Office: Alternatives since Collabora introduced nagware with possibility to track users

Both the Built-in Code Server and the Docker Containers from Collabora are affected.

Well… if collabora decides to introduce that into their product, I could accept it. Though I would wish to having the opportunity to turn it off (and it shouldn’t be turned on by default, too).

But if the joint venture of NC and Collabora contains the same thing it really IS against everything NC stands for. My data belongs to me. It shouldn’t be in NC Office at all.

4 Likes

Maybe the devs of the Built-in Code Server can patch it out, I’m almost sure that’s technically possible. Don’t know about the legal side of it though, maybe they aren’t allowed to change the product, when they re-distribute it… But it would certainly be welcome if they could do do that. :slight_smile:

Yes, that’s the whole issue. It was possible to remove the welcome screen using a configuration option before (it was enabled by default), and they have silently removed the option to remove the welcome screen and changed it to a compile time option without any discussion with the community whatsoever.

I completely understand that they don’t want companies to freeload, but as pointed out by many users here and in the github issue, it seems like this move is not about companies and is targeting/nagging private users.

I also feel that this is against everything nextcloud stands for and nextcloud should consider sending out a notice or temporary remove it until this is resolved. Even if we trust collabora, but if their host gets compromised there is a possibility to inject remote code into every running code instance when a User sees the screen. Thats a HUGE security risk in my opinion.

I hope that they don’t just change it to local content, they should bring back the option to disable the welcome screen, way better, disable it by default.

1 Like

Thanks for your post @bb77

Emphasis added - you’re right of course. Clearly this is an open-source project; and CODE is a development edition - it is under development, not everything that we do there is perfect at the first cut as I said:

In the iterim (as the github ticket points out) it is easy to use an older state for the meantime, and/or compile online yourself. There are some thoughts on how to better address this issue Welcome screen is displayed although it is disabled in config · Issue #4489 · CollaboraOnline/online · GitHub and little benefit in two duplicate threads.

And of course we love to get helpful feedback =) there is no need to pre-emptively despair =)

What else ? it seems obvious to me that we made a mistake here by not making it easy to disable the remote fetching of resources. That is something we can and will fix. However - it is worth noting that eg. Google Chrome, Firefox, LibreOffice all call-home to check to see if there are updates unless you configure that off in each client - so some of the suggested replacements also need configuration.

2 Likes

@mmeeks please stop trying to argue this.
The mistake was not “by not making it easy to disable the remote fetching of resources.”
The mistake was silently removing a configuration option. Bring back the configuration option - that’s the whole mistake! It would be nice if it was disabled by default (and would fit into the nextcloud concept) but at LEAST bring it back.

As you pointed out, other opensource projects do this as well, and each one you pointed out has an option to disable this, and in some of them it’s disabled by default.

2 Likes

@erfus Ok you made your point very clear.
Though I think we should put into consideration that mistakes can happen… and @mmeeks has my highest respect admitting that this was done in a wrong way and thus will be changed.

Nothing more to add here, I guess.

2 Likes

I too respect that they are admitting a mistake, and thanks for the explanations to @mmeeks but they only admit half of it.
Removing the remote content would bring back the security, and that would be great and should be first goal.

But this issue is also about introducing a nag-screen and silently removing the option to disable this. This is just not ok in my opinion, what should keep them from expanding this? As pointed out, their arguments don’t make much sense regarding large enterprises, it feels like they are tightening down on private users. I’m afraid that this could only be a beginning. There should be no reason for a “welcome” screen, I don’t know of any project which has such a welcome screen.

1 Like

I don’t know of any project which has such a welcome screen.

Ehm… Nextcloud does :wink:

Shows the first time a user logs in. I do think it’s a sane and valuable thing to have, but I also get that the Collabora one is pretty in your face in public links (we don’t do that on public links).

I’ve discussed it with Michael and he promised to do a quick change to remove the remote ping the welcome does until we’ve come up with a better solution that gives users useful info and doesn’t nag.

Please understand this was meant to be helpful, both for users AND to help Collabora get valuable user feedback. Give them some credit, they give all their code away for private use (and for lots of corporate use, too) - unlike any other online office solution.

And they have some technical limitations we don’t have - like, if they didn’t want to show it on public links, that’s not so easy as Collabora is stateless and doesn’t know much about where it is displayed. So we have to find some middle ground here that is a win-win for everyone and that is technically feasible. Give us some time to do that.

K?

7 Likes

I don’t care at all if there is a welcome screen or not or if it can be activated or deactivated. In my opinion it is part of the source code and must not be loaded from another source. This is the actual problem.

I think not that the welcome page of every Nextcloud is loaded from https://nextcloud.com :wink: I think the servers of Nextcloud GmbH are simply too bad (performance) for that :wink:

@jospoortvliet Perhaps you can communicate this to Collabora Online.

3 Likes

I agree. I think that would be a good option to only display the collabora-welcome-thing to only registered user of the nextcloud instance.
Showing it on public links/shares just seems to be unprofessional.

If it’s about making a wish, I would leave out the welcome page altogether. If you really work with the software productively, you don’t need it or it just annoys you. There is an info or help button somewhere. That should be enough for normal users.

Why has Google become so big? Because it didn’t clutter the page with unnecessary stuff. But some applications try to take users for fools. As if you don’t know how to get the information when you need it.

