Well, it’s not like other internal techical stuff. Nextcloud advertises that you have full control of your data, and some people might use it because of this.
Fair use policy - Nextcloud just states that the push notification is one infrastructure component provided by Nextcloud for free, it is not obvious why this is needed, if it can be disabled (with the consequences), what is a full list of these services, … It would be great to have a list, with some background what is required, what data are shared, …
Some people asked what is a minimum list of outgoing connectios to be allowed by a firewall to run Nextcloud (appstore, updates, etc.)… so it is not just for that purpose.
Also procedures can be reviewed on a higher level without code knowledge and deeper studies of different layers of documentation, e.g. if some encryption algorithms are not considered secure any more, or even design flows, out-dated implementations and so on.
For the majority of people, this is certainly true. And I have no doubts about the implementation and that it was done with the best intentions.
I would just clarify and document it properly. For those, who are not happy with it, they can go without the app, they can deal with the shortcomings of alternatives, they can buy a subscription for enterprise subscription or they will figure out a better solution.
Perhaps some of you missed that the Push Proxy and data it sends is documented. Please, see my comment on github:
In short, non-legal, non-lawyer reading is that neither the push proxy nor the google or apple servers get any user data, so the GDPR is not relevant here. About the wording - I also address this, I believe the wording is correct (well, the alternative is to write a book there, but instead we point to our website which I think is sufficient).
Last but not least, let me repeat my assertion that I don’t think this is a suitable discussion for the forums here. This warning won’t ever show up for a private user. You can see my rule of thumb at the comment above, but I’d argue that this is a business question that should be handled at a business level - so that there is some responsibility. I would hope that nobody that gets paid to maintain a significantly big Nextcloud instance relies for their job security and the compliance of their server on a public forum where volunteers are discussing things. Not that volunteers are not often very knowledgeable, but your boss won’t care when they get a GPDR fine. You either pay a lawyer or talk to the vendor. Anything else is just bad practice when it comes to compliance, in my humble opinion.
Thanks for your attention! We appreciate the community input here, of course. If you have concerns, please talk to us directly - you know where to find us. There will be another conference
Thanks for your time for issue and text in this thread.
You have closed the issue. But i do not like the word “unsupported” that is not true on free software. Also i do not like it on the login page. In the end it looks unprofessional e.g. at https://nc.nl.tab.digital . Maybe a user would then get ownCloud maybe without this possible misunderstanding “security” warning.
Maybe put something in the footer and use a better and correct text for all users.
“unlicensed community edition”
Because of AGPL maybe we can fork Nextcloud and can change it, or?
Yeah, I understand. But tab.digital can reach out to us - they can fix that. At least their users know this system doesn’t come with the certainty of us fixing problems.
Free Software or not, supported means the same thing. Hosting is not support. If something breaks, it has to be fixed. Support means it gets fixed, period. That is what people pay us for.
No way a 10 person hosting company could offer that. At best they can google for the problem solution - but that’s not worth paying for, you can do that yourselves. It’s sometimes a challenge for US to quickly help a customer, making sure we have somebody who knows a piece of code - and we have >50 developers doing nothing else but work on Nextcloud. It’s not the same thing.
I prefer if it is perfectly clear. Supported = Nextcloud Enterprise. Whatever breaks, we fix it. Unsupported = community, at your own risk. Even if it’s run by a competent hosting company like tab.digital.
And unlicensed is TOTALLY the wrong term. The license is the AGPL - every copy of Nextcloud is licensed just fine. But only Nextcloud Enterprise is supported. Just because you can fork it doesn’t mean you can SUPPORT it.
Ok. But then please add this text to all unsupported instances. My private Nextcloud instance is also unsupported from Nextcloud GmbH. It makes no sense at all to display this message only after a certain number of users has been reached.
I would like to emphasize again that i think Nextcloud Fair Use Policy and NGO program is good. As i wrote above differ between e.g. “enterprice edition” and “unlicensed community edition” in the footer.
The individual user (who sees the login page) does not care whether 10 or 10.000 users are managed on the instance.
This also applies to https://nc.nl.tab.digital and other servers of tab.digital. I think if i were tab.digital, i would have removed this message long ago. I think this is possible according to AGPL.
At https://drive.shadow.tech does not use the login page and there you get the message only in Nextcloud. I think that would be a good compromise if you do not want to change the footer.
At MagentaCLOUD you also do not get the message. Not on login page and not in Nextcloud. But because of https://magentacloud.de/status.php it seems to be unsupported from Nextcloud. And i think for the 3 GB free MagentaCLOUD account the support is the same than for the 8 GB free Tab.Digital account.
