incredibly fucked up privacytools.io still recommends nextcloud

@animeirl why, what happened with nextcloud?

@tuxcrafting i just think recommending unencrypted cloud storage on a privacy-focused site is a terrible idea + nextcloud is a buggy piece of shit

@animeirl @tuxcrafting but security and privacy are two different concepts.

@xiao @tuxcrafting unencrypted data is not private

@animeirl @tuxcrafting I would argue that unencrypted data I have on an inaccessible storage unit is private.

@xiao @tuxcrafting i would argue that that is only ever arguably the case if said storage is not connected to the internet

@animeirl @tuxcrafting now I have to ask - what part of nextcloud is "unencrypted" in a way that makes a practical difference to privacy?

@xiao @tuxcrafting all your data is stored either unencrypted or encrypted with a server-side key meaning anyone with access to the server can view all your data (vps provider, people in your house if it's a local machine, hackers who gain access to the system in any other way)

@animeirl @tuxcrafting for which hosting project is this not the case? And how do you propose nextcloud to solve the problem?

@xiao @tuxcrafting end to end (client-side) encryption. data is encrypted and decrypted on the local device and only ever stored in the cloud encrypted. encryption keys are only ever stored locally as well (derived from the user's password) The other cloud provider listed on privacytools, S4, makes use of this as well as several other cloud storage providers such as mega, keybase, sync.com and others.

@animeirl @tuxcrafting that is unfortunately at odds with regulations in many countries where you as a company have to take ownership over the data you host (remember that a big part of nextcloud's users are companies). In that sense I agree that the users of the deployed system doesn't have a proper expectation of privacy, but the users (companies) of the product (nextcloud) can have their privacy. I don't see any solution to this though.