I have recently setup a Nextcloud instance via Docker and HomeDrive.io. It was a lot easier to setup for a newbie than the manual way and it just ‘works’. No need for a domain name or setting up HTTPS etc…
This however worries me a little as it means I do not really understand my own server and how it is running. How do i know my Nextcloud instance is actually secure? If the end point is HomeDrive.io, can they theoretically see all my traffic? There seems to be nothing online about them but the companies own site which is reassuring but a bit vague and only one source.
I know they appear on the Nextcloud site under ‘Devices’ but have they been vetted, has the source code been checked? Who are the people behind the project? This seems a bit like trusting a third party service provider with my data. I just have to trust that the company treats updating and security seriously and that they actually delete logs and have no way of accessing my data.
Is there a real concern here or am I misunderstanding the way HomeDrive works?