Please watch this old video of 2013 by TheLIPTV “Internet Privacy and Encryption Mastered By NSA”:
They say that the leaked documents by Ed Snowden suggest that NSA has access to encrypted communication because they work together with NIST (National Institute of Standards and Technology) on the encryption standards.
What do you think of it?
If communication between client and server is tapped anyway what’s the use of running a cloud like Nextcloud compared to legacy cloud services, what’s the benefit in regards to privacy?
What’s the alternative (apart from not using the Internet and going back to paper)?
This is a very general question which could be answered better on other forums.
My general understanding is that they mainly take advantage of old and misconfigured systems and that they buy 0-day exploits (e.g. stuff to take over your Cisco routers). Breaking encryption is almost always too hard (unless you are using outdated ciphers like RC4), bypassing stuff is way easier.
So make sure that you use the recommended ciphers and update your system regularely. If uploaded content is very important, encrypt it before uploading it or even better: don’t upload it at all.
For recommended ciphers, you can use https://bettercrypto.org/static/applied-crypto-hardening.pdf who provide settings for different applications. You can even disable some ciphers favoured by NIST/NSA. At least you won’t use crypto which is known to be insecure. For the rest of it, you won’t know it for sure.
Even if they can break a cipher, it might require some resources. And then it is the question if it’s worth the effort.
ownCloud/Nextcloud’s goal is not to secure you from the NSA, its to secure you from platforms like Google and Facebook which sell your personal information to third parties and show you targeted ads. Stuff like: you post that you are fired on Facebook and your bank increases your fees because your credit rating dropped (simple example).
I’d actually say that securing stuff from the NSA is not (that) important at all. If they want your data, they will target you directly (e.g. by breaking into your house and installing hidden cameras or key loggers to read your passwords). There’s nothing you can do to protect your data completely.
I’d say a much bigger threat for you are hackers/automated hacking scripts that try to turn your server into a spam/malware distributor.
TL;DR: be pragmatic