Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
G

go-run-jump

@go-run-jump
About
Posts
2
Topics
1
Groups
0
Followers
0
Following
0

Posts

Recent Best Controversial
  • ArchiveBox default installation exposes private data and uploads to archive.org without user consent
    G go-run-jump

    Bug Report: ArchiveBox on Cloudron

    ArchiveBox default installation exposes private data and uploads to archive.org without user consent

    Description:

    In the standard installation of ArchiveBox on Cloudron, all content is publicly accessible by default, and archived content is automatically uploaded to archive.org. This behavior is unexpected and potentially harmful for users of a platform like Cloudron, which is often used for personal or sensitive data storage.

    Steps to reproduce:

    1. Install ArchiveBox on Cloudron using the standard installation process.
    2. Add content to be archived.
    3. Observe that the content is publicly accessible and being uploaded to archive.org.

    Expected behavior:

    The default installation should prioritize user privacy and data protection. The following settings should be set as standard in ArchiveBox.conf:

    [PRIVACY]
SAVE_ARCHIVE_DOT_ORG = False
PUBLIC_INDEX = False
PUBLIC_SNAPSHOTS = False
PUBLIC_ADD_VIEW = False

    Actual behavior:

    • All archived content is publicly accessible.
    • Content is automatically uploaded to archive.org without user consent.
    • Users must manually change privacy settings after installation.

    Impact:

    • Potential exposure of sensitive or private information.
    • Unauthorized distribution of copyrighted or confidential material.
    • Users may face difficulties in removing unintentionally uploaded content from archive.org.

    Suggested fix:

    Update the default installation configuration to include the privacy settings mentioned above. This will ensure that user data remains private by default, and no automatic uploads to archive.org occur without explicit user consent.

  • Zulip - Powerful open source group chat
    G go-run-jump

    @avatar1024

    @jdaviescoates said in Zulip - Powerful open source group chat:

    @avatar1024 said in Zulip - Powerful open source group chat:

    Yes there is

    $3.50/user/month just for that seems a bit steep

    Actually Zulip may be the most affordable open source chat app out there. Those $3.5/user/month only come into play if you have more than ten users and want to have mobile notifications using Zulip's relay server.

    For Mattermost, you only get a basic version if you don't pay at least $10/user/month for a non-open source version.

    Rocket.chat limits the open source community edition to 10,000 notifications per month. Depending on the usage, this may not be enough even for ten users. Yes, you could use the starter edition up to 25 users for free. But that is apples and oranges as it is not open source anymore.

    And with Cloudron you can have multiple instances running, so if you are really on a budget, but want mobile notifications, each team of less than 10 people gets its own instance of Zulip.

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks