User tracking (ethics, etc)

What I write now is not directly related to the topic, just opens up a general question in how to use nextcloud related with its initial intention. Just ignore in case, especially if already discussed somewhere else. If some moderator thinks it is worth discussing, better put it into an own topic.

I read already quite much topics from admins, asking about possibilities in how to track their users in a more detailed way than usually offered by Nextcloud (especially before impersonate addon was published). I am wondering about privacy concerns related to this. From my point of view, the initial intention of Nextcloud/ownCloud is/was to enable users/organisations to host their own data and thus become independent from huge web service providers, especially because of sceptism about their trustworthy in case of privacy/usage of your data. For me every Nextcloud instance therefore automatically gets some shine of independence, privacy and trustworthy, compared to iCloud, oneDrive, google cloud etc. where I do not fully trust in their free services without any unwanted use of my data. In some cases it’s even obvious, written down in terms and conditions. But at least IT IS written down there, carefully watched by users and other instances and every criticism is spread out in media. In short: Everyone can know about privacy concerns related with the use of these large service providers.

I started to think if this is the same for users/members of smaller service providers/institutions that use Nextcloud for their web services. If I use some Nextcloud instance for whatever reason, I would want to know, in how far the host/admin is able to track my steps, especially down to just opening/reading a file. In my impression this is just a basic right, everyone should have, no metter what his intentions are.

In relations to the use of Nextcloud, I hope that every user knows about how he is tracked and whenever something changes about that. Otherwise this would from my point of view radically counteract the intentions of Nextcloud.

Again, I do not suspect any admin here, opening a topic like this. I am fully convinced that everything is right with right intentions. I am just wondering if this was thought through already, even it is not possible to control in how people use Nextcloud, nor wanted.

Depends probably on jurisdiction/relationship between user and server operator and so on. A Nextcloud installation hosted by a company where employees are the users is not that much different from Google Drive/Onedrive/Dropbox from a their point of view. The main difference is that the company can host it by themselves and does not have to rely on a 3rd-party hosting provider. Basically, it is not the employees system after all (except they own the company), unlike their private Nextcloud server at home or wherever else.

Aside from that, a lot of logs (depending on the log level set up for different components like Nextcloud/webserver/firewall etc) are generated that can identify users and track everything they do. Nextcloud cannot get around these things (it is a web app on top of these after all) and they are important for organisations/companies who operate IPS/IDS to mitigate data leaks/attacks etc. for example.

Another problem for instances run by a company are sensitive/confidential document leaks (share a link with the rest of the world?) or illegal file sharing which could cause a lot of problems for them depending on the severity of the situation. One example could be liability issues.

At least the company will most likely have another business model that does not rely more less on the usage of user data to make directly or indirectly money ;).

This was also my first thought, why one would want to log/investigate ones nextcloud/webservice usage, especially in combination with trade secrets. My point was not, that there are good accepted reasons in every kind of host/user relationship to do that, more that every user should know, how its usage data is tracked, e.g. also how long it is stored, and in what cases/for what reasons it will be actually used. If I watch a porn during break on company internet, this should be legal, still embarrassing. If my company decides to track individual employees webpage history to find about unwanted browser use (besides illegal of course) outside of break times or generally, it would be fair to let this everybody know.

Of course the server itself logs many data, which is also necessary for bug/error tracking, perhaps hacker attacks or other things, not necessarily to track the users steps. But you can decide to delete data e.g. after 2 weeks , there could run daemons or be other ways to anonymize it, also the log level could be varied, based on certain conditions, e.g. if some user faces issues during his nextcloud/whatever webservice use and you tag it for temporarily deeper log. The config.php e.g. has some parameters to achieve that . And the last decision, which can be also put on record is, how it is used in case, in what situations a single users actions will be followed. This relies in the last instance always on trust. But an opened transparent, always discussable handle of data/log usage for me is the bases of trust. Even that everybody can see through the keyhole, you hardly watch something just by change while just walking along the door. And in case you have a strong evidence that someone had an accident inside, installs a bomb or whatever, everybody may agree, even subscribe, that having a look or even use it to enter, is totally accepted.

As open source project, providing web services interdependently from 3rd party companies, including the privacy laws of their server location counties, I just think that Nextcloud (developers as well as community) generally has an interest on fair, transparent data usage, respecting individual privacy. If so, it might be an idea to promote/advertise this to every nextcloud host. Not as rebuke, just as slight reminder, e.g. on usage of impersonate addon ;).

@MichaIng split this out. There doesn’t appear to be a category where this fits so… support it is.

At least the company will most likely have another business model that does not rely more less on the usage of user data to make directly or indirectly money.

Probably not, but the tracking is still there. It is not their own server after all. In that regard it is not that different from Dropbox/Onedrive/Google Drive/…

If my company decides to track individual employees webpage history to find about unwanted browser use (besides illegal of course) outside of break times or generally, it would be fair to let this everybody know.

Yes, in some countries/jurisdictions it is required to notify users about that. But it just depends where you reside/work/size of company etc.

But you can decide to delete data e.g. after 2 weeks , there could run daemons or be other ways to anonymize it, also the log level could be varied, based on certain conditions, e.g. if some user faces issues during hisnextcloud/whatever webservice use and you tag it for temporarily deeper log. The config.php e.g. has some parameters to achieve that . And the last decision, which can be also put on record is, how it is used in case, in what situations a single users actions will be followed.

Yes, as I said above, it is a legal topic after all. It is just about policy like with so many other things in IT too.

I just think that Nextcloud (developers as well as community) generally has an interest on fair, transparent data usage, respecting individual privacy.

Well, they could set a few default settings if they wish and document them. But it is still up to the operator/hoster of the service on how to handle that.