I’ve a little question : on the cloud page, it’s stated that :
“all your data that is stored on our Nextcloud instance is encrypted! This means that no one is able to see the content of your files if not explicitly allowed by you. Not even the system administrators.”
Thank you for raising this question. The text on the website has been written long time ago and needs to be updated to reflect a more accurate and truer picture.
We use the same encryption as the one mentioned in the documentation you linked to.
The data is encrypted with the user’s password but the keys are stored on the server so it is indeed possible for the admins to intercept the password and decrypt the data but it is not so easy and requires some prior work (and mallicious intentions).
It is not possible for admins to read the content of the files stored on the cloud just by browsing through them or querying the database. Obviously we value privacy very highly and will never consider digging into anyone’s data.
That said, I agree the text on our website is misleading and will adjust it to explain better how the encryption works and the dangers of not having End to End Encryption.
No thats not possible. The files themsels are encrypted with key generated from a password. Which means admin would have to do man in the middle attack to sniff the password, and then use it to decrypt the content.
What admin can see though is filename, its size, and extension so basic metadata you see on a file. For the rest its just gibberish.
So yeah of ocurse its not 100% safe solution, but prevents snooping eyes from access to the files.
everything else then files (contacts, tasks, activities, calendars etc) are stored plain text in database.
I havent dig into this matter much, but I think that the caldav/carddav protocol would have to support encryption in the first place.
I guess it could be that nextcloud could encrypt such data before reaching database and then decrypt it when querried, but i think this possed a headacke in of itself, and it could not be done with end 2 end encryption unless providing special nextcloud app for it for all the platforms and operating systems.
I think the better option is to have the entire protocol enabling encryption by default, but of course this means a lot of work. Hopefully one day someone determined will come around and submit a pull request that will make caldav encrypted by default for everyone.