Part 2 — Collaboration
Nextcloud: the pros and cons
For collaboration, there’s very little in the open source space that can rival Nextcloud. Nextcloud offers a boatload of features – chat, file sync, document creation via Collabora, maps, tasks, kanban boards, and a whole lot more. But one problem with Nextcloud is precisely this broadness – it can difficult to keep Nextcloud secure, fully updated, and performant with too many add-ons.
Nextcloud does a lot, but what it does well is a much smaller list. That said, it’s by far the best solution in the open source space.
I’m going to take you through a basic Nextcloud setup with their built-in Mail and Calendar apps as well as Collabora, a web-based document, presentation, and spreadsheet program. We’ll cover more advanced Nextcloud features in another post to keep things brief here.
Nextcloud has a lot of options, and we’re just going to get you set up with the basics. Install Nextcloud as you would any other app and pay close attention to the installation message.
Change your password by clicking your user icon in the top-right corner > settings > security.
Save this password somewhere safe, but for convenience, you can use your Cloudron account. Click Users, then click the pencil icon on your account, put yourself in the admin group, then click done to ensure the change is saved. You can now log out and then log in with your Cloudron account rather than the admin account: the magic of LDAP single sign-on.
Accessing your email account in Nextcloud is easy (we’re going to show you how to setup Cloudron email later, but you can check email from anywhere here). If you don’t see the mail icon in the blue bar at the top, click your profile icon, then Apps, App Bundles, scroll down to Collaboration, and install the following:
- Collabora Online
After clicking the email icon, you should see a familiar looking email client:
We’re going to talk a lot about email later, but if you have other email accounts you want to check in Nextcloud, know you can add them here under Settings.
Your calendar should appear instantly, and you can start adding events and inviting anyone you like to meetings. Nextcloud’s calendar is a bit more bare looking compared to Google Calendar, but it has most of the features you would want. For example, it includes an easy way to find a time (among people who use Nextcloud as their calendar). Add your attendees, then press “Show busy times” to find a time that works for everyone.
Mobile support can be somewhat complicated, unfortunately, and we’ll cover that in a later part of this guide, where we’ll go deeper into mobile details. If you don’t have it setup yet, just log in on the web and select “List” view.
To make boking meetings easier, look into something like Calendso.
Like Calendar, Contacts in Nextcloud are pretty straightforward. You can import contacts from other sources like Google Contacts by downloading them as a
.vcf file and then clicking
Settings > Import.
Ensure you and your users keep in mind content in Nextcloud is not encrypted.
DOCUMENTS, SPREADSHEETS, AND PRESENTATIONS
Go back to your Cloudron page and install the Collabora app. Wait for it to start, log in with your Cloudron account, and enter the address of your Nextcloud app. Mine is nextcloud.socialism.tools. You must enter the primary Nextcloud address, not a redirect.
Now open Nextcloud. Open your menu and click Settings, then Collabora Online Edition. Check “use your own server” and enter the full web address of Collabora.
Now click “Files” at the top menu bar of the screen, and then click the plus button. You should now see options for Documents, Spreadsheets, and Presentations!
The Collabora document editor
Create a test doc and open the Nextcloud document editor. As you may see, Collabora is not a perfect equivalent to Google Docs. It’s a little clunky, a little less full-featured, a little less intuitive. That being said, none of those are deal breakers and it’s easily the best open-source solution – there’s even a mobile app!
Document editing, more than chat or email, is likely to be the biggest pain point for an open-source chapter. Collabora may not offer all the features users need, and they may want to keep using Google Docs or Microsoft Word. If this is the case, and your other chapter members are OK with using these tools, you can manage that as well! It’s possible to work securely with your documents still living in Drive.
While any integration between Nextcloud and Google Docs is impossible, you can still use Office – and any other programs that store files locally – easily with Nextcloud. Download Nextcloud’s file sync utility to automatically keep files updated with the copy stored in Nextcloud. Just remember that Microsoft Office licenses cost money and may not be accessible to everyone in your chapter. (and please, do not store personal files on your work computer you don’t want your boss to see!)
There are some other players in the space worth a look. CryptPad offers an open-source file storage system and wrapper around Libreoffice with better security than Nextcloud, but has a lot of the same usability issues as Libreoffice. Skiff is a almost entirely closed-source but end-to-end encrypted facsimile of Google Docs. It’s slick and works well, but it’s new and lacking many features of competitors. It’s also backed by venture capital and isn’t open-source, but it does seem to be very well thought out and has gotten positive buzz from privacy advocates. It may fit nicely as as replacement for Collabora for documents, which are the most common document type, or as a place for more high sensitivity documents.
Google tools in an activist context
Changing document editors is one of the highest effort items in this guide. If your chapter wants to stick with Google tools, that’s fine! – You likely have a lot of opportunities to use free services more effectively and in a more secure fashion.
It’s also possible to keep the most critical part of Google — Drive, Docs, Sheets, Slides — while keeping emails, calendars, and more in Cloudron for cost or privacy reasons. But first, let’s walk through everything you can do without paying Google a penny.
making the most of free google tools
Files & ownership
One of the major challenges of any organization using Google drive — activist or not — is file ownership. Chapter leadership should create an account explicitly for the purpose of being the owner of any important documents. Set the age of the account to a number over 21 and never change the age.
Chapter leadership should be the only people with the ability to login to that account and should avoid doing so unless required (it can be difficult or impossible to tell who is making changes via the shared account). Anyone submitting content to the chapter should be instructed on how to transfer ownership to the holding account.
Whenever possible, store files in folders owned by the holding account to keep them organized. Naming schemes can also help make files easier to locate, as well as using the owner search operator (ex: owner:email@example.com) when searching in Drive.
There is a risk to storing all your data in one consumer account. Do not log into the holding account from Iran, Cuba, or other US sanctioned countries. Ideally, do not use a VPN or Tor when logging in. Have at least one backup phone number and email on the holding account. If your account gets locked out, it can be difficult to convince Google to restore it.
Periodically, use Google Takeout on the holding account to back up all critical information and store the backup somewhere securely.
Email and calendaring
Use Google Groups whenever possible for shared email inboxes rather than creating a new Google account. Make chapter leadership and the holding account Owners of critical groups – they can turn email delivery off.
For any shared calendars, have multiple users with the “make changes and manage sharing” option.
If you need to use seperate accounts for shared inboxes, treat it as if it were a holding account (see above). Use Gmail’s delegation to access the inbox instead of logging in directly.
As you’ve noticed, there’s a lot of risks with using a constellation of free accounts, but it’s not impossible to manage with some care. For smaller chapters, this can probably work just fine. For larger chapters, or chapters with some budget to work with, there’s another option.
feeding the beast
If your chapter wants top-tier collaboration and video call features and is willing to pay about $120/year per person (plus the other fees detailed above for Cloudron), you can have a nice mix of open-source security and professional-tier service.
What you’ll want is called Google Workspace Enterprise Essentials (GWEE). It will let you get the top tier security and functionality of Drive, Meet and more (but no Gmail or Google Calendar).
It’s an excellent deal that can take care of the two biggest pain points of fully open-source products in this guide — video calls and document editing. GWEE gives you critical tools like Shared Drives (no need for a holding account, and makes sharing and keeping docs long-term much easier), audit logs (you can always know who is doing what), 1TB of storage per used (shared), 150 participants per video meeting, and a lot more.
You also don’t need to contact Google sales to get it, despite what the website says – contact me for more information if you cannot find a way to purchase it.
Per dollar, this is hard to beat. As discussed above, open-source document editors just fall short in too many areas. There’s open-source video conferencing tools like Jitsi or Kopano, but they aren’t as stable or as high-quality as Meet or Zoom and require a beefy server to run. At that point it makes more sense to get a single GWEE license. This is not what some privacy-conscious comrades may recommend, because it’s of course possible for Google to be recording all your calls and handing them over to the state, or an evildoer in the company can leak intelligence to fascists.
However, there’s a few flaws in this logic for our use cases, and this is a good time to transition back to security, not just for your collaboration tools, but for all your tools.
Footnote: What about Microsoft?
Microsoft does not have a similar plan to Workspace Essentials (that I can find, their licensing is notoriously complex — see below, and this is just the footnotes on one condensed table), and the cloest to GWEE’s $10/month/user price is Basic for $5.00 (no Office desktop apps, no webinars) or Standard for $12.50/user/month. The $5 plan is compelling, but the lack of webinars means a painful gap for any chapter that wants to run an online event or EC meeting.
At the $12 price point, GWEE + Cloudron provides a stellar deal for the adventerous, and Workspace Business Standard is $12 for those willing to give up some enterprise features for email.