nextcloud / server

☁️ Nextcloud server, a safe home for all your data
https://nextcloud.com
GNU Affero General Public License v3.0
27.29k stars 4.06k forks source link

[Enh]: Avoid Privacy-Leaks (multiple) by default #33014

Open yuv opened 2 years ago

yuv commented 2 years ago

Description

I am trying to operate a private Nextcloud instance. I find that there are many features such as update notifications or the updating of contact avatars from social media that trade off privacy for convenience. I kindly ask you to adopt a development rule:

No server-side fetching of external resources/URL without explicit permission.

A few examples:

defaults matter and should be chosen for privacy first, not for convenience. even when that privacy is less beneficial to the Nextcloud project (Usage survey). put your users' privacy first and you will be rewarded with more trust. there is nothing wrong with guiding the users to change the defaults, explaining the benefits/costs trade-off.

Steps to reproduce

1.Install a new Nextcloud instance with default settings 2.watch for the instance's fetching of external URLs

Expected behavior

no fetching of external URL that has not been previously consented to by the instance admin.

yuv commented 1 year ago

After the most recent "upgrade" things became worse. Try editing a a Markdown file in the web interface. Enter a URL. Without asking for permission, Nextcloud triggers a fetch of the URL and add an (unwanted, because it occupies display space) preview. Please make such features optional and disabled by default.