Ecloud Has NO NC Server-Side Encryption enabled (WHY?)

Nextcloud Released Nextcloud Encryption Feature LONG AGO Here
Why ECLOUD still UnEncrypted ???

Disroot Cloud Have Server-Side Encryption Enabled by Default for All USERS

When First time i try to discuss about this in Telegram Group after few days i saw ECLOUD now enabled :point_right: (This server is protected with full-disk-encryption.)
Screenshot from 2020-03-30 20-39-25

You guys still have access to users DATA

This /e/ Name All About Privacy then Why ECLOUD Still not have Server-Side Encryption Enabled?
It’s Not like Too much work to enable Server Side Encryption, Then Why still Same UnEncrypted?

Well to be honest, if you would carefully read the screenshots you’ve posted, you would notice that server side encryption is indeed enabled on /e/'s nextcloud instance. (Edit: Sorry, my fault. Thought the first screenshot is actually from /e/-cloud. Got it now.)

Enabling server side encryption does not mean that admins can’t access your data - I think you are mixing a few things up here.

Server side encryption is there for securing harddrives which are not on the same server on which nextcloud is running. Files are encrypted with a server-wide key in most cases. Incase you have a nextcloud server with an external harddrive attached, this would protect your data from decryption if the hardrive is removed as all the files are encrypted with the server-wide key and those keys never leave the nextcloud server.
As you can see, server side encryption only protects your data from ‘physical’ theft but also only if external drives are used. Serverside encryption does not give you an additional layer of security at all if your data is stored on the same server nextcloud is running on as the encryption keys also remain on the same server. So incase /e/ stores all data on the same instance along with nextcloud, you cannot say that enabling server side encryption will make your data more secure.

For this scenario, full disk encryption comes into play. If the disk (storage and server on same harddrive) with full disk encryption enabled is stolen, then your data is kind of safe as the thieve can’t access anything on the disk.

What you were talking about is end-to-end encryption. With E2E enabled, nobody except your devices can access your data. Not even admins or the server as there is no time the server has access to your unencrypted keys. Unfortunately, E2E comes with a huge features loss because of the nature of this technology (no live file editing, etc.).
Furthermore, E2E is currently not production ready in Nextcloud. It is kind of falsely advertised on the page you linked. They had it working in a few previous versions but it is still alpha code. I personally can’t understand this at all as they advertise E2E as one of their core features and still I barely see any development happening here. See this github post for reference:
For the technical backgrounds of E2E with nextcloud (incase they get it working in the future - can only be a matter of few years :P), you can read more here:

So to defend the /e/-devs, the set-up of the nextcloud instance is not necesseraly insecure. I’m not sure if something speaks against enabling server side encryption though - maybe somebody who has more experience can tell us?. I’m sure that they will integrate E2E as soon as it’s officially released.
For a workaround, I can recommend you Cryptomator:
Cryptomator is fully FOSS and will allow you to use E2E with Nextcloud.


@Manoj Would still be nice to know how /e/ handles their user’s data in the cloud.
Whats the server structure behind /e/ cloud?
Was server-side encryption even considered in the team?

Let me ask the man who did this for ecloud to come out with a write up describing how ecloud encryption works.

1 Like

@Manoj we solved that doubt in a previous thread. Feel free to create a documentation page or link to it in future responses. Full-disk encryption (with LUKS) is the recommended setup on NC single-server installations. And this makes the thread title misleading, so I will edit it now accordingly.

Moreover, @exyna’s answer is 100% spot on (thanks!), we could link it too. Enabling server-side encryption on ecloud wouldn’t provide any extra security, nor prevent us from “accessing the data”. And E2E is not ready nor convenient, you can search previous threads on the matter.

We are developing the next version of eCloud, with a distributed setup, and even there NC server-side encryption may or may not be enabled (and yet be highly secured by other means).

If you absolutely not trust us and want 100% ownership of the data, we offer you the option to self-host and configure at your will, such is our commitment to privacy. But please next time maybe ask in a different tone since you may not possess all the facts.

Kind regards,


hi @arnauvp , I just found this link and thought it might be relevant to share with you:

1 Like

Thanks! We’re much closer to that, now that NC finally consider it production ready :slight_smile:

If you don’t mind I’ll close this old thread now. Keep an eye on the announcements channel for news on this.

Kind regards,

1 Like