First, Magentacloud and Shadow Drive are running Nextcloud Enterprise. So there is no warning, their users should know they are supported. I’m not sure why it doesn’t show in the status.php, I don’t know how that part work.
Second, about not showing the warning for home users or small instances - as we’ve said many times and in many places, we work VERY hard to make sure that for small installations, Nextcloud works just great out of the box. A small, single server setup is much smaller and easier, especially if you use our AIO - you should not NEED any support. And consequently, you can’t buy any support from us for servers with <100 users. Big, commercial parties with a complicated setup benefit from our help, AND can afford to pay, helping to fund Nextcloud for everyone. Win-win.
So to show a warning to small home users would run counter to everything we try to do here.
I see you don’t like that there’s a warning on the tab.digital page. Just tell them to reach out to us. If they are a serious company, I am sure we can work something out.
EDIT I hope you won’t mind if I fail to reply going forward, I have a ton on my plate and I think I’ve answered the questions. We can agree to disagree, if you prefer.
So I requested a switch for exactly mobile push notifications. I needed less than 10 lines of code to implement it. It’s really no big deal. All other push notifications (desktop client, browser) will still work.
We can discuss this further until Christmas: According to our understanding of the GDPR, we most likely need a commissioned data processing agreement to use the proxy, but definitely we need to make its use transparent in our privacy policy. Which would seem quite silly at the moment, because it is mentioned contradictorily in the privacy policy on nextcloud.com.
I implemented the switch for push notifications to mobile devices myself as documented in the request. According to GNU AGPLv3 I now have to publish this change myself under this license. This will not be a problem and I will clarify the best way to do this with our management next week.
I have (currently) no more need for action with deactivated use of your proxy.
We will soon ask for a support contract either way, because our Nextcloud instances are mission critical, but that doesn’t change the fact that we can’t - must not - use the push notifications to mobile devices in the current situation.
You are not willing to discuss and feel you time and effort is more valuable then our as it was requested at the beginning of this thread:
I’m sorry I fully disagree with this statement and I don’t feel you provided an answer. You even created many more questions. One more time you show don’t understand and not willing to hear what is important for the community.
Your “supported” definition is absolutely wrong! It shows absolute misunderstanding of the term “supported” which commonly used as “actively maintained” (by the vendor/project). It further shows completely wrong view on the idea of open source. There is no discussion about your right to charge customers for services you run (free beer vs free speech) but there must be a choice. While I disagree GDPR is a reason to avoid Nextcloud notification server I feel this is unfair to force people even large organizations to pay for something they didn’t choose themself. and it’s absolutely unacceptable to do it in a way you make all users think their data is in danger because the system is “unsupported”. Multiple ways have been discussed how such warning could be implemented in a right way addressing only admins who have the power to address the problem in one or another way.
Really appreciate you support the project and give back to the community. I’m still under impression you are doing this for the wrong reason but this is an advantage of OSS - you can adopt it to your own needs.
PS: don’t forget to disable mail notifications as well - from the privacy point of view they are far more dangerous…
I will reach out as well, I looked into it and they are a partner - so all this seems a configuration setting on their side (!!!) or some misunderstanding somewhere.
No, there is actually a word for that: “maintained”. The software is maintained. Support is the thing you get from support staff answering your mail and helping you with problems. It requires people doing work for you - generally, it works like this:
Home user helping other home user - nobody gets paid, it’s volunteer work.
enterprise support staff helping an enterprise user - both get paid for their work because the enterprise pays the vendor.
So supported requires a contract, payment, at least in most cases. Of course, with proprietary software, that is generally implied (you don’t get it without paying and a license agreement) so the term ‘maintained’ and ‘supported’ in practice nearly mean the same. That is not the case for open source, where you have no contract unless you actually get one - and thus, the confusion. Especially as home users kind’a provide ‘free support’ to each other.
I’ve changed the page you link to to fix that, as we are not helping the confusion by confusing the terms ourselves…
@jospoortvliet
Maybe in english the users can differ between “maintained” and “supported”. In german not. And also the translation to german is bad and not complete.
At https://nc.nl.tab.digital:
“Diese Community-Version von Nextcloud wird nicht unterstützt und (Push-)Benachrichtigungen sind nur begrenzt verfügbar.”
“nicht unterstützt”: from Nextcloud GmbH or Tab.Digital?
“unsuppported”: from Nextcloud GmbH or Tab.Digital?
Maybe everything is right. But the message is simply unprofessional. I have never seen such a thing with any software. At least the push notifications could be pointed out within Nextcloud and not on the home page.
Another example:
“In this Nextcloud installation you do not get Nextcloud Office and Nextcloud Talk”
Why this is not pointed out in some Nextcloud instances at the login page?
Maybe all functions and apps can be listed on the Nextcloud login page.
