About this update

The updates include several bug fixes, enhancements in file handling, performance optimization, and other improvements in all supported versions of Nextcloud Hub. You can find the full changelog on our website.

Updates are available for:

• Nextcloud Hub 6 (version 27.1.9)
• Nextcloud Hub 7 (version 28.0.5)

Make the most of your platform with Nextcloud Hub 8

Even more automated and optimized all around, Nextcloud Hub 8 is here to give you back control over your time. Upgrade today to unlock multiple new features in your favourite platform:

• Nextcloud Assistant: Chat summaries, Nextcloud Mail reply suggestions, answers based on your data, and more!
• Interactive previews for files, folders, boards and events
• Federated chat and message editing in Talk
• Mini-apps based on Tables
• Public Collectives sharing, previews and QR-codes
• Manage your team resources like a pro with Nextcloud Teams
• Forms: automatically sync with a spreadsheet
• And much more

Get Nextcloud Hub 8

Download and install Nextcloud Hub 8 here!

Get Hub 8

Always keep your server up to date!

Nextcloud’s minor releases primarily focus on addressing security vulnerabilities and functionality bugs, avoiding major system overhauls that could jeopardize user data. Keeping your server up to date is vital, and our approach to testing and validation ensures that upgrading to minor releases is generally smooth and reliable.

For mission-critical Nextcloud systems in enterprise settings, consider switching to Nextcloud Enterprise. The tier provides you with ultimate deployment confidence: direct access to the Nextcloud engineering team, full assistance throughout deployment and integration, and peace of mind for system administrators. If you’re responsible for maintaining Nextcloud in your setting, this option may be the ideal solution for you.

The post Maintenance updates for Nextcloud Hub 6 and 7 are here appeared first on Nextcloud.

Ongoing public concerns over real-time video scams has been the spur to gain global attention as we witness new major incidents taking place increasingly more. Take a Hong Kong MNC recently falling prey to a scammer in a colossal $25.6 million heist — the deepfake technology has already evolved enough to bring on a whole new brand of fraud.

What remains is a call to action. Are there ways to protect yourself and your organization against con men posing as your boss, your business partner, or even your own mother? Let’s find out!

First things first, let us start with the definition.

What is a deepfake?

In case the definition of a deepfake is still unclear to some, a deepfake is content generated using deep learning techniques that is intended to look real, but is in fact fabricated. Artificial intelligence (AI) used to generate deepfakes typically employs generative models, for example, Generative Adversarial Networks (GANs) or auto-encoders.

Deepfakes are used not only in video content, but also in audio recordings and images. The purpose of a deepfake is often to depict an individual or a group saying or doing something that they never did in reality. To produce content that appears convincing, the AI must use large datasets in its training. It allows the model to recognize and reproduce natural patterns present in content it is designed to mimic.

While deepfake technology is a breakthrough with great potential in the film industry and game development, as well as a rising social media trend, it also opens dangerous opportunities for illegal use. The examples are numerous and include identity theft, evidence forging, disinformation, slander and biometric security bypass. In all cases, fraudsters typically leverage the depicted person’s authority over the targeted individuals or personal connection to them, depending on the setting.

Where can you encounter a deepfake?

Deepfakes are used to produce video, audio or image content, as a recorded media or a real-time stream. It can be a YouTube video, a ‘leaked’ recording in a social post, a phone call or a video conference – the opportunities are practically unlimited.

Depending on the purpose, the format is picked accordingly. For example, political disinformation works best where mass engagement is possible, meaning that spreading it publicly via social media is the best tactic. Whereas seeking a private gain from a company or or individual requires a more intimate setting and often a personal conversation.

When it comes to threats to your personal life, finance or security, we can narrow down the most dangerous deepfake scenarios to encounters with people you care about, trust , or report to. This can be a family member, a friend, or an authority figure at work such as your boss or a company executive.

The setting will most likely be private: whether over a phone call or a video meeting. Personal meetings are much easier to execute and give the faker much more control over the situation. The conversation, whatever the background is, will lead you to an action under a sense of urgency or fear – most likely to transfer a sum of money. The tactic is to deceive your logic and common sense using fear, compassion or even ambition.

As generative AI development drives a huge interest and investment, we are entering a dangerous zone: real-time video, the most sophisticated and convincing deepfake use case yet, still has a very little awareness.

Deepfakes in real-time video

Real-time video deepfakes generate manipulated video content in real-time for immediate application during live streams and video calls. Voice cloning and face swapping are the most frequently used techniques to compose a complete faked environment.

Face swapping

Face swapping is a common application of deepfakes, allowing the software to replace facial features of a target person with fake features, most often those of another person. With facial landmark detection and manipulation techniques, the blending appears seamless and hard to spot when caught unaware.

Voice cloning

In addition to looking convincing, a faker also needs to sound convincing. For this part, voice cloning is used. In voice cloning, the AI replicates the voice of the individual. A significant amount of high-quality audio data is required to train a voice cloning model, usually obtained from recordings of the target person speaking in various contexts and using different intonations.

