Office: Alternatives since Collabora introduced nagware with possibility to track users

Hi all,

I just wanted to know if there is any good option for OpenSource Online Office?
Since OnlyOffice removed their option for mobile clients (see: Bring back mobile editing for the community edition or at least a cheaper license for this 路 Issue #805 路 ONLYOFFICE/DocumentServer 路 GitHub) it seems like the majority of users moved to Collabora Code which was a great project. They made huge progress and it was working great.

Until they decided to silently introduce nagware and silently removed the option to remove the welcome screen. See: Welcome screen is displayed although it is disabled in config 路 Issue #4489 路 CollaboraOnline/online 路 GitHub
It seems like they are even requesting the welcome screen from their own servers, which would give them the possibility to track every user and instance. Not saying that this is happening right now, bit it gives me really bad vibes about this project.

It鈥檚 sad that opensource office always has to be such a pain.

Do you know any alternatives, maybe even moving away from office completely? How do you handle these topics on your nextcloud instances?

Many thanks!

5 Likes

Well obviously if you need to edit office files like odt or docx or if you work with spreadsheets you need some kind of office application. If you only use Netxloud for personal files and notes, you might get away with the built in Text app.
Another question would be whether you really need all this in your browser. If not, you could use Libere Office on your desktop instead. But then again if your rarly use the browser apps anyways, this nag screen wouldn鈥檛 be that big of an issue, wouldn鈥檛 it鈥 :wink:

We use nextcloud to coordinate a few things in a local club with ~10 Users. If it was just me I would just use libreoffice local, but editing documents online is kind of mandatory nowadays.
Even if I would just use it once a month, OpenSource Projects which turn like this just give me bad vibes. After the bad move from OnlyOffice most folks went to Collabora, started contributing, opening github issues, and over the years Collabora became a good working solution. Back than it was not really usable. And now, since its a good working solution, they change it to nagware with the possibility to even track users.

Seems like there are no real options out there, except moving back to OnlyOffice which works great, they also made a bad move with disabling mobile editing, but at least no nagware 鈥

3 Likes

@erfus @bb77

I have to strongly agree with @erfus here. When I host Nextcloud with Collabora myself, I don鈥檛 want my browser to connect to third parties like rating.collaboraonline.com. My Cloud. My defaults. I do not want this tracking in my personal cloud.

See the issue also posted above.

3 Likes

The problem with that, at least for me, is that when I use it, I use it mostly on mobile. Because when I鈥檓 at my desktop I use Libre Office :wink: But I get your point. And no there are not much real alternatives out there, if any at all鈥

On the other hand, one must also take into account that maintaining an office suite is not exactly a small task and these companies must earn money somehow. I mean if it were easy there would be tons of alternatives out there, right? After all Collabora is based on Libre Office Online and that鈥檚 completely open source. So why not just take that and maintain something similiar yourself鈥? :wink:

1 Like

Yeah the tracking part is a bad move.

1 Like

@bb77

Yes. But i only read the issue. I could not found something in the source code (only internet). Maybe someone could post details.

Yes I read it. They claim they don鈥檛 track individual users. I geuss we have to trust them with that or not use it anymore鈥 Welcome screen is displayed although it is disabled in config 路 Issue #4489 路 CollaboraOnline/online 路 GitHub As I said, I don鈥檛 like this part neither鈥

I am not a GDPR compliance expert. But an option to enable or disable it would be quite nice.

1 Like

I took a brief look at the source but I wasn鈥檛 able to find it yet.
But the Comment on github seems to be right. What I did was, I shared a document on my cloud and opened the shared document in private browser which will make the welcome screen appear.
And sure enough, in the network console of the browser debug mode there are connections to rating.collaboraonline.com:

image

//edit: It even gets worse. Since its loading the entire welcome.html and other js files, this would be a possibility to inject malware on all CODE instances if the collabora host gets compromised. This is a big no-no.

5 Likes

Thanks for the feedback; I added a comment here - Welcome screen is displayed although it is disabled in config 路 Issue #4489 路 CollaboraOnline/online 路 GitHub - and it seems reasonable to be able to disable using the remote version of this more easily in the next CODE release.

