I feel like what hurts this the most is lack of brand recognition - half of the people in the comments are asking why they should trust them and rightfully so. When you look at the individual components, like Nextcloud, you know that the company behind that project is interested in making it work. You know that Nextcloud, GitLab and others make money through their enterprise offerings and probably aren't too interested in selling their users' data or finding other alternative ways of monetizing their platforms.
When a seemingly random company pops up and just rehosts a number of these FOSS platforms, you tend to be skeptical of their motivations or offerings, seeing as they make bold claims about otherwise insignificant platforms, especially given how often you hear untrue statements about privacy nowadays and even moreso if you don't know or care about their history: https://en.wikipedia.org/wiki/OpenDesktop.org
Personally, i applaud their efforts and attempts at popularizing these tools and platforms (as someone who self hosts OpenProject, Nextcloud, GitLab, Rocket.Chat and many other pieces of software that i use myself), however i fail to see where their target audience lies: the majority of people who don't care about their privacy will simply stick to the larger cloud offerings of Google or Microsoft office components and something like GitHub for their code, whereas the more privacy conscious folk are more likely to self host software or will need lots of time to build trust with them.
I do hope that they have a sustainable existence and a net positive impact on the industry, though!
I don't know... just created an account with them and found this extremely nice!
All those projects you mention seem awesome, but I've just never had the patience to setup all those things by myself... looks like using opendesktop.org, I get all those things working in seconds by just having an account (which took me 2 minutes to create).
For people asking how they make money: looks like they give you, for example, 5GB of file storage for free but after that you have to have a paying account to get more, which is something I am interested in as I hope they will be much cheaper than Apple/Google offerings, while being compatible with open protocols like WebDAV.
EDIT: actually, I don't seem to be able to become a paying customer?! They only seem to have "become a supporter" which is more like for donations to Pling?! How do I actually pay to get , say 1TB storage??
You're somewhat unusual then, in that those who don't care, are happy with FAANG (et al) and wouldn't sign up for this due to no need.
On the other hand there are people (like myself) who are privacy focused, and the first alarm bell is who the heck are these people? They're a random company I've never heard of, hosting free software which I can (and do) host myself and offering to store all of my private, personal and/or important information for me.
Although they may very well be perfectly legitimate and caring people, how do you know their goal isn't to get as many people's data as possible and sell it off to <insert your worst nightmare here>?
This is the issue with the brand recognition problem, and I'm not sure what that target audience is that you fit into.
You seem far more unusual than me, to be honest. Setting up your own self-hosted servers and application protocols, no thanks!
Also, you can easily find out who they are as they have an "About Us" on their website which has a "Contact" link that goes to https://www.opendesktop.org/contact
Hive01 GmbH
Am Speksel 10
33649 Bielefeld
Germany
Contact: contact@opendesktop.org
There, you find out that this project was started by Frank Karlitschek and is heavily involved on the KDE project, which is widely known in the Linux community.
The reason you think they have no brand recognition is that they don't have the marketing of the big cos you know about like Google and Facebook... it doesn't mean they are no-ones that cannot be trusted as you seem to be implying.
I've considered self hosting services like that, but don't really know where to start. What do I self host it on (assuming I don't have my own data center or even a static ip), how do I make it secure, etc.?
There are a few ways to get started, it depends on your budget, what you want to host, and what you don't.
If you want something to host at home, and you have sufficient bandwidth, a Raspberry Pi (4b) can get you started relatively cheap, with an external HDD/SSD.
In terms of securing it, my recommendation would be that you don't expose your services themselves but setup a VPN you can access remotely and connect to that to use your self-hosted services. This may not always be convenient so you could expose specific services as required.
Regarding the static IP (or lack of) you'll want dynamic DNS; I wrote a (simple) tool in Golang which I can compile to run on my (Ubiquiti, mips64) router, it uses Digital Ocean's API to provide Dynamic-DNS.
If this doesn't appeal to you, a cheap $5 VPS on DigitalOcean or similar is a good place to get started too, you can use Let's Encrypt for free TLS certificates and there's plenty of help around to get started.
Check out /r/selfhosted on Reddit, they're a helpful and friendly bunch.
>half of the people in the comments are asking why they should trust them and rightfully so.
Exactly. The problem isn't only "will they sell my data via B2B", or, "Do they hand out data to governments via classified programs like PRISM?"
The question is "how is this yet another centralized trove of data protected". Governments and organized crime both hack servers. The real question is "how protected is data when that happens?"
