I am a UK college governor, and have bought up the GDPR issues that have come up with Google and Microsoft recently.
Whilst I do get some nonsensical response, that big tech have great security, it does feel really lainful that there is basically no alternative. I really want there to be, but there just isn't a viable alternative.
>I really want there to be, but there just isn't a viable alternative.
There isn't? My Eastern European highschool had self hosted email since as far as I can remember hosted on some pentium PCs.
The issue isn't that there's no alternative, the issue is that, schools are unable or unwilling to bother doing things themselves and instead just go with Apple, Google, Microsoft, because it's easy and almost free.
Almost free? Microsoft charges hefty licenses and basically re-sales the same product multiple times. I believe Google also charges schools and universities a hefty monthly fee for the services.
Sticking with Google means students have no privacy, due to the US government being able to summarily monitor their Google data. Even if Google promises the processing happens in Europe.
It's not "clarify where the data is processed" but rather "make sure it's not processed by an US-owned corp" (not to say that any other country is fine, their laws must be compatible with GDPR).
I guess that would work great even today for _internal_ emails, but as soon as they'll need to deliver emails to any address that's hosted behind gmail, outlook and probably other dominant players, there's a long list of configurations to make and maintain so that outgoing emails don't get bounced.
That assumes schools have dedicated IT positions, when its very common for the school IT to be managed part-time by teachers themselves, as often there ain't enough money for a dedicated IT position.
The major issue is that it's so centralised already that everything outside of the oligopoly is considered untrusted, but it doesnt take long to get trusted- even if you run marketing campaigns over email like I did for years in the mid 2010's.
I'm not sure if we're all collectively incompetent or if we're completely overblowing how difficult it is.
granted; while I managed email systems of various sizes... yeah I outsource it now myself; but that's MAINLY because I'm lazy, I don't want to deal with it and I don't have an obligation on those emails to preserve privacy or anything like that.
if it was my job to do that because there is a risk to the company; sure, not a big deal, sanitise some IPs slowly over time, configure your PTR records, DMARC/DKIM and SPF everything, ensure you're not an open relay and you probably have to look at it once a month for an hour or two to make sure you're not on a blacklist. -- people do this all the time (or used to) with active directory.
Yeah, its stateful and your deliverability is affected by idiots sending spam-like things, but it's not "hard".
Collective (learned) helplessness here is really going to fuck us over, we already forgot how to run servers it seems, now we're not even able to host services.. soon we won't know how to write code, I'm sure.
> Collective (learned) helplessness here is really going to fuck us over, we already forgot how to run servers it seems, now we're not even able to host services.. soon we won't know how to write code, I'm sure.
I agree with this 100%. It's bad and I think partially because at least as far as I know, there is no standard definition of how you'd need to setup your email server to guarantee some arbitrary email delivery success rate.
And so it ends up being a combination of arcane knowledge together with slow feedback loop for debugging.
btw, if you have any good resources recommendations for successful configuration, I'd love to take a look at that.
The real fun starts after things are set up, as you start wrestling with deliverability issues, trying to get recipients to mark your mails as not spam, trying to avoid recipients to mark properly delivered mails as spam, while simultaneously making sure you prevent your systems from sending spam through hijacked accounts and loopholes.
But giving up? No, definitely not. It's quite doable, but not as straightforward as it ought to be.
Sure, it's definitely easier when you have _users_ sending mail. When you have _customers_, it gets a tad more complicated. Sure, you can be a good kid and keep IP's warmed up, set up authentication and make sure DNS is configured properly. None of those help when some spammers decide they like your hosting service and start purchasing accounts with stolen credit cards, nor when you have customers re-using passwords, refusing to use 2FA and so on, and their accounts inevitably get hijacked.
Office 365 and Gmail silently dropping mails doesn't make things easier.
Why can't the state build a data center and host some Matrix, Nextcloud and Moodle instances?
To me that would seem like tax money being used as intended by the taxpayer.
This kind of response always baffles me. Choose any of the common questions people have about cloud data privacy and ask the same question about Nextcloud. For example: when I delete a file does the cloud really delete it? Now read the Nextcloud source code. All it does is unlink files, and it doesn't even do that properly because it doesn't handle errors and races. Also, it poops your private data all over the filesystem while creating thumbnails and previews. So the answer is no, absolutely not even a single iota of effort has been expended making sure deleted data is really deleted, and inside administrators will have complete and total, unaudited access to it.
Switching from a cloud run by professionals to a self-hosted Nextcloud would be a massive downgrade in information privacy.
The thing is, there's no gaurantee that google nor microsoft nor apple do anything more. With products like nextcloud, at least you can see exactly what's going on.
We already know google, microsoft and apple have unfettered access to your data too. With self hosting, at least I have a chance of knowing when my data's being monitored & I can choose increasingly severe security around that system. The big players can only offer promises with little to no way for us to verify the truth of any one of their statements.
So, unless the big players offer e2ee as a default, it's best to assume the worst from them. With nextcloud it's far less necessary if you're rolling your own (but it supports a form of encryption anyhow)
> at least I have a chance of knowing when my data's being monitored
C'mon really. The whole central point of this euro scaremongering is that Google will turn over your data to intelligence agencies when U.S. court orders it to do so. Now imagine that for whatever fanciful and obviously highly unlikely reason the C.I.A. wants your PDFs. You are claiming this will be visible to you, that you will be able to defend yourself against hardware supply chain attacks, attacks on the media you downloaded to install CrapNux on your servers, attacks against your NextCloud auto-updates, attacks against the whole rest of your software supply chain, social engineering attacks against your sysadmins, attacks against your hard disk drive waste stream, and all the rest of it? And you will be able to achieve this on the budget on a Dutch primary school?
Look, I think it would be cool if nation-sized bureaucracies had the doctrines and practices that allowed them to be actually safer than the cloud, but as it stands they do not.
> The whole central point of this euro scaremongering is that Google will turn over your data to intelligence agencies when U.S. court orders it to do so.
I am sure, Google has ways to abuse data that do not include any courts.
> The whole central point of this euro scaremongering is that Google will turn over your data to intelligence agencies when U.S. court orders it to do so.
Euro scaremongering? [0] [1]
Particularly that court mention is weird, considering how the FISA court is very much just a rubberstamp formality.
> Now imagine that for whatever fanciful and obviously highly unlikely reason the C.I.A. wants your PDFs.
That "fanciful reason" could be that my company developed a breakthrough technology/medication/chemical.
Which is exactly the kind of stuff the NSA is very interested in, so it can "patent subsidize" US industries with them [2]
...and yet they win big government contracts and nextcloud is the official cloud storage solution for a lot of german universities. Same for matrix - good idea on paper but implementation is not there at the moment - still they won some pretty big government contracts for Bundeswehr (military) chat and health chat.
IMHO Europe should just do something like create an https://www.inria.fr/en for writing sane software that acknowledges and handles the complexities of governance. Can't image that paying tons of grad students good money to design and hack something in Ocaml/Haskell that actually works is more expensive than the status quo.
This kind of response always baffles me. This is not you setting up an owncloud instance, this is a country setting up infrastructure, on which it can spend millions (and on which it currently spends millions without ownership.)
obviously the state can let the cloud run by professionals as well, see the German state NRW:
> Dataport setzt dafür die Softwarelösungen Open-Xchange für E-Mail, Nextcloud für den Dokumentenaustausch, Matrix und Jitsi für Videokonferenzen sowie virtuelle Zusammenarbeit und die Software Collabora für Office-Anwendungen ein.
> Also, it poops your private data all over the filesystem while creating thumbnails and previews. So the answer is no, absolutely not even a single iota of effort has been expended making sure deleted data is really deleted, and inside administrators will have complete and total, unaudited access to it.