Maybe someone can post a few lines to modify the AGPL code. Thanks.
But changing one word in one document doesn’t change the common understanding of the term “supported version” as a version receiving (security) updates. This term is used in multiple other docs and tools as well, one more example:
No it does not. In general FOSS software receive support and have “supported versions” without signing a contract. This support model is different from what you are talking about as it based on best effort and results in no guarantees but this is a different discussion.
this hits the nail - “no support contract with Nextcloud GmbH” doesn’t mean the instance doesn’t receive (professional) support from somebody else. btw: clear hint about this limitation is related to Nextcloud GmbH is missing in the error message. Nextcloud Community definitely supports everybody please don’t forget the company is only one part of the project! “Community-Version von Nextcloud” has again nothing to do with support contract.
What you are trying to say there is the instance is not allowed to send many notifications using “Nextcloud GmbH push server” - why don’t you just correct the message? and adjust it to admins as the right audience rather harassing regular users?
Just as suggestion: you may add subscription key for mobile notification API. this would address all issues at once:
API key ordered by an admin results in informed decision to use the service (terms of service etc…)
small instances can use the service if each API key comes with little free consumption amount
people struggling with privacy just don’t request the key and don’t use push server
bigger instances who do not to sign enterprise contract (for whatever reason) can pay for the notification service only and support your business
@jospoortvliet I think fixing the issue is better way forward rather trying to argue away the problem by using strange word acrobatics.
Just few numbers - “supported version” is far more common:
Look, none of this is relevant for home users. Only for enterprise users. And they should just contact us and get it resolved. We’re talking about a tiny number of servers, given any server up to 500 users doesn’t get a warning… And most larger server administrators have long ago been smart enough to get a subscription, so they, too, will never see it. As said, I really don’t want to go write a book there. Those few business folks who didn’t get a subscription can click the link and find out what it means. They get paid to deal with issues by their boss so I’m sure they can take the time to read up. The rest of us can go on with our lives.
Here my solutions. I hate the message on the login page. It is free software and AGPL. I think i can change it on my own if Nextcloud GmbH does not want to change the text for me.
"This community release of Nextcloud is unsupported and push notifications are limited." : "Diese Community-Version von Nextcloud wird nicht unterstützt und (Push-)Benachrichtigungen sind nur begrenzt verfügbar.",
“This community release of Nextcloud is unsupported and push notifications are limited.” : “This community release of Nextcloud is unsupported and push notifications are limited.”,
or (ok that is more bad and not my goal maybe illegal)
2.) Negate the if (!$…) to if ($…)
core/Controller/LoginController.php
$loginMessages = $this->session->get('loginMessages');
if (!$this->manager->isFairUseOfFreePushService()) {
if (!is_array($loginMessages)) {
$loginMessages = [[], []];
}
$loginMessages[1][] = $this->l10n->t('This community release of Nextcloud is unsupported and push notifications are limited.');
}
I think it is also ok if you only change it for login page and not for push notifications itself.
The solution 1.) with the new text “Nextcloud Community Edition” is not nice. Look this screenshot. Move the text to another place e.g. footer of the login page. Thanks.
Again:
My problem is the text, the text position and not the function. Look again e.g. at https://nc.nl.tab.digital . It is so ugly. No wonder everyone uses Microsoft 365 without this stupid messages at that position on every login page.
Info:
I only have small Nextcloud instances where the issue does not apply at all. I am basically concerned about the problem.
If the message only bothers you visually you should be able to hide it via custom CSS. I’m not a web designer or web developer, and I have little to no knowledge of HTML and CSS. So I don’t know if this would be the proper way to do it, but I played around a bit and managed to get rid of the message relatively easily by adding class="hidden-visullaly" to the respective element:
However, I generally agree with @jospoortvliet here, and I think that organizations with >500 users should buy a subscription.
Also, I feel rather less sympathetic towards larger organizations without subscription, especially if they come here and expect the forum members to fix their instances, or their GitHub issues to get prioritized etc…
I would like to remind you once again of my contribution from a few months ago.
To put it very clearly once again. I think the Nextcloud Fair Use Policy and NGO program is good. However, I find the presentation on the login page poor. This applies to the text and text position. Unfortunately my issue was closed. Maybe a programmer can take a look at how crappy it looks and asks a user if he understands the text. Thanks. And now you may lock this thread.
I also got this information about unsupported version. I have to admit it is very confusing at first occurrence. I get this should be applied to limit od 500+ users. However I have 10 users and 30 GB of data and also getting this information. To be more absurd I don’t use any kind of push notification as there are completely useless in my case. I disable all notification that can be disabled and I don’t need any extra support.
Thanks for info how to hide a message, but in long term, updates will overwrite that for sure so manaul control or script.
