📝 Correction | Nextcloud is NOT End-To-End encrypted #1794

New Issue

2020-03-23T10:30:12Z

grasmanek94 commented

2020-03-23 10:30:12 +00:00

(Migrated from github.com)

Description

The text on https://www.privacytools.io/software/cloud/ reads:

Nextcloud is a suite of client-server software for creating your own file hosting services on a private server you control. Nextcloud is free and open-source, and supports end-to-end encryption with many of its clients. The only limits on storage and bandwidth are the limits on the server provider you choose.

(emphasis mine)

I'd suggest to remove any references to E2EE entirely for this software, unless Nextcloud can provide proof / instructions that it's possible.

Why I am making the suggestion

False advertising of features.

My connection with the software

I have tried the software because privacytoolsIO recommends it, especially because I was looking for E2EE. I followed the self-installation instructions for my Debian server (using docker), installed the client on Windows and Android, only to find that there exists no E2EE option anywhere in the app on Windows, Android or on the server Web UI. The files can be read unencrypted in clear-text on the server(!) when accessing the server via either SSH or SFTP.

## Description The text on https://www.privacytools.io/software/cloud/ reads: > Nextcloud is a suite of client-server software for creating your own file hosting services on a private server you control. Nextcloud is free and open-source, and **supports end-to-end encryption with many of its clients**. The only limits on storage and bandwidth are the limits on the server provider you choose. (emphasis mine) I'd suggest to remove any references to E2EE entirely for this software, unless Nextcloud can provide proof / instructions that it's possible. ## Why I am making the suggestion False advertising of features. ## My connection with the software I have tried the software because privacytoolsIO recommends it, especially because I was looking for E2EE. I followed the self-installation instructions for my Debian server (using docker), installed the client on Windows and Android, only to find that there exists no E2EE option anywhere in the app on Windows, Android or on the server Web UI. The files can be read **unencrypted** in clear-text on the server(!) when accessing the server via either SSH or SFTP.

Mikaela commented

2020-03-23 14:14:47 +00:00

(Migrated from github.com)

Their website has:

https://nextcloud.com/endtoend/

and if I understand correctly, to enable it as admin you install this

https://apps.nextcloud.com/apps/end_to_end_encryption

However we should probably have a warning label that the upstream says End-to-end encryption is still in alpha state, don't use this in production and only with test data!

Their website has: * https://nextcloud.com/endtoend/ and if I understand correctly, to enable it as admin you install this * https://apps.nextcloud.com/apps/end_to_end_encryption However we should probably have a warning label that the upstream says *End-to-end encryption is still in alpha state, don't use this in production and only with test data!*

thatrobotdev commented

2020-08-11 22:41:21 +00:00

(Migrated from github.com)

It looks like the issue that has been linked to the warning label (https://github.com/nextcloud/end_to_end_encryption/issues/111) was closed after this PR was merged. Should we update the link to somewhere like https://help.nextcloud.com/t/help-test-the-latest-version-of-e2ee/87590 instead?