- Speaker: Frank Karlitschek
- Date: Thursday 1 May 2014
- Duration: 1h
- Location: MIT, Cambridge, MA
Context
One of the reason why ownCloud was created is the privacy aspect.
Cloud services cannot be trusted anymore after all the privacy issues we saw these last years.
Frank wrote the User Data Manifesto, a set of user rights that should be true online as it is commonly accepted offline. For example, if I put something in a locker, I would not like to see the company that owns the locker regularly looking at what is inside my locker and sell the item list to other companies.
Basic rights defined in the manifesto:
- Own the data
- Know where the data is stored
- Choose the storage location
- Control access (I decide who can see what I share, advertisers, ...)
- Choose the conditions (I decide if I sell or not my data)
- Invulnerability of data
- Use it optimally
- Server software transparency
In order to meet these requirements, we need tools. Some exist but are too cryptic for non technical users. For example, the manual page of SSH is not digestable for everyone. There are GPG/PGP plugins for Gmail and other but nothing simply integrated yet. Security and privacy technologies exist but cannot be used widely because of this complexity.
ownCloud overview
ownCloud is an open source project (under AGPL License), with more than 150 contributors and more than 500.000 installations so far. It extensively uses open protocols and APIs.
The main feature of ownCloud is the file explorer, but it has been enhanced through numerous plugins: picture gallery, music and video players, bookmark syncing, ...
Different authentication methods are supported: an internal one, integration with LDAP, OAuth, SAML, Active Directory, ...
The next version (7, will be released around July) will introduce the ability to share data across different ownCloud instances. No support for synchronization yet.
ownCloud backend is tied to the filesystem. It also uses a database backend (multiple DBMS are supported) to store any kind of metadata. It offers applications interfaces to store data in both locations, filesystem or database. It does not support LDP. Extending ownCloud means creating a new plugin/application within the ownCloud instance rather than accessing a standard interface from external applications.
Versioning
ownCloud used to have a git backend for versioning purposes but now uses its own versioning system. It is a plain copy of the files from one version to another.
It automatically expire / cleanup files depending on storage and quota limits, age of the old versions, number of versions, ...
With documents following open standards like LibreOffice documents, ownCloud can be used as a collaborative editing tool.
Encryption
Server side encryption is AES-128. Client side encryption is not yet implemented but will be soon.
Sharing
Both folders and files can be shared across users. It offers fine-grained access control (read and write rights, delete, ...). It is also possible to set an expiration date on shared files.