How useful is NC-encryption?

“Nextcloud: A safe home for all your data”, it says on the Nextcloud front page. But how safe is this home when you don’t have your own server but are dependent on shared hosting or VPS-providers? Is the NC encryption app a good solution?

Nextcloud does not provide client side encryption, but server side encryption. This means people with access to the server, i.e. the hosting company I suppose, will be able to decrypt your data. This would not be possible with client side encryption.

Nevertheless, I suppose, server side encryption is better than nothing?

Having the files unencrypted on the VPS is like having a flat with the door closed but not locked, I suppose?

Server-side encryption might be like having a flat with the door locked, but the key hidden outside in front of the entrance, not under the door mat but on a less easy accesible place? You have to go and look a while.

Client-side encryption would mean that the door is locked and the key is with me in my pocket, no chance for you to get in.

I won’t put highly confidential data in Nextcloud, nevertheless this data is not supposed to be public, therefore I ask. And I’d like to have my data easy to be accesible online, easy to share, and secure at the same time.

Nevertheless, I suppose, server side encryption is better than nothing?

My personal opinion on this is that you are gaining a tiny bit of security but open yourself up to all sorts of possible bugs because encryption is a complex piece of code with lots of IO. IO in general is very, very complicated to get right since you are basically always running into parallelism and FS/OS issues where normal code just has to care about memory.

I won’t put highly confidential data in Nextcloud, nevertheless this data is not supposed to be public, therefore I ask. And I’d like to have my data easy to be accesible online, easy to share, and secure at the same time.

I wouldn’t upload highly confidential data in the first place since you can never fully trust encryption algorithms, their usage and security. Too much can go wrong.

I would go down the pragmatic route: if you want to share something consider it to be public (you can’t trust the other person to not make a mistake and upload it) and if you upload something consider it to be possible to leak.

Are your mp3s or vacation photos super confidential? Most likely not. Do you want Google or Facebook to have access to them to build a profile on you and sell the data to advertisers? No -> upload it to Nextcloud.

3 Likes

Thanks a lot! Convincing arguments for not using encryption and nevertheless trusting NC and hosting providers more than Google etc