The End-to-End Encryption app is mentioned in the NextCloud documentation, and it immediately set off and alarm in my head.
Why do we need it? Does this mean our data is not encrypted? On top of that, it seems that it is a pretty risky app to use. Am I understanding this completely wrong? I thought this kind of encryption was built into Nextcloud already.
Correct, just as it is not encrypted on any other service.
In order to encrypt the data before it enters the server. Hence it being encrypted “end to end.”
e2e is available as an optional app, which any admin can choose to add to their installation.
Regular encryption used is for securing your connection to the server using SSL (https). This prevents other from snooping on your connection. It is what dropbox, google, and all other services use.
The documentation could certainly use some updating. e2e is still very much under development, but can be setup and then used directly from the desktop and mobile clients. This is great for security of your data, but will break basically all other functionality Nextcloud provides beyond moving encrypted data between devices.
It is up to you whether you wish to use e2e, plus how much data you wish to have fully encrypted vs. accessible for easy viewing, sharing and collaboration via the server webui.