I’ve been wanting to switch to Nextcloud for a while now, but given how difficult it is to set up (I have no knowledge of Linux servers or self-hosting), and given that now iCloud has end-to-end encryption for iCloud (except Contacts, Calendar, and Mail which I don’t use anyway), I’m wondering if I should just use iCloud.
Only thing is, iCloud is proprietary and not open-source.
If the goal is privacy and owning my data, should I just use iCloud, or still switch to Nextcloud?
I also don’t want to be spending a lot of time on maintenance if I do end up self-hosting, if a lot of maintenance is involved with self-hosting Nextcloud then I might not consider it.
I had dabbled with Advanced Protection and have finally taken the plunge to go all-in with it. Given that I use Mac/iPhone this makes things very seemless.
I had previously been using Google Drive with Cryptomator but manually backing everything up (including photos) was tedious. Doable, but tedious especially with photos. Using advanced protection my photos are backed up via E2EE every time I connect to WiFi. It’s pretty awesome.
Additionally if you have iCloud+ then you can use Private Relay as well. Biggest plus for me is the ease of adding custom encrypted DNS where it is a pain with most VPNs (if possible at all).
The drawbacks are:
Proprietary, if you don’t trust Apple this won’t be for you. I have read over all the white papers/support documents and believe Apple’s account of how it works. Your mileage may vary
File names are NOT encrypted…yet. They said they are working on it. I use euphemisms for most my files names so not too concerned about this for my use cases but it is something to be aware of
Related to 2, file metadata. As in Apple could theoretically see how often any individual file is accessed/modified. They could not see the data in the file, but your access history would not be E2EE…yet. They say they are working to fix this too.
As for Nextcloud, I found it too complicated to even go anywhere with it.
They keep a hash of the file name, not the string itself. They also do this for the file content too, presumably to eliminate storage redundancy. Depending on your threat model, this may or may not be of concern.
The full list of data that is only protected with standard encryption (not E2EE), is available on Apple’s iCloud data security overview.
iCloud Drive
The raw byte checksums of the file content and the file name
Type of file, when it was created, last modified, or last opened
Whether the file has been marked as a favorite
Size of the file
Signature of any app installers (.pkg signature) and bundle signature
The file name not being end-to-end encrypted is a big concern.
Also apparently when advance data protection is enabled you can’t access your files on icloud.com, if you want to do that, your session will not be end-to-end encrypted?
" iCloud.com provides access to your iCloud data via any web browser. All sessions at iCloud.com are encrypted in transit between Apple’s servers and the browser on your device. When Advanced Data Protection is enabled, access to your data via iCloud.com is disabled by default. You have the option to turn on data access on iCloud.com, which allows the web browser that you’re using and Apple to have temporary access to data-specific encryption keys provided by your device to decrypt and view your information."
“After you approve access from your trusted device, you can access your data at iCloud.com for the next hour. Each time you access a new category of data — such as photos, notes, or files — you’ll be asked to approve that access from your trusted device. Some data isn’t available on iCloud.com, such as Health data and passwords in iCloud Keychain.”
This makes it a nightmare to use icloud between an iphone and a Linux computer