Issues with Onlyoffice (as an alternative to e.g. collabora)
- Inicie sesión ou rexístrese para enviar comentarios
As most probably know, Onlyoffice is a an open source office suite which can function via a server.
I already have a server with a nextcloud instanse, including a collabora (another open source office suite) instanse to create and edit documents etc. within nextcloud.
Unfortunately collabora does work too well. It is slow and some features are almost clumsy. For instance tabels, which I use quite a lot.
Onlyoffie, on the other hand, seems to run much smoother and e.g. tabels funcion very well.
Within nextcloud, it is quite easy to setup an onlyoffice instanse in stead of a collabora instanse.
BUT, as illustrated by this discussion: https://forum.cryptpad.org/d/232-onlyoffice-concerns-vendor-makes-shady-moves/4, there are some concerns about the providers of onlyoffice. For me, the fact that onlyoffice's authors are Russian is of no direct concern. Many US authors produce hostile software so let's not consider the nationality itself.
But, there seems to be a concern with respect to the security and privacy which even the providers of cryptpad (basically a sandboxed version of onlyoffice) recognise, cf. the above link.
Can anyone here help to clarify the consistency or validity of these concerns?
Sorry, the way I ask reflects my lack of understanding, but I rely on readers' will to understand the concern: Are there concrete issues with privacy and security, and if so, what are they and how serious are they?
>"But, there seems to be a concern with respect to the security and privacy which even the providers of cryptpad (basically a sandboxed version of onlyoffice) recognise, cf. the above link."
I read through the cryptpad comment and then through the Collabora comparison of their product with OnlyOffice, and then to an OnlyOffice github issue link that Collabora linked to claiming that proprietary blobs are required by OnlyOffice, but I really couldn't find the problem.
From what I can see:
1. It is true that OnlyOffice has both free versions and proprietary versions, I can agree on that. If we use the free version then there shouldn't be a licensing issue, and I cannot see where anyone is claiming that there are proprietary parts of the OnlyOffice free community product.
2. Yes, it appears some (or possibly all) developers are Russian, but lots of software is worked on by Russians. If it is developed openly and is under a free license, we don't normally distinguish between country of developer origin. If you don't trust the code because of the country of developer origin, you can either a) not use it, or b) audit the code. I don't see where anyone is accusing the free software version of making unethical network connections or doing anything nefarious from my reading so far.
3. Cryptpad says that OnlyOffice is "untrusted", but that's their term for software that cryptpad sandboxes as far as I can understand. It appears to me that cryptpad is saying that they don't have enough developer hours to review a gigantic code base like OnlyOffice for cryptpad's limited purposes, and so they sandbox it, which they also do for other programs. This seems fine, and doesn't appear to reflect badly on OnlyOffice.
If I've misunderstood some of what I've read, feel free to correct me. So far, I can't see anything that would stop me from using the free version if that's something I needed (which I do not need, as I don't use online office suites, but prefer to use locally run office suites instead).
Thanks for your thorough answer. While I am not sure what the possible challenges to privacy and security could be, I suspect(ed) that it would have to do with data or telemetry being leaked or something. I guess that we will never know until a proper audit is done (and even so, why would we suspect that?).