There's an issue with Roundcube default config. It's not new, actually it's going on since more than a decade (I haven't check before). Roundcube is configured to use a spell checker and it defaults to Googie. I bet people installing their own open-source mail server are not willing to send a copy of their messages to Google. Here is the default config part installed with mail-client/roundcube-1.3.8 : ------------------------------------------------------------------------------- /usr/share/webapps/roundcube/1.3.8/htdocs/config/defaults.inc.php - line 725 ------------------------------------------------------------------------------- // Make use of the built-in spell checker. It is based on GoogieSpell. $config['enable_spellcheck'] = true; // Enables spellchecker exceptions dictionary. // Setting it to 'shared' will make the dictionary shared by all users. $config['spellcheck_dictionary'] = false; // Set the spell checking engine. Possible values: // - 'googie' - the default (also used for connecting to Nox Spell Server, see 'spellcheck_uri' setting) // - 'pspell' - requires the PHP Pspell module and aspell installed // - 'enchant' - requires the PHP Enchant module // - 'atd' - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API // Since Google shut down their public spell checking service, the default settings // connect to http://spell.roundcube.net which is a hosted service provided by Roundcube. // You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly. $config['spellcheck_engine'] = 'googie'; ------------------------------------------------------------------------------- Most user have one bundled in their browser, with their own language(s), so is their any need to enable a spellchecker by default ? Anyway, the point of this report is not about the need to enable this tool or not, but more about removing Google from the loop. Please, change the default, it's hidden in a very big config file (1238 lines).
Sorry, reading more I realize that Google is already out of the loop. Apparently the default URI used is a server compatible with Googie API : service.afterthedeadline.com I'm still not sure that's good from a privacy point of vue. Obviously, they claim it's safe : https://automattic.com/privacy/
or is it http://spell.roundcube.net ? I'm confused!
FWIW the default roundcube spellcheck server is offline and upstream considers disabling spellchecking by default: https://github.com/roundcube/roundcubemail/issues/8182 People who want a privacy friendly spellcheck can configure rc to pspell (using the PHP spell API, which uses aspell) or enchant.
Roundcube 1.5.0 disabled the spell checker by default. > We also disabled the spell checking feature using spell.roundcube.net by default because some privacy concerns were raised. It now needs to be enabled explicitly by setting the enable_spellcheck config option to true. https://roundcube.net/news/2021/10/18/roundcube-1.5.0-released
Since Roundcube 1.5.0 disables the spell checker by default, I believe this issue is no longer.
