It would be awsome to have this in the quartet Mastodon, Peertube, Pixelfed and Mobilizon. Mobilizon being the missing piece...
xBrowserSync is a free and open-source alternative to browser syncing tools offered by companies like Google, Firefox, Opera and others. The project was born out of a concern for the over-reliance on services provided by big tech, who collect as much personal data as they can and have demonstrated that they do not respect their user’s privacy. Now, with the proliferation of open-source code and projects it’s easier than ever to create tools and services that allow users to take back control of their data!
I have been wondering the level of security and privacy the Cloudron solution offers.
I have read the security and privacy section in the docs (https://docs.cloudron.io/security/) and understand "Cloudron has no mechanism to access your server". And that is indeed great privacy by design...
However, I have some specific questions as to the hosting company itself and the Email situation:
- VPS hosting
If for instance I host Cloudron on netcup.eu what privileges does the VPS hoster have on content? Off course if they wish they can terminate the hosting itself in effect dissapearing all content. With a Cloudron backup, hosting can simply be shifted to another provider if that should happen for some reason.
But what about actual access to the Ubuntu server and the cloudron instance itself? Will VPS hoster have any way of accessing that data? For example user data (mail, names etc.), number and names of cloudron apps? Can there be backdoors? If not I presume it is not necessary to sign a GDPR agreement with VPS hoster as no user data except my own registration and payment details can under no circumstaces be shared?
In the docs about Email (https://docs.cloudron.io/email/) "Secure out of the box" is advertised, however the linked URL supposedly explaining that is taken down: https://docs.cloudron.io/email/security/#email-security
So my question is what happened to that page and what does "Secure out of the box" actually imply in this context?
Does it for example mean encrypted at rest? possibility of E2EE (End to end encryption)? If not, can those at all be achieved within the Cloudron solution? (For example through Nextcloud). In other words is there a way of achieving or getting close to the kind of mail privacy and security offered by for example Protonmail and Tutanota, but using Cloudron?
In any case... all comments regarding the advantages/drawbacks of the security/privacy situation on Cloudron are very welcome
Mobilizon - A free and federated tool to get our events off Facebook!
xbrowsersync - Secure, anonymous & free browser syncing
Server and mail security/privacy