Why tell users that admins can see theirs files in Parameters > Privacy page (if it is wrong)?


When a Nextcloud user go in Parameters > Privacy, he sees Administrator accounts supposed to have access to their data (files…).
Whereas, as an administrator, I can not see users files (or I just don’t know how ?).

Does someone has an explanation for that ?


May be meaning here is that administrator can do something like this from the command line and see everything (“versions” and trash bin also):

ls -lar .../nextcloud/data/USERNAME/

I add this idea too but there is a quite big difference between the application administrator and the system administrator. In many cases it will be different people.

umm. maybe because an administrator could use impersonate-app and see everything that you are storing there. try disabling that app and see if this hint will vanish

I saw the same message and I think the reason for that message was, that I don’t have server side encryption enabled.
That message for my users was bugging me so hard, that I disabled that app to avoid frightening my users without any reason with this confusing (because not explained) warning.
Especially with server-side-encryption we all know that the server admin can still access the files and that would make the files more private in comparison to the disabled server-side encryption.
I hope the developers change that in a future release.

1 Like

How do you impersonate ? I don’t see any application named “Impersonate” in my active applications

Are you talking about the same “Impersonate” app or an other ?

I see a “Default encryption module” app, but it is already disabled.

The app I disabled was the privacy app, so the users don’t see the “Privacy” menu in their settings.

The impersonate app is this one:

I don’t use it and don’t have that installed. However, this app indeed allows the admin to see the other user’s files, notes, contacts and so on in the web GUI.
A serious privacy issue indeed.

OK it works for me too :+1: