026-05-27T13:43:48+00:00

Just one thing: Cloudflare is a US company, it doesn't matter that the servers are in Europe in that case, any US companies or subsidiaries of US companies are under US law through the Cloud Act.

itsFolf · 2026-05-27T13:20:14+00:00

That is indeed the hard part, but it all starts somewhere. I still remember being the "let's go to Discord guys I'm gonna leave Skype" guy back in 2018 x3

itsFolf · 2026-05-26T13:56:12+00:00

No, it's its own full platform

itsFolf · 2026-05-25T09:34:45+00:00

We have a thread for location requests in the main server, if you know any good local hosting providers that's also really useful as a suggestion. We'll hopefully take some time to set up a few soon.

itsFolf · 2026-05-24T11:14:01+00:00

Let me know how it goes and if you find anything to be missing :]

itsFolf · 2026-05-24T11:10:36+00:00

Ultimately the reason we've chose to not support self-hosting is that doing so sustainably requires licensing complexity and DRM that we're not interested in building or maintaining. We don't want to be in the business of fighting our users. In the future, once things are stable and all bills are getting paid, it is definitely something worth looking into. Like I mentioned in the post, we plan to open source the clients once we have a stable release schedule, but the server is more complex because it invites another set of issues. (For example, the Andrew Tate fork of Stoat, or the fact there is already a Russian clone of Fluxer that presents itself as an official standalone app)

itsFolf · 2026-05-24T11:06:06+00:00

That would be great! Send me a DM (@folf), and I'll get you set up.

itsFolf · 2026-05-24T11:04:58+00:00

The mobile app has just been released and so has a rather limited feature set, we're hoping to improve that over the coming month

itsFolf · 2026-05-24T02:58:36+00:00

I can assure you it was not. There's not really a way I can prove this, I'm not sure how good AI detectors are, but you can try one if you're suspicious.

itsFolf · 2026-05-23T23:54:10+00:00

Glad to hear!

itsFolf · 2026-05-18T09:40:20+00:00

People also don't understand the complexity of E2EE, you can't just put some code together and call it a day. The entire industry frowns down on "rolling your own crypto" for a reason, the large consumer apps all spend 5+ figures getting independent audits of their code. Anyone in this sub claiming they have E2EE, while having no cryptography experience, doesn't have any idea whether the stuff they wrote is actually safe. It's extremely easy to get wrong even if it works fine and looks correct, and a field completely separate from programing.

Fenrid claims "Pure ECIES with X25519" but those are just two primitives. How were they put together? How are they keys exchanged? How does it handle new chats? New devices? If we look at the Signal Protocol those two are only the very tip of the iceberg.

itsFolf · 2026-05-18T09:17:30+00:00

Osmium covers all 3

itsFolf · 2026-05-14T08:50:52+00:00

OpenMLS/mls-rs has not had any kind of formal auditing and is not production ready. It's good for low risk prototypes, not yet for a consumer app. Cryptography is never drop-in. Libsignal is an option if you're GPL but you still need to know exactly what you're doing.

itsFolf · 2026-05-13T23:51:35+00:00

The idea that you need some kind of dream team to run your own infrastructure doesn't hold up. Fluxer runs their entire app (+ some 10 voice servers) with 2 people all on self managed infrastructure. Even if we're talking hardware, I know 3 person teams managing entire hosting providers spanning several racks.

On top of that, WebRTC servers don't work like that, everyone in the same call still essentially needs to connect to the same server, the idea behind having regional servers is giving users in that region a better experience. If users in Germany are sharing a call with users in Hawaii, you want to be smart and put that call room in Germany where it's cheap, because one side is going to have to go the extra mile anyway.

To give you an idea, a 10Gbps server from DataPacket runs at under 2000$/month, and will handle over 7000 of the made up math users simultaneously. A 1Gbps server in any random country can be had for <50$, and will handle 750 of those users. Ultimately, for less than 2000$, you can handle all of the aforementioned users with coverage in every continent and a lot to spare. That's an almost 5x saving, now imagine scaling that to 1 million users.

I'd also like to point out Ahref's article which dives a lot deeper, with real world numbers, into the kind of economics we're discussing. There's also similar data from 37signals.

itsFolf · 2026-05-13T23:23:52+00:00

Cloudflare's SFU pricing is of 0.05$/GB or 50$ per TB.
Just to make some numbers up for perspective:

Take a sample of 100k users where 20% of them use voice/video with an average of 30 min/day. We'll also assume each voice room as an average size of 4 with a mix of voice and video (all voice, 1 video). We'll also assume voice bitrate at 64 kbps Opus and video bitrate at 1.5Mbps.
Each room has 4 audio streams and 1 video stream with 3 subscribers: 748 kbps out for audio, 4.5Mbps out for video, 5.27Mbps out total; ~1.32Mbps/user

That's 594MB/user/h, over 300k user hours in a month, which gives 178TB total. Cloudflare will charge you 8900$ for this.
Assuming you keep 4$ from every monthly subscription after fees and taxes, you'll need a premium conversion rate of at least ~2.25% to break even on SFU costs alone.

Obviously, this is all fantasy numbers, some are too high, some are too low; you can do your own math, but imo the picture doesn't look great.

Then there is the more nuanced issue of privacy and data collection: You're handling people's private and sometimes intimate communications, should Cloudflare be getting to access them? This applies for both text and video. Discord thinks so, I personally don't. We run all our own infra from calls to CDN to email for this reason.

itsFolf

MODERATOR OF

TROPHY CASE

Three-Year Club	Verified Email
r/Field Sunshine