Provide a way to hide / remove the system address book globally

[mbiebl]

Describe the solution you'd like

The latest version v27 introduces the system address book or more specifically exposes it to every user as a separate address book named "accounts".
This addressbook is also synced to client devices, like iOS, via CardDAV, which is something I don't want.

I'm missing a global switch to not expose this system address book for all users.

Ref #19575

[mbiebl]

To further elaborate on that point: I don't need this system address book on end devices and under iOS it has an undesired side effect: As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.

[ChristophWurst]

As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.

Do you not have any other writable address books?

[ChristophWurst]

https://docs.nextcloud.com/server/27/admin_manual/release_notes/upgrade_to_27.html#exposed-system-address-book doesn't disable the address book but the contents.

[mbiebl]

As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.

Do you not have any other writable address books?

I do have another, writable address book.
E.g. for my own user, I currently have
https://XXXX/remote.php/dav/addressbooks/users/michael/default/ (rw)
https://XXXX/remote.php/dav/addressbooks/users/michael/z-server-generated--system/ (ro)

[mbiebl]

https://docs.nextcloud.com/server/27/admin_manual/release_notes/upgrade_to_27.html#exposed-system-address-book doesn't disable the address book but the contents.

How do I apply/restrict those enumeration settings?
Will the read-only, system address book be gone completely or just empty?
Does this break auto-completion when using sharing?

[mbiebl]

What I'm basically asking here is a way to not expose the system address book via CardDAV.

[ChristophWurst]

I do have another, writable address book.
E.g. for my own user, I currently have
https://XXXX/remote.php/dav/addressbooks/users/michael/default/ (rw)
https://XXXX/remote.php/dav/addressbooks/users/michael/z-server-generated--system/ (ro)

And iOS won't allow you to use default as AB for storing new contacts?

The system AB uses sharing enumeration settings as privacy control. If you turn off enumeration the AB will only show the user's own contact. Autocompletion will be limited to what's allowed for the enumeration.

Hiding the full AB from the user's address book home is currently not supported.

[mbiebl]

And iOS won't allow you to use default as AB for storing new contacts?

Correct.
You can only select full CardDAV accounts, not individual address books.
And the existence of a (single) ro address book makes iOS disregard that particular CardDAV account

[ChristophWurst]

Ouch. Do you know if that also happened before the system AB when someone shared an AB read-only with you?

[mbiebl]

Ouch. Do you know if that also happened before the system AB when someone shared an AB read-only with you?

I think so, yes. But I can double check with v26 if needed.

[ChristophWurst]

It would be interesting to know. If you have an instance at hand I'd appreciate clarity on that. I don't have an iOS device to test.

[mbiebl]

Ok, so I had an older v26 instance still lying around.
It shows the same problem if one activates the "recently contacted address book".

[mbiebl]

I "fixed" that in v26 by uninstalling the "Contacts Interaction" app.

After that, I can again select the Nextcloud CardDAV account as default account for new contacts on iOS.

[ChristophWurst]

That is unfortunate but good to know. I wonder if that is a bug in iOS or if this behavior actually makes sense. Could this be worth a new topic at https://discussions.apple.com/? I could not find existing discussion about it.

[mbiebl]

I guess this is a separate discussion to have and I do not want to derail this issue too much.

The issue with iOS is not the only reason why I want to not expose the system address book (via CardDAV).

[mbiebl]

The system AB uses sharing enumeration settings as privacy control. If you turn off enumeration the AB will only show the user's own contact. Autocompletion will be limited to what's allowed for the enumeration.

Ok, thanks. So this mechanism will not work for me as I do want to have autocompletion work for file sharing.

[ChristophWurst]

The scope is the one next to the heading of the property, not the profile visibility:

[MicKress]

To further elaborate on that point: I don't need this system address book on end devices and under iOS it has an undesired side effect: As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.

So I can choose Nextcloud as default address book in iOS (16.5) even if I have activated recently contacted adress book (as a read-only-address-book).

[jancborchardt]

Just to understand @ChristophWurst – this is not a fix for the read-only system address book not working on iOS, correct? Any idea what we could do there?
Maybe @marinofaggiana @Ivansss do you have insight here?

---

I even thought about using only the contacts based on Nextcloud accounts for people affected by this issue, but you can't put several phone numbers or a street address into the Nextcloud profile.

@accolon could you open an issue about that on https://github.com/nextcloud/server/issues/ ? It would be an enhancement to the Nextcloud profile cc @Pytal

[mbiebl]

Any idea what we could do there?

Since iOS is closed source, I don't think you can actually do anything about the iOS issue regarding read-only address books.

That said, the wish for having a switch to turn off the SAB is not only this iOS behaviour.
As was mentioned elsewhere, in some cases, you simply don't want to export the SAB for other reasons.

So, in conclusion: simply provide a switch to turn off SAB (via CardDAV), and I'd be happy

[bcutter]

Really looking forward to switch this off. No idea for what reason / on which purpose it has been implemented (there might be good reasons for collaboration), but for a well-managed instance the downsides are just too much, also if it's "only" duplicate/redundanct contacts not being able to deduplicate. Quite annoying, at least it was listed at https://docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_27.html - so someone writing that already thought "well, this might be not for everyone... let's tell the people" - and he was absolutely right :-)

• Any workaround?
  • I don't want all users to temporarily set all their profile information to private (as this would also have an impact on auto-completion, usage in file sharing or Talk etc. etc.)...
  • Would the deletion of the "Accounts" addressbook (URL /remote.php/dav/addressbooks/users/Username/z-server-generated--system/) work? Not confident enough for the moment as I'm not sure if it will have side effects...
    
