Why tell users that admins can see theirs files in Parameters > Privacy page (if it is wrong)?


When a Nextcloud user go in Parameters > Privacy, he sees Administrator accounts supposed to have access to their data (files…).
Whereas, as an administrator, I can not see users files (or I just don’t know how ?).

Does someone has an explanation for that ?


May be meaning here is that administrator can do something like this from the command line and see everything (“versions” and trash bin also):

ls -lar .../nextcloud/data/USERNAME/

I add this idea too but there is a quite big difference between the application administrator and the system administrator. In many cases it will be different people.

umm. maybe because an administrator could use impersonate-app and see everything that you are storing there. try disabling that app and see if this hint will vanish

I saw the same message and I think the reason for that message was, that I don’t have server side encryption enabled.
That message for my users was bugging me so hard, that I disabled that app to avoid frightening my users without any reason with this confusing (because not explained) warning.
Especially with server-side-encryption we all know that the server admin can still access the files and that would not make the files more private in comparison to the disabled server-side encryption.
I hope the developers change that in a future release.

1 Like

How do you impersonate ? I don’t see any application named “Impersonate” in my active applications

Are you talking about the same “Impersonate” app or an other ?

I see a “Default encryption module” app, but it is already disabled.

The app I disabled was the privacy app, so the users don’t see the “Privacy” menu in their settings.

The impersonate app is this one:

I don’t use it and don’t have that installed. However, this app indeed allows the admin to see the other user’s files, notes, contacts and so on in the web GUI.
A serious privacy issue indeed.

OK it works for me too :+1:

On just about any system the administrator can see what is on the system. With the exception of some systems with encryption handled outside the system. Short of you GPG encrypting your data before sending it to the server, the admin will be able to see it if they are persistent enough.

A couple examples would be:

  1. An admin of the server can access Nextcloud’s data directory
  2. An admin in Nextcloud can use the impersonate app to log in as any user