I just received an invite to register for the Owncloud Webinar for a new End-To-End Encryption plugin. Has anyone else heard about this? Will this be ported over to Nextcloud? Does anyone have any information about this? Thanks!
I saw a note fly by - it is a proprietary solution from a small company so trusting it seems… less than sensible. No way to verify how it works or what it does with your data
Haven’t seen any other news so no clue what came of it.
Ohhh täusch dich da nicht, ich habe herausgefunden dass es sich hier um 3 Firmen handelt die in einer Kooperation zusammenarbeiten. Eine davon hat sehr viel Sicherheitstechnik für Mobilfunkanbieter und Fernsehsender entwickelt und die anderen sind spezialisiert auf High Security Hosting, über die dritte konnte ich nichts herausfinden ausser das die auf SAP Backup spezialisiert sind. Ich habe die Software von meinen Technikern testen lassen und es funktioniert wirklich extrem gut für die erste Version.
Sorry everyone, I wasn’t paying attention when I posted in German – the current string is in English.
Please don’t be mistaken, I have done some research and found that at least 3 companies are cooperating on the E2EE project. One firm develops security technology for mobile operators and TV stations – so not so small! Another c specializes in high security hosting and the third one is specialized in SAP Backup – that is a very demanding marketplace. I had one of my techs download and begin testing the software and it really works extremely well for the first version.
Seems to be from this company:
- Can be decrypted from a browser web interface. Is this really safe? A major point of for example Owncrypt (Client side encryption) is to avoid the web interface completely going as far as to considering the thought of removing it completely. More about this over here too: Feature Request: End to End encryption
- Not Open Source? Who can review it then? Is this trustworthy by just believing the developer? Albeit not perfect (think about OpenSSL), but still crucial for independent review.
Client side encryption in a browser without a plugin is security theater (as in, false security).
Why? Think of the ‘threat model’. What are you trying to protect against by encrypting on the client?
The answer: from a server you can’t trust. Say an evil admin, or somebody who broke into the server. Otherwise you would encrypt on the server or only in transit (https).
That is why we always have said and continue to say: you can’t have a web interface with secure client side encryption, which is why it is a low priority. Most Nextcloud users use the web interface a lot!
Of course, that assumes you care about a real secure solution rather than a buzzword.
It would be possible to make a browser plugin that does the encryption. In that case, it DOES protect your data but requires that plugin to work.
Anyhow, almost all encryption is worked around rather than broken anyway - you need good security people, a good security process, external reviews and a serious, well run security bug bounty program. Things we’re far ahead in.
@jospoortvliet : Sorry for the possibly stupid question, but:
How is JS in a browser different from a client-side application in terms of security?
I think it would be possible to implement a secure end2end web frontend like this:
- user logs in with his usual password
- all his data is encrypted
- to decrypt data he uses a browser-plugin
- the plugin shows the decrypted data in a separate tab, so the serverside-js has no access to it.
In this scenario the user has only to trust the plugin, which has to be updated manually, and over which the server has no control.
So basically he has the same trust in the plugin, which he would have in any other program, that does client-side decryption.
[quote=“wotanii, post:8, topic:14975, full:true”]
@jospoortvliet : Sorry for the possibly stupid question, but:
How is JS in a browser different from a client-side application in terms of security?[/quote]
How is it not
Think of an attack scenario.
- An attacker wants access to the data of 100 users who use the web interface and “end-to-end encryption”.
The attacker just has to hack the server and make sure the code sent to the 100 users gives the attacker the password/keys used to encrypt data. Just like with server-side encryption we have: the data is encrypted and secure until somebody logs in.
- An attacker wants access to the data of 100 users with real end-to-end, client side encryption
He/she has to hack 100 computers, simple as that. Hacking the server is useless.
So that is, well, maybe not 100x harder (most users don’t protect their home computer as well as the server admin) but at least 20x
You’re correct, yes. The downside is that you don’t have any of the benefits of using the browser so why would you want to do that? Also, it is still risky as it is hard to do, browsers are relatively insecure applications in general.
Let me explain.
Using a browser plugin would of course be a way to solve the problem but it is hard to protect the data from the server-side JS, especially if you want to use server features like the file browser, collaborative editing and other things. In most cases, that just isn’t possible. So if you don’t want to use the features of the web interface, why do you want a web interface?!?
The benefits of the browser with Nextcloud are two things:
- features (from file operations like online editing, sharing, comments, search, move/rename etcetera to apps like calendar/contacts/Tasks/Gallery etc, many of which also use the files)
- No need to install anything so you can sent a link to somebody else and let them upload files to you or watch your pictures
The benefit of end-to-end encryption is:
- the server has no way to access the content of your files
You can’t bring those benefits together. If you would use a browser plugin, you would lose browser benefit 2 (people have to install something) and still not have all of browser benefit one (many of the operations mentioned need the server to know or even fully read the file. For example, Collabora Online runs on the server, so to edit a file you HAVE to have access to it on the server).
BTW I wrote a blog about the differences: