I’d like to give my users some private network storage (private from me, ie. something encrypted at rest with keys that root cannot obtain).

Do you have any recommendations?

Ideally, it should be something where files are only decrypted on the client, but server-side decryption would be acceptable too as long as the server doesn’t save the decryption keys to disk.

Before someone suggests that, I know I could just put lucks-encrypted disk images on the NAS, but I’d like the whole thing to have decent performance (the idea is to allow people to store their photos/videos, so some may have several GB of files).

  • talkingpumpkin@lemmy.worldOPEnglish
    4·
    2 hours ago

    IDK how much I’d trust them with tech stuff (not much, definitely). However I don’t see how encrypted storage may become an attack vector?

    I mean, they could clog up the HDDs with crap, but they can already do that via non-encrypted network storage (and in several other ways).

    • irmadlad@lemmy.worldEnglish
      5·
      1 hour ago

      However I don’t see how encrypted storage may become an attack vector?

      Not an attack vector. I’m speaking more towards the content of what they will be storing on your server.

      • francois@jlai.luEnglish
        2·
        27 minutes ago

        Can the hoster be liable for illegal content stored on their server if they have no way to decrypt the files?

        • irmadlad@lemmy.worldEnglish
          1·
          10 minutes ago

          There are Safe Harbor laws, however, these vary by jurisdiction, country, etc. It would be a litigation I wouldn’t want to get involved in. I’m not crapping on your deployment idea. I’m just very cautious…perhaps overly cautious.