| ▲ | bayindirh 2 days ago | |
> Doesn't it mean that they can still access your data while the server is running? If you use "at rest" encryption, they might get the key from memory, yes. But if you use E2E (or client to client as Nextcloud says), nothing on the server would be readable, so using cryptomator/restic becomes unnecessary [0]. > You mean e2ee? Unfortunately no, pCloud doesn't use E2EE. It's at rest AFAIK. Technical details are at [1]. > Sure, but what I was saying is that either you do it at home and it makes it harder... If you want to expose your NextCloud to the world, 80/443 is enough for everything, plus Nextcloud comes with layered defenses by default (like brute force detection, etc.), and they can do your security audit, against their best practices [2]. If you don't want it to be completely visible, you can always tuck it behind a VPN. If you want to host it on a VPN, then you can enable E2EE in NextCloud, but web part becomes unusable. Instead, you can use Syncthing with untrusted folders in that case. [0]: https://nextcloud.com/encryption/ | ||