Server-side encryption and files privacy


I am wondering about users privacy.
Please don’t suggest e2ee, I need to understand the server-side enryption.
Using Nextcloud on an OS server by external providers, is the OS admin able to create other Nextcloud admin account further to my admin one?
If Nextcloud server-side encryption is active, can the Nextcloud admin access the users files? Canthe OS admin access the users files?

Thank you

An admin can manipulate the entire Nextcloud.

For example he can use the backup or dump the whole Nextcloud. In a few seconds he can decrypt the Nextcloud data. The server side encryption is only useful for external storage e.g. for using Amazon, Microsoft, Google storage if the Nextcloud is not there. And perhaps when the admin is bored and just has a quick look at the folders and files and he only sees encrypted data.

You are welcome to use server-side encryption. But it has no security advantage for your use case. You’re just telling yourself that.

You should either encrypt the data on the client side or trust the administrator.

Its like an e-mail hoster. Or do you use PGP or S/MIME? If not, security doesn’t seem to be that important to you with e-mail, too. There is practically no difference between e-mail and cloud. In the end, it’s all data. With e-mail, however, encryption is even more difficult, as both sender and recipient have to opt in.

The idea behind is that Nextcloud is usually self-hosted or at least managed by someone you can trust. Everything done server-side can be manipulated by the admin.

When you want a public server to provide some less sensitive data at higher speeds, you can set up two servers, one locally with all data and then just the less sensitive data to share on this public server.

1 Like