Play store: F-droid (Bonus: many open source apps that are paid apps on Google store offer the full version for free on F-droid to encourage you to move away from Google Play), Yalp Store
Rob Braxman Tech (He knows about the nasty dictators like the Chinese Communist Party. Don’t think you are safe in America. The reach of the Chinese Communist Party Mafia, formerly known as the Chinese SOVIET Republic) is beyond our imagination.
Alternatives to Big Tech respecting privacy (for now)
Search (Google): DuckDuckGo
Browser (Chrome): Brave
Email (Gmail): see above (self-host) or ProtonMail (zero knowledge encryption)
Cloud (Google Drive, OneDrive, Dropbox, etc): see above (self-host) or use zero-knowledge encryption
Text/Chat (Whatsapp, Line): Signal App
Calling: Telegram has better voice quality than signal, but sometimes it has weird behavior on certain phones. Telegram does not have zero-knowledge proof, so it’s up to Pavel Durov (he’s usually good at not bending to totalitarians).
Alternatives to Big Tech that refuses to censor and manipulate users (for now)
Video (Youtube): Odysee (LBRY), Rumble
Facebook: MeWe
Twitter: Gab, Safechat, CloutHub has a crappy search feature, Parler now has PC bots patrolling and misfiring
Zero-knowledge encryption means the server have no access to the info you put in there as they are all encrypted and protected by a password which only you have (preferably use zero-knowledge proof so the owner of the server do not have any master keys to see your data: you lost the key and the data is practically gone forever)
Free Horde Webmail client was ugly so I was looking for alternatives to view my email, calendar, contacts and notes. After a bit of research, I decided to try NextCloud.
NextCloud hosts calendar/tasks (CalDav) and contacts (CardDav) as a server, but do not store emails. Use any email provider (from your ISP or free email services as long as they do IMAP/POP and SMTP).
Default welcome/demo files are under /core/skeleton (you can change this by editing /config/config.php)
If you move the folder, you have to edit the database and root location paths in /config/config.php
Need to setup MySQL first. Avoid PostgreSQL option as it does not work out of the box.
Disable sqlite3 PHP extension
If installed on shared hosting, install without featured app because it will install CODE which is a can or worms.
Collabora Online is a can of worms. See below
Collabora Online (LibreOffice engine to edit documents live on web browsers) require special handling:
There’s a free community edition called CODE (Collabora Online Development Edition)
Do NOT install the BUILT-IN CODE server Nextcloud App if you NextCloud is on a shared hosting because this will appear as a rogue app that slows Nextcloud to a crawl, exhausting entry processes (aka concurrent Apache requests), and still it’ll timeout opening a document. Probably malfunctioning due to some permission issues on shared hosting.
Ports that need to be opened (more accurately port-forwarded to the CODE server) for Collabora:
443 (HTTPS)
Turns out port 80 (HTTP that starts with Univention administration interface) is not necessary. It just redirects to port 443 (HTTPS) if you forgot to type the URL starting with https:// (it’s http:// by default when you type in the address bar of your browser).
Since the URL of Collabora Online-server in NextCloud settings uses only HTTPS and a HTTP URL is going to be redirected to HTTPS anyway, don’t bother with forwarding Port 80 (HTTP) and enter https:// in the Collabora Online-server URL instead.
You don’t need to forward 9980 (WOPI) either. Somebody mentioned it in Nextcloud forum but that’s not the cause.
Well, the next part is the hairiest. Turns out even the Collabora server checks out with NextCloud, the documents won’t open (some weird error messages):
The webpage at https://<Collabora Server>/loleaflet/23e6a73/loleaflet.html?WOPISrc=https%3A%2F%2F<Collabora Server>%2Findex.php%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F2180_octqxsu7tnwz&title=<Filename of document to edit>&lang=en&closebutton=1&revisionhistory=1 might be temporarily down or it may have moved permanently to a new web address.
