Experience E2E in NC 20/21 / Documentation

Same issue here, no file versioning as long as End-to-End Encryption app is enabled.

Ongoing still even in Nextcloud 20.0.10.

End-2-End encryption removes almost every feature Nextcloud provides. If somebody wants e2e encryption he must accept the limitations. at least for Nextcloud this simple rule apply: if you don’t trust the hoster - host yourself - the latter is not not easy but doable even for not experienced users - if they are willing to learn and spend some time to regain control of the data and improve privacy.

Unfortunately, none of this seems to be documented. I suspect that paying Enterprise customers receive different information than the public.

I have no reference handy but pretty sure this information is not “hidden”. I remember I got pretty good understanding of e2e high-level design at some point… don’t exactly remember where I got this information… good starting point would be definitely this talk:

once you understand what happens in background it’s easy to understand which features are lost… but I agree some easy-to use comparison table would be great…

Hi @PeterBeu

It’s not really documentation. But it describes roughly how it works and lists everything that does not work…

1 Like

I can accept losing versioning for E2E encrypted files, but why do I lose versioning for every file on the entire server? That’s certainly not documented.

Either way, it’s clear that E2E encryption in Nextcloud is not well implemented, barely documented, and the community has been largely ignored over the years. It’s like Nextcloud is trying to keep these issues swept under a rug.

do you have a proof for this statement?

while I could agree in some aspects, this is definitely not the area where it is true. In my eyes the community is the crowd who is using Nextcloud mainly on their self-hosted platforms (often at home). In this setup user tend to trust the server (admin) - which automatically lowers the demand for e2e encryption. I see this feature rather useful on the enterprise/public hoster side - where users may store sensitive or private information and don’t want admin to have access to this - but this not a real community in my eyes - and most likely they get support they need to run this feature through enterprise support.

Definitely we can see Nextcloud GmbH as the driver of the project tends to put more focus on enterprise functions, but there are lot of I appreciate as private user as well. From last features shipped I really like high-performance back-end for files, I don see a value in dashboard app and I feel this really disappointing such huge bug like broken Webauthn 2nd factor has passed QA (but this counts more as enterprise feature for me).

There are discussions if we need another powerful player with more focus on free usage - but it looks the pain is not enough now as nobody started another organization now and people only complain from time to time. I think if people want more attention on private users they should start spending time on testing, documentation, support and promotion of Nextcloud - more users would give more weight and attract more professionals with useful skills.

1 Like

Hi PeterBeu

NC Versioning for non-E2EE files is working for us. We are using NC Snap, End-to-End Encryption 1.7.1, Default Encryption module 2.9.0 and the latest NC desktop client 3.2.2. What version NC and E2EE are you using?

We tested creating an E2EE encrypted folder and adding files to it, and then tested uploading modified file to a non-E2EE foler and verified that versioning for the non-E2EE file still worked.

Note that we did not enable Server-Side Encryption because the the End-to-End Encryption github page says “Limitation - E2EE is currently not compatible to be used together with server-side encryption”.

E2EE is not very useful without the ability to share the encrypted folder. It seems that the only purpose of E2EE is to hide the data on the server from the server admins.

Thank you

I didn’t spend lot of time on it but my quick tests with NC21 on docker show e2ee only works to distribute files between different devices of same user encrypted/secured.

sharing with other users is grayed out (latest stable desktop client) - as result I don’t reach the state of not working I can’t even share the e2ee folder.

please let me know if this works in your installation - any advice is highly appreciated.

Hi wwe

Sharing of e2ee folder is currently still not supported. It seems the sole purpose of e2ee folder is to hide the data from the server admin. We tried sharing e2ee folder several times a few months ago and again a few days ago (including trying out a workaround suggested here), and it didn’t work. Some techie explained to us here that it is technically quite difficult to implement sharing of e2ee folder, but we aren’t technical enough to understand his explanation.

The Nextcloud website End-to-end Encryption – Nextcloud says they “aimed” to make sharing of encrypted folder work. So it is still work in progress.
"We aimed to fulfill the following business and technical criteria. … Sharing on folder-level granularity must be possible to individual users. No passwords should need to be exchanged for sharing. Key exchange should be auditable. ".
Don’t think it willl happen anytime soon.

1 Like

I opened a topic on the documentation’s bug tracker regarding the missing E2E documentation:

For enterprise customers, there is a separate knowledge database which is not available publicly. But no idea the status about E2E documentation there.