End to End encryption is production ready!

If you read this, you probably are interested in encrypting your data so only you are the only one that can access your data. However,  there are multiple ways to encrypt your data. We are using Nextcloud.com as open source software, so we are using their options.

The option Server Side encryption (SSE) is used to encrypt the files from the Nextcloud instance. However, as it is the server who is doing the encryption, the decryption keys are stored on the server. If that server is in your home, that is fine. But if you are using a hosting service, the keys are on the server that is located at your hoster. If it’s an evil hoster, they can access your keys and decrypt your data. That’s why we don’t believe in this kind of encryption: it still requires you to trust the vendor. A lot of vendors advertise with this feature, but in our view it’s only as much worth as you trust your provider.

End to End Encryption (E2EE) is probably what you want if you are interested into encrypting your data. E2EE can encrypt your data and only you can look at it on your device like a phone or laptop. It has some drawbacks, like the server (and the webinterface) can’t read the files as it can’t decrypt them. This is by design because only you have the encryption keys on your device. Also collaboration and sharing files is not possible anymore unless you give others your secret. However, if you have sensitive files like a picture of your driver’s license, this is a perfect fit. It also does not require to trust your hosting provider.

However, E2EE is a troublesome child at the developers at Nextcloud. We pledged quite some money to get it developed in early 2018, offered development time, used our silver partner status to keep pressure on, but it took a long time to get ready. This was even made harder as Nextcloud GmbH used E2EE a lot in their marketing even though it was basicly unusable and the status of development very unclear. We were quite frustrated with the lack of development, as we think we really need E2EE for our users. The whole goal behind The Good Cloud is that we are a full service provider, which takes care of all the aspects of hosting Nextcloud in a privacy friendly way. But in the end, it comes down to trusting us to be the good guys. E2EE takes away that need to trust us, which makes our service a whole lot more privacy friendly!~

But away with all our frustration! E2EE looks to be production ready! We would like to thank Nextcloud and thank any of our users who made it clear to Nextcloud this was a wanted feature!

Having said that, we do have some reservations with new features in Nextcloud as first versions seems to contain a lot of bugs (software errors). We always test new versions extensively on our own environments and keep up with all the features/bugs in releases on github, where the software is being developed. So I would suggest you wait a bit until we give the all-clear, which probably will around the time Nextcloud 21 releases.

If you don’t want to wait, we recommend using https://cryptomator.org. You can encrypt parts/files/subfolders for which you think E2EE is needed. It’s additional software which we have successfully used and trust. The big disadvantage it requires some technical skill and you would have to additionaly manage Cryptomator.

update 24 sept 2021: We are still watching github if we can recommend the feature yet. At the moment issues #247 and #245 concern us, especially the lack of progress on the project the last 6 months so we do recommend caution if you want to use e2ee.

Update November 23rd 2023:  We are ready to start E2E encryption for paid subscriptions. However, we do so with a disclaimer.

Please be aware that E2E encryption can only be applied to subfolders and that files within the encrypted folder cannot be shared with others (unless you share your E2E secret).  You can only edit documents in the encrypted folder on the computer syncing with the desktop client. Online editing or viewing of files in the encrypted folder is not possible. Please note that using E2E encryption leads to an increase of approx. 30% in your storage amount. If you are okay with these restrictions, we can enable E2E encryption on your environment.