Serious security flaw - Impersonate app -> no security flaw

Yeah but this model of trust actually still works or has worked in many places in real life. Maybe not in a big city, but it still works in many rural areas. Or let’s say the chance of it actually being exploited is still relatively low in many places

So, epending on where you live, you might actually be able to hide the key under the doormat or leave the door unlocked without anything going missing. The same may apply to local service providers, such as electricians or plumbers: you can give them your house key and they usually won’t steal from you — again, depending on where you live.

However, this trust model definitely falls apart online. The only effective solution to protect your data in the internet is a Zero Trust model: either encrypt everything before uploading it, or host it yourself. It’s relatively simple.

Of course, you could always make excuses, such as claiming that certain services don’t sell your data, or use it for AI etc. — which may even be true at the moment — and convince yourself that it’s therefore OK to use these services. However, time and time again, it has been proven that even reputable services change their terms of service at some point. This may be of their own initiative, or because they are sold and the new owner changes the conditions.

Therefore, again: If you want 100% data sovereignty, you can only achieve this through encryption before uploading or self-hosting.

Disagree. Check out Sync.com – client to server storage, including when at rest, is encrypted. There is nothing special about replicating or backing up encrypted files. Its a file. It contains binary data. Period.

Yes, sync.com uses client-side encryption, and yes, you can replicate and back up encrypted files.

However, I can see two potential problems with sync.com.

1. As far as I know, their software is not open source, meaning you have to trust the company not to have built in any backdoors or vulnerabilities.

2. The share link feature could introduce vulnerabilities if implemented or used carelessly. For example, decryption keys could be embedded in links, or links could be shared without proper password protection or an expiration date.

That said, if we assume they’re not doing anything shady, and that they’re on top of security, with the share feature implemented properly, then nobody, not even sync.com, should be able to access your data.

Still, I’d prefer if they followed the model of services like Bitwarden or Proton, where the cleint software is open source and the code can be independently reviewed.

Third potential problem with Sync.com… no Linux client. For me, that’s not just a problem, it’s a show-stopper. And that is precisely why I’m running Nextcloud.

This is exactly the point. E2E encryption allows file sync nothing more. As soon you want process the data on the server e.g. perform content search or edit files using web interface the server needs the key to access encrypted files.

This is the reason why Nextcloud needs access to user contents - btw it is exactly the same in commercial clouds like M365. this is even well documented by MS - even in case add snake oil like BYOK (bring your own key) the service still has and requires access to the data:

The Azure Rights Management service must be authorized to use your key.

from: Bring Your Own Key (BYOK) details - Azure Information Protection | Microsoft Learn

If you only want to sync files, don’t trust your server and don’t need any server-side processing you can use e2e encryption or choose another product (IMHO Nextcloud goal is going far beyond simple sync and this is the wrong product if you don’t need more.)

The difference between the big players and Nextcloud is; Nextcloud is open source software that anyone can use to set up a cloud storage website (albeit with some tech skills).

In the scenario I gave in my post, who would be liable if someone’s bank account was emptied? The Nextcloud provider (legitimate admin [or hacker]), the user (for stupidly uploading thier sensitive information) or the Nextcloud company for providing the tool to allow the hacker to access the user’s data.

Nextcloud is becoming quite popular. It won’t be too long before hackers realize the opportunity the software gives them. 2FA might give users a sense of security but 2FA doesn’t prevent admins [good or bad] from viewing user files.

If people don’t self host or use E2EE or are not properly educated as to the risks of using un-vetted Nextcloud providers, it may gain a bad reputation in the long term. Unfortunately there’s nothing that can be done to prevent it.

From: The immutable laws of security | Microsoft Learn

Immutable Laws of Security v2

• Law #1: If a bad actor can persuade you to run their program on your computer, it’s not solely your computer anymore.
• Law #2: If a bad actor can alter the operating system on your computer, it’s not your computer anymore.
• Law #3: If a bad actor has unrestricted physical access to your computer, it’s not your computer anymore.
• Law #4: If you allow a bad actor to run active content in your website, it’s not your website anymore.
• Law #5: Weak passwords trump strong security.
• Law #6: A computer is only as secure as the administrator is trustworthy.
• Law #7: Encrypted data is only as secure as its decryption key.
• Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
• Law #9: Absolute anonymity isn’t practically achievable, either online or offline.
• Law #10: Technology isn’t a panacea.

the scenario more or less the same like “bad actor builds a safe and offers you to put your cash and valuables there” - who is liable if you loose them?

as I stated before e2e encryption would help in this case but it limits data processing to users device which is contrary to collaboration goals of any cloud system. if a system with access to your data is operated (or successfully attacked) by bad actor there is no way to protect your data.