The reason self-hosting is so nice, is you can harder the hell out of your own server, you know it's up to date, and you know compromising it is low priority.
So my take is this: Any cloud service promoting itself as libre, without using end-to-end encryption for all communication, and client-side encryption for *everything* else, is indistinguishable from malicious companies. You're supposed to know what you can do for the user, and you're also supposed to actually implement those best practices.
Also, since the effectiveness of web based crypto has been discussed ad nauseam, and debunked by major names like Arcieri and Kobeissi, I'm just going to state "you better deliver FOSS native clients for your cloud, otherwise it's not going to matter".
On the flip side, hardening your server is hard, and unless you have both a lot of technical skills and time to maintain it, and actually put some effort into it, your self hosted server could very well be less secure.
Exactly my thought. I'm getting sick entirely of this proliferation of free services that obviously can't scale without increasingly high funding.
There are free software for each of those services which can be stood up locally, takes more time but offers more guarantees in the long term for privacy and resilience.
These are mostly online sharing and collaboration type services, or have sharing features. That means running it on your server and sharing with others doesn’t solve the trust issue, your just requiring that other people using these services you host have to trust you.
If you’re just using the single user services then sure, if you have the technical skills and resources doing it yourself is more private.
NextCloud actually started implementing ActivityPub federation a while back. I don't use NextCloud so i don't know if it works, but for sure all selfhosted programs that have some notion of cooperation should be federated otherwise you end up creating new accounts for every service on every community and that's a UX nightmare.
I would be interested to read more about the Nextcloud ActivityPub features.
I know about ActivityPub related discussions back in 2018[0] which links to a blog post[1] from the author of the activity app[2] that is natively included in every Nextcloud installation. However this app does not currently implement ActivityPub.
That's a great article. Note that there's renewed activity by the FedeProxy [0] project providing funding for federating Gitea [1] using ForgeFed [2] and ActivityPub protocols.
Great writing. Radicle is definitely promising, and ipfs has been growing. I think the UX makes all the difference for adoption, and once an incentive model comes up for many to offer their local resources as available serving peers we may see a great alternative to centralised services. I would offer my disk space and fast network if I could launch a process easily enough and get credit, to exchange for cash or simply equivalent hosting on other peers.
the companies behind it (like nextcloud) make money with enterprise services and supported and maintaiend deployments for paying organizations.
since most of the cpu time is used in your browser, not in the cloud, the free offer is a relatively very cheap entry level teaser for supported, maintained and potentially on-premise deployments.
Not me. Right now everybody's worried about scaling and it's keeping them from trying any new models. It's like the world forgot how to experiment with the Internet.
We experiment, and eventually advertising or other worse forms invasions kick in. It's only fair to expect a plan. They say very little about storage limits and how they would fund exponential growth if/when it occurs.
The investment in adopting a service is consequent, with daily use the effort to migrate away keeps growing. So, no, we better not experiment with offers hosting our digital life.
This is how YouTube started and of course the promise is that ultimately it’s going to make tons of money. The problem just is that 99% of these sites fail to get to that stage.
And youtube wasn't promising a free platform, so it's okay. Here we have a company setting up libre services, vaguely explaining they fund the infrastructure, I just don't see what the future will hold since they aren't at least committing to a plan.
Charging for infrastructure is acceptable. I think libre initiative should rather charge from the get go, it reduces the risk that some day a VP joins the organisation and decide to monetise the sale of our data rather than offer a reasonable pricing model where the owner of the data is the consume, not personal data exploiters.
I'd like to know what their threat model is too. I've got most of the same apps (plus a few others) set up on my own server. Seems that the biggest risk of this setup is that your data is basically out in the open, on a server with a bunch of other people.
If you want to self host, thehelm.com is one that I know of. I also keep tabs on getumbrel.com which is a personal server (with built-in appstore-like package manager) on Raspberry-Pi.
I just learnt from your comment about the helm and umbrel. The second is only a cryptocurrency wallet according to their homepage. The first looks more interesting but the website is very light on details: there's pretty pictures and "buy" buttons, but i'm skeptical about their security claims.
Their public-IP-VPN model is directly derived from UX research from the yunohost.org project (https://internetcu.be/), except instead of using network-neutral community-operated ISPs (eg. from the ffdn.org federation) for providing the VPN all goes through Amazon. They also mention the possibility to use your own domain name, but according to the technical details blogpost you still need to use their primary nameserver (also on Amazon), rendering their claim about their gateway not being able to access your communications more than dubious, since they operate both the DNS zone and the public IP (so they can effectively transparently MITM your mails if they want to, and so can Amazon).
