Privacy / security questions regarding nextcloud CardDAV CalDAV

Disroot user here, loving your work, kudos to that.

Thinking about switching to disroot nextcloud CardDAV CalDAV for my contacts and calendars and was wondering about security implications.

Brief search about wether contacts are encrypted brings up Contacts Privacy indicating that is not the case as of 2017 dec.

What will the situation be after nextcloud 14 update? disroot is running nextcloud 13 as of today 2018-11-02. Will contact and calender information be stored encryptedly?

If the data is stored in cleartext, would that mean, if disroot got raided or a malicious actor got access for that matter, that access to contacts and calenders could not be prevented?

Not at all trying to indicate disroot is doing a bad job at security or anything in that regard. I simply have no experience using nextcloud and what the security implications are. So thought I’d ask here. Hope that is ok.

Thanks for your work on disroot - this is an invaluable set of tools, which are much appreciated.

I’m afraid there is nothing new in that field. After update there will be no significant change to caldav or carddav because the protocol itself does not support encryption. (Same as in 2017).

Our servers data is generally encrypted (on file system level) so access to data is impossible but only in the case the server is powered off.

··· On 2 November 2018 14:30:21 CET, hodgepodge wrote: > > >Disroot user here, loving your work, kudos to that. > >Thinking about switching to disroot nextcloud CardDAV CalDAV for my >contacts and calendars and was wondering about security implications. > >Brief search about wether contacts are encrypted brings up >https://forum.disroot.org/t/contacts-privacy/2557 indicating that is >not the case as of 2017 dec. > >What will the situation be after nextcloud 14 update? disroot is >running nextcloud 13 as of today 2018-11-02. Will contact and calender >information be stored encryptedly? > >If the data is stored in cleartext, would that mean, if disroot got >raided or a malicious actor got access for that matter, that access to >contacts and calenders could not be prevented? > >Not at all trying to indicate disroot is doing a bad job at security or >anything in that regard. I simply have no experience using nextcloud >and what the security implications are. So thought I'd ask here. Hope >that is ok. > >Thanks for your work on disroot - this is an invaluable set of tools, >which are much appreciated. > > > > > >--- >[Visit >Topic](http://forum.disroot.org/t/privacy-security-questions-regarding-nextcloud-carddav-caldav/4552/1) >or reply to this email to respond. > >You are receiving this because you enabled mailing list mode. > >To unsubscribe from these emails, [click >here](http://forum.disroot.org/email/unsubscribe/74ee6c83bd1b0d6d86f9e2a9eb7b802fdc0af0ff278d07a8ced3e4a74fe2c146).


Sent from my Android device with K-9 Mail. Please excuse my brevity.