Open source alternatives to Slack, Google Drive and Google Docs
So I recently started working at a company that uses Slack (free tier), Google Drive and Google Docs. Being a privacy conscious person I decided to do some research to see if we could transition out of at least 1 of these tools.
For Slack I thought about Element. However I have a question: is it possible to create a closed channel (meaning no unauthorized person has access to or can discover the company chat) on Element with only the free tier (it's easier to convince my boss to transition if it doesn't add to the cost structure)?
For Google Drive I don't think there are other free options that offer the 15GB of storage we have. 10GB would probably be enough. But I am also open to paid solutions.
I found out about CryptPad. They offer cloud storage but one has to pay to be at the same level of Google (which is totally understandable). They also have productivity tools integrated with the storage solution which is great.
Maybe there is some cloud storage solution that doesn't have integrated productivity tools and offers more storage. I would like to know.
I'm open to suggestions and thoughts. My functions at the company have little to do with all this, I am just interested in open source and privacy. EDIT: I am not interested in self-hosting.
Be careful. You might end up being responsible for this new system. As much as I like FOSS I’d never try to replace such core products at work.
Yeah that is something I am taking into account. That is why I prefer simple alternatives than going overboard with self-hosting, combining softwares, etc.
Zulip is usually the one suggested as a FLOSS alternative to Slack. If your needs are modest, self-hosted XMPP or even IRC could do the trick.
For cloud stuff, I recommend Nextcloud, but it may not meet your needs if you need many features of Google Docs. I've never tried it (yet), but Nextcloud + Collabora seems to claim to offer a Google-Docs-like experience.
Cost-wise, you can throw Nextcloud on a VPS of your choice. For example, Linode offers 80 GB storage at 20 USD monthly, then just +1 USD monthly for additional 10 GB increments of storage. That's what I set up for a client of mine.
I've liked nextcloud so far, but have had trouble getting collabora up and running.
Anybody know of a good setup guide, ideally using docker-compose and traefik?
I've had similar issues with getting collabora to run too
Most closed group channels on Matrix servers (Element is the client)(*) I've used have been on self-hosted servers: they're not very hard to set up, and are, I think, imagined as the default. The federation system means that you don't have the problems with accounts that Slack, for example, has: with your self-hosted server, if you want to invite an outside person to a room, you can do so seamlessly.
However, there should be no problem with having a room closed on matrix.org: the default is a private room that isn't discoverable or accessible by anyone who isn't invited. If end-to-end encryption is on (also the default now), it also isn't readable or accessible to the server itself: it's only readable to the clients of the people in the room. It's actually not entirely clear to me what the business model of Element is supposed to be, as their paid hosting appears to offer very little beyond matrix.org: they argue that they have 'better performance', but for even for a self-hosted group server near me on a large machine, I just use my matrix.org account to communicate with the group because it doesn't seem to be significantly slower.
If anything, the problems people have with Matrix are often the opposite: the security and privacy is real and strict, so many of the ways of fixing things when users have problems aren't there. If users lose their security key and their client's data, for example, you can't do anything on the server side, for example, to recover message histories for them, even with a self-hosted server: if everyone in a room has that happen, then the data is actually gone.
(*) Actually, looking at their paid plans, I suppose I should clarify: New Vector, the company behind matrix.org, specializes in developing chat systems and horribly confusing and complex naming schemes. They are apparently now calling their paid server plans "Element", though that's not the name of the server they use (Synapse) or the protocol itself (Matrix), but is the name of a web client, though that was formerly Riot. The horribly confusing and evolving naming scheme has been one of the largest barriers to my trying to get people to take Matrix seriously.
If you (and your company) are motivated enough, self-hosted is the way to go.
I host my own private Matrix server, and my own Nextcloud server, both just for friends/family, and closed to the rest of the world.
But there's a big trade-off in convenience, and probably reliability. And while these things are nominally free, they will cost your company time for someone to learn to use, maintain, and periodically, troubleshoot them.
I also work at a small company that tries to lean towards FOSS options whenever feasible, and we have had this exact discussion.
To date, we still use Slack, Google Drive, and Google Docs.
Could you elaborate on why you ended up deciding to stick with the big companies?
Well, I didn't ... my company did. But, nutshell reason was reliability first (five 9s uptime and--probably--better security than anything we could do), and convenience second.
