I would be gladly reassured all is well with e2ee🥰,
but found nothing to that end.
I think Nextcloud acknowledged one of the key learnings from the report: Do not beta test security-critical features.
Even though they have mitigated the vulnerabilities, my best bet is that they are working on not repeating the above, hence as long as we have no news of the above, it is not production ready. And thank you Nextcloud for not doing that again.
1 Like
@MichaelFliegner from your own link:
We have responsibly disclosed the three vulnerabilities to Nextcloud. The second and third vulnerabilities have been remediated. The first was addressed by temporarily disabling file sharing from the E2EE feature until a redesign of the feature can be made.
2 Likes
Then I image, we want to know if that has been done or not, is there a related github issue to follow up?
It’s important to test them in order to see if they are reliable. And then of course having independent reviews that in the end there is something good. Don’t rely on such a feature at this stage.
True. Ofc you need to test, test and test. What the writers means with that sentence is: do not test in production. And yes, the beta and RC versions are for testing and validation only. This is not what they actually mean.
In the conclusions they are elaborating more clearly what they meant. Less focus on early release or cool features and more on testing and even longer on proper design. If not, the first few versions will feel like a beta version.
2 Likes
Hey there I am really confused now 
I understand E2E shared encr has an issue and is being redesigned. So no problem, feature has been deactivated for now, let’s cross fingers and wait.
However what is completely unclear: Is standard E2E encr w/o sharing safe? Or is it recommended not to use E2E encr at all for now?
PS Just to be clear: I love NC and would love to use E2E encr - if solid 
This topic was automatically closed after 90 days. New replies are no longer allowed.