Also it appears to be a private for-profit company, and their Github linked on the footer has exactly 0 public repositories. But they have a referral system to encourage you to convert your friends. All in all, without knowing/judging the people involved, it looks like a typical PR stunt from a money-hungry corporation who would not contribute to a broader selfhosting ecosystem.
In my very personal opinion, i'd strongly recommend to take a look at established, community-run solutions in this field: yunohost.org, freedombox.org, libreserver.org... FreedomBox also has hardware boxes to sell, while Yunohost relies on a network of local communities to distribute their own (both based on free-software-friendly Olimex hardware). I believe LibreServer is entirely software and does not sell boxes. I'd be happy to elaborate on some technical/political approaches of these projects if you're curious.
> I just learnt from your comment about the helm and umbrel. The second is only a cryptocurrency wallet according to their homepage.
getumbrel, pretty much a source-available (not quite FOSS) two-developer effort, is going after the same market as thehelm and used "self-hosting" bitcoin (lightening) wallets as a wedge, because there is indeed an overlap between adopters of decentralized-tech such as cryptocurrency/defi and users who prefer self-hosting. See getumbrel's v04 release blog post: https://archive.is/xZEec
> All in all, without knowing/judging the people involved, it looks like a typical PR stunt from a money-hungry corporation who would not contribute to a broader selfhosting ecosystem.
Fair. Not sure if thehelm is a PR stunt, but the founders have successfully exited from at least one venture in the past (I believe, Rapid7).
> In my very personal opinion, i'd strongly recommend to take a look at established, community-run solutions in this field
Thanks for pointing me to FOSS alternatives. I responded to OP's What is their business model? How do they afford to host all this without selling data or charging money? by pointing out that there indeed are for-profit efforts in this space up and running, even if nascent.
> there is indeed an overlap between adopters of decentralized-tech such as cryptocurrency/defi and users who prefer self-hosting
I'm not really sure about that. If you have stats about the proportion of cryptocurrency/defi users actually selfhosted, i'm curious. On the other side, i've rarely encountered people in the selfhosting/privacy ecosystems who are interested in cryptocurrencies.
I can't speak for "cryptocurrency/defi" culture but self hosting is definitely very strong on Bitcoin maximalist space. I think the idea spams from running your own node to search and validate transactions privately and without the need to trust anyone or leaking data that might associate that transaction to you. I guess the reason for that is that Bitcoin maximalism also overlaps with libertarian self sovereign ideals and censorship resistance.
And I think this is attested by the number of projects similar to Umbrel like Ronin Dojo, Raspiblitz, MyNode and even hardware vendors like Nodl and Start9. CryptoCloaks sells accessories like cases for RPis, a popular device for running Bitcoin and Lightning nodes. Some people might even go beyond and get their blocks from the Blockstream satellite transmission.
I'm not sure you'll ever get stats about that because those people like to remain hidden. Perhaps the growth rate of Bitcoin and Lightning network nodes operating on the Onion network might be a good starting point.
Donations, community support, and patreon like subscription model helps OpenDesktop to sustain. I know there are not free lunches, but this is how it looks like. One must pay for someone else to keep the flow running.
it'd be interesting to run these services like p2p torrents - where you both serve, but also consume bandwidth. Popular services of course, will run better as there are more peers, and little used services will die out.
I dont know how this can work with a private documents model - presumably you don't want to share your data, but just the compute. May be IPFS or something of that nature...
There are sharing cloud setups that encrypt your data and store it on the sharing computers. I tried some of them 10-15 years ago but they were all written in Java and didn't work very well. But they do still exist. Think one of them were called SpiderOak.
For personal files hosting, the P2P implementation that comes to mind is tahoe-lafs. I've only used it briefly but it was a good experience, and i've heard only good things over the years.
If there is continuing value to a community, that community will likely continue to fund it. That seems more future proof than venture capital or corporate largesse.
My own very minor gripe is with the maps component.
Because it uses OpenStreetMap as a map source it doesn't show any settlements larger 250,000 for my area because those settlements call themselves "towns" and not "cities".
When you zoom out all you see is a blank space with no labels for quite a large area of the screen.
Meanwhile very small settlements (< 20K people) are shown at max zoom just because they happen to have the right kind of church building, which in the UK means they can call themselves "cities".
I've raised this issue with OpenStreetMaps support for many years and they just either say it's something to be fixed by client libraries or it's not important.
They could be right I guess. However, Goople maps, Apple maps and Microsoft maps handle this correctly and that's what OpenDesktop explicitly say they are trying to replace here.
There is an ongoing proposal discussed on Reddit [0] for an alternate rendering that fills in "empty areas" with a different algorithm. The comparison is really nice [1].
The Hydda map also seems to have some issues in the regard. Looking in the west midlands, Crewe is missing on some zoom level (not sure how far in) while the smaller towns that surround it are there. The OSM map works as expected in this case.
FYI, in the UK, historically city status was given to towns with cathedrals, but since the 20th century city status is awarded by the monarch.
England has 3 large towns with over 200000 population -Luton, Northampton and Reading and about 30 towns with between 100000 and 200000 population.
For those unfamiliar with this product (such as I), here is a brief paraphrased history from Wikipedia:
In 2007 openDesktop.org was established as an umbrella page for content from the sites such as Xfce-Look.org, GNOME-Look.org or Linux-Apps.com, which now continue under pling.com
The websites are operated and maintained by hive01 GmbH, based in Bielefeld, Germany.
Hive01, those sites and the umbrella site opendeskop.org were started by Frank Karlitschek, who was very involved in KDE ~15 years ago. Then he sold the company and went on to found OwnCloud, and later on to fork as NextCloud. Actually, before OwnCloud there was an attempt to create a company to assemble and sell PCs with Linux and free software but that failed.
Would someone be able to help me understand what is 'Libre Cloud'? Even if your code is released under AGPL or something like that what guarantee do you get that software running and not that plus a tiny delta? So how can cloud be libre when I cannot treat it as nothing but untrusted 3rd party entity? Is the argument here that opendesktop.org is a trusted party?
It sounds to you like nothing short of fully self-hosted fits the bill? I think it's pretty clear what they're doing: Libre SaaS.
Of course you have to trust them with anything going in clear-text on their servers. But you don't have the vendor lock-in you'd have with proprietary alternatives. It can be a great bridge between Google/Apple/Microsoft/etc and self-managed, if nothing else.
Unless you're reading millions of LOC and compiling everything from source then you also have no guarantee there isn't a delta on any complex software you run.
Guarantees are hard to come by. That's where reasonable amounts of risk assessment enter the picture.
If you shift the trust just one allegorical bit you don’t necessarily have to read all the code; just compare the sha256 hash with a known git commit and scan through the recent changes in the repo.
Compiling from scratch isn’t necessarily such a big deal these days (guix/NixOS/gentoo for base system, locally built containers for orchestrated services).
Personally I’m fine with putting some level of trust in the maintainers of Debian apt repos but everything else I definitely do take a look at where it’s coming from and what’s going on. There’s a middle ground between fine-combing the source tree and blindly accepting whatever comes from arbitrary upstreams.
Ditto about Debian repos. But as for reading LOC's, comparing the hash won't help if a supply chain attack hit the code before it made it to a commit. I'm not actually advocate reading every LOC. I'm just saying that if you want to use just about anything, some level of trust has to be put in other people & other systems. It should always be a qualified trust though. a trust-but-verify (within reason).
What guarantees do you have that running apt won't install a rootkit or that the compiler the foss source code was compiled with wasn't malicious?
At the end of the day, we largely trust canonical or the distros maintainers to not do anything malicious, even by accident.
I see Libre cloud as a similar situation, though with more avenues for larger-scale abuse. Hopefully, just like with other things FOSS, the community will validate that everything is fine and the risk is minimal.
Simple answer: It can't, since you don't own the server or the data on it.
Long answer: It could be, if proper protocols and data structures would be employed that make it trivial to move the data off the server, mirror it or dual host it on multiple servers at once. So far there is however barely anything that does that, git for version control, IPFS for simple file hosting, but that's about it. The tools to build a "Libre Cloud" don't really exist (and federation is snake oil).
> It could be, if proper protocols and data structures would be employed that make it trivial to move the data off the server
I'm very interested in this domain. Hubzilla has pioneered account migration with the ZOT protocol, and there's discussions in the Jabber/XMPP ecosystem to implement something similar. Personally, i'm curious about going beyond a single protocol and migrating entire server services from a hosting coop to another: https://ttm.sh/dVy.md (draft blogpost)
> The tools to build a "Libre Cloud" don't really exist (and federation is snake oil).
There's Yunohost.org, Freedombox.org and Libreserver.org (ex FreedomBone). They're very cool, and enable non-tech users to selfhost.
With federated services your are still just user@host, completely under the control of whoever owns host. Furthermore the federation aspect is completely optional, if host decides to blacklists some other hosts, there is nothing you can do about it. So I don't see the advantage over the Twitter, Facebook and Co., when everything that makes federation special can be taken away at any moment.
Without some public-key crypto or something that allows you to move your identity to another server or better yet, never exist on any specific server to begin with, I just don't see the point.
In general, I think the only way to build a "Libre Cloud" is by making the cloud part as stupid as possible. Have the actual app run completely on the client, use the cloud just as dumb object store with little to no awareness of what it is serving.
Not exactly, no. It can be taken away when your server operators decide it. But in the federated model, we go with explicit trust relationships and non-profit, community-operated hosts so that's not a problem in practice. In fact, i'm glad my server operators actively defederate from neonazi-friendly nodes, so that i don't have to deal with them... just like i'm glad my email operator validates DKIM and uses rate limiting to prevent spam.
> some public-key crypto or something that allows you to move your identity
That's a very interesting approach. It's been implemented in the ZOT protocol (Hubzilla ecosystem), and has been talked about in the Jabber/XMPP and Matrix ecosystems too. I'm excited for that future, if we can come up with an interoperable spec across protocols.
> use the cloud just as dumb object store with little to no awareness of what it is serving
That's an interesting approach indeed, and i'm interested if you have more resources/links on that. I've been thinking for a while about reducing the difference between federated and P2P services, like how servers could help you seed your content, and/or act as inbox for when you're offline.
I've started drafting a blogpost in that direction a while back.. nothing much in there yet but if it can be of interest to you: https://ttm.sh/tHG.md
> With federated services your are still just user@host, completely under the control of whoever owns host. Furthermore the federation aspect is completely optional, if host decides to blacklists some other hosts, there is nothing you can do about it. So I don't see the advantage over the Twitter, Facebook and Co., when everything that makes federation special can be taken away at any moment.
These seem like advantages to federation. You can choose your masters, and you can choose another master (and they can choose to get rid of you) at any time.
I don't think that the advantage of federation over centralized services is that you can say and do what you want and everyone has to listen to or service you. It's that you have more options than one.
Of course, in the worst case, most nodes could federate into an exclusionary cartel controlled by a single, well-financed organization. But that means that the worst case for federation is the only case in the current situation.
-----
edit: I do think that the major thing missing from the web 2.0 user-provided content internet are tools to facilitate democracy and self-governance. With properly done tools and ownership structures, maybe the users can actually own their accounts, and have as much of a say in how their node was run as you would expect in an organization of peers.
> You can choose your masters, and you can choose another master (and they can choose to get rid of you) at any time.
That's only if your federated protocol supports account migrations (usually with some form of crypto-identity). This was pioneered as part of the Hubzilla ecosystem and ZOT protocol. Nowadays there are efforts to port this approach to ActivityPub/XMPP/Matrix, we'll see where that goes!
Of course it's all easier if everyone owns their domain name and you can migrate "transparently". But the tooling for giving away free, pseudonymous domains is limited so far (afraid.org, netlib.re, eu.org..).
> Even if your code is released under AGPL or something like that what guarantee do you get that software running and not that plus a tiny delta?
An interesting question: How do you verify the code running in the 'cloud'?
And to rehash an old but relevant point: Practically, you don't know if local FLOSS software is the same as its released code, and you don't even review the code so it doesn't matter, to a degree. You are still operating on trust to some degree. But with local FLOSS software, someone else might review it, which seems difficult for hosted cloud software.
> Practically, you don't know if local FLOSS software is the same as its released code
There's strong efforts for reproducible builds and bootstrappable distros in the past years. NixOS and guix have pioneered the field, but i believe both Debian and ArchLinux are now over 90% reproducible.
> seems difficult for hosted cloud software
Yes, it's outright impossible. That's why we need effective decentralization via free-software selfhosting solutions, so that you can place your trust in people you actually know and trust, not a "random" centralized free software operator like this one. That's the lesson framasoft.org has learnt when their degooglization campaign was a little too much successful, so they started a new "deframasoftization" campaign which gave birth to the chatons.org federation of non-profit hosts. In the english-speaking world, libreho.st comes to mind.
>> Practically, you don't know if local FLOSS software is the same as its released code
> There's strong efforts for reproducible builds and bootstrappable distros in the past years. NixOS and guix have pioneered the field, but i believe both Debian and ArchLinux are now over 90% reproducible.
That's a valuable step, but few people build their OS. In practice, few people will know if their copy matches the released code.
>> seems difficult for hosted cloud software
> Yes, it's outright impossible
I think it may be possible, but it will require different tools. Remote attestation? Can we verify what is running in memory?
> That's a valuable step, but few people build their OS. In practice, few people will know if their copy matches the released code.
This is true! That's why guix project has been working on `guix challenge`, which lets you inquire about checksums for a specific package from various repositories, to make sure they are the same. I personally think such an approach is a huge step in making software somewhat-verifiable by non-tech people (although guix is not exactly approachable by that audience, i'm talking about the principle).
> Remote attestation? Can we verify what is running in memory?
Yes and know. You can if you trust the hardware/software doing the remote attestation. Signal project for instance has argued that a centralized server with Intel SGX "secure enclaves" is the safest we can do. I personally strongly disagree, and i believe vulnerabilities found since then in Apple/Intel/AMD security chips go against that argument.
Software security is almost tackled with bootstrappability, reproducibility and "challenges". Hardware/firmware security is an entirely new thing...
> Signal project for instance has argued that a centralized server with Intel SGX "secure enclaves" is the safest we can do. I personally strongly disagree, and i believe vulnerabilities found since then in Apple/Intel/AMD security chips go against that argument.
If it that isn't 'safest', what do you think is safer (and practical)?
> If it that isn't 'safest', what do you think is safer (and practical)?
Distributing trust is safer and practical. A single, centralized server will always be vulnerable, whatever defenses in depth you deploy. Standardization and decentralization is more valuable in the long run for privacy/security than any customized efforts.
That's what allows us these past years to do PGP over email over Tor onions, transparently via onionMX SRV records (+ a local cache/mapping to prevent lying DNS). Meanwhile, Signal still requires a unique identifier (phone number) to operate and mandates usage of AWS and other privacy-hostile providers to reach their server, and there's nothing we can do about it because they control the entire infrastructure. Some resources on that:
- https://gultsch.de/objection.html <-- A free-software Jabber/XMPP client developer's answer to Signal team's stance against federation and open standards
What they could do since they have both a client and the server is make the client encrypt all content that is uploaded and decrypt it when downloaded by those who have a shared decryption key. Wouldn't that make sense?
Simple & trustworthy micropayments would help, eh? Transfer ten bucks from your bank account to a trusted entity and then (for example) spend 0.50$/month to support Website X.
According to the payout terms.[0] It appears this service is making money though some sort of store front on pling.com. They are hoping you use Open Desktop to contribute to their store.
Looking through the store, it feels a-bit like Patreon.
A free account isn't usually free, but rather donation-based (free price). Also, hosting services for users is incredibly cheap unless you host some very resource-intensive services.
All in all, for ~100€/mo housing fees (+ hardware costs) you can serve (dozens of) thousands of users, selfhosted.
I don't see how that answers either question. Being part of the FLOSS movement doesn't explain who is funding the costs of the service or why. It's unrelated. And it certainly doesn't tell me what you get with a "free account".
Stumbling upon this site while browsing for KDE Plasma theme. Searching with 'open desktop' or 'opendesktop' terms on HN does not seems like someone has posted them in the past, so I decided to post it. Looking at their services, there is an opportunity to create a mobile-desktop ecosystem out of them like Google services.
When a seemingly random company pops up and just rehosts a number of these FOSS platforms, you tend to be skeptical of their motivations or offerings, seeing as they make bold claims about otherwise insignificant platforms, especially given how often you hear untrue statements about privacy nowadays and even moreso if you don't know or care about their history: https://en.wikipedia.org/wiki/OpenDesktop.org
Personally, i applaud their efforts and attempts at popularizing these tools and platforms (as someone who self hosts OpenProject, Nextcloud, GitLab, Rocket.Chat and many other pieces of software that i use myself), however i fail to see where their target audience lies: the majority of people who don't care about their privacy will simply stick to the larger cloud offerings of Google or Microsoft office components and something like GitHub for their code, whereas the more privacy conscious folk are more likely to self host software or will need lots of time to build trust with them.
I do hope that they have a sustainable existence and a net positive impact on the industry, though!