Actually that was a fair point. I agree to tthe following to the letter:
There are a lot of nice terms like firewalls, anti-virus, end-to-end encryption etc. and if they effectively decrypt and re-encrypt the traffic at their place, everything passes unencrypted at their place. If they scan (firewall/anti-virus) the content, you can never be sure what happens about it (training-material for something, …)
Just for clearity, real end-to-end encryption means (for me) that you only decrypt the data on your own device. Not even the server sees the real data, just their encrypted form. And for HTTPS traffic to your server, you don’t want anybody else see this traffic unencrypted.
It is this part which for none-corporate or small non profit organisations, is considered very good practice to implement, that I reacts to:
What’s the point of tunneling everything through third-party servers? You add a dependency on this solution, and you make the whole setup more complex. For your privately used Nextcloud, you can probably neglect the risk of DDOS attacks.
After all, then finding end points that answers on standard ports based on geolocation in order to do spray attacks like we see now with the conflict in Ukriane and the activities in cyberspace, is most often automated, hence the robot is indescriment and as long as your IP fits in the scope, you are at equal risk of automated attacks. On top of that, then the comment keeps it very general.
What’s the point of tunneling everything through third-party servers? You add a dependency on this solution, and you make the whole setup more complex.
Well this fits everyone which:
- Has no public IP.
- Is serious about security. Consider why anyone (and those anyone are MANY) uses Akamai DDoS shield?
This is why I was offended about your comment.