Cloud storage has become ubiquitous in modern society. The most widely-used example, I think, is the one that comes prebundled with our p…

  • frogmint@beehaw.org
    link
    fedilink
    arrow-up
    2
    ·
    9 months ago

    https://nextcloud.com/encryption/

    End-to-end Encryption client-side is available from Nextcloud desktop client 3.0 and newer as a folder-level option to keep extremely sensitive data fully secure even in case of a full server breach. The server facilitates key exchange for syncing between devices and sharing but has Zero Knowledge, that is, never has access to any of the data or keys in unencrypted form.

    It’s not a big deal if you self-host at home either. You can use SSL for the traffic and LUKS for the storage.

    • delirious_owl
      link
      fedilink
      arrow-up
      1
      ·
      9 months ago

      Again, i dont recommend nextcloud because it doesn’t encrypt everything. Same for other cloud providers. I wouldn’t use it unless everything is encrypted client-side and it cannot be turned off.

      It is a big deal if you self host. If you server is owned, your data is compromised, because the server can read your data.

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        To be fair, if your server is taken over, there’s a good chance your other devices have been compromised first/as well, in which case you’re already in trouble.

        • delirious_owl
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          9 months ago

          No way. Servers are easier to compromise because they’re online all the time and by definition exposed to requests from the public internet

          • Dark Arc@social.packetloss.gg
            link
            fedilink
            English
            arrow-up
            2
            ·
            9 months ago

            You can have a server without a public IP; that’s totally doable. An internal server that’s only accessible from LAN or a VPN is still a server.

            Also, the majority of compromises happen because of user error (e.g., someone opens/runs the wrong thing) or an unpatched machine, not because of an exploit in server software/because the machine is always on. This is especially true in the business world where it’s often a combination of human error and the network not being segmented/ACLs not being set properly/etc (lots of cases of human error).

            It’s also not that unusual for someone to keep their e.g., desktop always on or their laptop/mobile device in a low power state where it still has network activity despite being “off.”

            • delirious_owl
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              edit-2
              9 months ago

              Yes. In practice, servers are easier to own than computers