Curiosity time: how does a deepfake setup actually work?

Deepfake technology is capable of impersonating real-life individuals and doing it in a real-time setting, making the result even more convincing (and terrifying!). But how does the software work in a way that we encounter deepfakes using familiar meeting platforms?

Deepfake generation software can be integrated with streaming platforms and video conferencing tools in many ways:

• It could function as a separate application that captures the video feed, processes it in real-time, and then sends the manipulated feed to the video conferencing software.
• Alternatively, it might be integrated directly into the video conferencing software as an optional feature or plugin.
• Another way, even more sophisticated and hard to detect is camera input, namely a virtual camera. Virtual camera intercepts the video feed from the physical camera of the faker. It then outputs the manipulated feed to the video conferencing software. The faker just picks the virtual camera as their camera input and voilà! (not funny, we know).

How to protect yourself against deepfakes?

Finally, to the most important part. How do you protect yourself against a deepfake, or at least get prepared to spot a fake boss making a sketchy request over video?

Privacy-first videoconferencing software is a key to safe meetings. Meet Nextcloud Talk, a powerful chatting and meeting platform that lets you regain control.

Learn more

Watch out for red flags

AI face swapping technology maybe advanced, but it’s not perfect. There are red flags you can spot, or at least learn to look out for when something seems off or unnatural:

• Unrealistic facial expressions or movements, including unnatural eye movements, inappropriate blinking, and/or weird lip sync.
• Inconsistencies in lighting and shadows that don’t match the surroundings.
• Unnatural head or body movements, as well as visible blurring or pixelation around the face or neck.
• Inconsistent quality in audio and video and mismatch between the picture and the sound.

Suspicious? Be proactive

There are methods to help you fish out the red flags that generally won’t make the conversation awkward if the person is in fact real.

First, there’s nothing more natural than a casual conversation. Engage in small talk: ask about their day, routine, questions about people you both know, etc. A complete stranger will struggle to be spontaneous and maintain the same personal connection. It’s also easier to catch one off guard when they lose a sense of control.

You can also use other video conferencing features: ask the person to share their screen and show you something related to your common tasks. This will be very difficult to replicate without access.

Finally, once they make a suspicious request, you have more freedom to be alert openly — politely ask them to confirm their identity by providing some exclusive information or send you a confirmation message via a different channel.

Set up a passphrase

One more way to ensure confidence when it comes to sensitive topics is setting up a password or passphrase. This is an easy way to confirm the identity of the people you know, both at work and between family members, and it is equally effective via voice, video and text communication.

Verify identity outside of the meeting

If a faker poses as a person you know well, chances are you have more than one communication channel to reach out with. Use email, a messenger or a personal phone number to contact them and raise a question — the reason is valid.

Don’t let them harvest your data

To replicate and manipulate a person’s voice or image, AI needs a massive amount of data. This data is often gathered beforehand, during online calls and meetings. Features like Recording Consent in Nextcloud Talk may help you protect yourself and others from such a data haul.

Use company software

It’s unlikely for your real boss to set up a meeting via a platform you never use for work. And if they do, they must have a good reason! Don’t be afraid to stand up to suspicious activity.

Using company software means better control over the data and compliance with privacy regulations. Even better — if you run it on-premises! Should an incident happen, the company IT team can run an audit to retrieve the relevant data and investigate.

Ensure secure access to your videoconferencing platform with settings like 2FA, strong passwords, data encryption, activity monitoring, and login restrictions. This applies to your personal settings and administrative controls.

Nextcloud Talk: video and chat with privacy in mind

Using a privacy-oriented, unified workspace with admin control in all apps makes sure your security protocols are in place to detect and prevent breaches. Nextcloud Hub provides a user friendly videoconferencing platform that keeps users happy to stay within company IT.

How Nextcloud Talk protects your data:

• AI-powered suspicious login detection
• Multi-layered encryption with end-to-end encrypted communication
• Brute-force protection
• Fully on-premises, 100% open source

Nextcloud is an open-source project backed by a strong community with proactive approach to vulnerability research and patching. It is designed to let you stay compliant with GDPR, CCPA, and the upcoming EU ePrivacy Regulation.

Get Nextcloud Hub

Download and install Nextcloud Hub here!

Get Hub

The post How to protect yourself against deepfake scams in video calls appeared first on Nextcloud.

What’s new

The updates bring several fixes and performance improvements in all supported versions of Nextcloud Hub. Version 26 meets its end of life and will no longer receive the updates. The Nextcloud desktop client has also been updated to version 3.12.3, and we highly recommend updating to this version due to important bug fixes.

Find the full changelog on our website, or read the update summaries below.

