Office: Alternatives since Collabora introduced nagware with possibility to track users

The problem with that, at least for me, is that when I use it, I use it mostly on mobile. Because when I’m at my desktop I use Libre Office :wink: But I get your point. And no there are not much real alternatives out there, if any at all…

On the other hand, one must also take into account that maintaining an office suite is not exactly a small task and these companies must earn money somehow. I mean if it were easy there would be tons of alternatives out there, right? After all Collabora is based on Libre Office Online and that’s completely open source. So why not just take that and maintain something similiar yourself…? :wink:

1 Like

Yeah the tracking part is a bad move.

1 Like


Yes. But i only read the issue. I could not found something in the source code (only internet). Maybe someone could post details.

Yes I read it. They claim they don’t track individual users. I geuss we have to trust them with that or not use it anymore… Welcome screen is displayed although it is disabled in config · Issue #4489 · CollaboraOnline/online · GitHub As I said, I don’t like this part neither…

I am not a GDPR compliance expert. But an option to enable or disable it would be quite nice.

1 Like

I took a brief look at the source but I wasn’t able to find it yet.
But the Comment on github seems to be right. What I did was, I shared a document on my cloud and opened the shared document in private browser which will make the welcome screen appear.
And sure enough, in the network console of the browser debug mode there are connections to


//edit: It even gets worse. Since its loading the entire welcome.html and other js files, this would be a possibility to inject malware on all CODE instances if the collabora host gets compromised. This is a big no-no.


Thanks for the feedback; I added a comment here - Welcome screen is displayed although it is disabled in config · Issue #4489 · CollaboraOnline/online · GitHub - and it seems reasonable to be able to disable using the remote version of this more easily in the next CODE release.

Please don’t assume that the first cut of something is its final state =)

But maybe it is not all bad that they do it this way… Because we could probably just block in the browser with uBlock Origin or network wide via DNS blocker and the nag screen wouldn’t appear at all anymore…?

1 Like

Yes. But i disagree. That is not the right way. It’s just not right when companies install something like this. Most users don’t even recognize the problem and therefore wouldn’t use your solution.

In the end, you lose the very advantage you gained by having your own Nextcloud: The controlled vs. uncontrolled communication with third parties.


Yeah I agree they shouldn’t do this in the first place… But the only possible soultion I see in the long term is when the Nextcloud GmbH and / or the community would develop and maintain their own office solution based on Libre Office Online. Otherwise we will always be dependent on the decisions of a third party company.

Yes. But in my opinion, this is exactly the behavior that contradicts the requirements for a Nextcloud. With a self-hosted Nextcloud under my control, I only want communication between my clients and my Nextcloud and that only via TLS due to insecure networks. Third parties or even unencrypted connections have NOTHING to do there.

Perhaps Nextcloud should consider whether it can or wants to support this type of application at all. I think NOT. But what the heck. It’s just a little uncertain :wink: Why accept these beginnings? Because you have to, like Microsoft etc.? In my opinion it contradicts my ideas of an own self-controlled cloud.


I agree. But we are using a third party product here. And if they decide to go this route, they can do that. You can disagree you can try to reason with them but at the end of the day it’s their product and their descission.

No but it should be declaered in the description. The Nextcloud App store should probably have a similiar system like F-Droid has and cleary tell it’s users, when an app relys on third party services, uses non FOSS components etc…

Because the Nextcloud GmbH doesn’t have the rescources to develop and maintain a similiar product on their own… And they cannot force Collabora to remove it if they don’t want to…

Why was the post from mmeeks marked as “Soulution”? Who did this? I never marked his post as Solution since its clearly not a solution.
@mmeeks We are not assuming here, you just give us no headroom to argue that this is JUST bad. If it would have been in good interest you would have removed it immediately and listen to the community which supported your project for years. Your post is not a solution, whoever marked this as a “Solution”.

I have to agree with @devnull , Nextcloud should consider stepping in here. This is a huge security risk and could offset quite a few users. I hate how the collabora team tries to argue this in the Github issue, this is clearly a bad decision. They argue that they don’t want large enterprises freeload FOSS which I can completely understand and support! But their move is clearly targeting small private users, when big companies want to freeload foss they just would compile their own image (since they just changed it to a compile time option). I don’t know what the goal is here. Collabora got HUGE support from the Nextcloud Project and Nextcloud Community, and now they change it to nagware with the possibility to inject code?

I don’t trust this project anymore. It is really sad after all the good things that happend the last years. Collabora would probably still fly under the radar without the support from Nextcloud. They have clearly not learned from the mistakes OnlyOffice made. Using great Opensource Projects to boost your company and then remove features, change it to nagware, but remote injecting code is a new dimension here.

Regarding the post from @bb77 blocking blocking by DNS filtering would only work in company environments, and I have to agree with collabora here, companies should just buy their licenses. Actually ublock origin in chrome blocks the nag screen by default.
But sadly this does not work for the majority of “just a few friends and family” projects like mine. Also I don’t think that we should try to mitigate bad project decisions on the client side.


ummm… I need to ask to clarify… you’re talking about Nextcloud office here (the own brew from NC & Collabora)?

In my case I’m running Nextcloud Office + Collabora as a docker-container. But it seems to also affect the All-In-One solutions and also the own brew from Nextcloud, see this issue here: remove splash/info/survey screens · Issue #1902 · nextcloud/richdocuments · GitHub

1 Like

So I would strongly agree to everything said here before. That contradicts the idea of NC.

1 Like

Both the Built-in Code Server and the Docker Containers from Collabora are affected.

Well… if collabora decides to introduce that into their product, I could accept it. Though I would wish to having the opportunity to turn it off (and it shouldn’t be turned on by default, too).

But if the joint venture of NC and Collabora contains the same thing it really IS against everything NC stands for. My data belongs to me. It shouldn’t be in NC Office at all.


Maybe the devs of the Built-in Code Server can patch it out, I’m almost sure that’s technically possible. Don’t know about the legal side of it though, maybe they aren’t allowed to change the product, when they re-distribute it… But it would certainly be welcome if they could do do that. :slight_smile:

Yes, that’s the whole issue. It was possible to remove the welcome screen using a configuration option before (it was enabled by default), and they have silently removed the option to remove the welcome screen and changed it to a compile time option without any discussion with the community whatsoever.

I completely understand that they don’t want companies to freeload, but as pointed out by many users here and in the github issue, it seems like this move is not about companies and is targeting/nagging private users.

I also feel that this is against everything nextcloud stands for and nextcloud should consider sending out a notice or temporary remove it until this is resolved. Even if we trust collabora, but if their host gets compromised there is a possibility to inject remote code into every running code instance when a User sees the screen. Thats a HUGE security risk in my opinion.

I hope that they don’t just change it to local content, they should bring back the option to disable the welcome screen, way better, disable it by default.

1 Like