Cloud security and threat model?

My understanding is that Nextcloud doesn’t offer end to end encryption by default, and it is having lots of problems.

Can you help me understand the threat model of using Collective.Tools as a cloud provider for my files, calendar, and contacts in the US.

Perhaps it’s safer than a US hosted provider like Google or Dropbox because your based in Sweden but also more unsafe because the files are unencrypted on the server and in transit?

Is there anything that can be done on your end or mine to provide better security?

It looks like I can have more security by installing Crytomator and syncing an encrypted vault rather than the native files. Cross my fingers it works with Joplin.

Thanks for helping me better understand how this all works.

1 Like

Hi! There are a few different options for encryption, you can get an overview here: Encryption in Nextcloud – Nextcloud
The best developed one is server side encryption. We don’t enable that by default, but the group installations can chose to set it up themselves. It uses more resources and storage space, so groups will need to take that into consideration. Here is a setup guide for that Encryption in Nextcloud – Nextcloud
The end to end encryption that they are talking about on Reddit (on servers with not enough memory) is new from the last version of Nextcloud and we haven’t tried it out enough yet.

Here is more general info on Nextcloud security: How Nextcloud keeps your data secure – Nextcloud

The differences to Google are still enormous - the main thing being that they scan and sell your data to advertisers.
With Nextcloud you can move your data to other providers - and don’t get the lock-in to a cloud provider.
We also see our cooperative structure as a safeguard to your user data, our users also own the company.