💾 Archived View for zaibatsu.circumlunar.space › ~visiblink › phlog › 20190223 captured on 2021-12-04 at 18:04:22.

View Raw

More Information

⬅️ Previous capture (2021-12-03)

-=-=-=-=-=-=-

One of my goals in the last few months was to move my 
personal data onto a self-hosted server. To that end, I 
spent a fair amount of time setting up a Nextcloud instance.

Then, yesterday, I learned that in 2017, the Nextcloud 
developers scanned for all known Nextcloud instances and 
reported those that were not up-to-date to ISPs and security 
agencies[1]. I am one of those people whose ISP does not 
permit non-business users to have a server, so the last 
thing I need is Nextcloud reporting me. I won't even begin 
to discuss what I think of them reporting users to security 
agencies because this phlog would degenerate into a fury of 
expletives.

I do understand what the developers hoped to accomplish. 
They did not want to be responsible for insecure servers and 
did not want their 'brand' tarnished by security breaches. 
I get it.

But I think this is the last time I will ever install any 
open-source software from an entity that has for-profit 
leanings. They just don't get what open source is supposed 
to be about. If I want to run an insecure server (I don't, 
but if I did...) that's my business, and I don't need some 
dev reporting me to my ISP and the local version of the 
NSA/CSIS.

Anyways, I closed the router firewall port to my Nextcloud 
instance and for now, it's only available on the LAN at 
home. I'll probably shut it down and start syncing via USB 
again.

Sometimes I hate the internet.


[1] https://www.reddit.com/r/selfhosted/comments/5ybmf1/nextcloud_scanning_peoples_owncloud_and_nextcloud/