Nextcloud has updated its software following reports of unusual data collection activities which raised alarm among users. Initially sparked by Mastodon user 'Niels' and further investigated by Dutch researcher Tobias Fiebig, concerns centered on how Nextcloud appeared to be enumerating local users after a recent upgrade. After discussions with Nextcloud's director of engineering, it became clear that a change introduced in February 2025 altered default settings, creating unnecessary server requests but not compromising user data privacy, as no data is stored without consent.
Nextcloud faced scrutiny after users noticed unusual data collection activities post-upgrade. However, the findings revealed it was a logic issue rather than actual data leaks.
The concerns arose after the latest release change created unnecessary requests, which misled users about data privacy, emphasizing the need for clear communication on software updates.
Andy Scherzinger, Nextcloud's director of engineering, clarified that Nextcloud never stored user data without consent, highlighting their commitment to user privacy amidst the chaos.
The underlying issue stemmed from a communication flaw between the Nextcloud server and its lookup server, which resulted in a barrage of needless requests following an update.
Collection
[
|
...
]