[owncloud-devel] Hi ! planning to implement client-side encryption, read if you're interested
mathieu.bourrier at startmail.com
Sat Nov 22 18:02:10 GMT 2014
I wanted to introduce myself quickly, and let everyone know that I plan
to work on client-side encryption for ownCloud.
If you feel that this information would be more appropriate somewhere
else (forums maybe ?) please say so.
Sorry if this is a little long-winded, feel free to skip the boring parts :)
I checked one month ago where things stood with ownCloud and discovered
that although the feature would be welcomed, it is no high priority for
_Philosophy behind this__project_
The end goal is to help provide a free, open-source solution for
cloud-storage client-side encryption so that its usage spreads as far as
possible ; there is a growing need as the recent iCloud and SnapChat
leaks proved again recently.
Between online attackers, personal data-hungry companies and government
mass-surveillance, protecting personal data will soon become critical
IMHO, if it hasn't already.
While SpiderOak and the likes are doing a great job at this already,
these are not free (nor, for most, open-source) so this is a big barrier
Plus, having a free solution under GPL license will also allow more
businesses to build on it, which should results in a more dynamic and
innovative market and provide people with better options overall.
__Who am I ?
__I have been working as a storage/virtualization/backup consultant in
Paris for 9 years now.
I wanted for a while to become more involved, in my free time, in
something that helped people.
I also follow closely the privacy and security topics, even more so
since Snowden happened.
Finally, coding has been a passion since I was a teenager.
So this is really me trying to fulfil all of the above, and I hope that
I will be able to help some people in the process.
What's the plan ?
_For now the overall plan is to :
1- produce the threat model and design goals (in progress)
2- design the security model and how it will integrate with ownCloud,
define a tentative roadmap
4- test and QA, audit if possible
5- release and maintain.
6- adding features once initial code stabilize
*_Looking _**_for _*_*group*
Disclaimer : I have no previous experience in ownCloud development,
professional web development, nor security design. I know, scary right ?_
_Security software is best produced by a team, the lonely genius that
produces perfect, secure code on his own does not exist, and even if he
does, it's not me :)
In order for this feature to be secure and good enough for a public
release, I expect I will need some help :
1- at the beginning, for the design phase, in order to produce a really
secure system the design will be "open-sourced". Anyone that wishes to
contribute to/discuss/correct the design is more than welcome. The more
the better, this will only strengthen the final product.
2- experienced ownCloud contributors input will also be invaluable at
this point, as they could identify very early any design points that
won't work well (or at all) with ownCloud current OR future implementations.
I am also very aware that client-side encryption will prevent a lot of
existing ownClouds apps from working, which impacts the overall value of
ownCloud in a significant way.
The intent is to make the integration of client-side encryption the
smoothest it can be, without compromising the security/privacy goals of
3- for the coding phase, having at least one co-contributor would speed
up the process, and helps to produce better code as we can review each
other code along the way.
This would also prevent this project from being a "one-man" thing which
will also allow for better supportability and maintenance in the long run.
Now this might look like asking a lot.
First, please note that as I have a regular job on weekdays, most of the
work would be done during weekends so this will be spread over several
Second, point #1 and #2 can totally be "on and off" contributions, just
an exchange of emails/ideas, I will be the one driving this and putting
For #3 a regular contributor is preferred, someone who is like me ready
to invest some time over several months to help this thing be released,
but one-shot helpers are welcome too.
One important thing : in the long-run I expect the feature to be
available for all platforms, including the mobile ones (thanks for
opening the IOS app by the way !).
This is needed IMHO if we want to drive the adoption up. These apps
require specific skills and it will be either difficult or a lot longer
to handle all of the work by myself.
So if you're interested in some kind of involvement, or knows someone
who might, feel free to contact me or spread the word !
Either by email or GitHub, my pseudo is orion1024.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel