aybanda
commented
1 week ago Interested in solving this working on it @aahmozart
Open aahmozart opened 1 week ago
aybanda
commented
1 week ago Interested in solving this working on it @aahmozart
aahmozart
commented
1 week ago Interested in solving this working on it @aahmozart
Many thanks. If anyone else would upload the APK to f-droid that would be great for exposure as well.
nkalupahana
commented
1 week ago Thanks for creating an issue. I want to bring some potential issues with this idea to your attention:
baseline encrypts user data with user-specific keys that are stored within the user's individual Google or Apple account. Even though your data is technically on our servers, there is no way we could read any of it. That being said, if you are really worried about your own data privacy, I recommend hosting baseline yourself as it currently exists on Firebase + GCP -- most of the deployment is declarative, and it isn't too hard to spin up your own. (You could also make a burner Google / Apple account and just use that to sign into baseline, which is far easier.)
You could also provide Nextcloud as an SSO provider to have it store your encryption keys instead of Google or Apple, which would follow the paradigm that baseline currently uses. However, Firebase doesn't support Nextcloud, so you'd have to write a custom connector for all platforms, and I'm not sure if Nextcloud even provides SSO, which would be a requirement for any sort of integration with it anyways.
aahmozart
commented
1 week ago baseline cannot be uploaded to f-droid, because it uses a lot of non-free software (Google Play Services, Google Analytics, and Sentry, just to name a few).
Is it possible to have a different apk without these services? I know Telegram has a separate apk with no proprietary software
baseline already has a web app that syncs with the mobile app, so an additional web app is not needed
Ah! Apologies I did not see that one. I will be sure to check it out later.
You will run into a lot of problems trying to host data on a separate platform. baseline is very tightly integrated with Firebase, and it would take 100+ hours to try to swap that out to a different provider, especially if that provider does not provide real-time data synchronization capabilities on the order of milliseconds (it does not seem like Nextcloud provides this, or even a database offering of any kind).
In your opinion what would be the best way to self-host baseline? I'm not necessarily fixated on Nextcloud, if you think there's a better, easier way of deploying baseline including syncing locally with all FOSS software, I'm all for it.
If you think there's no way other than spending 100+ hours to develop this kind of functionality, then I understand it requires more time than I initially thought. I'm up for raising this bounty to $600
nkalupahana
commented
1 week ago Is it possible to have a different apk without these services?
It could be possible, but it would take quite a bit of effort, would degrade user experience if features weren't replaced, and I'm not really sure what it accomplishes. The target audience of baseline is not really people who are religious about FOSS, it's people who are working on their mental health.
In your opinion what would be the best way to self-host baseline?
baseline is not really set up to be self-hosted, especially not for multiple people. If you wanted to self-host it for yourself, you could probably use Firebase's Authentication and Realtime Database Emulators. I don't believe these are designed to be exposed to the internet, but you could run them on a VPN/private overlay network (e.g. Tailscale), and then swap the URLs in baseline to point to the emulators. I'm not sure if these emulators are FOSS, but they're certainly OSS, so do with that what you will. Any other option would likely be a very significant developer lift.
Appreciate your work and especially on open sourcing this app. It would be great if users could also host their data themselves instead of relying on companies like Google or Apple for authentication or storage. IMO the way to do it is by:
I can donate $400 to this issue. Let me know if this is something you're interested in.