@disroot Why do you allow for emails, uploaded files, and items such as calendars, contacts, tasks, etc. to be stored on your servers in plain text? For being so privacy minded, this seems a large misstep. Why not support client-side E2E encryption (especially for email)? https://disroot.org/en/privacy_policy

@disroot I understand the servers have full disk encryption, but even so, admin shouldn’t have the ability to view such personal data in such a privacy-minded platform. This is pseudo-private.

@retta_rath Because it not easy. We use nextcloud for files calendars and contacts so we depend on nextcloud implementation of e2ee in that aspect. At the same time since nextcloud sticks to standards like calDav, its the implementation of the protocol that lacks. We think it is important to keep to standards so that you have more freedom to choose your calendar app and be inter-operatable.

....

@retta_rath
... Same goes for email. We want to stay compatible with IMAP/POP3 and in the future JMAP as well. At the moment there is no open source e2ee implementation for storing emails at rest. However since we support standards you are free to use any mail client supporting GPG which we encourage.
.....

@retta_rath
...
Also another aspect of keeping emails encrypted at rest like some of the 'privacy' focused providers do is that all emails send outside the server are sent plaintext anyway. This means that the provider can intercept any email before they are encrypted. Those implementations are usually closed sourced, where users dont have control over keys and get somehwhat miss conception on the fact 99% of the emails are in fact not encrypted at all when in transit.
....

@retta_rath
... That said. What we want to work on next year is fund a proper fully open source solution for e2ee mailbox encryption at rest in compliance with GnuPG and focus on things like full autocrypt support.