The German tabloid Bild featured an article covering the press release published by the German Ministry of Defence about the recent leaks of WebEX calls between army generals. The Bild noted that the password the Ministry of Defence used for the shared Nextcloud link was „1234“, assuming this was meant to ’secure‘ the link.
While a press release is obviously meant to be public, which is why the simple password was chosen, you might wonder why the ministry didn’t just use a completely password-less link for their Nextcloud share?
Nextcloud differentiates itself from public clouds like Microsoft 365, Dropbox or Google Drive with a focus on privacy and data sovereignty. Unlike public clouds, Nextcloud often runs on private cloud environments, giving the organization deploying it direct control over the data. It wouldn’t make sense for the German government (or any other) to hand over important data to foreign tech firms, which is why Nextcloud is widely deployed in the European public sector.
With Nextcloud, users can share directly with other users. This makes sure no data leaves the government data center. But sometimes data must be shared outside the organization, either to a single individual or fully in public like with a press release.
Nextcloud allows users to create one, or more, public links for this purpose. A public link lets a third party who has the link view and (depending on the settings) download and edit the file. As you might share a document for editing with one person, and create another link with only viewing permissions to a second, each link can have its own protections. Including a password, expiration date and more!
The system administrator can put in additional controls, to ensure data is always protected. The File Access Control can use rules to stop files from being accessed outside Germany, for example. Or a mandatory 30 day expiration date can make sure links get cleaned up after a while. And last, but very relevant, administrators can enforce a password on each public link.
This setting is clearly enabled on the Nextcloud server used by the German Ministry of Defense, and explains why a simple password (1234) had to be chosen. Note that administrators can even enforce a certain degree of password quality, blocking such simple passwords from being chosen by users!
In other words. Mr. Pistorius does not use the password ‚1234‘ to protect any data – it was meant to make it easy to access the press release.
We hope the readers at Bild appreciate out explanation!
For a more detailed exploration of our file sharing features available throughout Nextcloud, see our in-depth docs on File Sharing or our Sharing features overview.
Bechtle und Nextcloud kündigen heute eine vollständig verwaltete Kollaborationsplattform für den öffentlichen Sektor an, die keiner Ausschreibung bedarf und sofort bereitgestellt werden kann.
Mehr lesen
Our mission is to help individuals, businesses and organizations achieve digital sovereignty and regain control over their data. Nextcloud Hub 5 marks a massive step forward towards achieving this mission, putting the power of AI into your hands – in a way that keeps you in control. New release, new possibilities Hub 5 builds on […]
Mehr lesen
Regain control of your time with Hub 8: improvements all around Hub, new apps, new AI features, new level of performance and comfort. Tune in and discover the next generation of collaboration.
Mehr lesen
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Mehr lesen
Microsoft attempts to delay antitrust action by separating Teams from Office, hoping to continue to abuse its market dominance while it 'negotiates' with the EU.
Mehr lesen
