Proof that NextCloud protects its users' encrypted data from admins - it rendered my data unusable after a password "loss"

I had been messing with database users over the weekend and I probably messed something up so yesterday when I tried to login to my NextCloud hosting I was greeted with an error message for my password. Performing a password reset greeted me with the message below saying my data would no longer be accessible after the reset. This is a very good thing because what is the point of encrypted data if an admin can perform a password reset and then login and read your data. I'm always suspicious if a messaging service or hoster can allow a password reset and then you can access your data = means they can do the same for themselves or law enforcement.

If a hoster says to you your data is unrecoverable after a password is lost or reset you can think about trusting them.

So my online data was encrypted and unreadable after I logged in but its not all doom and gloom because the nature of NextCloud is that I sync that data to my various devices. I just renamed that local folder on my computer, did the reset, deleted the online data, and copied the data back into the local folder on my folder to resync back to NextCloud.

Note if you have not enabled encryption on your NextCloud server then your data is unaffected. But good to know if you host your own NextCloud instance at a 3rd party hoster, they're not going to be snooping on your encrypted data. NextCloud is also a great sharing service to host for friends and family. They've been adding more and more functionality like calendar syncing, kanboards, todo lists, contacts sync, and many other productivity tools.

#nextcloud #privacy #foss


source https://squeet.me/display/962c3e10-195c-c093-91e0-595761503556

Comments