What does the UK ruling backdoor keys mean for Murena?

Hey all,

This news that Apple will no longer offer encryption for their iCloud makes me wonder what does that mean for services like Murena/Nextcloud and I guess let’s throw Proton in there too?

Thinking about this in terms what happens if the authorities come calling, I am not necessarily worried but more curious.

2 Likes

As a matter of fact all of those services based in the US cannot be seen as secure.

4 Likes

read the help pages of the services on end-to-end encryption. Nextcloud by architecture isn’t good at this and I’d even say doesn’t strive to be. While you can encrypt some entities (Files), Calendar and Addressbook stay cleartext. Users that enable the e2ee plugin in Nextcloud aren’t very happy. Last I checked murena doesn’t offer the plugin. Etesync/Etebase had a go it years ago at another architecture, but not sucessful economically, as in: not as main occupation.

1 Like

Just to clearify Murena has a pretty bad standing atm as they are have no end-2-end encryption enabled for it’s users. No matter if the storage nodes itself are encrypted, the police with a warrant could just force them to give up the data. So there is no backdoor needet for the government to get the data. You could work with uploading encrypted container clientside, but that’s not what Murena offers; calendar and contacts are more or less in clear text on their server.

But there are provider who offer end-2-end for all data, I’m using posteo.de atm, and there I know that you can encrypt mail/calendar/adressbook in a way even posteo could not decrypt it even if forced to do so. I’m sure there are other provider which are “safe” against something what Apple pulled there.

2 Likes

As I understand it, you’re not going to be “safe” in the UK whatever provider you’re using, because they’re going to legally require encryption backdoors. So whoever provides non-backdoored encryption in future will be in breach of the law. That leaves three options, as far as I can see:

1 provide the service with backdoored encryption
2 provide the service without encryption
3 withdraw the service altogether

Looks like Apple is choosing option 2. I don’t see how they “pulled” anything here. At least in this case they’re open about it: no false sense of security with broken encryption.

3 Likes

I have used Posteo for a long time as well. Very satisfied with them.
Also used Icedrive as cloud storage for years. But to be honest I dont put anything related to personal privacy in the cloud anymore.

1 Like

A RasPi with SyncThing covers all my realtime sync needs Murena previously provided before the outtage. Can only recomend that, eapecially you can pair that with PiHole and maybe a VPN on the local router to catch more trackers and ads.

I agree. Apple got a piece published on BBC News a few weeks ago before they withdrew adp for UK users, giving me time to remove, all my iCloud data, turn adp on and then log off iCloud. Next step, will be to delete all my iCloud accounts, create a new vanilla iCloud account in case needed. Then get my new fairphone set up, once it arrives. Any ideas for what to do with a bunch of iPhones and iPads? Suggestions on a postcard!

However, what disturbs me is that other apps that I use may turn off encryption without my knowledge. All this has made me very cloud averse. It is really hard to know if any app or system respects personal privacy anymore, especially if you live in the UK.

1 Like

Trouble is many time the police don’t bother with warrant in many cases. Not saying they can use in court but if they eavesdrop some data and it leads to something, who is to say how they got there…

2 Likes

The UK government announced yesterday that police are to be given the power to enter and search homes without a warrant. Ostensibly this is to recover stolen phones whose presence is indicated by “find my phone” type apps. I doubt I’m alone in believing that such power will be abused.

3 Likes

I agree. Still, it is IMHO extremely sad that it has come to this.

Personally, I save some of my backups in the cloud - by encypting them with an independent software before upload. (I trust the encryption so that I would not even mind if the data was stored in North Korea/the NSA data centre in Utah. However, I actually choose European providers for my sensitive data.)
There are also software solutions like https://cryptomator.org that I would recommend if you sync data with the cloud. It is open source (GPL 3.0 for the Android app), the Android version can also be bought without a Google account, i.e., outside of the Google Play Store.

EDIT: FWIW - the Mozilla Foundation has launched a petition to the UK government not to halt the iCloud encryption. I think that there is nothing wrong with signing it. See https://foundation.mozilla.org/en/campaigns/tell-the-uk-government-dont-break-apples-icloud-encryption/

1 Like

This topic was automatically closed after 13 days. New replies are no longer allowed.