Free Software Solutions for a Secure Online Workplace

0
5464

The COVID-19 pandemic has made working online from home the new normal. The Internet being what it is, with numerous players interacting with it (including some who are malicious), security plays a critical role. This article focuses on free software solutions that will enable privacy, security and data protection during the pandemic and in the post-COVID era.

In recent times, the expression ‘Privacy-first by design’ has gained attention. The General Data Protection Regulation or GDPR is a standard adopted by the European Union, ensuring the privacy and data protection of its citizens. Many hosting platforms like hetzner.com and scaleway.com provide GDPR based cloud hosting services. This has gained more attention among the Indian public after the protests by free software activists against the Arogya Sethu app, which was subsequently made free software with access for auditing. The public now has greater awareness about data protection and privacy related matters, as well as the many services and software that offer privacy-friendly replacements to commonly used proprietary services. So let’s discuss some of these online services and programs that ensure privacy, security and data protection, with a focus on the online digital workplace.

CryptPad, a replacement for Google Docs or Office Online
CryptPad is an online document editing service, similar to Google Docs and Office Online, without the privacy issues. It encrypts the data as you type, which ensures that your data cannot be accessed by anyone else. This service is a good choice for government firms and privacy conscious users.

In order to use CryptPad, go straight to https://cryptpad.fr/index.html and select your pad, which is the term used to specify the various available editors. Listed below are the many pads that the service has to offer:

  • Rich Text – A collaborative word processor
  • Code – You can do collaborative coding here
  • Presentation – A PowerPoint alternative
  • Poll – A poll creation tool
  • Kanban – A to-do list creator
  • Whiteboard – A drawing board
  • CryptDrive – Storage for your pads (You get 50MB for free. It is now 1GB for registered users on account of the COVID-19 situation.)
  • Sheet – An Excel alternative that is in the beta stage (It requires a sign-up to use.)

All pads support auto-save and file uploading (saved in your CryptDrive). CryptPad also supports collaboration, which means you can co-author documents with other people in real-time. There is a chat section available in the side bar, which you can use to communicate with your collaborators.

Sharing a link using the built-in option allows you to grant the user read-only or editing privileges. You can manage your CryptDrive data by creating folders and organising them the way you want. Every document has a version history as well; in case you made an error while editing, you can retrieve the previous version to get your data back.

CryptPad has a strict privacy policy. The service calls itself a ‘Zero knowledge cloud’ to showcase its privacy policy. It does not collect your password and the content stored in your pads. Your data is yours alone because of the client-side encryption. Though it collects your IP address (for security reasons and to identify you as the anonymous owner of your pad), CryptPad claims it does not log the IP address to track users or usage.

CryptPad also supports self-hosting if you want to install it on your own server and be in full control over the server side as well.

EtherCalc Web Spreadsheet
This is a free software replacement for Google Sheets and can be installed on-premise. EtherCalc Web Spreadsheet has many features though not as many as a desktop application like LibreOffice Calc. You can create a Web spreadsheet and your data is saved online. Collaborative editing is possible, and the sheet can be shared after creation and adding the necessary data. Visit https://ethercalc.org and click on ‘Create Spreadsheet’ to create your spreadsheet for collaborative editing. EtherCalc uses randomly generated URLs, e.g., https://ethercalc.org/hj6zgvux42wo which will be your unique Web spreadsheet. You can use formats, and add the necessary mathematical, statistical and other functions that a spreadsheet needs. EtherCalc is centralised and is a Nodejs application that can be installed with the following command:

npm install ethercalc
./node_modules/ethercalc/bin/ethercalc

If a Redis service is running on the same host, EtherCalc will prefer it over file based storage to improve performance. EtherCalc is also available on the Sandstrom platform.

Matrix: The privacy friendly replacement to WhatsApp, Telegram and Signal
Services like WhatsApp are proprietary and several cases of data leaks and privacy issues have been reported. So is the case with Telegram since its server side is not open source. And in the case of Signal, its centralised design is a minus point for privacy-conscious users.
Matrix is an open source project that publishes the Matrix open standard for secure, decentralised, real-time communication. This service is maintained by the non-profit Matrix.org Foundation, with the aim to create an open platform for communication.

As of June 2019, the beta version of Matrix was out, and the protocol is fully suitable for production usage. We can host our own matrix server by installing Synapse on-premise. Matrix owes its name to its ability to bridge existing platforms into a global open matrix of communication. Bridges are core to Matrix and it is designed to be as easy to write as possible, providing the highest common denominator language to link the networks together.
The core Matrix team maintains bridges to Slack, IRC, XMPP and Gitter, while the wider Matrix community provides bridges for Telegram, Discord, WhatsApp, Facebook, Hangouts, Signal and many more.

Figure 1: Secure WFH apps

There are various clients available for using Matrix on the Web, the desktop and various mobile platforms. The most common among these are RiotX, Riot-web/Riot-desktop, Riot. im Mobile. Riot is recently renamed as Element. See https://element.io/. Other popular matrix clients are Fractal for GNOME, and Quarternion. There are also various desktop clients available for terminal geeks; one among these is WeeChat.

Jitisi Meet: A free software replacement for Hangouts, Zoom and Skype
Video conferencing is an essential part of working from home, as well as for remote calling even during normal work routines. For privacy conscious users, thankfully, there is a set of tools under the JitisiProject, of which Jitisi Meet can be used for video conferencing without fear of loss of data. Jitisi Meet is an open source video conferencing solution based on WebRTC, the open standard for Web communication. Jitisi Meet Server can be installed on-premise, which improves its scalability. Debian 10 Buster + and Ubuntu Bioinic Beaver 18+ are supported out-of-the-box. Jitisi Server can also be installed as a Docker container. Jitisi Meet client applications are available for the Web and all the operating systems like iOS and Android. Jitisi Meet is encrypted and you don’t need an account to start or attend a meeting. It is easy to set up a call. You can create a password if needed and can invite your friends through its interface. You can switch to either the tile view or the call view, blur the background, etc. There is an option to raise your hand for chat. Jitisi Meet also offers desktop streaming, which is screen-sharing capabilities during calls, including the ability for a host to share YouTube videos with participants. Jitisi’s support for screen recording needs a Dropbox account though, and you can share a YouTube video over Jitisi. Go to https://meet.jit.si/ to start a video conference over Jitisi.

E-learning: Moodle and OBS Studio
Training is part of every evolving workplace, and there are several free and open source software solutions to manage and create e-learning materials effectively.

Moodle is free and open source and the most popular e-learning platform. Moodle is based on pedagogical principles and can be used for distance education, blended learning and e-learning in schools, universities and workplaces. It has support for e-learning standards like SCORM and LTI. Its latest version is 3.9, and it has integrated options like H5p which can be used for creating interesting content like interactive videos.

OBS Studio is the popular free software tool for video recording and live streaming. This tool can be used to create videos with presentations, screen recording in the background and webcam recording of the speaker, on the side. This is a very powerful tool for creating video presentations and lectures, and can be used for e-learning.

OBS Studio can do high-performance real-time video/audio capturing and mixing. It can be used to create scenes from multiple sources including window captures, images, text, browser windows, webcams, capture cards and more. It can set up an unlimited number of scenes that you can switch between seamlessly via custom transitions.

OBS Studio comes with an intuitive audio mixer with per-source filters such as a noise gate, noise suppression, and gain. It allows you to take full control with VST plugin support. The modular Dock UI allows you to rearrange the layout just as you like. You can even pop out each individual Dock to its own window.

Peertube: Free and privacy friendly alternative to YouTube
Peertube is free and open source. It is a decentralised federated video platform powered by Activiti Pub and Webtorrent. The peer-to-peer technology used by Peertube helps to reduce load on the servers. This project was started by a programmer named Chocobozz in 2015 and is now supported by a French non-profit called Framasoft. Peertube is not a centralised platform but a network of interconnected small video hosts. You can host your own Peertube instance and upload your videos. Each instance can host its users and videos. Hence, Peertube is a federation of independent hosting services — every instance is created, moderated and maintained independently by various administrators. Each Peertube server can host any number of videos by itself, and can additionally federate with other servers to let users watch their videos in the same user interface. More information about this video hosting platform is available at https://joinpeertube.org/en/. The free software community of India has recently hosted a Peertube instance https://videos.fsci.in/. Another Peertube instance is https://vidcommons.org/.

FediLab, P2Play and Thorium are Peertube clients for Android which are available through F-Droid, the free software and privacy-friendly replacement to Google Playstore.

NextCloud and CozyDrive: GDPR-compliant replacements to Google Drive and other proprietary solutions
Like Google Drive, many other proprietary solutions do not have the required privacy/data protection. Free 8GB and 4GB options are available for NextCloud and CozyDrive. Data protection and privacy concerns are met effectively by both these services. NextCloud can be hosted on the office server by installing it. See https://nextcloud.com/install/#instructions-server for instructions. Or you can just simply sign up with a NextCloud provider for a free account. You can change the provider to suit your data storage needs, and you can choose free data options from 2GB to 8GB. NextCloud however keeps the user in control, and guarantees compliance with business and legal requirements. It offers the ultimate control to protect digital sovereignty for governments and provides the highest security for protected health information. It enables easy and efficient collaboration on large files. NextCloud also offers a calendar and video chat without data leaks.

GitLab and GitHub: Online repositories
For programming and documentation, centralised repositories like GitLab or GitHub can be used for collaboration. These repositories have support for Markdown and reST as well. Integration for a DevOps model using Jenkins, Travis, etc, can be done with these repositories. Modern editors like Atom and VSCode have integrated support for accessing the Git repositories. GNU Emacs supports Git through its generic version front-end called VC or through magit. Plugins like fugitive are available for Vim, for Git support. A Git repository can be created as a master branch, where other programmers can check out their own branch as a local copy, work on it and then push back their code. The code can then be merged with the master branch by the project leads who are maintaining the code repository.

tmate
tmate (https://tmate.io) is used for instant terminal sharing. It is a fork of tmux, and can be used to share a ssh session with other collaborating workers, simultaneously, on the same shell, by just sharing an ssh link that comes at the bottom of the terminal when starting tmate. Once installed, you can launch it with tmate. You should see something like what’s shown below:

ssh PMhmes4XeKQyBR2JtvnQt6BJw@nyc1.tmate.io

This allows others to join your terminal session. All users see the same terminal content at all times. This is useful for pair programming, when two people share the same screen but have different keyboards.

OpenVPN
This solution enables a user to get access to an Intranet remotely. This and many other solutions can be installed on-premise and can be managed centrally. OpenVPN allows peers to authenticate each other using pre-shared secret keys, certificates or user names/passwords. When used in a multi-client-server configuration, it allows the server to release an authentication certificate for every client, using signatures and certificate authority. It uses the OpenSSL encryption library extensively, as well as the TLS protocol, and has many security and control features.

If you install FreedomBox, many solutions like OpenVPN, Matrix, etc, can be installed easily through FreedomBox’s Plinth interface.

So this is the right time to try these ethical, privacy-friendly software services in government firms and offices that care about not only their own privacy but also the privacy of their clients and other stakeholders.

LEAVE A REPLY

Please enter your comment!
Please enter your name here