This is a follow up to a GitHub issue
https://github.com/cryptpad/cryptpad/issues/586
Especially, but not only, to my post in that issue.
Context
The CryptPad editor apps for text documents, presentations and spreadsheets are based on OnlyOffice (Wikipedia).
See also:
https://blog.cryptpad.org/2021/10/21/Announcing-new-apps/
https://github.com/cryptpad/web-apps
https://github.com/cryptpad/sdkjs
https://forum.cryptpad.org/d/103-is-the-source-code-of-the-onlyoffice-spreadsheet-editor-appjs-missing/3
https://forum.cryptpad.org/d/158-upgrade-onlyoffice-to-74x/2
https://forum.cryptpad.org/d/222-onlyoffice-writer
-
The Shady Moves
The company behind OnlyOffice is "Ascensio System SIA". And that company did some shady moves.
There were some monetization and licensing issues. But I'm more concerned about "Ascensio System SIA" disguising it's true origins. For many years it looked like it's based in Latvia. But in 2022 it turned out, that it's actually a subsidiary of the fully Russian company "New Communication Technologies", owned by a person named "Lev Bannov". In 2023 that changed and Ascensio is now owned by a British / Singaporean construct named "OnlyOffice Capital Group Pte. Ltd". So the owners behind that capital group might still be the same as before.
It's also been claimed, that people tried to actively hide the Russian origins on the English Wikipedia.
https://en.wikipedia.org/w/index.php?title=Talk:OnlyOffice&oldid=1202462754#Hiding_of_Russian_origin
And there's a Russian version / "branding" of OnlyOffice called R7-Office (also owned by Lev Bannov).
R7-Office:
https://ru.wikipedia.org/wiki/%D0%A07-%D0%9E%D1%84%D0%B8%D1%81
https://ru-m-wikipedia-org.translate.goog/wiki/%D0%A07-%D0%9E%D1%84%D0%B8%D1%81?_x_tr_sl=auto&_x_tr_tl=en
The company Collabora (open source competitor of OnlyOffice) even claims, that the people developing OnlyOffice are all based in the Russian city of Nizhny Novgorod. So there's nothing technical happening in Latvia. And Collabora claims, that OnlyOffice needs some closed source blobs to work (can someone confirm that?).
https://www.collaboraoffice.com/comparing-collabora-with-onlyoffice/#Ownership
-
To make my point
Looks like "Ascensio System SIA" (the company behind OnlyOffice) actively disguised that they are based in Russia.
This does not necessarily make OnlyOffice bad.
But I like to ask some questions about the usage of OnlyOffice in Cryptpad.
- To what percentage do the CryptPad developers trust the OnlyOffice source code?
- Have the CryptPad developers read a lot of the OnlyOffice source and would they say, that it probably doesn't contain bad stuff like backdoors?
- Does CryptPad maintain a hard fork of the OnlyOffice code, or is CryptPad simply pulling from upstream?
- Regarding the above I'd see some positive arguments for a real fork.
- Does CryptPad use any closed source blobs provided by OnlyOffice?
-
@Mathilde (CryptPad) Would you link this as a follow up in the GitHub issue? (I can't write further posts there)