Arguably, any company that runs Nextcloud should be using the paid options. Sure, 6 euros per user and month or whatever the standard version works out to is money, but itās not a lot of money. Not if you compare to the likes of Office 365 thatās in the double digits per month.
Using community-supported open source in a company is not a great idea. It works, but youāre not helping. Nextcloud needs money to continue, and so does Collabora. Combining Nextcloud and a paid Collabora puts pricing still below Office 365 (which it should be since Nextcloud and Collabora is absolutely a lesser solution too, itās just under your control and not in an American datacenter.) The solution still feels more than a little wonky and hobbyist, very āopen source-eyā compared to behemoths like Google and Microsoft though. Hell, with Office 365 you get things like excellent mobile apps and world-leading email solutions, all this has to be done yourself for a Nextcloud. So you really need to have a reason to separate your solution from any provider before going this route - or, youāre a hobbyist like me who enjoys this stuff.
But the CODE server (or indeed any edition) should absolutely not be calling home, for any reason. At the very least such a thing has to be an opt-in. In fact, GDPR mandates that privacy stuff of any kind is opt-in, so this may in fact violate that, but like others Iām not a GDPR expert.
If someone is paying Microsoft Office, then simply using Nextcloud and Collabora Online is not worth it. Paying extra is always more expensive than single vendor (one product). Microsoft is using its monopoly to subsidize the cloud through Microsoft Windows 10 and Microsoft Office.
And when youāre tracked, you tell yourself you might as well use Microsoft with the better applications. GDPR ? Does not matter or is a problem of Microsoft Office and Collabora Online.
I would draw a distinction between what a company should do (ie pay for support for critical applications) and freeloading FOSS. FOSS does have a meaning. It loses that meaning if code is being quietly sabotaged to strong arm people into paying for something that is free and open source. Then it is no longer FOSS. The whole idea that someone can freeload something that is by definition āfreeā is a contradiction in terms.
This isnāt the first time one of these office suites has done something underhanded to Nextcloud users either. Some of you may recall immediately after Nextcloud finished ONLYOFFICE integration, ONLYOFFICE disabled mobile editing without letting anyone know. Pulled the tablecloth right out from under everyone.
I get that they need income. We all do. I strongly encourage my clients to maintain support contracts for any and all business critical software they use. What theyāve done here is not okay from either a FOSS or a security standpoint.
In the end, Nextcloud GmbH is also a company that prefers to report on the nice things rather than the not-so-nice things on its homepage https://nextcloud.com. For me, it is important with free software that one informs honestly and transparently to all customers. And smart users will always be able to find out in the source code anyway. At Microsoft, we donāt even have that option.
An update - weāve crunched to build & test a set of releases: packages, docker, richdocuments-code etc. that shipped a few minutes ago. These address the tracking concern here. As a stop-gap now we serve the welcome screen locally - while we work on getting this right in future - see the ticket for more details.
I never used Collabora since the statment that it is a development version scared me off. This is beta testing par excellence.
Since Nextcloud Office uses CODE too there is no difference.
Since mobile editing is important for me too I used this hack for OnlyOffice and I am happy with it.
Both companies introduced limitations and I am not happy with it either but at least I did not see anything like sideloading or home-calling in OnlyOffice. After reading this thread this gives OnlyOffice a big plus.
We are talking about two diffrent issues here. This issue you linked is mainly about the fact that there is a welcome screen at all, regardless of whether it is loaded locally or not. This might be annoying to some but at least to me itās not a deal breaker. What is a deal breaker though, is that uBlock Origin still shows me a connection to rating.collabora.com when I open documents in Nextcloud Office. This has to go away completely imho, at least in the ābuilt-inā server. The Docker container provided by Collabora is of course another story but I would recommend them to remove it there as wellā¦
Collabora Online - Built-in CODE Server 21.11.402
Nextcloud Office 6.0.0
@bb77
Hi. @erfus posted this screenshot. Because of the names of the files i thought the āwelcome pageā is loaded also from rating.collaboraonline.com .
Can you @bb77 post again your screenshot (network analysis) and the issue or link?
Iām not sure from where the welcome screen is loaded. It didnāt appear since I upgraded to NC24 on my test instanceā¦ But Iām still seeing this:
EDIT:
I totally forgot that I blocked it in Pi-Hole when this discussion startedā¦ Thatās probably the reason why it shows 0 bytes data transfer and why the welcome screen doesnāt appear for me anymoreā¦ Of course blocking it with browser add-ons or via local DNS is not a good solution at allā¦
Thank you for the screenshot.
Yes i think it makes not sense to use āupdatecheck.htmlā from rating.collaboraonline.com in the Nextcloud-version of Collabora Online.
For me that would be a NO-GO too. It is good that there are two options for Office in nextcloud so I hope that this issue will be solved too.
Similare to the Passwords App where the server fetches it. (Link unlinked)
https ://help.nextcloud.com/t/passwords-app-uses-third-party-connection-raw-githubusercontent-com-is-that-really-necessary/95788
Luckily, the dev changed that for good.
I wrote a new comment in the issue. Maybe someone must open another issue for āUpdateCheckā Collabora Online in Nextcloud. It cannot be that Collabora Online in Nextcloud has to determine on Collaboraās servers whether the version is up to date or not. Nextcloud has its own appstore for this purpose.
This sounds good. Which then of course should be the default for the Nextcloud app. Because as you pointed out earlier, we donāt need a separate update check there.
There is a relevant welcome message compile-time option. How hard would it be to maintain a fork where the only change is to disable the welcome message? It could be a very lightweight fork that keeps abreast of upstream CollaboraOnline/online code.
The difficult part of the fork would be devops (build, test, packaging releases) and re-branding (assuming that is necessary). The build looks rather complex.
To any would-be fork enthusiasts: I think we should consider that if Collabora is committed to gathering usage data by āphoning homeā (and letās be honest: itās their business and their call to do so, lots of FOSS phones home, and phoning home from FOSS is generally done in good faith), that some kind of phone-home will always be included in the upstream code. Hereās another example of what Iād call a āgood-faith phone homeā (thereās a good reason for it and the maintainers seem trustworthy). The difference with that example is the option is available at runtime.
For what itās worth, I decided to DNS-block rating.collaboraonline.com.
@mmeeks : Thank you for engaging so thoroughly with the community on this! I sincerely appreciate your time. Thank you for suggesting workarounds and being so kind and patient with us. But I feel like you are carefully side-stepping a theme that just keeps on surfacing: nobody wants the welcome message. Am I right? Iām curious if you would ask or have asked your users: āhey yāall: about our welcome messageā¦ thumbs up or down?ā. All the user feedback Iām seeing in this thread and on the CollaboraOnline/online#4489 github issue is that the welcome message is not wanted. If the survey were to have two questions, perhaps the second is āwould you like a runtime option to disable the welcome message?ā
Of course blocking it with browser add-ons or via local DNS is not a good solution at allā¦