Of course, substitute <Collabora Server> and <Filename of document to edit> with your scenario.
I tried going to https://<Collabora Server> and noticed this NET::ERR_CERT_AUTHORITY_INVALID error:
Turns out given my server do not have the SSL certificate installed yet (and I got around it by “Disable certificate verification” in Collabora Online setup), my users/clients has to manually visit the Collabora (NOT NextCloud) server and click through the security warning to accept the Collabora site that do not have a valid SSL certificate. After that the Collabora Online works properly!
In other words, if you run into certificate issues with Collabora server, NextCloud won’t tell you when it calls Collabora server (with REST API) to open the document, instead it’ll just appear as a fail HTTPS call without warning or giving you a chance to correct the certificate issue.
I changed the folder of where my NextCloud files is and got this error.
Adding the “.ocdata” dummy file there doesn’t work. The message is cryptic. I tried to run occ at the root folder (hoping it’s some sort of management tool) by running this at the command/SSH prompt:
php ./occ
and it spits out:
Your data directory is invalid
Ensure there is a file called ".ocdata" in the root of the data directory.
An unhandled exception has been thrown:
Exception: Environment not properly prepared. in
{New Folder}/lib/private/Console/Application.php:168
Stack trace:
#0 {New Folder}/console.php(99): ...
I replaced my actual path for the new location of the NextCloud files with {New Folder}, so you get the idea.
I also noticed the old path was regenerated with just a /data folder with two files
This means some programmer got lazy and hard-coded the path somewhere!
Line 99 of console.php didn’t give too much hint so I looked at the code around for some sort of config-related operations before. Then I noticed this:
So I searched for config.php and found it’s located in /config/config.php. Bingo!
And to my horror the SQL password is stored in plain text in config.php! WTF! I’ll choose a password that’s dedicated to one use and not shared!
I recalled a when I rename WordPress databases, I have to manually edit the changes in wp-config.php. Turns out nobody warned us about that for NextCloud! That config file also contain database settings, so I bet if I change the database names or database usernames, I’ll have to come back and edit it manually too.
The site is working after I made the migration changes, all in /config/config.php.
One thing that 2020 and 2021 taught us is that we’ve foolishly surrendered our data to private companies for harvesting and subjected ourselves to being manipulated (behavior conditioned) by bots (artificial intelligence studying our habits), in exchange for a little convenience having big companies hosting our data (on the cloud) for free.
The conventional wisdom is that something is free without the pains (either hard to use or has advertisement), you are the product to be monetized.
Their house, their rules.
They are the ones who wrote the law, interpret the law, and enforce the laws. The unholy trinity has fused the 3 traditionally separated powers in democracies and became THE almighty.
Of course they bear the consequence of their actions, depending on how much de facto leverage they actually have, which is increases with their size. They are already effectively controlling the government with their extensive lobbying budgets.
Not to mention that we are also rely on their IT security department that are constantly under attack since a centralized target provides a high return on investment in hacking attempts. Bad people only need to hack a big corporation once to steal 100 million+ user data. If the 100 million+ users’ data are scattered on many different servers with different software, configurations and locations, each attack will be much less worthwhile.
In some sense, it’s much safer for less attractive targets (nobodies) to risk security flaws in their own setups because nobody cared to go after them. More importantly, I don’t want to feed a monster with my data that they are going to bite me or other people I support whenever they wanted to.
Here are the basic minimum web services that we’ve become reliant on in our daily lives.
Email
Calendar & Tasks
Contact List (e.g. Phonebook)
In Google ecosystem:
Gmail
Google Calendar & Google Tasks
Google Contacts
Apple (iCloud) uses the standard protocols
Email: IMAP/SMTP
Calendar & Tasks: CalDav
Contact List: CardDav
If you are paranoid about full control over your data that nobody (including tech support) can see, you should host your own server (based on the protocols above). But if you are concerned about up-time, these services come pretty standard with most cheap (shared) web hosting plans at around $2/mo.
