Since it’s a common concern for /e/ users, we’d like to clarify a few points:
- ecloud.global is an instance of ecloud-selfhosting, which is based upon several open source projects.
- Nextcloud server-side encryption is not used, since the data is stored next to the application and NC themselves suggest full-disk encryption in this case. That’s what we use for now – LUKS.
- We have a long-standing relationship with a security expert in charge of hardening and monitoring our systems, including ecloud.global.
A few of the improvements applied to ecloud.global in regards to the base ecloud-selfhosting instance:
- Performance tuning adapted to the scale of the service (number of users, storage size, etc).
- We try to always keep the infrastructure and applications in compliance with the best available security hardening guidelines available such as DevSec Hardening Framework and CIS Benchmark for Ubuntu.
- We apply process confinement techniques and mitigations provided by AppArmor and systemd.
- We use Wazuh monitoring for threat detection.
If you think (or can prove) that there is a security vulnerability in ecloud.global or the ecloud-selfhosting project, please contact us directly: security AT e.email . Kindly use the following key to encrypt any sensitive disclosure:
https://keys.openpgp.org/vks/v1/by-fingerprint/F242DB4B0F002ED0AB73A5D06E25E121E5939DAF
Thanks,
Arnau