It doesn’t seem to exist. I’d like a solution to upload and sync my photos and my KeePass database, but I’m really hesitant to upload personal photos unencrypted to services exposed to the internet. Unfortunately self-hosting a Nextcloud instance on my LAN isn’t possible at this moment, but maybe a VPS with a strict firewall and a mesh VPN like Tailscale or Netbird? But honestly I’d rather just pay someone for the trouble.

What do you suggest? Clients need to be FOSS and available on Linux and Android, and on Android they need to be available on F-Droid (thus no proprietary blobs or libraries from Google).

  • blight@piefed.blahaj.zoneOP
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 hours ago

    Don’t put your Keepass on a remote server!

    Why not? It’s encrypted.

    IDK if that would count as E2EE

    It doesn’t.

    • solrize@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      10 hours ago

      When you say E2EE that usually refers to encryption and decryption at each end. So the endpoints see the plaintext but it’s encrypted in transit.

      I think you don’t want E2EE in the above sense. You want all the encryption and decryption to be on the client, i.e. you want encrypted remote storage where the server side ONLY sees ciphertext.

      Anyway yeah, maybe just SSHFS or NFS to an encrypted disk image on the loopback FS of your local machine. I think the remote side shouldn’t even have a file system (i.e. that exposes metadata like file sizes) rather than just a raw disk-like image. But, it could still be possible for someone monitoring disk activity on the server side to infer some things about that.

      How much data are you talking about? What is your budget? You might be better off with a dedicated server, e.g. Hetzner server auction. That would make various active monitoring at the host less likely. You’d still want to encrypt in about the same way as you would a VPS.

      • blight@piefed.blahaj.zoneOP
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 hours ago

        If that were true, TLS/HTTPS would count as E2EE. I don’t think your definition is correct, but I could of course be wrong. But yes, I want client side encryption.

        But thanks, I’ll think about it.