|
|
|
|
|
|
by microtonal
3837 days ago
|
|
|
For home and small server users, ease of use trumps perfect security, that is a simple risk model assumption: your security has to be good enough, not perfect. Better than others and all that. As someone else points out in a neighbouring thread, OwnCloud is generally less secure than any of the large services, because of automated vulnerability scanning. If an OwnCloud user updates their server days or even hours to late, it can be game over and your data is on the street. It does not matter if the attacked service is OwnCloud or some other service with enough privileges. This does not mean that open source and/or decentralized services are at a disadvantage, but you have to make the right security choices. The storage service[1] should never see unencrypted data - encryption at rest is not good enough. For instance, Bittorrent Sync provides this with their encrypted read-only keys. A cloud peer with such a key never sees unencrypted folder data. The only thing you lose when a cloud peer is hacked is a node in the swarm, but it'll never result in visibility of plain-text (unless you subvert AES-128). One SyncThing developer is currently also working on similar functionality for SyncThing. For this reason, I would never recommend OwnCloud to anyone outside a large company that has the capacity to do continuous security auditing and monitoring, unless you apply client-side encryption (but then you could use Dropbox et al. as well if privacy is the primary consideration). [1] I know that OwnCloud does more than just storage. |
|
|
Client side encryption is a great solution but you lose out on most of the benefits of the cloud.
Honestly, I don't know. I haven't seen any of such attacks but of course, with about 3 million users, ownCloud isn't a HUGE target. I just don't like the idea of giving up on self hosting ;-)