Version 26.0.13

This is the final update before the end of life of version 26. The update involves a mixture of enhancements and fixes across various components. Notable enhancements include:

• Collaboration, MailPlugin: Protect access to a potentially missing array component by ??
• Docs(config.sample.php): Warn that updatedirectory will break updates if set to a value within the installation folder
• Feat(share): save date and time for expiration
• Fix: Avoid clear cache with prefix
• Fix(api): Ignore “parsed” link and icon URLs when deleting
• Fix(caldav): add EXDATE and EXRULE to confidential object
• Fix(config): Make sure user keys are strings
• Fix(mail): Use parsed action label in email notification
• Fix(settings): posix_getpwuid can return false which should not be accessed like an array
• Fix(UpdateNotifications): Handle numeric user IDs

Note: There will be no more releases of Nextcloud Hub 4 (26.x.x and older). Upgrade to Nextcloud Enterprise to continue to get security and stability updates or move to Nextcloud Hub 6 or Hub 7. Don’t forget that running web-facing software without regular updates is risky. Please stay up to date with Nextcloud releases of both the server and its apps, for the safety of your data! Customers can always count on our upgrade support if needed.

Version 27.1.8

Recent updates encompass various improvements and fixes across different modules. Key enhancements affecting security, data integrity, user experience and overall performance include:

• Add recursive detection/prevention
• Docs(config.sample.php): Warn that updatedirectory will break updates if set to a value within the installation folder
• Fix: Avoid race condition that may initialize a document twice on the clients
• Fix: No password set for new mail shares
• Use the proper path to check if a file needs to be copied/moved to the actual target storage
• Fix: Allow to disable multipart copy on external s3 storage
• Fix: Avoid clear cache with prefix
• Fix: Fetch custom app store URL without internet connection
• Fix: Don’t return null for SharedStorage::getWrapperStorage with share recursion
• Fix: Ensure nested mount points are handled in the correct order

Version 28.0.4

The update includes multiple enhancements. Among those, the following focus on fixing issues related to security, data integrity, and functionality, ensuring smooth operation and improved user experience:

• Add recursive detection/prevention
• Fix: Avoid clear cache with prefix
• Fix: Avoid race condition that may initialize a document twice on the clients
• Fix: Catch exception from LogIteratorFactory, throw a clean error when log_type is not file
• Fix: No password set for new mail shares
• Fix(admin role): fix old and wrong way to determine whether user is admin
• Fix(backend): Accept pushes with only step1 messages by read-only clients
• Fix(config): Make sure user keys are strings
• Fix(settings): posix_getpwuid can return false which should not be accessed like an array
• Fix(UpdateNotifications): Handle numeric user ids
• Fix(user_ldap): Early failure for empty password login attempt
• Fix(user_status): Fix status update request not being sent
• Improve files version listing
• Use the proper path to check if a file needs to be copied/moved to the actual target storage

Desktop client 3.12.3

Recent updates 3.12.1 and 3.12.3 include several important bug fixes to tackle issues reported by customers.

In version 3.12.1, there are multiple improvements in end-to-end encryption functionality and a fix to a data loss issue that affects the users when group folders and files are moved from one location to another. Find the full changelog on GitHub.

The biggest part of version 3.12.3 is improvements for Windows users with a crash issue fixed and a much faster contextual menu performance. The crash could happen depending on the user workflow with the Windows file manager and its Nextcloud client integration. It also includes an important fix for users of group folders. Find the full changelog on GitHub.

Always keep your server up to date!

Nextcloud’s minor releases primarily focus on addressing security vulnerabilities and functionality bugs, avoiding major system overhauls that could jeopardize user data. Keeping your server up to date is vital, and our approach to testing and validation ensures that upgrading to minor releases is generally smooth and reliable.

For mission-critical Nextcloud systems in enterprise settings, consider switching to Nextcloud Enterprise. The tier provides you with ultimate deployment confidence: direct access to the Nextcloud engineering team, full assistance throughout deployment and integration, and peace of mind for system administrators. If you’re responsible for maintaining Nextcloud in your setting, this option may be the ideal solution for you.

The post Latest updates for Hub 6 and 7, end of life for Hub 4 appeared first on Nextcloud.

While a press release is obviously meant to be public, which is why the simple password was chosen, you might wonder why the ministry didn’t just use a completely password-less link for their Nextcloud share?

Secure sharing with Nextcloud

Nextcloud differentiates itself from public clouds like Microsoft 365, Dropbox or Google Drive with a focus on privacy and data sovereignty. Unlike public clouds, Nextcloud often runs on private cloud environments, giving the organization deploying it direct control over the data. It wouldn’t make sense for the German government (or any other) to hand over important data to foreign tech firms, which is why Nextcloud is widely deployed in the European public sector.

Protect your public links with passwords

With Nextcloud, users can share directly with other users. This makes sure no data leaves the government data center. But sometimes data must be shared outside the organization, either to a single individual or fully in public like with a press release.

Nextcloud allows users to create one, or more, public links for this purpose. A public link lets a third party who has the link view and (depending on the settings) download and edit the file. As you might share a document for editing with one person, and create another link with only viewing permissions to a second, each link can have its own protections. Including a password, expiration date and more!