Sorry for replying again to your post and more than 2 weeks since I've made the OP. I have a question, many people talk about self-hosting and I always wonder what that means exactly. They have a separate computer that runs software? Does the computer need to be powerful?
@Contentus Self-hosting is the undertaking of the responsibility and management of a web service yourself. I like to point to definitions such as on wikipedia [https://en.wikipedia.org/wiki/Self-hosting_(web_services)]...But the gist is: instead of relying on someone else to manage a system for your use/benefit, with the self-hosting model, instead you are the admin of said service. Many reasons that people do this include: privacy concerns; sovereignty of one's data/web presence; desiring to learn the tech that the big entities like Google employ; sometimes only for fun (because they can); etc. One example: maybe someone does not like/trust Google...so instead of using Gmail, they setup a server and begin to manage their own email server (attached to their own domain name, etc.). This cincept of self-hosting has existed for a couple of decades now, but happens to increase in popularity now more so because there's an increase in privacy concerns (related to web services run by big entities) as well as far more availability of system software (thankfully, lots more open source software available for use)...plus, costs are much less nowadays for renting small scale servers that fit perfectly for self-hosting (managing one's own system) for the benefit of, say, one's small family, etc.
Some say that self-hosting helps to keep costs at bay, and for some services that might be true, but there is always a cost of time/attention...because someone is always managing a system - either another entity or (in the case of self-hosting) you. There's tons more to understand about self-hosting, but i hope this gives you an infinitesimally small idea about it. I'm biased in favor of self-hosting, but even i understand that it isn't for everyone. And even if it might get to the point of being super easy, everyone's life/family priorities differ...so i don't fault anyone who chooses not to self-host. Hey, life can be like a party; if you want to only attend the party, that's cool...orif you want to play host for a party, that's cool too - no harm either way! :-)
I think that might be over-complicating things for what @Contentus was asking. "Self-hosting" simply refers to running an application's server software on your own system, instead of relying on a third-party to run it. Most self-hosted software doesn't need super beefy hardware either, so you can typically just run it on your ordinary laptop or desktop and it generally shouldn't have much noticeable impact on its performance.
E.g. I "self-host" PLEX on my desktop, have left it running 24/7 for years, and have never noticed any significant performance impact (other than my available bandwidth dipping) despite 5-10 people regularly watching movies/shows via it.
Yeah, i see your point! I was thinking with the context of an always-on, server somewhere available through the greater internet (up in "the cloud" as others often state)...but, agreed, that self-hosting software could absolutely simply be as you noted "just run it on your ordinary laptop or desktop".
You could try Rocket as a Slack alternative
https://rocket.chat/
Rocket chat is almost precisely a FOSS Slack clone. You could easily mistake it for Slack-with-a-different-color-scheme. If your group is already comfortable with Slack, a transition to Rocket will be very easy.
These seem a little opposed. Could you talk about your stance in a little more detail?
One of the reasons I self host as much as I can as it minimizes the privacy footprint: I limit my trust circle to a VPS provider, my ISP, and intermediary infrastructure providers. If I let a random third party manage the software and data store through which my private data flows, I have to trust them, too -- but they are in a much better position to zero in on said private data.
They're not exactly diametrically opposed. While self-hosting is almost certainly the best option, there's also numerous improvements one can do.
One good first step is to remove your dependence on the biggest companies as much as you can. Google, Amazon, and Microsoft being the absolute worst offenders... but doing anything that puts all your eggs in one basket risks privacy problems going forward. That's how I got in so deep with Google. Apple might be a good choice now, but their ecosystem is tightly controlled, so if that ever changes, it'll be very hard if you rely on them for everything.
So on any given platform, try to go third party instead of first party, even if you're not self-hosting those things.
In a workplace especially, it can be hard to convince managers that paying a miniscule amount per user is worth it to move off a free offering. And many workplaces I've seen go all-in on vendor-hosted solutions, regardless of cost-effectiveness. There, typically the best you can hope for is not-worst solutions. Especially since employers go bonkers for analytics and spyware for their employees.
This is going to be semi-unhelpful at best, but I've had my eye on https://sandstorm.io/ for some time - the underlying tech looks very solid (the guy who wrote Google's protocol buffers made a better version specifically for it, for example) and the functionality is exactly what you're asking for.
That said, I've been meaning to make the move myself for the better part of six months and inertia has won out thus far, so I can't vouch for it yet.
Slack and Google are in a much better position to preserve your privacy in practice than most other providers. You just have to be on a paid plan.
