NextCloud and how great it has become

SerialCart

From Serialcart.com
Thread author
Verified
Top Poster
Well-known
Oct 27, 2019
501
Hi,
Here I wanted to share my personal experience with NextCloud (NC) during the last 3 years.

First of all for those who do not know what it is .. it is the best (somehow better) replacement for DropBox, Google Drive which can be hosted by YOU! (more info: NextCloud).

Here are the main features which we are using NextCloud for:

1- Cloud service for hosting of our files and syncing them between all of our devices including Linux machines
2- Handling our calendar (CalDav) for personal and business (sharing between our colleagues) purposes
3- Handling our contacts (CardDav) for personal and business (sharing between our colleagues) purposes
4- Online Office (using Collabora online) which is similar to Google Docs (there is also a free version).
5- Chat and Calls
6- Encrypting all of the above!

So basically NextCloud has been replaced with major services which could potentially be a privacy and security wholes in our system.

What would you think about the NC in 2020(and literally 2021)? and are you a NC too?
 

SerialCart

From Serialcart.com
Thread author
Verified
Top Poster
Well-known
Oct 27, 2019
501
Yes sure,

So it depends on how you would like the setup to be.

First of all, NC has two parts: 1- The server (needs a Linux or Unix server) 2- The clients (which you install on your personal PC or your phone)

1- The server:
NC is a PHP software which means it needs (preferably) to be installed on a Linux/UNIX server. For this you would have 4 options:

1-1- Get an internet with static IP, setup one of the supported Linux servers and install the NC server on this server:
> If you are not familiar with Linux server administration this I would strongly recommend to stay away from this option. Another reason is that in general hosting a service like this at home would be a major security problem. We usually at home do not have hardware firewalls like Juniper and other security solutions which exist only in datacenters.

1-2- Get a shared hosting service and install it yourself.
> In general it is not a good ideas as it might be against the terms of the shared hosting providers and it is not the best practice when it comes to security and privacy.

1-3- Get a Cloud/Bare-Metal server and install and manage NC.
> This might be a reasonable solution it you know how to administrate the server and NC (updates and such).

1-4- Get a managed NC service.
> This is the best solution and we are also outsourcing our NC service to our sister company. For a higher privacy and security we encrypt literally everything so basically even the datacenter would not be able to access your files (AES256).


2- Clients:
They can be downloaded from this link: Install – Nextcloud


And to answer this questions: Do you need a PC running all day at home?

As long as you would like your NC service to be up and running yes.
 

SerialCart

From Serialcart.com
Thread author
Verified
Top Poster
Well-known
Oct 27, 2019
501
What's the difference between Owncloud ?
As @security123 mentioned NC is a fork of OwnCloud...

However, the biggest difference is the source.

The founder of NC is actually one of the founders of OC too however, around 2016 (if I am not mistaken) ownCloud went to closed source while NC was (and still) insisting on open source.

And at the end NC is more modern as many developers and good community distributors came to NC from OC.
 

Marko :)

Level 20
Verified
Top Poster
Well-known
Aug 12, 2015
954
Could you elaborate please how the hosting works? Do you need a PC running all day at home?
I tried and red about nextcloud but didn't understand.
Yes, but keep in mind these services are meant for businesses, not for typical home users. If you want cloud for personal stuff, you're still better with Google Drive, OneDrive and similar services. They are cheap; cheaper than what NextCloud configuration would cost you. Besides that, you'd need knowledge to set everything up and that's just too much thing to take care for typical user. Trust me, it's not worth it.
 

SerialCart

From Serialcart.com
Thread author
Verified
Top Poster
Well-known
Oct 27, 2019
501
Yes, but keep in mind these services are meant for businesses, not for typical home users. If you want cloud for personal stuff, you're still better with Google Drive, OneDrive and similar services. They are cheap; cheaper than what NextCloud configuration would cost you.
Dear @Marko :)

I completely disagree with you.

There is a reason which there are many managed NecxCloud services. Most of the customers of these services are home users. Because NC is easy to use, is secure and provides you with way higher security than Google for example.

It is like up to the user if he or she uses Microsoft Defender or go for a premium antivirus software.

I am personally a huge fan of privacy although I have nothing to hide like many others. I strongly believe that "Privacy is a right, not a privilege!"
 

Marko :)

Level 20
Verified
Top Poster
Well-known
Aug 12, 2015
954
Dear @Marko :)

I completely disagree with you.

There is a reason which there are many managed NecxCloud services. Most of the customers of these services are home users. Because NC is easy to use, is secure and provides you with way higher security than Google for example.

It is like up to the user if he or she uses Microsoft Defender or go for a premium antivirus software.

I am personally a huge fan of privacy although I have nothing to hide like many others. I strongly believe that "Privacy is a right, not a privilege!"
That is simply not true and here's why typical home users are, in my opinion, better with full fledged cloud services.

1. You need server. And knowledge.
– Very small number people knows what to buy regarding PCs, let alone server. Not everyone know how to install an operating system on a PC. Even if they opt for renting a server from a hosting company, that would still require knowledge to set everything up.

2. You're missing the point of cloud.
– Cloud is very important today; more than ever. With NextCloud, you're hosting your files at one location—at your home. What happens when something devastating happens to the location you host your files on? Hardware failures, fires, earthquakes, storms, burglaries and all kinds of disasters could strike at any given time. Google is prepared for everything; Microsoft as well. These companies have huge responsibility when it comes to your data. And chance to lose something in literally non existent. Not to mention, you have people working there at any given time, making sure your data is safe from intruders.

3. You don't and you cannot have security like Google or Microsoft.
– Seriously, have you seen how they guard your data in their data centers? Have you seen security measures you can activate on your Google account? There's simply no way you could provide that level of security with NextCloud. I mean, you totally could because you're hosting everything at home, but you have to think about disasters, as I previously said. Security doesn't mean anything when you lost all your files in a blink of an eye.

4. Privacy can be achieved with Google and Microsoft.
– I like privacy too and I'm choosing apps and services regarding their privacy policy. But I'm still using Google's and Microsoft's product because they just work and they are leaders in security. Apps and programs like Cryptomator exist. Cryptomator is completely free and open source and it encrypts files before they're sent to cloud. With apps and programs like this, you're protected, no one has access to your files, and you can host them wherever. Even with Google.
 

SerialCart

From Serialcart.com
Thread author
Verified
Top Poster
Well-known
Oct 27, 2019
501
Thanks for your reply,

1. You need server. And knowledge.
– Very small number people knows what to buy regarding PCs, let alone server. Not everyone know how to install an operating system on a PC. Even if they opt for renting a server from another hosting company, that would still require knowledge to set everything up.

2. You're missing the point of cloud.
– Cloud is very important today; more than ever. With NextCloud, you're hosting your files at one location—at your home. What happens when something devastating happens to the location you host your files on? Hardware failures, fires, earthquakes, storms, burglaries and all kinds of disasters could strike at any given time. Google is prepared for everything; Microsoft as well. All big companies have huge responsibility when it comes to your data. And chance to lose something in literally non existent. Not to mention, you have people working there at any given time, making sure your data is safe from intruders.

3. You don't and you cannot have security like Google or Microsoft.
– Seriously, have you seen how they guard your data in their data centers? Have you seen security measures you can activate on your Google account? There's simply no way you could provide that level of security with NextCloud. I mean, you totally could, but you have to think about disasters, as I previously said. Security doesn't mean anything when you lost all your files in a blink of the second.
1. No, 2. No and 3.No :)

As I mentioned it in my first post, self-hosting NC is a mistake! and that is why we have managed NC services.

With managed NC services you do not need to have any knowledge .. the provider installs it for you, manage your server or docker for you and also takes care of the updates and patches. It is just like a service from Google.. and no points regarding the cloud services are lost. As you just do not need to do anything.

And regarding the security, there are amazing datacenters for example in Germany that governmental servers are hosted there and of course they have the highest security. Google is great in security but not the only one!!!

4. Regarding the privacy, as long as you are hosting your everything including your encryption key on their servers, you have literally no control over your data. That is simple as it is. If you close your eyes and trust google that is a different story. But the reality is a little bit different.
 
F

ForgottenSeer 85179

And regarding the security, there are amazing datacenters for example in Germany that governmental servers are hosted there and of course they have the highest security. Google is great in security but not the only one!!!

4. Regarding the privacy, as long as you are hosting your everything including your encryption key on their servers, you have literally no control over your data. That is simple as it is. If you close your eyes and trust google that is a different story. But the reality is a little bit different.
This. Here as example a comparison between Google Drive and my Nextcloud on a german hosting provider:
1607207334741.png
1607207474216.png

And related to privacy i guess everyone know about Google's privacy...
 

Marko :)

Level 20
Verified
Top Poster
Well-known
Aug 12, 2015
954
Thanks for your reply,


1. No, 2. No and 3.No :)

As I mentioned it in my first post, self-hosting NC is a mistake! and that is why we have managed NC services.

With managed NC services you do not need to have any knowledge .. the provider installs it for you, manage your server or docker for you and also takes care of the updates and patches. It is just like a service from Google.. and no points regarding the cloud services are lost. As you just do not need to do anything.

And regarding the security, there are amazing datacenters for example in Germany that governmental servers are hosted there and of course they have the highest security. Google is great in security but not the only one!!!

4. Regarding the privacy, as long as you are hosting your everything including your encryption key on their servers, you have literally no control over your data. That is simple as it is. If you close your eyes and trust google that is a different story. But the reality is a little bit different.
Mind to share which hosting you choosed for NextCloud? :)

I mean Google for sure isn't the only one with strict security, most of data centers have security measures. Though, I do prefer Google because they are leaders in that area and are long time in that business.
Also, Google does have data centers in Europe which means they have to follow strong EU privacy laws.

Now regarding Cryptomator, that's a program/app you install on your devices. All uploads are done through it and if you visit Google Drive for example, outside Cryptomator, you can see how encryption really works. And no, of course keys are not shared with Google or any other cloud provider. The app just can't do that, and what would be the point of encryption software if it shares keys with everyone...
This. Here as example a comparison between Google Drive and my Nextcloud on a german hosting provider:
View attachment 250443
View attachment 250444

And related to privacy i guess everyone know about Google's privacy...
You do realise that shows nothing?

First screenshot shows the test of the SSL certificate. Google got lower grade because it supports older versions of TLS and that's kept for compatibility reasons. While you could visit Google Drive on older devices, you cannot visit your NextCloud (you'll get an error).

Second screenshot shows information for developers, how is website coded and has nothing to do with privacy nor security as well. That tool is used by developers to test their site for errors, nothing else.
 
  • Like
Reactions: Venustus

SerialCart

From Serialcart.com
Thread author
Verified
Top Poster
Well-known
Oct 27, 2019
501
Mind to share which hosting you choosed for NextCloud? :)

I mean Google for sure isn't the only one with strict security, most of data centers have security measures. Though, I do prefer Google because they are leaders in that area and are long time in that business.
Also, Google does have data centers in Europe which means they have to follow strong EU privacy laws.

Also, Cryptomator is an program/app you install on your devices. All uploads are done through it and if you visit Google Drive for example, outside Cryptomator, you can see how encryption really works. And no, of course keys are not shared with Google or any other cloud provider. The app just can't do that, and what would be the point of encryption software if it shares keys with everyone...

You do realise that shows nothing?

First screenshot shows the test of the SSL certificate. Google got lower grade because it supports older versions of TLS and that's kept for compatibility reasons. While you could visit Google Drive on older devices, you cannot visit your NextCloud (you'll get an error).

Second screenshot shows information for developers, how is website coded and also has nothing to do with real privacy nor security. That tool is used by developers to test their site for errors, nothing else.
Thank you for your reply,

We are getting our service as I mentioned before from our sister company. I did not mention it because I did not want it to be like an advertisement.

If that is OK I can post it here...

And regarding the Google servers in EU, I have to say it is a joke because my friend is working for Amazon and the have the same distribution. Companies like Google and Amazon always mention that they are 100% GDPR friendly while this is not true. All the data is also distributed to the US servers.

And at the end not everyone care for privacy. This is just about the choices. In addition NextCloud comes with many other features not only something like Google Drive. It comes with many advantages specially when it comes to sharing.
 

Marko :)

Level 20
Verified
Top Poster
Well-known
Aug 12, 2015
954
Thank you for your reply,

We are getting our service as I mentioned before from our sister company. I did not mention it because I did not want it to be like an advertisement.

If that is OK I can post it here...

And regarding the Google servers in EU, I have to say it is a joke because my friend is working for Amazon and the have the same distribution. Companies like Google and Amazon always mention that they are 100% GDPR friendly while this is not true. All the data is also distributed to the US servers.

And at the end not everyone care for privacy. This is just about the choices. In addition NextCloud comes with many other features not only something like Google Drive. It comes with many advantages specially when it comes to sharing.
Google and Amazon are different companies; they don't share data centers. If something is going on with Amazon, it doesn't mean same is with Google. Google was fined before and it will be fined again if they don't comply. Also, if you know something, you should report it to EU data protection agency. Meanwhile, EU recently hit Amazon with antitrust compliant that could cost the company $28 billion.

And remember; companies only have data you provided them. If you make an account with fake data, they only have those fake data. Also, if I encrypt data in the cloud, they only see trash, not the real files. I'm just saying that encryption isn't only available in NextCloud; you can encrypt files in any cloud service (including Google Drive and OneDrive; as most popular). And don't get me wrong, I have nothing against NextCloud. I'd use it if I was willing to pay for cloud, but I'm not because free versions are enough for me. Most people will still opt for Google Drive and OneDrive because they are integrated with services they use.

Major feature of NextCloud is privacy and control of your files. But that can also be achieved with any other cloud service.
 
  • Like
Reactions: Nevi

AG3S

Level 2
Oct 14, 2020
62
Google and Amazon are different companies; they don't share data centers. If something is going on with Amazon, it doesn't mean same is with Google. Google was fined before and it will be fined again if they don't comply. Also, if you know something, you should report it to EU data protection agency. Meanwhile, EU recently hit Amazon with antitrust compliant that could cost the company $28 billion.

And remember; companies only have data you provided them. If you make an account with fake data, they only have those fake data. Also, if I encrypt data in the cloud, they only see trash, not the real files. I'm just saying that encryption isn't only available in NextCloud; you can encrypt files in any cloud service (including Google Drive and OneDrive; as most popular). And don't get me wrong, I have nothing against NextCloud. I'd use it if I was willing to pay for cloud, but I'm not because free versions are enough for me. Most people will still opt for Google Drive and OneDrive because they are integrated with services they use.

Major feature of NextCloud is privacy and control of your files. But that can also be achieved with any other cloud service.
Dear Marko,

Being optimistic is amazing. But what you are saying is completely against what all others are saying.

I am working at a governmental Telecom company... and I am going to tell you... no encryption system would be released IF and IF there is no way to be decrypted by governments. And considering the fact that Google in specific has strong links to a government of a country .. what you are saying is completely false.

You can never have privacy with Google.. Security ... definitely YES but privacy ... definitely NO.

source: Google’s true origin partly lies in CIA and NSA research grants for mass surveillance

There is a huge difference between hosting your data with Google and hosting your data with a safe datacenter. Datacenters can not decrypt the data.. but google can.

And why should I use fake names!!!!??? I go through a lot of none sense to create privacy with google cloud services !?!?! Sorry but I do not have that much time!!!

NextCloud is an amazon work of a great team who is contributing to the open source community a lot. And there are many safe data center that you have get privacy and security from.

I do use google services for their APIs and such as a developer but my personal files, emails and contacts .. NO WAY...

There is a reason which NextCloud is born.. and that is unreliable services like Google... with such companies nothing is free and you will always pay with something whether your data or your pocket.

Please do not say you can have privacy with google because you can't ... using Google, Microsoft and Amazon services is like living in a glass box.
 

Marko :)

Level 20
Verified
Top Poster
Well-known
Aug 12, 2015
954
I am working at a governmental Telecom company... and I am going to tell you... no encryption system would be released IF and IF there is no way to be decrypted by governments. And considering the fact that Google in specific has strong links to a government of a country .. what you are saying is completely false.
This is just wrong. You're literally saying that encryption that we know doesn't exist.
There is a huge difference between hosting your data with Google and hosting your data with a safe datacenter. Datacenters can not decrypt the data.. but google can.
Encryption cannot be broken without decryption keys. So, no, Google cannot decrypt my files if I don't give them the key. If that was possible, government authorities would be able to see everything and wouldn't need help from Apple to unlock some guys device.
And why should I use fake names!!!!??? I go through a lot of none sense to create privacy with google cloud services !?!?! Sorry but I do not have that much time!!!
As I said, companies only have data you give them. If your name is John, but you make a Google account with the name Steve, Google will know you as Steve, not John.
I do use google services for their APIs and such as a developer but my personal files, emails and contacts .. NO WAY...

There is a reason which NextCloud is born.. and that is unreliable services like Google... with such companies nothing is free and you will always pay with something whether your data or your pocket.

Please do not say you can have privacy with google because you can't ... using Google, Microsoft and Amazon services is like living in a glass box.
I find it funny how everyone hates Google, but constantly use their services. I met dozen of people that swear they don't use Google, but at the same time they have Google account, regularly use YouTube (maybe way too much) and aren't even aware of Google presence on every website they visit.

Listen; I understand you hate Google and I agree there are a lot of reason why we should hate it. But I honestly think you cannot escape it. No matter how you try, you literally cannot escape it. The one thing you can do is pretend everything is ok and think you don't use Google.

Every website you visit has something Google related; from tracking scripts, CDN, fonts. A lot of modern websites even depend on Google for scripts, so blocking Google would break huge number of websites. I'd honestly recommend you do that; it will show you how Google is spread throughout the web. And trust me, encrypted files in your Google Drive are the least what you're supposed to be worried about. There are much, much more evil companies that follow you around (read: Facebook).
 
  • Like
Reactions: AG3S

AG3S

Level 2
Oct 14, 2020
62
This is just wrong. You're literally saying that encryption that we know doesn't exist.

Encryption cannot be broken without decryption keys. So, no, Google cannot decrypt my files if I don't give them the key. If that was possible, government authorities would be able to see everything and wouldn't need help from Apple to unlock some guys device.

As I said, companies only have data you give them. If your name is John, but you make a Google account with the name Steve, Google will know you as Steve, not John.

I find it funny how everyone hates Google, but constantly use their services. I met dozen of people that swear they don't use Google, but at the same time they have Google account, regularly use YouTube (maybe way too much) and aren't even aware of Google presence on every website they visit.

Listen; I understand you hate Google and I agree there are a lot of reason why we should hate it. But I honestly think you cannot escape it. No matter how you try, you literally cannot escape it. The one thing you can do is pretend everything is ok and think you don't use Google.

Every website you visit has something Google related; from tracking scripts, CDN, fonts. A lot of modern websites even depend on Google for scripts, so blocking Google would break huge number of websites. I'd honestly recommend you do that; it will show you how Google is spread throughout the web. And trust me, encrypted files in your Google Drive are the least what you're supposed to be worried about. There are much, much more evil companies that follow you around (read: Facebook).
Dear Marko,

We have even none-Governmental companies (which are serving Governments) and they are decrypting the iphones and Androids and HDDs which are encrypted with AES256. So yes, I am not wrong. Encryption is a must but not when it comes to regular privacy protection. But when it comes to the governmental level this is meaningless. And I believe it should be like this for the sake of the mass security.

Regarding the hating Google!! NO WHO SAYS THAT :D ... I am a google user myself with my own name as I have nothing to hide. But I believe as a human being privacy is my right and I do not want a company like Google have access to my personal data.

Regarding using a fake name: Well!!! We are living in 2020 (almost 2021), Your name which you use is not what google and all other services are recording in their databases, actually the device ID of your machine is what they are recording and matching your data with that through out the whole internet. That means for example when you register in an another website with your real name and at the same time that website is using google services like Adsense or Google Analytics, both of the names will be related to each other.

As I told you I am not a Google hater, I just want to live like a normnal person and not to use fake names.. I do not have anything to hide so I do not LIE!!!! but I respect my privacy and I do not share my data with such unfare services.

Dear Marko, please note that there is no fight in here over how much google has contributed to the current internet and still is doing it. But respecting privacy is a must for me. Maybe for some people is not and the decision is theirs to what to do with their data or lie about their names hoping that that data is safe with a fake name.

Going back to the NC topic:
In addition apart from the privacy, NextCloud is a featurefull pice of software which makes everything easy to share with others ... way easier that the similar service from Google and Microsoft.

I am getting a managed NextCloud from a company in Germany/Austria and they are even charging me less than Google for 500GB of full encrypted disk with AES256. This website is hosting their severs in the biggest datacenter in Germany.
 
  • +Reputation
Reactions: ForgottenSeer 85179

SerialCart

From Serialcart.com
Thread author
Verified
Top Poster
Well-known
Oct 27, 2019
501
How long does it take to set up Nextcloud for home users?

Hi,

It depends how you would like to host your nextcloud. First I am going to provide you with some details:

There are 3 general ways to use NextCloud:

1- At home as a media/file center (offline)

In this way you will need to dedicate a machine (linux/freeBSD) to the nextcloud and define a hard drive or NAS as your file server. Then whenever you are connected to your network, you can use this file manager and sync your images taken by your phone or sync your files with your notebook.

Pros:
With this method you will have the maximum privacy and if you do not go online (getting a dedicated IP address and put your server on the internet) it will have the best security

Cons:
Maintenance. This is the most important and most difficult part of managing your own NextCloud instance. Specially when you should upgrade to the next major version.And please note that you will need a great knowledge of Linux and apart from the NextCloud you should keep your Linux and all it's packages updated.

My personal opinion: does not worth IF you do not have time or adequate Linux knowledge.

2- Hosting on your own Server (online)
In this case you will need to have your own server or cloud server and your service will be accessible via internet (obviously). Like the previous method will be in charge of the maintenance of your server and NextCloud.

Pros:
Since you are in charge, then relatively it will come with the highest privacy again. But you should consider the hosting service which you choose and also the country where the server is located. I personally would go for EU countries as they have better privacy practices and based on the law they are not allowed to access your data withour your allowance (unlike US, UK and Australia).

Cons:
Since you are in charge all the problems which I mentioned before will exist for this one as well. In addition security will be questionable. In my opinion will not be 100% reliable as basically a 24/7 monitoring service is always needed to keep all the services up and running. I did it for 1 year and it was extremely difficult.
And also since your service is online you should rethink about choosing your datacenter and the security practices which they do.

3- Go with a managed hosted service (online)
As a person who is looking for a reliable service and host all of his important files in the cloud in addition to the calendar, contacts and tasks, I would recommend this method. You should be careful of choosing the company which you go for though. I will provide you with more info about the service which I am using at the end.

Pros:
It is managed which means professional server admin teams are taking care of the updates of the OS and your NextCloud instance. The security will be rather high as this service is being maintained regularly via professionals whose job is this. And finally it will be the most reliable solution which you can also be the admin and define users.

Cons:
The most important con (which is actually not a con) is being careful while choosing the provider. As I mentioned I would recommend an EU service provider. Enabling the server side encryption would be advised.

Final words:
I am getting my service from a sister company of ours. Obviously I trust them as I know that they are hosting their servers in the biggest datacenter in Germany and they are having great practices when it comes to the data protection and privacy laws. The company is located in Austria which has one of the most sensitive privacy laws in the Europe. In Austria there is no tolerance towards data protection laws and people can easily sue you if you do a small mistake (even by taking a small photo using your phone on the street).

I am even using NextCloud talk, which is an AMAZON replacement for ZOOM which has the worst security and privacy practices. I call my family and friends using this service which is literally hosted on my own NextCloud docker. To be honest it really feels good :D . It also comes with complete screen sharing (like zoon) and group calls with no need of an account for the people which you are calling. You just need to create a public link and share it with them.

We are negotiating with this company to get a reseller account from them, but no news so far and if you are interested I can inform you if we get their partnership and can offer their services with discounted prices for MT.com.

If you have any questions I will be happy to answer.

All the best,
Al
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top