Good applications do not need a welcome page. :wink:

3 Likes

Well, Nextcloud allows you to disable the welcome screen. So did Collabora in the past, until they have decided to remove the option to disable the welcome screen.

I think it is time for a true community-build of Collabora Online. Since disabling this welcome screen is still a build-time option we only need to come up with a build infrastructure to create packages without this nonsense. Right now there is no fork needed, just a hoster for the builds. But who knows what kind of tracking technique they’ll force on us through the next CODE release, so it’s best if builds were in the hand of the community anyway.

Does anybody have any experience in setting up cloud builds through GitHub pipelines? As soon as we have community packages we could easily create community docker images as well.

3 Likes

by trying to hijack there software build process you achieve exactly what they want to prevent…

I always argue against split communities as one strong community is much better then 2 half-strong… Developing a full blown Office Suite is really hard job (even Collabora just adopts LibreOffice and turns it into Webservice) and community split makes it even harder (see OpenOffice vs. LibreOffice; OwnCloud vs Nextcloud) - it may result in better Software/Community but it takes ages and lot of hard work

@jospoortvliet If there is a way to work together with Collabora in a good way to stop user tracking and prevent companies from using Collabora for free I hope we can go this way…

6 Likes

As a small-business/home user I have to say that I don’t fully understand the logic of this “CODE” release. For me it is just the “free office” more or less integrated into Nextcloud. It works normally well (otherwise I would not use it), and I really don’t understand, why Collabora tries so hard to make it look like a very unstable “developement release”.

I think Collabora must have a problem with the business model (which is typically selling support contracts to bigger companies), and thats why they try this weird “CODE is so unstable and we want to nag you to buy the ‘COOL’ Version, which you can only buy when you are a big company” thing.

But it won’t be solved like this. If you need to sell more: Try to sell. Make it very easy for small companies etc. to buy the “good” version, give them something extra so that it is worth it.

In general I can say that “office on your own cloud server” was a pain in the last years, especially when coming from a perfectly working Google Docs (the paid company version). Annoying installation (compared to nextcloud), problems after every update (files don’t open, or download instead of open…), nag screens/nerdy “developement” stuff, and now even security risks with externally loaded code.

Arguably, any company that runs Nextcloud should be using the paid options. Sure, 6 euros per user and month or whatever the standard version works out to is money, but it’s not a lot of money. Not if you compare to the likes of Office 365 that’s in the double digits per month.

Using community-supported open source in a company is not a great idea. It works, but you’re not helping. Nextcloud needs money to continue, and so does Collabora. Combining Nextcloud and a paid Collabora puts pricing still below Office 365 (which it should be since Nextcloud and Collabora is absolutely a lesser solution too, it’s just under your control and not in an American datacenter.) The solution still feels more than a little wonky and hobbyist, very “open source-ey” compared to behemoths like Google and Microsoft though. Hell, with Office 365 you get things like excellent mobile apps and world-leading email solutions, all this has to be done yourself for a Nextcloud. So you really need to have a reason to separate your solution from any provider before going this route - or, you’re a hobbyist like me who enjoys this stuff.

But the CODE server (or indeed any edition) should absolutely not be calling home, for any reason. At the very least such a thing has to be an opt-in. In fact, GDPR mandates that privacy stuff of any kind is opt-in, so this may in fact violate that, but like others I’m not a GDPR expert.

3 Likes

@KimmoJ
You are totally right.

If someone is paying Microsoft Office, then simply using Nextcloud and Collabora Online is not worth it. Paying extra is always more expensive than single vendor (one product). Microsoft is using its monopoly to subsidize the cloud through Microsoft Windows 10 and Microsoft Office.

And when you’re tracked, you tell yourself you might as well use Microsoft with the better applications. GDPR ? Does not matter or is a problem of Microsoft Office and Collabora Online.

Antitrust lawsuit Nextcloud vs. Microsoft is opened

2 Likes

I would draw a distinction between what a company should do (ie pay for support for critical applications) and freeloading FOSS. FOSS does have a meaning. It loses that meaning if code is being quietly sabotaged to strong arm people into paying for something that is free and open source. Then it is no longer FOSS. The whole idea that someone can freeload something that is by definition “free” is a contradiction in terms.

This isn’t the first time one of these office suites has done something underhanded to Nextcloud users either. Some of you may recall immediately after Nextcloud finished ONLYOFFICE integration, ONLYOFFICE disabled mobile editing without letting anyone know. Pulled the tablecloth right out from under everyone.

I get that they need income. We all do. I strongly encourage my clients to maintain support contracts for any and all business critical software they use. What they’ve done here is not okay from either a FOSS or a security standpoint.

5 Likes

Yes. I fully agree with you.

In the end, Nextcloud GmbH is also a company that prefers to report on the nice things rather than the not-so-nice things on its homepage https://nextcloud.com. For me, it is important with free software that one informs honestly and transparently to all customers. And smart users will always be able to find out in the source code anyway. At Microsoft, we don’t even have that option.

1 Like

An update - we’ve crunched to build & test a set of releases: packages, docker, richdocuments-code etc. that shipped a few minutes ago. These address the tracking concern here. As a stop-gap now we serve the welcome screen locally - while we work on getting this right in future - see the ticket for more details.

I hope that calms some of the concerns.

7 Likes