The system administrator can put in additional controls, to ensure data is always protected. The File Access Control can use rules to stop files from being accessed outside Germany, for example. Or a mandatory 30 day expiration date can make sure links get cleaned up after a while. And last, but very relevant, administrators can enforce a password on each public link.

This setting is clearly enabled on the Nextcloud server used by the German Ministry of Defense, and explains why a simple password (1234) had to be chosen. Note that administrators can even enforce a certain degree of password quality, blocking such simple passwords from being chosen by users!

In other words. Mr. Pistorius does not use the password ‘1234’ to protect any data – it was meant to make it easy to access the press release.

We hope the readers at Bild appreciate out explanation!

For a more detailed exploration of our file sharing features available throughout Nextcloud, see our in-depth docs on File Sharing or our Sharing features overview.

The post Educating Bild: password-protected sharing appeared first on Nextcloud.

What’s new

The updates bring several important bug fixes and performance improvements in all supported versions of Nextcloud Hub. The Nextcloud desktop client has also been updated to version 3.12.0. Find the full changelog on our website, or read the update summaries below.

Version 26.0.12

In this update, several critical improvements have been made to enhance the system’s performance and security. The fixes tackle issues with partial cache entry in Files, auto-logout loop, brute-force protection for the federation endpoint, requests without read permission, and share status in WebDAV. These updates collectively contribute to a more robust and efficient user experience. Additionally, we handled issues with buffer chunked requests, storage background scanning, integer generation errors, preview generation, synchronization, file versioning. The capability for listing the root directory when using a case-insensitive option in SMB was also introduced.

Version 27.1.7

Several improvements and fixes have been implemented to enhance the overall functionality and security of the system. Noteworthy changes include logging when crypto session data is lost for better tracking and troubleshooting. Additionally, there are fixes in migration processes, checkbox functionality, auto-logout loop, brute-force protection for the federation endpoint, WebDAV, error handling, and a PHP codebase update. Other fixes include work on handling admin defaults in sharing, preview generation issues, video verification, errors in nextcloud/files, and storage background scanning.

Version 28.0.3

In the latest update, several enhancements and bug fixes have been introduced to ensure a smoother and more secure user experience. Notably, issues such as successful authentication detection in Kerberos tests and the slow logout problem on Chrome-like browsers have been addressed. There are fixes made in user status feature, disabling of SSL checks for JavaScript modules, visual enhancements for icons, PHP codebase update, webdav default header fix, and various performance improvements and bug fixes, ranging from quota warnings to cache issues in WebDAV.

Additionally, the release addresses buffer chunked requests, handling admin defaults in sharing, storage background scanning, URL pulse decoding, Photos picker, fixes related to file handling, and security enhancements including bruteforce protection to email endpoints.

Desktop client 3.12.0

Nextcloud desktop client update 3.12.0 includes several bug fixes and feature additions such as client status reporting and file-locking enhancements. Additionally, we made updates to workflows and dependency bumps, and ran a code cleanup.

Highlights of the version include client error reports in the server-like conflicts (data is available in the admin dashboard) and a restriction on moving the folders mounted in the external storage.

Find the full changelog on GitHub.

Make the most of Nextcloud with Hub 7

Nextcloud Hub 7 is the latest version of Hub. It brings even more synchronicity and comfort, introducing global features like Unified Search and cross-app out-of-office functionality, UX improvements and much more. What’s new:

• Unified Search to find anything, anywhere.
• Global Out-of-Office message in Mail, Calendar, and Talk.
• Phone dial-out, recording consent in Talk.
• iOS Live Photos, EXIF metadata support in Photos.
• Annotating and saving PDFs.
• Improved tag management and tag colors in Mail.
• Marking Deck cards as completed.
• New AI models for integration
• And more!

Get Nextcloud Hub 7

Download and install Nextcloud Hub 7 here!

Get Hub 7

Always keep your server up to date!

Nextcloud’s minor releases primarily focus on addressing security vulnerabilities and functionality bugs, avoiding major system overhauls that could jeopardize user data. Keeping your server up to date is vital, and our approach to testing and validation ensures that upgrading to minor releases is generally smooth and reliable.

For mission-critical Nextcloud systems in enterprise settings, consider switching to Nextcloud Enterprise. The tier provides you with ultimate deployment confidence: direct access to the Nextcloud engineering team, full assistance throughout deployment and integration, and peace of mind for system administrators. If you’re responsible for maintaining Nextcloud in your setting, this option may be the ideal solution for you.

The post February maintenance updates for Hub 4, 6 and 7 are here appeared first on Nextcloud.

Update summary

We updated Nextcloud server, focusing on several key performance improvements, bug fixes, and security enhancements. Find a brief overview of the updates below and access the full changelog for each version on our website.

New in version 26.0.11

The version brings several updates, including fixes for a semaphore issue, enabling multiple organizers support, and ensuring proper Certificate Revocation List (CRL) updates. LDAP group formatting, shared lock TTL restoration, and improved performance in token login have been addressed.

Throttling mechanisms for restore processes and enhanced error handling for Exif metadata read errors are implemented. Furthermore, user timezone parsing for share expiration and subscription key validation for improved security are now part of the updated features.

New in version 27.1.6

Version 27.1.6 includes the enhancement of the Psalm configuration for improved static code analysis. A language-related issue affecting grammatical accuracy has been addressed in the Internationalization module. Fixes include preventing floating-point value truncation in Quota settings for non-English locales and optimizing Calendar Query Handling in the CalDAV module for increased efficiency.

Accessibility and user experience have been improved by ensuring sufficient contrast for app menu entries and dashboard welcome messages, as well as resolving issues with the reference picker in the Files module. Security measures include preventing writing .htaccess files on read-only file systems and introducing a Two-Factor Authentication Bypass in the AppAPI under specific conditions.

Additionally, service worker issues in the Files module have been addressed to enhance performance, and changes have been made to reduce memory consumption during scans.

New in version 28.0.2

The Hub 7 update includes enhancements like replacing input fields with password fields and adding password error messages, adjusting theming utilities for better color contrast, and adding a setup check for maintenance_window_start configuration. Various bug fixes address issues such as dragging previews in the Files module, handling calendar notifications, and fixing user status errors. Additionally, the release focuses on accessibility improvements, security updates, and performance enhancements.

Security measures and and dependency updates

In all maintenance releases, security measures have been implemented to prevent writing .htaccess files on read-only file systems, and additional configurations have been marked as sensitive. We also limited the validity of the authorization codes in Nextclud to 10 minutes.

The updates also cover dependency changes across various modules like activity, firstrunwizard, logreader, notifications, and more.

Desktop client 3.11.1

Version 3.11.1 of the desktop client includes several bug fixes and performance updates, such as interface improvements, various file management issue fixes, missing translations for AppImage, spelling improvement in end-to-end encryption messages, and more.

You can find the full changelog on GitHub to access the details of this update and the previous minor and major versions. To browse system reqirements for the latest version, refer to our client manual.

Upgrade to Hub 7

Nextcloud Hub 7 is our most integrated platform so far, bringing global features such as Unified Search and cross-app out-of-office functionality. New features include:

• Unified Search to find anything, anywhere.
• Global Out-of-Office message in Mail, Calendar, and Talk.
• Phone dial-out, recording consent in Talk.
• iOS Live Photos, EXIF metadata support in Photos.
• Annotating and saving PDFs.
• Improved tag management and tag colors in Mail.
• Marking Deck cards as completed.
• New AI models for integration
• And more!

Get Nextcloud Hub 7

Download and install Nextcloud Hub 7 here!

Get Hub 7

Keep your server up to date!

Nextcloud’s minor releases primarily focus on addressing security vulnerabilities and functionality bugs, avoiding major system overhauls that could jeopardize user data. Keeping your server up to date is vital, and our approach to testing and validation ensures that upgrading to minor releases is generally smooth and reliable.

For mission-critical Nextcloud systems in enterprise settings, consider switching to Nextcloud Enterprise. The tier provides you with ultimate deployment confidence: direct access to the Nextcloud engineering team, full assistance throughout deployment and integration, and peace of mind for system administrators. If you’re responsible for maintaining Nextcloud in your setting, this option may be the ideal solution for you.

The post Maintenance updates ready for Hub 4, 6 and 7 appeared first on Nextcloud.

Why sharing files securely is important

Online sharing security is a topic brought up often enough, yet the majority of people just don’t want to delve too much into the technicalities of how to share files securely. Others seem to be always on guard but inevitably miss one or two important safeguards.

Sharing files without privacy risks considered can lead to a variety of issues, exposing individuals and organizations to potential threats. Here are only some of the common problems faced when you don’t share files securely:

• Unauthorized access
• Sensitive data interception and leaks
• Malware distribution
• Compliance violations
• Phishing risks
• Data corruption and loss

What we know for sure is that both companies and individuals absolutely need to know the basics of secure file sharing. And while it may seem like too much to handle to an average user, in fact all the instruments are there for you. Let’s explore!

1. Choose a secure file storage

Protecting your file storage is basic file security 101. We know it sounds very general, so what are the the most important things to start with? Here are the storage protection basics to keep in mind.

A secure storage that doesn’t spy on your data is a fundamental choice. No sophisticated security features are worth your while when you are using unsafe services to store and share your documents. Moving away from Big Tech providers like Google and Microsoft already puts you on the right track.

Security by design in Nextcloud Hub

Nexctloud Hub is secure by design, allowing you to host your data locally or in the trusted cloud. Flexible sharing options help control access not only to the files in your storage, but to many other items including Deck boards, Collectives, and more.

Enterprise-class authentication security in Hub provides features like 2FA, SSO, SAML 2.0, support for LDAP/Active Directory, and reliable backup options including peer-to-peer backup for private users with Nextcloud Backup app.

Try it now

2. Use temporary links

Temporary links are a magic tool that helps you get a better file security without much effort. Not only they limit access time for the target user when there’s no other way to revoke access, they also help minimize the opportunity window for others. This is particularly useful in scenarios where you need to share a file temporarily for a specific purpose or event.

Be mindful of the link’s expiration date, and choose a secure and reputable file-sharing service. It still needs to employ additional security measures. For example, encryption in transit and at rest to ensure comprehensive protection of shared files.

External link sharing in Nextcloud

In Nextcloud, you can share file and folder links securely with optional expiration dates. If your link starts going around, you can rest assured it is not for long. There’s also no need to worry about mitigating forgotten shares. Instead of relying on individuals to revoke access after a certain point, the link automatically becomes inactive.

3. Restrict file reusing

Sometimes you need to share content in full but want to make sure it is not reused inappropriately: downloaded, printed, copied, etc. There are additional measures that help prevent these actions.

Apply watermarks

Whatermarks help protect document content when users have full access to the file. When printed, for example, such documents will contain additional info about the author to protect your rights. A watermark can be customized and typically includes author’s name, creation date and other essential information. Most office suites support watermarking.

Restrict downloads

Some sharing options may include download restriction – the users can access your file online but cannot download it to their device to reuse, send to other users via unauthorized channels or upload somewhere on the web.

File restrictions in Nextcloud

In Nextcloud Hub, you can use watermarks and hide the download option from other users. Besides, you can add extra permission levels that forbid certain actions like editing and deleting. External link sharing is managed centrally in the link settings, and can be evoked any time you wish.

4. Share files via safe channels

Secure storage and file protection are vital, but sharing your file passwords via private messages brings it all into jeopardy. Channels we mostly use for sharing our files or links are messengers and email apps which are not always secure. How to pick the right one?

Make sure service provides encryption

If sharing files via email, consider using secure email services like ProtonMail or Tutanota. Those offer end-to-end encryption for emails and attachments. Use messaging apps that offer end-to-end encryption, such as Signal or WhatsApp. These apps ensure that only the intended recipient can decrypt and access the shared files. Nextcloud Hub integrates both online mail client and Talk chat, providing an all-in-one secure communication platform that works naturally with your file exchange.

Use VPN

If sharing files over a network, use a VPN to encrypt the connection and protect the data from potential eavesdropping. When you connect to a public Wi-Fi network, your data is vulnerable to interception by malicious actors on the same network. A VPN encrypts your data, making it significantly more challenging for hackers to eavesdrop on your chat conversations or any other sensitive information.

Move to a secure collaboration platform

Use secure collaboration platforms that provide end-to-end encryption and other security features. All-in-one platforms like Nextclud Hub incorporate a whole ecosystem of tools including mail and messaging. Moreover, sharing your files within the same perimeter is the most secure you can get. Even better — you host locally and fully own your data.

5. Share sensitive files securely with passwords

Password protection is available in most of the modern office suites, both online and offline. Some storage apps have password protection functionality too. While not entirely convenient, this feature is very safe and therefore suitable when you need ultimate security.

What happens when you protect a document with a password? The content of the document is encrypted using a cryptographic algorithm. This means that the actual text, images, and other data within the document are scrambled or transformed into a format that is not readable without the correct decryption key. This lets you share files securely even via common channels.

Password-protected documents are usually universally accessible across apps. A file with a password set in one software can be opened in another app that supports work with passwords. Some apps even allow protecting certain actions like editing or commenting with password while document’s content remains generally available.

Password protection in Nextcloud Office

Nextcloud Office also allows you to protect links with passwords to make sure only the authorized users have access to the shared file even if the file link becomes available to the public. This is also a way to protect individual files when you are sharing the folder publicly. Link protection is more convenient than file encryption: there’s no risk of forgetting your own password since you don’t need it.

File passwords are also supported in Office, in case you need to work with more sensitive data. Those files can be opened in other software that supports password protection, making files easy to share with anyone outside of Hub.

6. Use end-to-end encryption to share confidential files securely

In simple words, end-to-end encryption is when the data is encrypted on one device and then decrypted on another, with those devices being the two “ends”. Files encrypted end-to-end are stored and transferred in a secure, encrypted form before a user with authorized access needs to open a file to work on it. It often involves encrypting a file with a password, but sometimes the entire storage or some of its folders can be encrypted for ultimate protection.

Encrypted file sharing in Nextcloud

The Nextcloud desktop client offers client-side end-to-end encryption as a folder-level feature. This option enhances the security of highly sensitive data, ensuring its complete protection even in the event of a server breach.

File Drop: secure enterprise file exchange

The File Drop functionality in Nextcloud allows customers, patients, clients, or partners to securely upload files to a designated cloud folder that you have shared with them via a hyperlink. Data remains, at all times, on-premise, under full authority of IT. File Drop also features temporary link creation, encryption at rest and in transit, and file password protection.