For google, Google Workspace is an enterprise solution. Governments, hospitals, financial institutions all use it. It's not expensive either, Workspace is like 6-12 bucks a month if you're solo on your plan. Oh and for that price you get things like customer support etc that free google accounts don't get. All that applies to slack as well.
Those unknown providers that sell themselves as privacy friendly never have concretely proven they can do better. Take Mega for example. Sure, they do e2ee, but there's far more chances they have a backdoor somewhere than Google Drive, which doesn't do e2ee but has, on workspace plans, a lot of legal guarantees and enough important entities trusting it that if they were to break that trust, even for a small client, that they would be risking billions of dollars.
I am no expert but if we are talking about an open source solution, how could there be a backdoor? Or more precisely, how likely is that, vs a closed source solution?
Also, since the backbone of companies like Slack and Google are to harvest data and sell it, I honestly don't trust them not to do it even with paid clients. Why wouldn't they?
If you're not self hosting, you can't be sure the code they show is the code being run.
And even if it is, backdoors can be hidden pretty well.
Because it's completely illegal, they'd get sued for billions of dollars and lose before they can even hope to gain a cent of profit from what they do.
Also, Google may be an ad company but Slack is not. Enterprise customers are where they get all their money.
I hear you on the backdoor point but I'm not convinced. You even have people doing code audits on open source software
Are you sure it's illegal to sell data if the costumer is paying? I don't see why it would be. It's just another way of making money.
Of course I don't like it but if I had to guess it's more about their contracts rather than the law saying they can't.
It's illegal for multiple reasons.
First, consider that the data isn't just one random person's data but, for those accounts, usually proprietary company data. Google does not own that data. At all. They can barely even look at it for debugging or support purposes without going through explicit approval.
Second, to really answer the question you need to understand what is legal about "selling data" in the first place. What do you think Google is doing when they are "selling your data"? Who is the buyer, what is the product, how is the product created, who owns the product, why do they own it?
These are all rhetorical questions but i would like to see if you are able to answer them without looking it up. Challenge your perception of the world and how it works.
Sorry for the reply more than 2 weeks later.
From what I understand a company like Google aggregates a bunch of data they obtain from their products, make a person's profile and then sell the ability to better target ads/features/etc to different kinds of companies. I think there are middlemen between Google and the client's but that's how I think things work.
I think I now better understand the distinction you are making between free and paid users. Paid users are usually companies so let's assume they are keeping IP in the paid platform. I think it's a crime to sell said IP without permission from the owner. Is that where you are trying to get?
Somewhat. Nearly everything you put on Google Workspace (emails you send, files you upload on Drive, documents on Docs etc) is company property. Google can't know what isn't, so it doesn't make the distinction.
Here is the agreement, with the relevant paragraph highlighted:
https://workspace.google.com/terms/premier_terms.html#:~:text=As%20between%20the%20parties%2C%20Customer,Property%20Rights%20in%20the%20Services.
Also relevant:
I recommend giving the full document a read, if you can (even just for educational purposes). It's the legal framework that allows a relationship between a company and google, where the company will create and store IP on Google's server, in a way that is readable and accessible by Google easily on a technical level and thus where the company has to have assurance Google won't abuse that power.
For Slack:
For Google Doc:
For Google Drive:
If your business is not interested in self-hosting, at this point you should value security over privacy and stick with Slack and Google. Industry leaders will have more stringent operating procedures than smaller underdogs.
This looks great...but I can't seem to find the Android app. Is anybody else seeing this?
Bit late to the discussion and did some digging, mobile apps are "coming soon" according to one page. I get the impression it is still very much early days for this software suite.
I've been struggling myself with the same question for my small company and I ended up* with a semi self-hosted alternative:
I rented a server in Hezner and I'm paying Cloudron to manage all of this flawlessly. Not a techie myself. I hope that helps.
If you're using GSuite your data isn't collected / scanned / etc like the freebie version.
How does one know? I'm not trying to be defiant. I honestly just want to know.
There is no way to prove it as a customer, if that is what you are asking. But one knows, the same way I know the queen of England isn't sleeping with my ex.
I can't truly prove it, and i frankly don't have the tools to know where they both are at all times, it's just unthinkably unlikely, for many reasons, starting with a lack of incentives on both sides of the equation.
The guys of Discourse came up with something similar to Slack with Discourse Teams:
https://teams.discourse.com/