Administrators have access to your data

Hi! I just noticed at e.cloud settings, that it says:

" Who has access to your data? …Administrators"

There is two administrators mentioned there.

My question is: What data they have access to, and where can I see what data they have accessed and when?

And most impirtantly: why they can access my data?

1 Like

Admins having access to your data is always the case, unless you encrypt everything locally before you send it to any cloud.
Again, it always is like that, and whatever service tells you otherwise is lying (with exception of those with client side encryption).
However, in a company with good internal quality control, illegally accessing your data would get an admin fired.

In the case of /e/'s Nextcloud, you cannot see if admins accessed your data, but this is almost always the case. Furthermore, the server admin (of which Nextcloud is unaware) also has access and probably some more people managing the storage backend.

6 Likes

Pl check the response from the eCloud team here on why admins need access to your cloud data.

6 Likes

Than you for your info ljahn and Manoj! Sorry, but, when it comes to trying to understand the /e/OS ecosystem, I am quite an average turnip. I´m not sure if I understand the relations with ecloud and Nextcloud - or do I need to, but it is not very easy gather all the details. I have been a Wuala user, and when they shut down I went to Tresorit. They changed they user agreement after a while and I felt it was a bit unambiguous, so I stopped useing it. Now I´m looking forward to your plans to End to End Encryption. Would be very a good thing and very transparent for the user, if it would be possible, somewher in the future, to have access to all logs that consider their data. Their data is their data and the logs are crucial part of the data. Thank you again for the info!

Manoj, I see that the statement in the link you provided says that the plan to implement E2E within eos is to take place by the end of 2021. We are there now and obviously that information needs an update as to the schedule for implementation of E2E. Do you have an update or educated guess as to when we might see end to end encryption for our apps? I know I would be an early adopter and even volunteer as a tester if the developers are at that point.
Thanks!

2 Likes

Thanks for pointing that out. Will ask the eCloud team to update the guide based on the latest estimates.

I would be glad to help on that topic too!

On the other hand I have one question. Do you have any useful documentation about the way a server is working and what we can expect from a user point of view regarding the use of a server?

I would like to know how private the e-mail messages are.
I deleted a Google account because of the snooping they do
in one’s e-mail.

If the admins want to read your mails they can do it
They are admins.

I would like an admin to tell me whether they can or cannot snoop on our messages. On a site devoted to privacy, that seems outrageous.

3 Likes

I think your worries could be mended only by self hosting.

and become your own administrator, with all the advantages and risks and responsibility

3 Likes

This also applies to E-Mail. If you want no admin to be able to read your mail, you and everyone sending mail to you have to use client side encryption.

2 Likes

Hi everyone,

as @ljahn explained, there are very few services offering “zero-knowledge” for admins. As Manoj said, we are updating our documentation to remove that estimate which assumed we could use Nextcloud’s E2EE, which we can’t.

So, for files, I suggest you look into https://cryptomator.org/ to encrypt files that are stored on ecloud.global.

For e-mail, you need to use OpenPGP or similar encryption tools to guarantee full confidentiality of your communications. The difference with other providers like GMail is that we will never inspect/analyze/read your data or messages. In fact, our aim is to build a service that offers transparent E2EE on all features so that it is technically impossible for us to access your data. But this is not an easy task and given the current state of the art it will require custom R&D, so we’re talking about the years for the whole platform and not months.

Sincerely,
Arnau V.
Engineering Manager at /e/ - cloud & infra

4 Likes

@arnauvp
What is the actual technical reason the E2EE functionality isn’t enabled on the /e/ Nextcloud instance?

Nextcloud E2EE feature has been stable since August 2020.
/e/ Nextcloud is running a version from November 2021.

Why do you want to build a whole new service?

1 Like

We don’t want to put our users’ data at risk:

1 Like

Because they think that by building their own app, they are able to include what they want, not what someone makes them to.

Agree

This topic was automatically closed after 19 days. New replies are no longer allowed.