Sadly, the folks at Nextcloud don’t understand that owning your data and owning your infrastructure are not the same thing. I love the software and have done for a long time. But they consistently contend (needlessly) that you don’t own your data unless you own the hardware storing it. That’s patently absurd and silly.

@paco I would say that they're right, in regards to the hardware that's running NextCloud. Encrypted blobs of data should be able to go anywhere, even a NAS in your friend's basement.

But if an attacker can run his code on your NextCloud instance, it's not your instance anymore.

@r000t I don't disagree. But the legal title to my server hardware (e.g., my friend's box, my own box, a VPS, AWS EC2, etc.) has nothing to do with that. NextCloud/Linux/Whatever is as secure as it is, regardless of whose hardware it runs on. Hardware ownership and software security are orthogonal. You can do one really well and screw up the other and vice versa.

@paco Looking at their toot, owning one's data is being mentioned in the context of advertising and data mining.

The security of the webapp doesn't enter into it if someone else is responsible for the machine it runs on.

EC2 or at home, if you deployed it, you know it's not getting mined or sold.

@paco Decentralized on anywhere you can get a VPS is still way better than centralized on Dropbox or Google Drive.

Totally agree... But that said, it feels nice to have my #nextcloud on my own hardware, in my own laundry room. And it feels even better every time I need another terabyte, to buy it cheap and add it to my own raid. :)

@ohthehugemanatee Funny but I just did the opposite. After Spectre and Meltdown my on-prem hardware was dog slow. Everything is just painful. So I migrated nextcloud to EC2. I still have a Synology on-prem for mass storage that I care about. But I use nextcloud from outside the house as much as inside. So EC2 was a better choice for my use cases.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.