Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

🆕 Software Suggestion | Cozy Cloud #2401

Open
1 task done
fgamess opened this issue Aug 3, 2021 · 5 comments
Open
1 task done

🆕 Software Suggestion | Cozy Cloud #2401

fgamess opened this issue Aug 3, 2021 · 5 comments

Comments

@fgamess
Copy link

fgamess commented Aug 3, 2021

Basic Information

Name: Cozy Cloud
Category: Provider/Cloud Storage
URL: https://cozy.io/en/

Description

I do believe that Cozy Cloud should be mentioned on your website as it provides multiple secure cloud services (bank aggregator, cloud storage, notes, password manager). They seem pretty transparent and concerned about the privacy of their customer.

Why I am making the suggestion

Cozy Cloud is a set of open-source services that give you the ability to store and manage multiple data that you own on the cloud.

Cozy Cloud seems to give detailed information about how they collect and process our data and with who on the Privacy page

It provides multiple services:

Cozy Cloud is located in France and so will be your data when stored on their servers. Might be a source of concern?

My connection with the software

I am simply an early adopter. I used it several times.

  • I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.
@ph00lt0
Copy link

ph00lt0 commented Aug 3, 2021

Self hosting is possible: https://docs.cozy.io/en/tutorials/selfhost-debian/

I am a bit concerned about their privacy page. The link @fgamess included is not the actual privacy policy. The actual privacy policy is listed at the bottom can be found here: https://files.cozycloud.cc/TOS-4.41.1.pdf. This is actually the full TOS, but they are only available in French. Under GDPR it is required to provide a privacy policy in the language of the countries you are active.
The TOS under 4.11.1 mentions that Cozy still shares data to countries in the Privacy Shield scheme. This has abandoned by the EU court of Justice (Schrems II) and may no longer be used. Sharing EU personal data with companies in the US such as Stripe and Mailchimp are still a tricky business. The only options to do so are with a BCR or SCC contract and because the US does not offer the same level of data protection, additional measures are required. (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN). The fact that they have no mention of this and the TOS is either outdated or against the law should raise a red flag.

@fgamess
Copy link
Author

fgamess commented Aug 3, 2021

These are good points @ph00lt0 I am not so rigorous yet when checking because I just started to be concerned by privacy in fact. Then perhaps cozy isn't a good suggestion

@ph00lt0
Copy link

ph00lt0 commented Aug 3, 2021

@fgamess hey no worries. It's good to look into these. I am not saying that they should not be recommended but it would require some changes on their side.

@lynn-stephenson
Copy link
Contributor

lynn-stephenson commented Aug 3, 2021

I am taking a look at the source code, but I don't immediately see how this is any more private than other cloud providers. There does not appear to be any E2EE. Besides, I already have a plan to develop a self-hostable file management server (ahem, "cloud storage") with E2EE.

@fgamess
Copy link
Author

fgamess commented Aug 4, 2021

@lynn-stephenson good catch https://help.cozy.io/article/110-does-cozy-encrypt-my-data
They say Cozy encrypts passwords and connections. The data stored in Cozy is not encrypted, as this would negatively affect the overall user experience. We are considering implementing partial encryption of data stored in Cozy.
So I don't know the ETA on this point for today. I will try to contact them to know about the progress.
additional link: https://blog.cozy.io/en/encryption-cozy/

@ph00lt0 about this Under GDPR it is required to provide a privacy policy in the language of the countries you are active.
I will notice them about that once have some free time.

@ph00lt0 @lynn-stephenson we need to see if they are open to suggestion and improvements about security and privacy

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants