Why should this tool be removed?
The recent Euro-Office fork has shown what open source means to OnlyOffice.
They market themselves as open source (AGPL license) but then added contradictory terms that say you have to use their logo but you’re not allowed to use their logo, which makes forking effectively impossible.
Of course, the Free Software Foundation, the creators of AGPL, has clarified that these additional restrictions are not enforceable and can be removed. But this still shows what kind of project and company OnlyOffice is.
If this was some small, indie team wanting to fork it without a legal team or the recognition to warrant an official account of the FSF they could be sued out of existence making the entire codebase effectively propietary (against Privacy Guides’ criteria).
Additionally:
- No community contributions are accepted
- Broken build instructions
- 0 transparency - private internal issue trackers, commits referencing them
- Code comments in Russian
- Codebase includes binary blobs and obfuscated code
- Mobile apps are not open source, just proprietary wrappers
This is a company that wants the marketing benefits of “open source” without actually being open.
And about the company..
The company behind OnlyOffice, Ascensio System SIA, has a messy and shifting structure.
They present themselves as Latvian. But are actually tied to the Russian company “New Communication Technologies”, which is owned by Lev Bannov. Later it was moved to a Singapore holding company.
This is an effort to obscure their origins. Software made by Russian developers is not inherently untrustworthy or insecure but being based in Russia and actively obfuscating ownership is.
There’s also a Russian-branded version (R7-Office) used domestically, including by the government and military.
The project itself is opaque enough that you can’t really verify what’s going on internally.
Nowadays there is a lot of geopolitical tension (push for European alternatives, Russia’s invasion etc.).
Software developed and controlled within certain jurisdictions can be subject to government pressure, legal demands, national security frameworks.
Development is widely reported to be based in Nizhny Novgorod.
In that context, Russian-based software can become part of broader information warfare or influence operations, especially when combined with opaque development and unclear governance.
This is not about nationality but about risk, control, and trust.
They also refused to condemn the Russian invasion in Ukraine.
Russia is well-known for meddling in US and EU affairs, trying to undermine democracy, cutting undersea cables etc.
Setting aside the moral arguments of Russian actions and focusing on the project itself - is OnlyOffice so good and trustworthy to overlook all this? Is there no alternative without all these risks? (There is)
All of this could be avoided by not using it. Is the prettier UI and Microsoft compatibility worth all this?
Privacy is ultimately about trust. Sure, there are many technical things that can guarantee it but not in all cases. There is always some trust involved, be it trusting the web client serving the correct JS code or that a service is running the same server source code that is publicly available.
Privacy can not be guaranteed by only technical means. You have to trust that updates aren’t introducing backdoors, and that the distribution channels (app stores, websites) aren’t compromised etc.
More reading:
- Reddit - Please wait for verification
- Euro-Office · GitHub
- OnlyOffice Tried to Fake Open Source. It Backfired Spectacularly.
- OnlyOffice concerns (vendor makes shady moves) - CryptPad Forum
- DMS Solutions stops doing business with OnlyOffice due to OnlyOffice close ties with Russia - DMS Solutions Co.
- https://eviloffice.tutdomen.com/