I’ve just read about ClubsAll in the Fediverse Report and did some digging. It seems to be another Threadiverse service federating with Lemmy and others.

While I always welcome new platforms into the fediverse, there are some weird things with this one.

  • It isn’t open source, but the developer mentioned on ProductHunt that they want to open source it in the future.
  • You can’t run your own ClubsAll instance at the moment
  • They want you to join their Discord, but wouldn’t it be better to have the conversation around it on ClubsAll itself? I’ve found a ClubsAll Community on ClubsAll but it only has two posts from 10 months ago without any comments or upvotes.
  • Their main search bar is just a Google search
  • They want to finance it through paid accounts, awards and donations according to their about page.
  • According to their privacy policy they collect interactions with the content, like voting, bookmarking and reporting to improve and personalize the website and to develop new products and services and for marketing and promotional purposes.
  • I haven’t found content that originated on ClubsAll yet, apart from c/ClubsAll. All I’m seeing is content federated from Lemmy communities.

For me there are some red flags in there, like closed source code, paid accounts and data collection for marketing. But, correct me if I’m wrong.

  • Blaze (he/him)@feddit.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    2 months ago

    Thank you for coming back

    security review by someone experienced to make sure we do not instantly get hacked as soon as we open

    The source not being open will not prevent attackers from trying to hack your website as it currently online.

    If you need help with having a look at the code, you can probably reach out to people here. You might want to shut the website down during the review so that if an issue is discovered it won’t be exploited.

    It is typescript, next, React, Cloudflare

    Interesting, those are all front-end languages. Do you know which one was used for the back-end?