If you own the hardware it isn’t a issue
Comment on Am I the only one who missed the Owncloud rewrite in Go?
Pika@sh.itjust.works 4 months agoI personally will never use next cloud, it is nice interface side but while I was researching the product I came across concerns with the security of the product. Those concerns have since then been fixed but the way they resolved the issue has made me lose all respect for them as a secure Cloud solution.
Basically when they first introduced encrypting folders, there was a bug in the encryption program, and the only thing that ever would be encrypted was The Parent Directory but any subfolder in that directory would proceed to not be encrypted. The issue with that is that unless you had server-side access to view the files you had no way of knowing that your files weren’t actually being encrypted.
All this is fine it’s a beta feature right? Except for when I read the GitHub issue on the report, they gaslit the reporter who reported the issue saying that despite the fact that it is advertised as feature on their stable branch, the feature was actually in beta status so therefore should not be used in a production environment, and then on top of , the feature was never removed from their features list, and proceeded to take another 3 months before anyone even started working on the issue report.
This might not seem like a big deal to a lot of people, but as someone who is paranoid over security features, the projects in action over something as critical as that while trying to advertise themselves as being a business grade solution made me flee hardcore
That being said I fully agree with you out of the different Cloud platforms that I’ve had, next Cloud does seem to be the most refined and even has the ability to emulate an office suite which is really nice, I just can’t trust them, I just ended up using syncthing and took the hit on the feature set
possiblylinux127@lemmy.zip 4 months ago
azl@lemmy.sdf.org 4 months ago
Saying files are encrypted when it is not true is an issue, regardless of who owns the host box. Even for a small instance that is private family or friends.
possiblylinux127@lemmy.zip 4 months ago
Someone could simply modify Nextcloud to lie about encryption. If you don’t control the server there is no way to know.
Pika@sh.itjust.works 4 months ago
It all depends on your threat model, I own my Hardware as well but I’m still not going to use a software that is shown to me that they don’t take security seriously but I’m also more paranoid than most
barsquid@lemmy.world 4 months ago
Yes, it is. If people are relying on files to be encrypted they may dispose of their disks differently. Or the NAS might be stolen.
possiblylinux127@lemmy.zip 4 months ago
Or an threat actor might just turn it off
vzq@lemmy.blahaj.zone 4 months ago
Ugh. I know that feeling. That’s why I’ve blacklisted salt stack.
news.ycombinator.com/item?id=5993959