That all seems solveable to me with enough money and time. What if a billion Euro gets invested into infrastructure and hardening of these tools? I think everything that you describe is a result of underinvestment. Extorting our kids data to Google cannot be better.
We aren't also outsourcing the military to Blackwater and the secret service to Facebook, just because they can run it more efficiently.
Well good news! Our wonderful government has great plans to scrap GDPR and all the silly European bureaucracy slowing down business, and replace it with… checks notes …better British bureaucracy that will cost just as much, while eradicating our rights to privacy…
As far as I can tell, yes. It was implemented in the UK (as in EU countries) by incorporating it into national law, but can be reviewed at a later date as some UK politicians have claimed to support.
>It was implemented in the UK (as in EU countries) by incorporating it into national law
That's not how it worked. The GDPR is a regulation which means that it applies as-is in all EU member states without being incorporated in to national laws. It is only directives that need to be incorporated in to national law (a process known as "transposition").
As far as the UK goes, because the GDPR was in force at the time of Brexit it continued to apply (the same with almost all EU law), although it was amended so that it didn't reference EU institutions any more (like removing the bits that talked about the EDPB or collaboration with other EU supervisory authorities, replacing references to the Commission with the Secretary of State and other things like that).
I believe you're mostly right, so I stand corrected; apologies for the error.
However, the Data Protection Act 2018 [1] does complement and supplement the GDPR in UK national law, including certain data not covered by GDPR, and more specifically apparently "implements those parts of the GDPR which 'are to be determined by Member State law'". This was before Brexit took place, and it was later amended to reflect non-EU status at the start of 2021.
Yes, almost all EU law that was in force at the time of exit was kept (and is known as "retained EU law"), with necessary modifications.
For the GDPR specifically, the UK basically forked it and has what's known as the "UK GDPR". They basically just gave the powers that lie with the Commission to the Secretary of State and deleted the bits that dealt with cross-border collaboration between DPAs.
That was exactly my impression in Germany too. You can search my answer in this thread discussing my whole experience. It is depressing to see this whole argumentation as main blocker to a digital breakthrough. The funniest anecdote was one of the most zealous person against google in the set of meetings that I took place about this topic, used google maps to reach the building where we held the showcases and demos.
I went to a Dutch high school that used Google Accounts for email, and they once caught some students "cheating" on a group project (i.e. collaborating in larger groups than they were meant to collaborate in, I guess) via email. This made me suspect that the admins could read our school email (which people also used to talk about various other stuff, which I guess was unwise). I don't know if that was actually how they found out, but it made me very conscious of email privacy (or lack thereof).
Yeah of course, gsuite administrators can access everything, and because gsuite admins are just modern-day instances of bofh-type obnoxious IT guys, there's no way you'll convince them to give up those powers.
I don't know about Google for Education, but the business flavor doesn't let you spy the email of your users, at least I haven't found it. There are ways that allow you to copy every email to an "audit" address, if you're persistent enough, but good luck managing that mess and liability.
There's the option of quarantining emails that have specific keywords. That's the likely way to catch students discussing cheating, attachments and all.
Edit: as the comment below has pointed out, this might not be true. Different editions have different tools, the one i use is not the most complete.
You can view full email content in the investigation tool, use the APIs to download their mail via MBOX and read it there, or if you're feeling bold, just add yourself as a delegate to their inbox.
Or change their password and remove the mfa token. The instructions for how to do so are in my administration toolkit for account recovery - and they are just as valid for hijack.
Even if it was personal email/social media I've see school computers continually log to disk a low-framerate screen capture of the student's screen. They could also watch it in realtime. My school also had keyloggers installed and while admin insisted that they would not use any captured usernames and passwords they certainly had the capacity to do so.
I think there was some news in the past where some schools took this even further with webcam and mic access, though I didn't experience this.
On a school or work computer that you don't control assume someone is watching behind your shoulder at all times, and reading every word you type. Whether if that's the case or not.
Yeah, that's also terrible. But this was an email account that we could access from our personal computers (they didn't give us a laptop) so at the time I didn't realize that they would be able to read it. IMO, it would have been good if Google had shown some warning or so, that that's the case.
I have worked for a MSP supplying internet services and groupware to institutions, and can tell you that the business and technical requirements for schools are almost indistinguishable from those of prisons.
Yep, that's the case I was talking about. I know some students refused to fool around or gossip in front of school computers after that incident in fear that the microphones and cameras might be recording.
>> On a school or work computer that you don't control assume someone is watching behind your shoulder...
And also every computer running software you don't own/control. If you really care about privacy you really need to be running Linux on personal machines.
While at university (~2003) I realized that computers in the lab could boot from CD-ROM so I made my own live CD based on a customzied Slackware with a custom OS loader written in C that could boot to GNOME in <1 minute (all preconfigured with apps I used for school), and used that for a few years in the labs. :)
That was a nice middle ground. I could sensibly use my favorite environment even during short 10 minute visits between lectures.
Yeah, it's not great. We had to add logging into our custom app to get around this. The only thing you'll see in logs when adding a delegate is the OAuth log entry for Gmail, which doesn't tell you a lot.
Maybe, but it should be disclosed, at least, and students reminded to only use these accounts for school-related stuff, then. And even then, I'm not sure that there should be no privacy in school accounts - what if you want to complain about a teacher? What if that teacher happens to be an admin and retaliates? Sure, there may be cases where having some oversight is good, but it's not necessarily clear-cut.
Almost all schools have a acceptable use waiver the kids (and maybe parents) have to sign to use Internet and it calls out monitoring of internet etc. It's just nobody reads those terms.
This is not what the law says. This why courts absolutely will rule against such practices. And this is why if some person goes to court against that, the snooping admin will get into quite some trouble.
There is a big difference between being able to do something and being allowed to do something.
Of course the right to privacy applies to children as well, and to messaging in school between peers, just like in civilized jurisdictions it's illegal for employers to read read email between employees.
Except schools have a responsibility to ensure that they safeguard their students against online abuse which is extremely common between students. Students will routinely bully each other over school messaging systems so it's important schools have systems in place to deal with this.
This sounds like just an excuse for spying on students. There is plethora of methods to prevent bullying that do not require an all time access to students' communication.
Pervasive monitoring of private communications doesn't sound like the right tradeoff - more like "something must be done, this is something, therefore we must do it"[1].
Having the technical possibility doesn't mean you have the moral, corporate and legal rights to use that possibility.
Be it emails, databases, file servers, anything reading content from anything else but a test account/db/folder is a no go for a sysadmin/dba unless given explicit consent by the user owning that content.
Please read up on the relevant legislation in NL before displaying your ignorance. Employers don't even have blanket access to their employees' email accounts because of privacy laws. The laws concerning minors are even stricter.
That's up to the account admins, not Google. The NL government is making a big mistake here: it's trying to keep things "local" to EU, and replacing products that are secure and private (while also providing admins with the necessary tools to implement policy) with ones that have far less engineering.
\
I also don't think it's necessary to use the word "ignorance", as I read the article pretty carefully. I'm quite read up on GDPR- having implemented policies for a company I worked for- and often times when people say Google is not compliant with GDPR, they're dead wrong.
Yes but is Microsoft any better from a data privacy/ownership standpoint? They’re an American company too and they have an ad business. How is Microsoft different for Europe?
Outlook servers let admins read user emails ... worse than that, outlook has a built in API for filtering mails and chats that allow automated monitoring of what a user does.
(I programmed a tool for it that stored a record for a callcenter company that associated chats with the current call a user was handling. The admins got a log that had a bunch of data on a per-call basis that listed who they chatted and mailed and what was said. They claimed it was necessary for some financial (this was a bank) compliance thing)
You have already a lot of solutions for that https://fortune.com/2021/09/08/germany-sovereign-cloud-googl.... Azure has the same kind of services. If in Germany we could take this decision in a Federal level, you could have your gov sovereign cloud, and stand on the shoulders of giants to be able to accomplish the necessary school digitization at Scale.
Glad IBM didn't lock down their PC platform the way Apple did with theirs. The computing industry would be completely different, and I'm sure not in a good way.
I mean, of course the email admins can read your email? Maybe I have a skewed perspective as an old school sysadmin, but when I managed servers that had mail services running on them obviously root can just read everything on disk and we even had spam filters that scanned the email content which is impossible if we couldn’t read all emails.
An old (school sysasmin) or an (old school) admin?
FWIW in a lot of SaaS companies having read access to production data for regular workflows is absolutely unthinkable. In my opinion the users who expect that their private communication is not read have it right.
Of course it's unthinkable for people working for the provider to have access to production data except in very specific, highly audited situations.
But it's absolutely understandable that an organization has administrators that are able to access data for legal or other compliance reasons, and Google provides those tools as part of the service they provide. There's nothing sketchy about this from Google's side.
The Dutch order is more concerned with whether or not data regarding students is being transferred to the US and processed in ways that it shouldn't be. --Which there's no indication that this is happening, as far as I can tell.
Regarding the last point, there is some indication that that is happening, given that Google's response (from the article) is:
> Google has indicated that it plans to fix the privacy concerns by August 2023
which means that they acknowledge that the current situation is insufficient. If the data was stored and processed only in Europe, they would likely say so. Although even that would not be sufficient, because
> American authorities can access data stored in the European cloud
(by American companies), due to the CLOUD act. So the privacy issues aren't that easy to solve, which might be why they expect it to take >1 year.
They were using Gmail though. Either the school could get privileged access since they presumably used organizational accounts, or they did TLS MITM with network proxies.
I do not have links handy but there are DLP solutions for enterprise tools like gmail, google docs, etc... They do not need to MiTM connections are the tool has administrative access to the corporate account. Many companies use these tools to check the box in their audits around data integrity and data exfiltration. This only works for corporate accounts. Most corporate enterprise cloud services have an API for DLP monitoring.
Personal accounts would require a going through a process for lawful intercept. I have no idea how formal this process is today or if Google even ask for a copy of the warrant. When I set up monitoring for cell phone conversations in the cellular industry, not at google I always had a copy of the warrant.
A long long time ago I remember a sysadmin opened a senior director's email on his computer. He wasn't the type to do something like this, but he recently bought a house, and kids were the likely next step. The senior director in question would likely have been involved in layoff discussions. Unfortunately an email had a read receipt, so the sender got a messaging saying that "sysadmin read your email"... So he got the sack.
If this wasn't too long ago you should report the case to the AP since it was likely illegal even before gdpr was a thing. Depending on how the email was offered this could be a major violation of privacy. Even in commercial employer/employee instances you do not have a carte blanche and in cases of students it's even more murky especially if it was done without adult consent.
Thankfully in Finland that would be massively illegal. The contents of letters and by extensions by email is so strong that employer or school would need to get specific permission to even try to access the headers.
It's illegal in many places, but happens everywhere. If the tools allow it, even if it's not the intended use for a feature, people will do it in the worst ways eventually.
This applies for school staff managing student emails, startup founders managing cloud apps for staff, and Google employees... in general.
The problem is email is a plain text format end to end, so all those emails are just text files on disk. In various situations admins might end up seeing mail headers and contents even if they don’t want to just by investigating various issues. Acting on that content is a different question though.
That's why you use public key cryptography, for example with a Precursor.
Problem with ProtonMail is its JavaScript. If we want to use e-mail with public key cryptography (perhaps we shouldn't), we need to use standards which work in any MUA, and are completely FOSS.
I believe we are better off with a protocol which has a FOSS reference spec, is federated, and from the ground up build with privacy and security in mind.
i am a long time proton paid user but im in the process of moving business to fastmail.
Here is why:
- No autofwd. This is essential for any business Fastmail has this.
- No imap/ POP (usecase: integrating with clickup email)
- no iOS calendar app
- recent pricing changes
- pricing on a per domain basis
Ive wanted to support proton and ive paid to so that for a while, but my understanding is that product releases are very slow.
Ive come to believe that protons cadence of releases is not sufficient for a regular business that has to move faster to keep with competition.
I was a big supporter of proton, but starting a business using the proton suite now is a poor and expensive business decision.
i hope this changes in the future.
My criticism is on the business plans. Personal may suffice for most needs.
(Email search is a pain, but that is the sword you fall on, given encryption)
Honestly I half wish we had some kind of supergiant company on this side of the pond too, despite the drawbacks that brings at least it would guarantee some sense of digital stability.
I've had my gmail account for probably more than a decade now and have never had to worry about it going amiss, meanwhile I look at this list of barely legit sounding names (aside from Proton) and wonder if any of these will be still around in a few years.
Web.de was founded in 1995 and GMX in '97. Both now belong to the gigantic German United Internet AG founded in '88 which currently has roughly 10,000 employees and EUR 5.5bn revenue.
European companies lack the self grandiose promotion that USA companies have. But I think that it is a good thing. I wish USA corporations and CEOs chilled a little.
I'm pessimistic. Whatever European alternative that will pop up to serve this market will hardly be fit to compete internationally, selling to schools and governments means jumping through hoops to provide an adequate service at an adequate price, that's not the way to build a FAANG competitor. Aside from Spotify there really isn't any top-tier European internet companies with global reach. It's even worse in consumer electronics. There are bits and pieces in other tech, but really, challenging the US isn't a reasonable goal at this point.
Well that’s just not true. And a webpage of “European Alternatives” that 99.99% of Europeans have never heard of, much less come even remotely close to adopting, means nothing.
I think ChromeOS is the hardest. Having a computer that completely reinstalls itself from the cloud when the user 'inadvertently' breaks it, is huge for schools.
For companies it's not a big deal because their users know what responsibility is. And you can fire them otherwise. Schools don't have that privilege.
... and making it work for 50 different laptop models, all in slightly different ways and with slightly different software is a lot of work. Plus it just doesn't work over the internet.
Add to that that without chromeOS you've essentially got one choice: windows. So you'll be finding out all about spyware that rootkits the OS, and constant amazement at just how many different rootkits kids can get installed on a single machine. Hell, when I was in school, I wrote a custom rootkit (bo2k like) and installed it on machines. That was fun and instructive.
(I know technically you can make it work over the internet but it takes very capable admins to make that work)
And yes, I hacked the school, but that was through unsecured shared folders and seeing a teacher enter people's grades in excel, not through the rootkit. That I was caught doing (because I decided to "expose" the school by giving a friend's sister her grades 2 weeks in advance, and their parents went to management. I was in detention "for the rest of the year" and I was lucky that 2 teachers demanded I would be allowed to sit my exams because I was the best in their classes)
ChromeOS is everywhere in public schools in Denmark. I doubt that Denmark and the Netherlands are the only two EU countryes that use them.
However, ChromeBooks will also be banned i Danish schools when the new school year starts in August. The Danish Personal Data Authority (Datatilsynet) have just told the schools that they cannot use them after the summer holidays, for more or less the same reasons and their Dutch colleagues.
The problem then becomes: Which laptops can you get in large enough numbers, at a low enough price, within three to four weeks?
In Germany and Portugal, you only see them in shopping malls mostly, and regularly with shop offers to get rid of them.
Most European countries aren't so lucky, parents are the ones buying the computers, and unless you're into classes related to computing, or at university level, you're not bringing them into class (naturally covid has changed this a bit) only using them at home.
In Germany, the schools provide iPads and I suspect others provide chromebooks. Schools do provide computers for children to use in the school. Nearly all school levels have classes these days about computing. Needing to know how to use a computer is a skill they all need. Primary schools in the UK have had computers for at least 30 years.
From what I saw when I worked at one large sized company that had an in-house tech support, they literally just install and image. Connect a cable to the laptop and install an image. You would go in there and they would have 3-4 being reset for a new employee to have.
Remember, most people at work are not responsible for their computer working. In IT we are because we're doing more advanced things and we're technically able to keep it working and to fix it. However, the HR person, the sales person, etc they are not. And most countries have laws where the employer has to provide working tools, the employer is responsible for providing you with a working laptop and if it breaks it is their responsibility to fix it.
Just because you happen not to have heard of them doesn't mean that they're likely to sell your data. It may be hard to imagine, but people living in Europe may trust these services more than Google and Microsoft, and may not appreciate those companies giving away their services for free in exchange for mining our data and showing us ads :)
You will never be sure if they are selling your data or not or if they have backdoor (intentonally or not) to law enforcement and co. From the school point of view, i can tell You,they failed miserably in supporting arabic, old mobile devices and others conditions needed in Germany. Other german players couldnt keep up with high traffic during pandemics..Google in the other hand was fine. You should just anonymize the accounts and dont use it privately. But employees or zeelots downvoting and discussing here didnt have to deal with that.I did;)
but if there is not, why force the schools and kids to go through a set of tools that really isn't helping? It is a disservice to our community. We should be thinking how can we still use the best tool for the job but with the necessary layer of security and privacy. I privately use Protonmail and Protonvpn, but that's not about me but the educational system in Germany, having to support 10 million children. This rhetoric, IMO should go away.
Why do you think that that's not a goal and possible outcome of GDPR? The article says that
> Google has indicated that it plans to fix the privacy concerns by August 2023
to me that seems rather slow, as they've known about GDPR for years, but perhaps these kinds of measures are exactly what's required to get Google to act. And then, if by August 2023 the privacy of Google's services is improved, then GDPR will have achieved something valuable, I think.
(Separately, I think it would still be valuable to have some alternatives, but the two are not mutually exclusive.)
I absolute agree that we should have more alternatives. But to try to sell a solution to the education system in a country, we should be sure that it works flawless in all different setups out there. For you and me, we can hack around and accept some weakness in name of open source or alternative. We do that as Linux desktop users since.. forever? :)
"Businesses can purchase premium accounts (€24 per year) or pro accounts (€84 per year, excluding tax). The pro account comes with ten times more storage, custom branding, and up to 20 aliases. All business accounts include custom domains and customer support."
We have 10 million school kids in Germany. Gsuite costed in 2020, €25 per school, and it was much more than a mail solution. Do the Math.
Beside the cringe blog post abusing of the "german angst" rethoric, its not about being ledigt or not, but about offering a better experience to the school kids, which they do not.
I worked voluntarily to a region (Kreis) in Germany in the first lockdown. I was asked to help to come up with a solution an evaluate different players. I have no horse in this race and I wanted genuinely help. My kids would profit from that, but other than that, was pure voluntary work. The GSuite was the only one that:
a) could scale
b) multicultural and multilanguage
c) great usability in all exotic different setup of OS
d) well thought workflows
d) low learning curve
e) affordable price
However we decided to don't go with that. There are someone from the "Die Linke" which was repeating this FUD about "The privacy of our kids are at risk".. Here is why I think that is wrong:
a) You could anonymize all the users. The Felix Müller could be just the X1234 in the platform and the teacher would track his homework and deliverables without revealing his identity.
b) From Risk analysis the risk of the NSA knowing that the school kid Felix Müller had a 4 in Mathematics, is IMO acceptable if you think about all other positive aspects of the tool.
In the end, each state in Germany decided to come with their own solution mostly developed in house, and almost all failed miserably. Couldn't scale, couldn't support different browsers and OSs, all workflows were not well thought. It was so bad that many schools just kept with paper, making the lives of everyone involved a nightmare.
I'm 100% sure that one of the main reasons for the bad digitization in the schools in Germany was caused by this pamphleteering and I would love to know who really got the contracts to develop the "Home Schooling" solutions used after that.
Highschools demand students buy a Windows laptop, preferably some overpriced piece of crap with a few applications pre-installed from their 'preferred partner' who also happens to be a Microsoft representative.
It's way beyond despicable but I'm too tired to fight it so I've caved in and bought a Windows laptop for one of my kids to use for highschool. It disgusts me that Microsoft manages to extract a tax on every kid in highschool and that schools allow themselves to be used as a part of the marketing and sales arm of a multinational company.
Tweakers podcast of last week I think (in Dutch so I might as well paraphrase it translated). The topic was chromebooks and how it's convenient and easy for a lot of schools
> I went to buy a laptop for my son's new school last week. When I heard it was required, I was expecting some list of hardware requirements but no, the list I got had exactly one specification: Windows.
Schools also do free advertising for Microsoft products, at least in all of the schools where I went to until ~5 years ago. At minimum once a year we were made aware of the fact that we could get Microsoft products like Office at steep discounts from their new online store which they were so proud of and thankful for. Benevolent microsoft letting us get used to their ecosystem for prices we could actually afford, but not free! Still gotta make that profit!
Not sure why they didn't also advertise for libreoffice which, last I checked, is even cheaper and an even better protip (better compatibility if we would just not force each other to keep using the proprietary thing). I guess they just didn't feel like the libreoffice foundation was giving them free money the way that microsoft pretends to.
It gets even more ironic if you realize that schools fall in the 'semi-government' category and thus it's legally required (not optional) to use open source software unless that's impossible, and if it's impossible then it needs to be documented why it's impossible. In practice, you can guess how much this law is followed. I never heard of any consequences for not following it.
TL;DR: legally, there is the opposite of a microsoft requirement, except many schools require both Windows and Office in practice
What exactly were they supposed to teach you in 90s and 00s? I was a rebellious Linux-loving computer geek kid during these times, but OpenOffice was incomparably worse back then (and other programming environments weren't as accessible as VB6) - so I maintained a Windows VM for school, not because I had to (fuck that) but because the software was so much better.
If someone has an aptitude for computers and want to work with them then:
1) productivity suites are a poor fit generaly.
2) learning concepts over specific tools is always going to be a better investment.
3) I’m not sure there even was open office when I was learning. But there was lotus and co. // I’m mainly annoyed that they didn’t teach concepts around computers and instead focused on “Microsoft X” so my entire education was based on one company and what it was inflicting on the world.
Everyone who graduates only knowing those tools is enormous pressure for companies to use those tools, or the burden of training from scratch is on the company.
Yeah, I remember Lotus... And you seriously would've rather used that??? I prefer to keep torture out of schools.
It was the other way around, at least where I live. Companies pressured schools to teach skills they actually need people to have - and that's MS Office, because even today nothing else comes close.
And children with aptitude for computers, who don't need office suites but would like programming - that's less than 1%. If you want public schools, you're not going to have specialized teaching for small groups - nobody pays more for that.
I’d prefer a real education about how computers work, not to learn any particular single tool or ecosystem.
Religious education does not only teach Christianity. It’s wild that computer education only teaches (or taught) Microsoft (a non-European proprietary corporation).
> even today nothing else comes close.
Close to what though?
Close to replicating MS office? Sure, but that’s like judging an apartment building on the merits of a house.
Your implication that productivity tools compared to MS office are lacking. That’s extremely dubious, perhaps some features are lacking (google sheets doesn’t support GANT charts for example) but there’s other things that you can do which are impossible in office (google sheets can do raw SQL and attach to big query); I’m specifically comparing google to MS here but it’s mainly to give an idea that things don’t map 1:1 across productivity suites.
And yes: The world runs on excel, but I find it hard to believe that’s because excel is the pinnacle of software. It’s probably more to do with that it’s “good enough” and fairly flexible- and crucially, everyone knows it and it’s pitfalls.
Excel can do SQL as well, and it actually has abstracted data connectors capable of much more than just SQL and you can easily provide your own connectors too, and much more than just connectors - Excel is used e.g. as a full-fledged trading station at some places. It's capabilities like these why Excel runs the world, it's not some accident of history. You don't need to do stuff like this all the time, but it makes no sense to use two office suites, so you use the more capable one.
I went to school in the '00s. After irreversibly breaking the Office installation on my home computer while tinkering, I ended up doing all of my IT coursework, which was required to be done with Word, Excel, PowerPoint and Access, using OpenOffice instead. For production use, the differences between the office suites may have been significant, but for schoolwork, it was more than good enough. We were to take screenshots of the application windows while we produced our work, and the assessors were happy enough with my OpenOffice screenshots.
Here is a great experiment you can do. Use an app like for example Netbalancer that can show you bandwidth use per app.
Launch your locally installed PowerPoint. Note I am not talking about Office 365 but a locally installed Office component. Start some internal presentation to your fellow workers, just presenting, no editing or creating a new presentation. Amaze yourself at it sends data to Microsoft at the rate of 4 to 5 MB/s. Yeah...just try it.
> Amaze yourself at it sends data to Microsoft at the rate of 4 to 5 MB/s. Yeah...just try it.
Amazing is too small a term. Unacceptable is more like it. Wow. Why do companies that spend a significant amount of money on securing their infrastructure fall for this?
Shortly after the height of the Merkel/NSA hacking scandal, when EU member states were most upset that US spying had been disclosed to their electorate (making EU politicians look weak in front of the voter). The EU kicked off an internal project to try and build a gmail replacement. Their plan was that customer number 1 would be all the educational establishments on the continent. They even got as far as checking out buildings to lease from paper manufacturers, to turn into data centres. Eventually that project went away, but I don't think we’ve seen the last of it yet.
That they tried to build their own data centers is a red flag. Not because its a bad idea, but I think you need to establish product-market fit for a software product before laying down serious hardware.
You don't have to establish product market fit in order to provide services to your own institutions. It's a great idea to piggyback on your own needs to create services that could be expanded to the general public.
Only if allocating resources to in-house data centers does not take away resources from the product.
If you're Google sure throw a 100 people at a project that might get pivoted or axed. It won't matter. But a Government IT initiative? They have to be more efficient.
We will all be able to savor the irony when Dutch schoolchildren's private info is leaked, because whatever group they're going with will have no where near the concern for security and protecting private data like Google does.
Google's entire purpose is selling private data. The fact that it retains a monopoly on the access to that data doesn't change that all the bad stuff is happening right in the first party entity.
Google does not monetize the private data in their cloud/business services. This is a different division of the company. People claim this a lot, but even in the ad part of the company, any data exchanged with other companies is not personalized.
If you have any highly specific claims about this please point to news articles in reputable journals which have not already been repudiated.
I too would like to see examples. I find when people jump on the hate train and literally make things up that they usually have ulterior motives or just repeat whatever they read on 4chan.
Even if that's true, do we really want our children to grow up with (and get used to) these services that are usually "free" for personal use but paid for by tracking people across the internet, separate division or not?
The assumption that the "European" solutions would be the true Paladin of the justice is historically/morally wrong. It cannot be serious and as we can see in this blog post, is just fed by companies fighting for the same market.
Showing people ads based on their keywords is not monetizing private data (showing ads on Gmail is dumb, but for other reasons). I don't actually see any ads (haven't for a long time) on gmail.
Just like Facebook and Twitter claimed they wouldn't use 2FA phone numbers for advertising and did anyway?
It doesn't even have to be malicious, it can happen accidentally. If the entire company is based on advertising and privacy violations then it's hard to truly have "private" data without building an entirely separate system in parallel, otherwise you could put your data in a place you think it's private, not realizing some other component of the system will use that for ad targeting.
Your emails are not scanned for building an advertising profile. This rumour comes up quite often, Google has thankfully stopped doing it for a long time now.
At my previous company we were all in on Google Cloud, mostly for technical reasons as we felt it worked better for us than AWS.
When it came to whitelabelling our product for a big multinational customer, they really liked that we were hosted on GCP and not AWS because they considered Amazon a competitor and couldn't justify paying AWS as a result.
Privacy concerns aside (which I believe are overblown for GCP, strong walls around customer workloads), competition concerns are big for many companies, and Amazon is out there trying to compete with almost everyone in retail and services now. I can only imagine this is going to get worse.
Disclaimer, I now work at Google but not on any of this stuff, this is my personal opinion.
Perhaps bad phrasing, but roughly yes. The hosted Kubernetes offering was more standard, integrated well into the rest of the available services, few other details. It was just a more technically complete and capable product for Kubernetes hosting.
I cannot for the life of me understand why public education institutions everywhere don't use Linux and open source software. For things like writing papers and doing research, Linux is more than enough. Plus it would give students a head start into understanding how computers actually work, which is arguably the most crucial skill for students today.
For things like writing papers and doing research, Linux is more than enough.
This is simply false. A lot of fields use specialized software that is only available on Windows and sometimes macOS. For instance, my wife works in neurolinguistics where most standard software for doing things like analyzing EEGs is for Windows.
However, I agree that this may be true in other branches of education. E.g. in our daughter's primary school they use Chromebooks. They are used as glorified 'web terminals'. I can see why a mutable Linux distribution would be awful from a maintenance perspective, but an immutable Linux system like Fedora Silverblue would probably work as well as ChromeOS.
This is also a failing of the Dutch government and the EU, leaving things to the market, rather than taking initiative and making a standardized education platform.
My field (theoretical physics) has the opposite problem. Almost all tools support only Linux but university infrastructure and incoming students are Linux-illiterate. A Linux strategy would greatly improve the quality of education.
Because Microsoft has spent billions on lobbying and spreading FUD in every educational institution and government across the world ranging from national to local governments to convince them that Windows and Office are the only usable suite of tools. So Word documents are now the lingua franca in the office.
Well, once upon a time, I decided to break through the FUD, and convinced my local school to try teaching on Linux.
Problem is, after three months of work, I wasn't able to reliably deploy the OS to a room of computers and connect it to the school network - even though I worked as a Linux server admin before that. Every single computer (all the same, with serial number one after the other) had a different set of issues that made it completely unusable. Many of ones I got kinda working got broken after a few rounds of updates.
Windows just worked right after installation. The year of Linux desktop is still not there.
Interesting. Took me 20 minutes to fire up an installation of 50 machines in a company in 2012.
Those machines ran without fault for multiple years until I had to add some additional support for caching the NFS mounts because we had added so many clients after the initial installation that we were overloading our NAS.
No hardware errors for sure. But these were desktops (not of uniform origin).
Windows machines on the other hand were a bit more painful, every single one had to be hand enrolled to the sambav4 “AD” (we didn’t have AD) and the instructions never worked the same way twice.
It’s a really unfortunate set of circumstances that you need to run a Microsoft product for authentication in order to have a reasonable experience with the Microsoft operating system.
Especially because that Microsoft product (AD) is usually the hardest thing to integrate with from other operating systems; and is contingent on owning all user accounts (and usually means you have to use their email systems and file sharing systems).
Quite a lot of lock-in for a base level of user experience.
But I guess that’s OK if you are a shareholder. :)
Yeah, I bet it's been a lot of work. But that just underlines my point - you can't expect people to reinstall their school computers if it requires changing their entire network to something nobody there understands and the users (teachers of subjects other than computers) don't want it.
The thing is, people (admin and users) are quite happy with the MS stuff - it's not perfect and costs a lot, but it mostly works without too much setup work.
Oh no, that's definitely not a solution, but at least until someone comes up with software that is at least comparable, Microsoft is what we're stuck with.
222 comments
[ 1.9 ms ] story [ 247 ms ] threadWhilst I do get some nonsensical response, that big tech have great security, it does feel really lainful that there is basically no alternative. I really want there to be, but there just isn't a viable alternative.
There isn't? My Eastern European highschool had self hosted email since as far as I can remember hosted on some pentium PCs.
The issue isn't that there's no alternative, the issue is that, schools are unable or unwilling to bother doing things themselves and instead just go with Apple, Google, Microsoft, because it's easy and almost free.
In reality, the concern seems to be the law will not legally allow them to continue operating unless Google clarifies where the data is processed.
It's not "clarify where the data is processed" but rather "make sure it's not processed by an US-owned corp" (not to say that any other country is fine, their laws must be compatible with GDPR).
The major issue is that it's so centralised already that everything outside of the oligopoly is considered untrusted, but it doesnt take long to get trusted- even if you run marketing campaigns over email like I did for years in the mid 2010's.
I'm not sure if we're all collectively incompetent or if we're completely overblowing how difficult it is.
granted; while I managed email systems of various sizes... yeah I outsource it now myself; but that's MAINLY because I'm lazy, I don't want to deal with it and I don't have an obligation on those emails to preserve privacy or anything like that.
if it was my job to do that because there is a risk to the company; sure, not a big deal, sanitise some IPs slowly over time, configure your PTR records, DMARC/DKIM and SPF everything, ensure you're not an open relay and you probably have to look at it once a month for an hour or two to make sure you're not on a blacklist. -- people do this all the time (or used to) with active directory.
Yeah, its stateful and your deliverability is affected by idiots sending spam-like things, but it's not "hard".
Collective (learned) helplessness here is really going to fuck us over, we already forgot how to run servers it seems, now we're not even able to host services.. soon we won't know how to write code, I'm sure.
I agree with this 100%. It's bad and I think partially because at least as far as I know, there is no standard definition of how you'd need to setup your email server to guarantee some arbitrary email delivery success rate. And so it ends up being a combination of arcane knowledge together with slow feedback loop for debugging.
btw, if you have any good resources recommendations for successful configuration, I'd love to take a look at that.
The real fun starts after things are set up, as you start wrestling with deliverability issues, trying to get recipients to mark your mails as not spam, trying to avoid recipients to mark properly delivered mails as spam, while simultaneously making sure you prevent your systems from sending spam through hijacked accounts and loopholes.
But giving up? No, definitely not. It's quite doable, but not as straightforward as it ought to be.
Sure, it's definitely easier when you have _users_ sending mail. When you have _customers_, it gets a tad more complicated. Sure, you can be a good kid and keep IP's warmed up, set up authentication and make sure DNS is configured properly. None of those help when some spammers decide they like your hosting service and start purchasing accounts with stolen credit cards, nor when you have customers re-using passwords, refusing to use 2FA and so on, and their accounts inevitably get hijacked.
Office 365 and Gmail silently dropping mails doesn't make things easier.
Why can't the state build a data center and host some Matrix, Nextcloud and Moodle instances? To me that would seem like tax money being used as intended by the taxpayer.
Switching from a cloud run by professionals to a self-hosted Nextcloud would be a massive downgrade in information privacy.
We already know google, microsoft and apple have unfettered access to your data too. With self hosting, at least I have a chance of knowing when my data's being monitored & I can choose increasingly severe security around that system. The big players can only offer promises with little to no way for us to verify the truth of any one of their statements.
So, unless the big players offer e2ee as a default, it's best to assume the worst from them. With nextcloud it's far less necessary if you're rolling your own (but it supports a form of encryption anyhow)
C'mon really. The whole central point of this euro scaremongering is that Google will turn over your data to intelligence agencies when U.S. court orders it to do so. Now imagine that for whatever fanciful and obviously highly unlikely reason the C.I.A. wants your PDFs. You are claiming this will be visible to you, that you will be able to defend yourself against hardware supply chain attacks, attacks on the media you downloaded to install CrapNux on your servers, attacks against your NextCloud auto-updates, attacks against the whole rest of your software supply chain, social engineering attacks against your sysadmins, attacks against your hard disk drive waste stream, and all the rest of it? And you will be able to achieve this on the budget on a Dutch primary school?
Look, I think it would be cool if nation-sized bureaucracies had the doctrines and practices that allowed them to be actually safer than the cloud, but as it stands they do not.
I am sure, Google has ways to abuse data that do not include any courts.
Euro scaremongering? [0] [1]
Particularly that court mention is weird, considering how the FISA court is very much just a rubberstamp formality.
> Now imagine that for whatever fanciful and obviously highly unlikely reason the C.I.A. wants your PDFs.
That "fanciful reason" could be that my company developed a breakthrough technology/medication/chemical.
Which is exactly the kind of stuff the NSA is very interested in, so it can "patent subsidize" US industries with them [2]
[0] https://www.theguardian.com/world/2013/jun/06/us-tech-giants...
[1] https://qz.com/1145669/googles-true-origin-partly-lies-in-ci...
[2] https://en.wikipedia.org/wiki/ECHELON#Examples_of_industrial...
> U.S. court order
If only it worked like that.
IMHO Europe should just do something like create an https://www.inria.fr/en for writing sane software that acknowledges and handles the complexities of governance. Can't image that paying tons of grad students good money to design and hack something in Ocaml/Haskell that actually works is more expensive than the status quo.
They can afford professionals.
https://www.dataport.de/pressemitteilung/dataport-stellt-ope...
That all seems solveable to me with enough money and time. What if a billion Euro gets invested into infrastructure and hardening of these tools? I think everything that you describe is a result of underinvestment. Extorting our kids data to Google cannot be better.
We aren't also outsourcing the military to Blackwater and the secret service to Facebook, just because they can run it more efficiently.
It’s a Brexit benefit or something.
https://ico.org.uk/for-organisations/dp-at-the-end-of-the-tr...
That's not how it worked. The GDPR is a regulation which means that it applies as-is in all EU member states without being incorporated in to national laws. It is only directives that need to be incorporated in to national law (a process known as "transposition").
As far as the UK goes, because the GDPR was in force at the time of Brexit it continued to apply (the same with almost all EU law), although it was amended so that it didn't reference EU institutions any more (like removing the bits that talked about the EDPB or collaboration with other EU supervisory authorities, replacing references to the Commission with the Secretary of State and other things like that).
However, the Data Protection Act 2018 [1] does complement and supplement the GDPR in UK national law, including certain data not covered by GDPR, and more specifically apparently "implements those parts of the GDPR which 'are to be determined by Member State law'". This was before Brexit took place, and it was later amended to reflect non-EU status at the start of 2021.
[1] https://en.wikipedia.org/wiki/Data_Protection_Act_2018
For the GDPR specifically, the UK basically forked it and has what's known as the "UK GDPR". They basically just gave the powers that lie with the Commission to the Secretary of State and deleted the bits that dealt with cross-border collaboration between DPAs.
Now I work at ProtonMail, so go figure.
There's the option of quarantining emails that have specific keywords. That's the likely way to catch students discussing cheating, attachments and all.
Edit: as the comment below has pointed out, this might not be true. Different editions have different tools, the one i use is not the most complete.
Email routing is also an option, although far more heavy handed.
I think there was some news in the past where some schools took this even further with webcam and mic access, though I didn't experience this.
On a school or work computer that you don't control assume someone is watching behind your shoulder at all times, and reading every word you type. Whether if that's the case or not.
And also every computer running software you don't own/control. If you really care about privacy you really need to be running Linux on personal machines.
That was a nice middle ground. I could sensibly use my favorite environment even during short 10 minute visits between lectures.
https://developers.google.com/admin-sdk/directory/v1/guides/...
As far as I can tell, adding a delegate or forward isn't even logged anywhere, and being able to see what a delegate is doing was added as a feature only a few months ago: https://workspaceupdates.googleblog.com/2022/03/gmail-delega...
There is a big difference between being able to do something and being allowed to do something.
[1] https://en.wikipedia.org/wiki/Politician%27s_syllogism
Be it emails, databases, file servers, anything reading content from anything else but a test account/db/folder is a no go for a sysadmin/dba unless given explicit consent by the user owning that content.
FWIW in a lot of SaaS companies having read access to production data for regular workflows is absolutely unthinkable. In my opinion the users who expect that their private communication is not read have it right.
But it's absolutely understandable that an organization has administrators that are able to access data for legal or other compliance reasons, and Google provides those tools as part of the service they provide. There's nothing sketchy about this from Google's side.
The Dutch order is more concerned with whether or not data regarding students is being transferred to the US and processed in ways that it shouldn't be. --Which there's no indication that this is happening, as far as I can tell.
> Google has indicated that it plans to fix the privacy concerns by August 2023
which means that they acknowledge that the current situation is insufficient. If the data was stored and processed only in Europe, they would likely say so. Although even that would not be sufficient, because
> American authorities can access data stored in the European cloud
(by American companies), due to the CLOUD act. So the privacy issues aren't that easy to solve, which might be why they expect it to take >1 year.
Personal accounts would require a going through a process for lawful intercept. I have no idea how formal this process is today or if Google even ask for a copy of the warrant. When I set up monitoring for cell phone conversations in the cellular industry, not at google I always had a copy of the warrant.
MX gateways are also a valid option.
This applies for school staff managing student emails, startup founders managing cloud apps for staff, and Google employees... in general.
Problem with ProtonMail is its JavaScript. If we want to use e-mail with public key cryptography (perhaps we shouldn't), we need to use standards which work in any MUA, and are completely FOSS.
I believe we are better off with a protocol which has a FOSS reference spec, is federated, and from the ground up build with privacy and security in mind.
Not sure if/what other admin tools they might have
Here is why:
- No autofwd. This is essential for any business Fastmail has this. - No imap/ POP (usecase: integrating with clickup email) - no iOS calendar app - recent pricing changes - pricing on a per domain basis
Ive wanted to support proton and ive paid to so that for a while, but my understanding is that product releases are very slow.
Ive come to believe that protons cadence of releases is not sufficient for a regular business that has to move faster to keep with competition.
I was a big supporter of proton, but starting a business using the proton suite now is a poor and expensive business decision.
i hope this changes in the future.
My criticism is on the business plans. Personal may suffice for most needs. (Email search is a pain, but that is the sword you fall on, given encryption)
https://european-alternatives.eu/category/cloud-computing-pl...
It should be easy to replace most of the services.
I've had my gmail account for probably more than a decade now and have never had to worry about it going amiss, meanwhile I look at this list of barely legit sounding names (aside from Proton) and wonder if any of these will be still around in a few years.
There is no Google or Apple or Microsoft though, and accordingly a lot of the network effects and institutional knowledge is lacking.
I do very much concur that there is no European competition for US IT supremacy on the horizon any time in the next decades.
China is a different story...
A laughable statement. Who was it again that was pleading on their knees to reserve ASML capacity for them?
For companies it's not a big deal because their users know what responsibility is. And you can fire them otherwise. Schools don't have that privilege.
Add to that that without chromeOS you've essentially got one choice: windows. So you'll be finding out all about spyware that rootkits the OS, and constant amazement at just how many different rootkits kids can get installed on a single machine. Hell, when I was in school, I wrote a custom rootkit (bo2k like) and installed it on machines. That was fun and instructive.
(I know technically you can make it work over the internet but it takes very capable admins to make that work)
And yes, I hacked the school, but that was through unsecured shared folders and seeing a teacher enter people's grades in excel, not through the rootkit. That I was caught doing (because I decided to "expose" the school by giving a friend's sister her grades 2 weeks in advance, and their parents went to management. I was in detention "for the rest of the year" and I was lucky that 2 teachers demanded I would be allowed to sit my exams because I was the best in their classes)
However, ChromeBooks will also be banned i Danish schools when the new school year starts in August. The Danish Personal Data Authority (Datatilsynet) have just told the schools that they cannot use them after the summer holidays, for more or less the same reasons and their Dutch colleagues.
The problem then becomes: Which laptops can you get in large enough numbers, at a low enough price, within three to four weeks?
Most European countries aren't so lucky, parents are the ones buying the computers, and unless you're into classes related to computing, or at university level, you're not bringing them into class (naturally covid has changed this a bit) only using them at home.
Can they install a Linux distribution on the existing ChromeBooks?
Remember, most people at work are not responsible for their computer working. In IT we are because we're doing more advanced things and we're technically able to keep it working and to fix it. However, the HR person, the sales person, etc they are not. And most countries have laws where the employer has to provide working tools, the employer is responsible for providing you with a working laptop and if it breaks it is their responsibility to fix it.
We tried many german solutions, but as the new normal in Germany, you all overpromisse and under deliver...
> Google has indicated that it plans to fix the privacy concerns by August 2023
to me that seems rather slow, as they've known about GDPR for years, but perhaps these kinds of measures are exactly what's required to get Google to act. And then, if by August 2023 the privacy of Google's services is improved, then GDPR will have achieved something valuable, I think.
(Separately, I think it would still be valuable to have some alternatives, but the two are not mutually exclusive.)
Check the guidelines regarding accusing people of being shills.
If you have strong evidence someone is a shill then mail hn@ycombinator.com
We have 10 million school kids in Germany. Gsuite costed in 2020, €25 per school, and it was much more than a mail solution. Do the Math.
Reference:
https://de.statista.com/statistik/daten/studie/981823/umfrag...
https://hkmci.com/blog/g-suite-pricing-basic-business-and-en...
a) could scale
b) multicultural and multilanguage
c) great usability in all exotic different setup of OS
d) well thought workflows
d) low learning curve
e) affordable price
However we decided to don't go with that. There are someone from the "Die Linke" which was repeating this FUD about "The privacy of our kids are at risk".. Here is why I think that is wrong:
a) You could anonymize all the users. The Felix Müller could be just the X1234 in the platform and the teacher would track his homework and deliverables without revealing his identity.
b) From Risk analysis the risk of the NSA knowing that the school kid Felix Müller had a 4 in Mathematics, is IMO acceptable if you think about all other positive aspects of the tool.
In the end, each state in Germany decided to come with their own solution mostly developed in house, and almost all failed miserably. Couldn't scale, couldn't support different browsers and OSs, all workflows were not well thought. It was so bad that many schools just kept with paper, making the lives of everyone involved a nightmare.
I'm 100% sure that one of the main reasons for the bad digitization in the schools in Germany was caused by this pamphleteering and I would love to know who really got the contracts to develop the "Home Schooling" solutions used after that.
References:
https://www.dw.com/en/oecd-german-schools-falling-behind-in-...
https://www.dw.com/en/germany-and-digitalization-why-cant-eu...
It's way beyond despicable but I'm too tired to fight it so I've caved in and bought a Windows laptop for one of my kids to use for highschool. It disgusts me that Microsoft manages to extract a tax on every kid in highschool and that schools allow themselves to be used as a part of the marketing and sales arm of a multinational company.
> I went to buy a laptop for my son's new school last week. When I heard it was required, I was expecting some list of hardware requirements but no, the list I got had exactly one specification: Windows.
Schools also do free advertising for Microsoft products, at least in all of the schools where I went to until ~5 years ago. At minimum once a year we were made aware of the fact that we could get Microsoft products like Office at steep discounts from their new online store which they were so proud of and thankful for. Benevolent microsoft letting us get used to their ecosystem for prices we could actually afford, but not free! Still gotta make that profit!
Not sure why they didn't also advertise for libreoffice which, last I checked, is even cheaper and an even better protip (better compatibility if we would just not force each other to keep using the proprietary thing). I guess they just didn't feel like the libreoffice foundation was giving them free money the way that microsoft pretends to.
It gets even more ironic if you realize that schools fall in the 'semi-government' category and thus it's legally required (not optional) to use open source software unless that's impossible, and if it's impossible then it needs to be documented why it's impossible. In practice, you can guess how much this law is followed. I never heard of any consequences for not following it.
TL;DR: legally, there is the opposite of a microsoft requirement, except many schools require both Windows and Office in practice
I had a strong affinity for computers from an early age, but all education was focused on Microsoft Access, Excel, Outlook, Word and Powerpoint
If you could get any programming (only in College) it was Visual Basic 6 or VB.NET (with Access or MSSQL)
There was no curriculum that wasn't a buy in to the microsoft ecosystem, even at the advanced levels.
This is surely amazing for microsoft, entire generations of people trained exclusively on their platform.
1) productivity suites are a poor fit generaly.
2) learning concepts over specific tools is always going to be a better investment.
3) I’m not sure there even was open office when I was learning. But there was lotus and co. // I’m mainly annoyed that they didn’t teach concepts around computers and instead focused on “Microsoft X” so my entire education was based on one company and what it was inflicting on the world.
Everyone who graduates only knowing those tools is enormous pressure for companies to use those tools, or the burden of training from scratch is on the company.
It was the other way around, at least where I live. Companies pressured schools to teach skills they actually need people to have - and that's MS Office, because even today nothing else comes close.
And children with aptitude for computers, who don't need office suites but would like programming - that's less than 1%. If you want public schools, you're not going to have specialized teaching for small groups - nobody pays more for that.
I’d prefer a real education about how computers work, not to learn any particular single tool or ecosystem.
Religious education does not only teach Christianity. It’s wild that computer education only teaches (or taught) Microsoft (a non-European proprietary corporation).
> even today nothing else comes close.
Close to what though?
Close to replicating MS office? Sure, but that’s like judging an apartment building on the merits of a house.
Your implication that productivity tools compared to MS office are lacking. That’s extremely dubious, perhaps some features are lacking (google sheets doesn’t support GANT charts for example) but there’s other things that you can do which are impossible in office (google sheets can do raw SQL and attach to big query); I’m specifically comparing google to MS here but it’s mainly to give an idea that things don’t map 1:1 across productivity suites.
And yes: The world runs on excel, but I find it hard to believe that’s because excel is the pinnacle of software. It’s probably more to do with that it’s “good enough” and fairly flexible- and crucially, everyone knows it and it’s pitfalls.
You can be productive with other software.
No, that is not why Excel runs the world.
Those capabilities are not used even slightly in the companies I’ve worked at.
If you use VSCode don't forget telemetry is enabled by default.
Here is how to disable it: https://code.visualstudio.com/docs/getstarted/telemetry
I refuse to touch any Windows 10 machine that did not go through this:
https://github.com/W4RH4WK/Debloat-Windows-10
https://gist.github.com/gvlx/b4d4c5681900ca965276fc5c16fe852...
(Warning: Use at your own risk)
Here is a great experiment you can do. Use an app like for example Netbalancer that can show you bandwidth use per app. Launch your locally installed PowerPoint. Note I am not talking about Office 365 but a locally installed Office component. Start some internal presentation to your fellow workers, just presenting, no editing or creating a new presentation. Amaze yourself at it sends data to Microsoft at the rate of 4 to 5 MB/s. Yeah...just try it.
Amazing is too small a term. Unacceptable is more like it. Wow. Why do companies that spend a significant amount of money on securing their infrastructure fall for this?
If you're Google sure throw a 100 people at a project that might get pivoted or axed. It won't matter. But a Government IT initiative? They have to be more efficient.
If you have any highly specific claims about this please point to news articles in reputable journals which have not already been repudiated.
Not on GSuite accounts.
It doesn't even have to be malicious, it can happen accidentally. If the entire company is based on advertising and privacy violations then it's hard to truly have "private" data without building an entirely separate system in parallel, otherwise you could put your data in a place you think it's private, not realizing some other component of the system will use that for ad targeting.
https://www.nytimes.com/2017/06/23/technology/gmail-ads.html
"Google Chromebook outlawed in Danish public schools"
https://news.ycombinator.com/item?id=32142927
(77 points, 73 comments)
When it came to whitelabelling our product for a big multinational customer, they really liked that we were hosted on GCP and not AWS because they considered Amazon a competitor and couldn't justify paying AWS as a result.
Privacy concerns aside (which I believe are overblown for GCP, strong walls around customer workloads), competition concerns are big for many companies, and Amazon is out there trying to compete with almost everyone in retail and services now. I can only imagine this is going to get worse.
Disclaimer, I now work at Google but not on any of this stuff, this is my personal opinion.
Are you sure that's a technical reason?
This is simply false. A lot of fields use specialized software that is only available on Windows and sometimes macOS. For instance, my wife works in neurolinguistics where most standard software for doing things like analyzing EEGs is for Windows.
However, I agree that this may be true in other branches of education. E.g. in our daughter's primary school they use Chromebooks. They are used as glorified 'web terminals'. I can see why a mutable Linux distribution would be awful from a maintenance perspective, but an immutable Linux system like Fedora Silverblue would probably work as well as ChromeOS.
This is also a failing of the Dutch government and the EU, leaving things to the market, rather than taking initiative and making a standardized education platform.
Problem is, after three months of work, I wasn't able to reliably deploy the OS to a room of computers and connect it to the school network - even though I worked as a Linux server admin before that. Every single computer (all the same, with serial number one after the other) had a different set of issues that made it completely unusable. Many of ones I got kinda working got broken after a few rounds of updates.
Windows just worked right after installation. The year of Linux desktop is still not there.
Those machines ran without fault for multiple years until I had to add some additional support for caching the NFS mounts because we had added so many clients after the initial installation that we were overloading our NAS.
No hardware errors for sure. But these were desktops (not of uniform origin).
Windows machines on the other hand were a bit more painful, every single one had to be hand enrolled to the sambav4 “AD” (we didn’t have AD) and the instructions never worked the same way twice.
So annoying.
Yeah I can imagine that not having AD makes things more complicated, but once you have it, it works very well on Windows.
Not being able to reliably connect to AD was one of the failures I had with this classroom.
Especially because that Microsoft product (AD) is usually the hardest thing to integrate with from other operating systems; and is contingent on owning all user accounts (and usually means you have to use their email systems and file sharing systems).
Quite a lot of lock-in for a base level of user experience.
But I guess that’s OK if you are a shareholder. :)
I definitely wouldn't discount the amount of effort that Apple has put into that.
Try doing it with linux or with OSX Mountain Lion.
The thing is, people (admin and users) are quite happy with the MS stuff - it's not perfect and costs a lot, but it mostly works without too much setup work.
Nah. I’ll pass.
I detest ecosystem lock-in like this. :)
Especially from foreign entities.