Secure file sharing with Nextcloud Hub

Nextcloud Hub is one of the most safe collaboration platforms thanks to our dedication to privacy. And it’s not only about file sharing. Every app we build and add to our ecosystem has privacy in mind — Mail, Talk, Calendar, Notes, Files, and more — working together in ultimate synergy to deliver first-class collaboration for individuals and enterprises.

And most importantly, Nextcloud Hub is free and limitless for both private users and companies. Opt for the Enterprise version to get 24/7 dedicated support and stable performance guarantee when you maintain a mission-critical deployment.

File synchronization and sharing with Nextcloud is available on mobile platforms and in desktop environments, delivering even higher privacy level and ultimate comfort.

The post How to share files securely without risking privacy appeared first on Nextcloud.

We’ve made available new minor releases for Hub 4 and 6. You can find the full changelog of fixes and improvements for these releases on our website.

New in version 26.0.10

Highlights in version 26.0.10 include security-related fixes, such as updating the CA certificate bundle and handling potential vulnerabilities in the WebDAV component. The release improves performance with SFTP enhancements and optimizations in components like the TemplateManager and brute force protection mechanism. And, as always, backports of fixes aswell.

New in version 27.1.5

Highlights in version 27.1.5 include updating the CA certificate bundle, addressing CSRF check failures at login, and handling potential vulnerabilities such as idn_to_utf8 returning false, and other security-related fixes. Performance improvements involve lowering the threshold for system address book sync, optimizing file-sharing logic, and avoiding file operations when disk space is low. Additionally, the release introduces various system stability and reliability fixes, such as proper version fetching from shared files and avoiding unnecessary deletions. And, as always, …backports!

Desktop Client 3.11.0

In other news, the Desktop Client team pushed out a minor release, 3.11.0, fixing bugs and improving performance. You can find the full changelog here.

Improvements include the ability to remove remotely deleted files locally in case of upload errors and Material icons used for folders. Plus, we added multiple improvements for macOS, such as better reply notifications in Talk and opening Nextcloud after installation.

Don’t forget the desktop client now requires macOS version 12.0+.

It’s time to move to Nextcloud Hub 7

Nextcloud Hub 7 was released one week ago, and we recommend that you check it out to see if you can benefit from its latest features. Here is a quick summary:

• Unified, advanced search to find anything, anywhere.
• Global Out-of-Office message that works in Mail, Calendar, and Talk apps.
• Phone dial-out to call participants directly from within Talk.
• Recording consent in Talk to comply with privacy laws.
• iOS Live Photo viewing and EXIF metadata support in the Photos app.
• Annotating and saving PDFs right in your Nextcloud.
• Improved tag management and tag colors in the Mail app.
• Marking Deck cards as completed to stay productive.
• On-premises Stable Diffusion by Stability AI for local image generation and the new Aleph Alpha model.
• Much, much more!

Check out the full release announcement here. Note that the AI features are optional – and updating is easy as Hub 7 is built on the same foundation as Hub 6, not requiring any heavy migrations.

Get Nextcloud Hub 7

Download and install Nextcloud Hub 7 here!

Get Hub 7

Stay safe: keep your server up-to-date!

Minor Nextcloud releases are security and functionality bug fixes, not rewrites of major systems that risk user data! We subject our codebase to extensive automated testing, followed by validation on a series of real-world systems before releasing them to the public. This ensures that minor release upgrades are generally painless and reliable. As the updates not only fix feature issues but also security problems, it is highly recommended to upgrade!

If you are maintaining a mission-critical Nextcloud system for your enterprise, we also highly recommended Nextcloud Enterprise. With a hotline to the core Nextcloud developers, it’s the best guarantee of reliable service for your users and peace-of-mind for system administrators – maybe that’s you!

The post Hot on the heels of Hub 7, updates for Hub 4 and 6! appeared first on Nextcloud.

We want to make clear that these absolutely do not affect Nextcloud. Nextcloud has a strict security process backed by a USD 10K bug bounty program. We, for example, have a policy to remove test data from libraries that are shipped, to avoid risks like these.

Nextcloud has diverged significantly over the last years from ownCloud, accelerating our development. There are serious risks associated with using legacy, minimally-maintained software and we would want to point out to users and customers that migration to Nextcloud is quick, easy, painless, and helps keep their data private.

See here the ArsTechnica article in question.

The post Security statement on ownCloud breach appeared first on Nextcloud.

Dependency on proprietary hyperscalers like Amazon will strangle local technology, end up controlling and rerouting public spending, and make the state and society vulnerable to blackmail.

Sovereignty is the absence of strong dependencies on third parties. The Sovereign Cloud from AWS is a misnomer here.

Frank Karlitschek, CEO and founder of Nextcloud, in his comment to FAZ.net.

Read full article (in German)

A viable strategy to build a naturally sovereign European cloud already exists and should be put into action. It is entirely possible to build local, open-source ecosystems offering government and citizens direct control over data access and security, unmoderated by foreign big tech monopolists.