Please don鈥檛 assume that the first cut of something is its final state =)

But maybe it is not all bad that they do it this way鈥 Because we could probably just block rating.collabora.com in the browser with uBlock Origin or network wide via DNS blocker and the nag screen wouldn鈥檛 appear at all anymore鈥?

1 Like

Yes. But i disagree. That is not the right way. It鈥檚 just not right when companies install something like this. Most users don鈥檛 even recognize the problem and therefore wouldn鈥檛 use your solution.

In the end, you lose the very advantage you gained by having your own Nextcloud: The controlled vs. uncontrolled communication with third parties.

2 Likes

Yeah I agree they shouldn鈥檛 do this in the first place鈥 But the only possible soultion I see in the long term is when the Nextcloud GmbH and / or the community would develop and maintain their own office solution based on Libre Office Online. Otherwise we will always be dependent on the decisions of a third party company.

Yes. But in my opinion, this is exactly the behavior that contradicts the requirements for a Nextcloud. With a self-hosted Nextcloud under my control, I only want communication between my clients and my Nextcloud and that only via TLS due to insecure networks. Third parties or even unencrypted connections have NOTHING to do there.

Perhaps Nextcloud should consider whether it can or wants to support this type of application at all. I think NOT. But what the heck. It鈥檚 just a little uncertain :wink: Why accept these beginnings? Because you have to, like Microsoft etc.? In my opinion it contradicts my ideas of an own self-controlled cloud.

2 Likes

I agree. But we are using a third party product here. And if they decide to go this route, they can do that. You can disagree you can try to reason with them but at the end of the day it鈥檚 their product and their descission.

No but it should be declaered in the description. The Nextcloud App store should probably have a similiar system like F-Droid has and cleary tell it鈥檚 users, when an app relys on third party services, uses non FOSS components etc鈥

Because the Nextcloud GmbH doesn鈥檛 have the rescources to develop and maintain a similiar product on their own鈥 And they cannot force Collabora to remove it if they don鈥檛 want to鈥

Why was the post from mmeeks marked as 鈥淪oulution鈥? Who did this? I never marked his post as Solution since its clearly not a solution.
@mmeeks We are not assuming here, you just give us no headroom to argue that this is JUST bad. If it would have been in good interest you would have removed it immediately and listen to the community which supported your project for years. Your post is not a solution, whoever marked this as a 鈥淪olution鈥.

I have to agree with @devnull , Nextcloud should consider stepping in here. This is a huge security risk and could offset quite a few users. I hate how the collabora team tries to argue this in the Github issue, this is clearly a bad decision. They argue that they don鈥檛 want large enterprises freeload FOSS which I can completely understand and support! But their move is clearly targeting small private users, when big companies want to freeload foss they just would compile their own image (since they just changed it to a compile time option). I don鈥檛 know what the goal is here. Collabora got HUGE support from the Nextcloud Project and Nextcloud Community, and now they change it to nagware with the possibility to inject code?

I don鈥檛 trust this project anymore. It is really sad after all the good things that happend the last years. Collabora would probably still fly under the radar without the support from Nextcloud. They have clearly not learned from the mistakes OnlyOffice made. Using great Opensource Projects to boost your company and then remove features, change it to nagware, but remote injecting code is a new dimension here.

Regarding the post from @bb77 blocking rating.collaboraonline.com blocking by DNS filtering would only work in company environments, and I have to agree with collabora here, companies should just buy their licenses. Actually ublock origin in chrome blocks the nag screen by default.
But sadly this does not work for the majority of 鈥渏ust a few friends and family鈥 projects like mine. Also I don鈥檛 think that we should try to mitigate bad project decisions on the client side.

3 Likes

ummm鈥 I need to ask to clarify鈥 you鈥檙e talking about Nextcloud office here (the own brew from NC & Collabora)?

In my case I鈥檓 running Nextcloud Office + Collabora as a docker-container. But it seems to also affect the All-In-One solutions and also the own brew from Nextcloud, see this issue here: remove splash/info/survey screens 路 Issue #1902 路 nextcloud/richdocuments 路 GitHub

1 Like

So I would strongly agree to everything said here before. That contradicts the idea of NC.

1 Like