It doesn’t seem to exist. I’d like a solution to upload and sync my photos and my KeePass database, but I’m really hesitant to upload personal photos unencrypted to services exposed to the internet. Unfortunately self-hosting a Nextcloud instance on my LAN isn’t possible at this moment, but maybe a VPS with a strict firewall and a mesh VPN like Tailscale or Netbird? But honestly I’d rather just pay someone for the trouble.
What do you suggest? Clients need to be FOSS and available on Linux and Android, and on Android they need to be available on F-Droid (thus no proprietary blobs or libraries from Google).


Don’t put your Keepass on a remote server! Jeez. For your photos you could run Nextcloud on a VPS with an encrypted file system. That wouldn’t be super duper secure (the host could get the keys out from the running VPS) and you’d have to deal with reloading keys every time you rebooted the VPS for whatever reason, but it’s a pretty simple thing to do. IDK if that would count as E2EE since the VPS does see the plaintext in transit.
Maybe you could do something with SSHFS and an encrypted disk image but that starts getting slow and flaky.
Tbh I don’t bother with anything like that for my own photos. They’re just on my local machine and not on the network. I have some encrypted Borg backups on a remote server but no Nextcloud or anything like that.
Why not? It’s encrypted.
It doesn’t.
When you say E2EE that usually refers to encryption and decryption at each end. So the endpoints see the plaintext but it’s encrypted in transit.
I think you don’t want E2EE in the above sense. You want all the encryption and decryption to be on the client, i.e. you want encrypted remote storage where the server side ONLY sees ciphertext.
Anyway yeah, maybe just SSHFS or NFS to an encrypted disk image on the loopback FS of your local machine. I think the remote side shouldn’t even have a file system (i.e. that exposes metadata like file sizes) rather than just a raw disk-like image. But, it could still be possible for someone monitoring disk activity on the server side to infer some things about that.
How much data are you talking about? What is your budget? You might be better off with a dedicated server, e.g. Hetzner server auction. That would make various active monitoring at the host less likely. You’d still want to encrypt in about the same way as you would a VPS.
If that were true, TLS/HTTPS would count as E2EE. I don’t think your definition is correct, but I could of course be wrong. But yes, I want client side encryption.
But thanks, I’ll think about it.