Issues with growing reliance on Amazon services

Due to Amazon’s monopoly-like role in the global cloud market, the employment of AWS cloud locks the government administrations and the European public sector in general within an externally controlled proprietary framework:

• When administrations commit to AWS cloud and the technology behind them, controlled exclusively by Amazon, it would limit the interoperability with the broader ecosystem and consequently lead to further expansion of the technological monopoly.
• A massive technological dependency would also mean continuous flow of substantial financial resources to Amazon and providers developing exclusively on its standards, making investments in European cloud offerings unattractive and permanently entrenching the monopoly positions.
• As the code isn’t available for public review, there is no guarantee against back doors present in the code or introduced anew via software updates and fixes.
• The withholding of security patches, late application of security improvements for known issues (or absence of such) or sharing information about known, unfixed problems with a third party could compromise the security of the platform. Recent incidents around the Pegasus spyware have shown the risks of unknown and know open security issues and how these can be and are abused at industrial scale by state and non-state actors.
• With Amazon being the single provider behind the ecosystem, the unilateral termination of the contractual relationships could jeopardize the provision of public services.

As a final result, the state actors critically dependent on Amazon products would be forced to:

• Pay almost any price called for.
• In the future, forego concessions originally made with regard to data security and independence from U.S. authorities.
• To accept non-open, proprietary standards set by Amazon, to which other (EU) states and large parts of the economy might have to realign themselves.

Strategic use of open source software as an alternative

The key alternative to the use of Amazon-controlled cloud infrastructure in public administration is the strategic use of open source software. This includes the adoption and further development of open source solutions that already exist and have been tried and tested by millions of users across all sectors of economy and government.

Open source technologies have become so successful because they were able to adapt very quickly to new requirements by a huge developer community. Only in this way could the high pace of innovation of digitization be realized at all. In fact, the large, market-dominating cloud providers such as Google, Facebook and Amazon, have relied almost exclusively on open source software, adapting them to their needs and building their own proprietary offerings on it.

Benefits open source brings, like the excellent usability and functionality, ability to control data access and security provisions, interoperability and complete customization freedom can thus meet the key needs that exist in administrations and industry worldwide.

Open source software is continuously developed by international communities. These usually consist of employees of companies and other organizations that use this software industrially. Conceptually, the state can build up sufficient competence in institutions such as the planned Center for Digital Sovereignty to participate in corresponding communities so that it can competently manage corresponding service providers.

According to studies, investments in the development of OSS bring an impressive 4x return on investment for the European GDP. With targeted investments, a successful strategy to create an equal-opportunity supplier market for European IT and digital ecosystems and platforms is fully conceivable.

How to achieve the real digital sovereignty for the European public sector

As a part of a strategy against escalating dependence of public administration and the industry on the proprietary, foreign cloud technology, the government should implement the following:

• Deploy only fully open source-based offerings for implementing and handling key tasks of a sovereign state and enforce the same for in the private sector for mission-critical industrial applications.
• Invest in open source cloud application and infrastructure. These alternatives to the hyperscaler tech have a great potential to leapfrog even the hyperscalers in innovation. They should become the basis of a sustainable European digital economy.
• The open source ecosystem must be initially strengthened with targeted government mandates in order to activate private-sector investments and the involvement of the local providers. Every investment in open source is immediately available to the general public and thus also directly benefits the economy and civil society.
• Cooperation with Amazon (or any proprietary offering) to build a “sovereign” cloud runs counter to these goals. Unilateral dependency threatens to make the state and society highly susceptible to malicious foreign actors, and limit strategic autonomy.
• Do not wait. Digital dependency already starts with the IT infrastructure. A later change of the cloud platform entails high costs and efforts that are insurmountable for many organizations. The state must set the course for a sovereign and open cloud today.

Summary

It is positive to see the American Big Tech firms realizing they have to take the Digital Sovereignty of Europe more serious, and to see them look for ways around the US CLOUD ACT. However, It is clear that a EU data center does not block foreign entities from accessing EU citizen data, and neither do company policies.

The effectiveness of Amazon’s approach, which to us just seems a slight variation on earlier, unsuccessful attempts, will end up having to be tested in US courts — likely in secrecy under a gag order, so we won’t even know if it made a difference. Even if it does work, it does little to resolve the dependency problem which is at the core of the Digital Sovereignty challenge.

As we now see with various sanctions, foreign companies can be forced to stop services or sales to Europe, limiting the EU’s ability to make its own, sovereign decisions. A real Digitally Sovereign solution would need a fully open source based platform which is fundamentally not under control of a foreign state. Without the ability for European countries to run, maintain and improve a platform, independence just can’t be guaranteed.

We outlined the direction governments should take, and look forward to constructive input and a chance to contribute to the implementation of a strong, European Digital Economy.

The post Why the AWS European Sovereign Cloud is an obstacle to reaching true digital sovereignty appeared first on Nextcloud.