Thanks for all the detailed information guys. The discussion made me realize that I overestimated the privacy promise of nextcloud. Shame on me.
Meaning if you host it on one the provider that are recommended on the nextcloud homepage like ocloud they can access whatever they want since they have root access and if one of your sync folders is on a shared windows computer those administrators can also access everything directly even if they don’t even know about the next cloud server.
it’s even worse then that all your data is stored unencrypted on the machine you are using with the sync client by default.
I felt quite stupid talking about encryption or privacy in that context when any admin on a Windows machine can access the files. No decryption needed.
Holy smokes that’s a big whole in the privacy I thought and put the whole stuff in veracrypt containers (since truecrypt is…well you know) since I still loved nextcloud.
Imagine the cold sweat on my head when I realised I lost month worth of document changes since the standard settings didn’t work for synching veracrypt containers.
Since the sync folders get overwritten again and again there was little hope to identify the changes I needed back.
After going back and changing veracrypt settings so that nextcloud would not ignore my work I realised that now nextcloud was always uploading the full container size. Oh come on. Why oh why is there no delta sync if you have to use containers. But hey its opensource I got to figure this out it’s good for all of us.
OK so now I went back and analysed my tree structure to cut the containers into reasonable size containers.
But to be honest that’s not a scenario I would like to explain to anybody not interested in encryption etc.
Loading the dozens of different containers and punching in the secure passwords really is tedious.
You need one big container with delta sync.
So in my opinion nextcloud needs to generate a encrypted container that only the user has the password to.
I’m a little disappointed with nextcloud in the current state.
Instead of trusting Dropbox and admins you have to trust whatever nextcloud provider you choose plus admins.
It opens you up to data loss with undetected container changes and data theft with the provider and the admins on your client.
Most people that I know can’t do their own server and are using shared windows computers.
Which means they are back at square one where they have to trust their administration to not take a peek at their data.
My suggestion would be to generate a container for the data and enable delta sync.
I might also be wrong about everything since I know I can never know it all. So feel free to pick this apart if you got the technical skills to prove me wrong.