From ff042c03b37daa1595f5624693a480e2b204b0a8 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 8 Aug 2017 17:18:43 +0100
Subject: [PATCH] nextcloud advisory

---
 doc/EN/app_nextcloud.org      |  2 ++
 website/EN/app_nextcloud.html | 22 +++++++++++++++-------
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/doc/EN/app_nextcloud.org b/doc/EN/app_nextcloud.org
index 93b3d044..949faf50 100644
--- a/doc/EN/app_nextcloud.org
+++ b/doc/EN/app_nextcloud.org
@@ -24,6 +24,8 @@ NextCloud is a system for file synchronisation and also has many other plugins f
 
 The videoconferencing plugin requires a browser with WebRTC support and so is unlikely to work in a Tor browser, but may still be a better option than using proprietary systems.
 
+* Operational considerations
+If your ISP or the government in your area is part of your threat model then NextCloud may not be the best choice for hosting files and [[./app_syncthing.html][Syncthing]] could be preferable. In the past NextCloud is known to have remotely scanned servers without permission and reported server admins who don't immediately update to the latest version of the software to their ISPs or to questionable government agencies. Depending upon where you are located such activities by the developer, which are not really in the spirit of independent self-hosting, could have very undesirable results.
 * Installation
 Log into your system with:
 
diff --git a/website/EN/app_nextcloud.html b/website/EN/app_nextcloud.html
index 30a804ce..7fbc383b 100644
--- a/website/EN/app_nextcloud.html
+++ b/website/EN/app_nextcloud.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-05-08 Mon 23:45 -->
+<!-- 2017-08-08 Tue 17:17 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
@@ -264,9 +264,17 @@ NextCloud is a system for file synchronisation and also has many other plugins f
 The videoconferencing plugin requires a browser with WebRTC support and so is unlikely to work in a Tor browser, but may still be a better option than using proprietary systems.
 </p>
 
-<div id="outline-container-orge6cdeb1" class="outline-2">
-<h2 id="orge6cdeb1">Installation</h2>
-<div class="outline-text-2" id="text-orge6cdeb1">
+<div id="outline-container-org339ea70" class="outline-2">
+<h2 id="org339ea70">Operational considerations</h2>
+<div class="outline-text-2" id="text-org339ea70">
+<p>
+If your ISP or the government in your area is part of your threat model then NextCloud may not be the best choice for hosting files and <a href="./app_syncthing.html">Syncthing</a> could be preferable. In the past NextCloud is known to have remotely scanned servers without permission and reported server admins who don't immediately update to the latest version of the software to their ISPs or to questionable government agencies. Depending upon where you are located such activities by the developer, which are not really in the spirit of independent self-hosting, could have very undesirable results.
+</p>
+</div>
+</div>
+<div id="outline-container-org651aea8" class="outline-2">
+<h2 id="org651aea8">Installation</h2>
+<div class="outline-text-2" id="text-org651aea8">
 <p>
 Log into your system with:
 </p>
@@ -286,9 +294,9 @@ Select <b>Add/Remove Apps</b> then <b>nextcloud</b>. You will then be asked for
 </div>
 </div>
 
-<div id="outline-container-orgdf0be0a" class="outline-2">
-<h2 id="orgdf0be0a">Initial setup</h2>
-<div class="outline-text-2" id="text-orgdf0be0a">
+<div id="outline-container-orgd455a47" class="outline-2">
+<h2 id="orgd455a47">Initial setup</h2>
+<div class="outline-text-2" id="text-orgd455a47">
 <p>
 Go to the <b>Administrator control panel</b> and select <b>Passwords</b> then <b>nextcloud</b>. This will give you the password to initially log in to the system and you can change it later from a client app if needed.
 </p>