If your provider uses cPanel (e.g. namecheap), each email account comes with Calendar/Task (CalDav) and Contact List (CardDav) sync services. They typically come with a webmail client like horde/roundcube.
Namecheap has their own dedicated email service, but I think their shared hosting plan is a much better deal unless you really need the ActiveSync (Outlook, but you can do it for free with CalDAVsynchronizer) and the Open-Xchange productivity suite (which looked better than horde webmail client). You can also host websites and WordPress (blogs) with the hosting plan and have a FTP server for your files.
cPanel is the most popular admin panel for shared hosting, but there are companies like Dreamhost that doesn’t use cPanel and do not offer calendar/task and contact sync services natively so watch out.
In Android, I recommend the following setup after trial and error
CalDAV/CardDAV sync adapters (needed for Calendar & Contacts above): DavX5
These are ALL open-source free software (privacy respecting) available from F-droid.org, which do not require login/purchases (please donate). You might see the paid version on Play Store, but it’s just taxing the less adventurous people.
Many fancy email apps that autoconfigures the server for you often harvest your data or do analytics. Be very careful of that. As far as I know FairEmail is the only one that has advanced features comparable to Gmail and doesn’t harvest your data nor charge you.
Remember to turn on Push-IMAP in your email client so it’ll be as responsive as Gmail. In Fairmail, it’s under Settings -> Receive -> When -> Automatically Optimize ON + Always.
I’ve tried a few other Calendar and Tasks app on Google store (such as BusinessCalendar and aCal), and so far the stock Calendar app and Simple Calendar Pro’s built in refresh works correctly with DavX5 sync adapters. The refresh button for the rest did nothing so I had to open DavX5 to manually initiate a refresh if I don’t want to wait 15 minutes (fastest update rate allowed by DavX5).
As for Tasks.org app, it doesn’t use the sync adapter. Instead we directly enter the CalDAV login info with the server link provided by your hosting provider
If you have a domain registered under Namecheap, you dynamically update the IP address to a remote computer at no extra costs. If you use no-ip.com, you have to pay $29.95/yr to use your own domain name.
However, the process is not entirely trivial because Namecheap only offers the dynamic update through its BasicDNS nameserver, which has a few implications
BasicDNS nameserver means you configure the DNS records directly Advanced DNS tab when you manage your domain name. DNS records in the Zone Editor in cPanel is not active with BasicDNS nameserver.
Subdomains in cPanel enters DNS record in the Zone Editor, so once you use the BasicDNS nameserver, you must add the A record for the subdomain AFTER creating it in cPanel (cPanel only manages the file the subdomain physically points to, you are on your own with DNS setup)
If you use the domain name with Namecheap hosting services, you can no longer have everything configured for you (managed in cPanel’s Zone Editor) by choosing Namecheap Web Hosting nameserver. You have to transfer the DNS record in Zone Editor (cPanel) manually to Advanced DNS tab (Namecheap). At minimum, get the IP address of the HTTP server and enter it as the ‘A Record’ for the main/sub-domain.
Setting up subdomain name or root domain name to be used with Dynamic DNS update service is simply entering ‘A Record’ with an any IP address as seed ‘Value’ (subdomains entered as ‘Host’). The value (IP address) will be overwritten by the update service/client.
Namecheap also offer an eye candy called ‘A + Dynamic DNS Record’ which is exactly the same thing but makes it easier for you to remind yourself that the ‘A Record’ is specifically used for dynamic DNS update.
It’s a daunting task if you haven’t done the work to understand how DNS record works since there are lots of new terms to learn.
However, it’s not that hard after you understand what ‘A Record’ does: map the domain name (or its subdomains) to an IP address. All Namecheap did is providing a web server (using REST API that accepts user inputs with certain syntax in the URL) that updates your ‘A Record’ (domain to IP address map).