Hi rch,
I’m Arnau, Engineering Manager responsible for ecloud and /e/ server infrastructure. Let me please answer to these different points you have raised here:
F rating on NC security scan
We were recently getting an A+ here. As you can see, the hardening and Setup sections are all green checks. The reason why this score dropped so drastically is because Nextcloud releases two “major versions” a year so they quickly mark the olders as End of Life. The old versions aren’t necessarily affected by any vulnerabilities, nor the new ones 100% exempt from it. In fact, they are more likely to introduce problems than a known stable version which only changes with select patches. I cannot find on the changelog from 21.0.9 released one month ago any vulnerability that could be used in ecloud.global (we don’t have LDAP).
We monitor security bulletins on the different components of the platform, and act on them quickly whenever the conditions make them exploitable. We also have some automated mechanisms to detect unusual behaviour that could be part of an attack.
In my opinion, the statement “It is likely trivial to break in and steal all the data or even take over the entire server” is misleading in this case since we’re not talking about a NC16 installation with known security bugs and totally outdated underlying components (OS, proxies, DBs), it’s quite the opposite. Even the version number is different ( 21.0.7.18) because we’re running ecloud, not a vanilla nextcloud. And these softwares will possibly continue to diverge as we target different users, so their rating will make less sense (while of course incorporating security patches in a timely manner).
sync errors in the notes mobile app
I’ve come across some users being affected by this, but in fact recently we had no more reports. So please add your comment to the issue or write to helpdesk@e.email with details of the message/affected notes so we can troubleshoot.
the email is not very reliable
We are indeed hardly working on improving this particular component, but without a bug report or helpdesk ticket I cannot really offer an explanation for the problem you’re seeing. Is it uptime, delays, deliverability?
We plan to expand the number of mail servers on the next weeks, as well as fine tune spam and phishing protections to prevent abusive behaviour from affecting legitimate users (which is the main problem we face).
some services don’t “work” with the e.email domain
Well, e.email
is a valid domain, so in this case it’s a bug of “the other services”. However, we’re aware of this problem and we are also rolling out a new domain in the next 2 months.
the (minor) issue with the wrong storage quota report in rainloop
Rainloop does provide a valid quota usage, but it’s only counting the mail part. We will start development this month of a unified quota widget that can show you the actual joint usage of your files and e-mails, and hide the one in rainloop.
the recent disappearance of the bookmark app with out any communication
Well, this is a secondary feature used by ~250 users and didn’t need announcing on our main Telegram announcements channel. Instead, we wrote about it in the https://status.ecloud.global/ page. Which is probably not well-known, this needs to be improved. We were also exploring with an announcements app that shows a banner in ecloud.global.
We also had an issue open in our bug tracker; I recommend you look there first when you’re facing an issue, and if not submit the problem yourself. That’s the way we can provide all context and workarounds.
I really like /e/ Foundation work and i was even considering buying a Murena smartphone but this issues, specially the low ecloud report, knocks down my trust and I’ll take my business elsewhere.
You can get a Murena phone and use any public nextcloud instance or e-mail provider, they are completely independent. We of course aim for them to be a great out-of-the-box working combo.
We are also working hard on improving ecloud in 2022, but in fact this sometimes means fixing applications which are announced as stable or complete in the Nextcloud app store when in fact they are unstable as offered when used on a larger scale (see the Bookmarks example). And this needs to be done in parallel with adding or own features or specific eOS backends.
Hope those answers are useful. By the way, I didn’t see the /e/ account associated with your community forum address belonging to the premium group or having a larger quota. Please contact aftersales@e.email
if you believe this to be an error.
Kind regards,
Arnau