So I am the web admin for a non-profit that deals with and discusses private medical information. My country has laws around keeping this information safe which ironically I take more seriously than a lot of the public health services I personally interact with but I digress.
With all the push for increased surveillance lately and my trying to keep pushing people towards safer alternatives, the idea I've had for setting up a private forum is starting to become more important (maybe that and my yearning for the internet of old where people on the internet were people and not a high chance of being a bot). Currently the orgs main discussion is on Facebook (yep, don't get me started on that - I did not decide that, it was many years ago and I've always hated that it excluded people who don't use FB).
We have shared hosting for the website but this severely limits options. All the software that I can install on shared hosting through cpanel has resulted in ugly, difficult to use options or gotchas like not being able to make the community private (i.e. people will want to talk about their own medical situations with other group members, not the whole world).
So my next steps are to investigate what hosting infrastructure is secure and what software will best allow for a private and secure community. I was considering Discourse but this might be overkill and I don't know if posts and DMs can be encrypted, etc. Interested in suggestions for other forum or community software that is better.
I could get AWS for non-profits but it's Amazon and I don't trust them as far as I can kick them so I don't know how safe it would be to have or if encryption would help mitigate the Amazon factor.
My knowledge of these sorts of things is pretty outdated (I'm mostly just a web des).
Get a matrix server from etke.cc or a similar company. Hosting is around €25 per month and the server is mostly managed by them. You can federate it for easier admin but keep all or some of it private and by invite only. The encryption should be good enough for medical and business purposes.
Matrix is the chat and audio/video conferencing system underneath, but use the Element chat app (mobile, desktop, web) for the front end.
€25 is double with our exchange rate and our org would be pushed to afford even $10 per month. We're not a massive charity, just a small community organisation. I was looking into AWS because it would cost little to nothing with the non-profit credits.
I've had a self hosted Matrix server at home so I'm familiar with it but the format is too much towards the chat end of the communication spectrum than the forum end and we need something that's either a forum or similar in format.
Federation is an absolute no-no as we would have no control over any other servers the data federated to. And as far as I can work out, Matrix still has metadata issues. I realise going from Facebook to Matrix is still a massive leap in privacy but if people ask why it's better than Facebook, if it can't be a high level of security, it makes it harder to convince them (even though staying on FB would be worse - people have just become so normalised to FB's privacy invasion, they just don't think about or want to think about it). And despite having used Matrix for a while, I've become wary of where Element is taking things.
We could go the XMPP route but, again, we need something on the forum end of the spectrum, not something like group chat, Facebook (which makes finding previous information difficult), or Discord (same problem).
Oh!! Right. My personal solution in your situation has been to use Drupal to build the forum you want.
It has fine grained permissions, adequate security for private fora, the ability to build out groups and spaces that vary widely in access level, plus lots of features through addons, and all kinds of archival and repository possibilities.
I have used it to build courseware for university programs and it was surprisingly capable at managing users and supporting different formats of documents comments, and discussion groups.