• Any estimation for the global SAB turn-off switch?
  Maybe as compromise would be to have a per user configuration option for the SAB so one could easily disable this address book. That feature is already implemented so this could potentially speed-up the "get rid of redundant SAB generated contacts on all my synced endpoints", couldn't it?
  

[nicokaiser]

There needs to be a way to hide/disable the system address book, it just does not make any sense in some cases. Especially since it is not a „global address book“ but a list of user accounts which cannot be altered in any way.

On iOS this causes an additional contact list „Accounts“ which all user account names without any additional data (profiles are disabled), and even with some users twice in the list (I have no clue why). So in the unified contacts view these contacts are listed 3 times, which is very annoying and confusing.

I see that for some users this features might be helpful, but it really should be optional.

[lwt-pressy]

For me this is also a security and a privacy issue. I dislike it the all my admin accounts (even the backup accounts) are disclosed. Also the user can not set their full name and email to private, so they will by default not only disclosed to all users, but also by default then sync to all the outside device the other users sync it to.

[jph76]

Just adding my 2 cents: This is really annoying on iPhone. “Mobile” phone numbers from user contacts get overwritten by “voice” phone numbers from system contacts. Unfortunately, stupid Siri can’t handle this, at least in German. “Hey Siri, ruf xyz auf dem Handy an” (call xyz on mobile) results in Siri answering “I don’t have a mobile number for xyz“ and “Hey Siri, ruf xyz auf Voice an” (call xyz on voice) results in Siri shrugging “I don’t have an app for that”.

(Is it just me or is everybody else also unable to remove phone numbers from personal profile?)

[ChristophWurst]

“Mobile” phone numbers from user contacts get overwritten by “voice” phone numbers from system contacts

Interesting. It was other before but we changed it to voice: #38454.

https://www.rfc-editor.org/rfc/rfc6350.html#section-6.4.1

[ChristophWurst]

“Mobile” phone numbers

Those must be TYPE=cell in vcards.

[jph76]

It looks like this: TEL;type=IPHONE;type=CELL;type=VOICE;type=pref:+49 ...

[JRGonz]

I have bumped into this as well. Is the solution going to be to hide the system address book? This seems like the best solution since I am also seeing duplicates in the web UI contacts list. I thought I had broken something until I noticed the Accounts addressbook popping up in iOS. Hopefully a hide option is the solution since the older method of simply sharing an address book with proper permissions to groups/users was working great until I updated to 27.

[ChristophWurst]

Is the solution going to be to hide the system address book?

Yes, that is one of the accepted solutions: #38880 (comment)

[JRGonz]

Is there any progress on this? I noticed it is still not assigned and this 'feature' of having an Accounts addressbook exposed is causing havoc with my users. The duplicates are confusing iOS and avatars are not showing up or proper contact information because of the 'Accounts' addressbook they all have pushed to their devices. iOS doesn't allow fine tuning of addressbooks anymore either. You used to be able to turn off per addressbook but I guess Apple removed that option.

Same with duplicates in the NC web UI. Autocomplete searches are pulling up two contacts. It has turned into a real mess for end users.

[ChristophWurst]

The proposed change has been approved and is waiting for someone to pick up the work.

The idea of the exposed system address book is that you no longer have to maintain an address book by hand but can rely on the auto-generated one.

[ChristophWurst]

@bcutter @JRGonz @marianrh do you code or know someone who does? I'd be more than happy to give pointers and assist making this change happen.

[ZID-TU-Graz-Collab]

What is the probability that the global SAB turn-off switch will be available in NC 27.0.3?
This information would help us to decide if we should upgrade to NC 26.x or find an workaround for 27.x by ourselves (as @mbiebl mentioned, email -and also full name- can not set to 'Private' in the UI).

[ChristophWurst]

Needs admin docs

[miaulalala]

Documentation here: nextcloud/documentation#11048

[jph76]

@ChristophWurst Thank you for fixing this.

Making the system address book available via DAV is a good idea but it probably wasn’t a good one to introduce this feature as a breaking change.

Some thoughts on this feature: For a tiny family Nextcloud like mine exposing the system address book makes sense. It removes the need to create family members twice as users and as contacts in the contacts app. I don’t have to think about data protection etc., this makes things easy for me.

But the system address book is IMHO not yet ready to provide contact information from the regular contacts app. For example, the system address won’t let me add different phone numbers to a contact on the profile page like the contact app allows.

Maybe it’s worth the effort bringing the system address book/profile page on par with the contacts app.

[phaidros7]

The proposed change has been approved and is waiting for someone to pick up the work.

The idea of the exposed system address book is that you no longer have to maintain an address book by hand but can rely on the auto-generated one.

Wouldn't it be an alternative solution, instead of publishing the 'system address book', which in reality is a list of all local accounts to create a real address book, in which users or groups can be included or excluded, even by default?

That would solve the maliciously exposed admin accounts.

Double entries in search / auto complete could be prevented by just filtering the list for duplicates, or am I wrong here?

[schweigerson]

See https://docs.nextcloud.com/server/latest/admin_manual/groupware/contacts.html#system-address-book
$ sudo -u www-data php /var/www/html/<nextcloud-subdir>/occ config:app:set dav system_addressbook_exposed --value="no"