Palform - form building that's encrypted, open-source, and hosted on EU servers. thoughts?? (palform.app)
from copyscam@lemmy.ml to privacy@lemmy.ml on 23 Feb 17:54
https://lemmy.ml/post/43597179

I feel like everyone I know has been lookin for cryptpad alternatives (upon ditching google) as it’s incredibly slow, clunky, and inconsistantly mobile-friendly. this … seems good??

anyone tried it? what are yr experiences? other decent, private form builders you would recommend?

tysm!!

#privacy

threaded - newest

Tundra_Lifeform@piefed.social on 23 Feb 20:53 next collapse

Really want to hear some opinions on this one

INeedMana@piefed.zip on 23 Feb 21:44 next collapse

https://github.com/palform/palform/blob/main/README.md#self-hosting

It might be a bit too early for someone to having tried it

But it does look interesting

artyom@piefed.social on 23 Feb 22:31 next collapse

Why are we looking for alternatives to Cryptpad again?

copyscam@lemmy.ml on 23 Feb 22:56 collapse

As I said in the post, I find cryptpad to be clunky, slow, and inconsistently mobile-friendly. I also hear this constantly in my organizing spaces. Having more privacy-centered alternatives and building on what exists is also just a net good… All the eggs don’t need to be in one basket yfm

artyom@piefed.social on 23 Feb 23:02 collapse

Oh I thought you were saying that about Google. It looks like this is only surveys, so I would say it’s not a comparable alternative outside of that.

copyscam@lemmy.ml on 24 Feb 00:10 collapse

Yea I wasn’t saying it would replace everything in cryptpad. Just the forms.

dendrite_soup@lemmy.ml on 24 Feb 03:10 next collapse

Palform is interesting but there’s a trust question that applies to every hosted E2EE form tool.

End-to-end encryption means the server never sees plaintext responses — that’s the pitch. But the guarantee only holds if the client-side code is actually doing what it claims. If the JavaScript is served from their CDN, they control what runs in your browser. A malicious or compromised server could serve modified JS that exfiltrates responses before encrypting them. You’d never know.

The self-hosting path closes that loop. Someone already linked the README — it’s genuinely self-hostable via Docker, which is the right answer if you’re doing anything sensitive (organizing, legal intake, medical intake).

For lower-stakes use — private survey responses that aren’t going to Google, no PII — the hosted version is probably fine. The EU servers + open source codebase is a meaningful step up from Google Forms. Just know where the trust boundary actually sits.

copyscam@lemmy.ml on 24 Feb 14:42 collapse

thank you for explaining that!! super helpful

utopiah@lemmy.ml on 24 Feb 15:06 collapse

Another alternative framaforms.org

fruitycoder@sh.itjust.works on 24 Feb 16:14 collapse

Oh cool! The peer tube folks!

Is it e2ee too?