logo header light
Cloud

Secure Cloud - Comparison for Private Use

Cloud comparison for private use: Simply explained. The problem - Practical questions - What's best for me?

Updated December 9, 2025
Cloud Security Part 1

Cloud Security Part 1

Secure Cloud - Introduction and Context

Digital Principles such as Digital Sovereignty, Self-Determination, and Integrity are closely related to the use of open-source cloud offerings.

Open Source allows users and organizations to transparently view, adapt, and independently control the source code, thereby strengthening Digital Sovereignty.

Through this openness, Digital Self-Determination can be maintained, as users decide for themselves about their data and applications, without being dependent on proprietary providers.

At the same time, the controllable and transparent infrastructure promotes Digital Integrity by allowing for consistent verification and assurance of security and data protection.

Therefore, open-source cloud solutions such as Nextcloud, ownCloud, Seafile, oCIS and OpenCloud (external links) are essential for consistently implementing Digital Principles and creating a trustworthy, sustainable digital infrastructure.

What's the problem?

You want to securely store your photos, files, and contacts, etc. in the cloud. But which provider is right for you?

  • Google Drive, OneDrive, iCloud – easy to use; but, your data is with US companies
  • Alternatives like Nextcloud – your data stays under your control; but, you have to deal with it

The following is a guide to help you make the right choice:

The simple question: Who do I trust with my photos?

Google Drive, OneDrive, iCloud (the major providers)

What happens to my data?

  • All three companies store your files in large data centers
  • Google, Microsoft, and Apple can see the files (internally, for administrative purposes)
  • Google and Microsoft can also share your data with US authorities - that's US law (CLOUD Act)

Advantage:

  1. Easy to use
  2. Available everywhere (mobile, PC/laptop, web)
  3. Free or low-cost

Disadvantage:

  1. No complete control
  2. Provider could change the terms (and have done so)
  3. Data protection is not a priority

Sources: Google Privacy (external link), Microsoft Privacy (external link), Apple Privacy (external link)

Nextcloud (the alternative)

What happens to my data?

  • Your files are stored on your own server or with a European (ideally Swiss) hoster
  • No one, including the provider or host, can automatically look at your files
  • Optional: The files are encrypted with your own key, so even the provider or host can't see what's inside

Advantage:

  1. Your data belongs to you
  2. Full control
  3. Real encryption possible
  4. Open source = the code can be reviewed

Disadvantage:

  1. A trustworthy provider must be found
  2. Partially (also for protection reasons) less functional scope
  3. Easy readjustment of familiar (sometimes harmful) habits

Sources: Nextcloud Encryption (external link), Nextcloud Security (external link), others

The CLOUD Act Problem (simplified)

What is the CLOUD Act?

A US law that allows:

  1. The US government (FBI, NSA, etc.) demands that Google/Microsoft/Apple/Amazon: "Give us the data of person X"
  2. Google/Microsoft/Apple/Amazon must release the data — no matter where you have stored it (even if it is in the provider's data center in your country)
  3. You won't find out that this happened (confidentiality)

A concrete example

  • You live in Switzerland
  • You store photos on Microsoft Azure in Zurich
  • The FBI asks: "We need these photos for an investigation"
  • Microsoft releases the photos, even though they are stored in Switzerland
  • You won't learn anything about it

Is that likely to happen to me?

Yeah, no – The CLOUD Act is supposedly used mainly in serious cases (terrorism, serious crime, etc.). However, since there is no information about access by foreign authorities, there is no information about how often this happens or whether there is permanent access by US authorities (and authorities of allied states) to all data.

The solution

If you store your data with a European (preferably Swiss) provider without a US parent (e.g., Swiss providers with solutions based on Nextcloud):

  • The CLOUD Act cannot be applied
  • Only Swiss/EU authorities can force access with a court order
  • Depending on the integration, the provider can only release your data in encrypted form.

Sources: Wire CLOUD Act explained, 2025 (external link), DSB Canton of Zurich CLOUD Act, 2024 (external link, german), others

Encryption: What is secure?

The two important types

"Encryption on the go" (Data in Transit)

What happens: Your files "fly" from your phone to the server over the internet.

  • Google Drive, OneDrive, iCloud: TLS-Encryption (HTTPS) - Secure
  • Nextcloud: TLS-Encryption (HTTPS) - Secure
  • Both: Getting hacked on the go is practically impossible

"Encryption at Rest" (Data at Rest)

What happens: Your files are on the server.

1_Cloud-Encryption.png

Conclusion: Only with Nextcloud, end-to-end encryption ensures that your data is truly private – even the provider can't see it.
* E2E: End-to-End (End-to-End Encryption)
Sources: Nextcloud Encryption, 2025 (external link), YouTube Nextcloud Encryption, 2025 (external link), others

What functions are offered?

Google Drive / OneDrive / iCloud

✅ Works well for:

  • Upload photos & videos
  • Save Word/Excel/PDF/etc. files
  • Share with friends/family
  • Access mobile phones, laptops, and the web

Does not work well for:

  • Sync calendar and contacts (partially possible, but cumbersome)
  • Full encryption
  • Offline access to everything

Nextcloud

✅ Works well for:

  • Upload photos & videos
  • Save files
  • Share with friends (protect with password)
  • Sync calendar and contacts (conveniently!)
  • Edit office documents (with browser)
  • Access mobile phones, laptops, and the web
  • Offline-Sync (copy on your PC)

❌ Does not work well for:

  • Ultra-simple operation for beginners

Conclusion: For private users who want to store files, photos, calendars, and contacts, Nextcloud is often better – if you are willing to spend 1-2 hours learning.

Sources: Nextcloud Features, 2025 (external link), VPSBG Nextcloud Review, 2025 (external link), others

Where are the data? The legal jurisdiction problem

In short,

1_Cloud-LegalArea.png

What does that mean to you?

If you are in Switzerland:

  • Google Drive, OneDrive, iCloud → CLOUD Act risk
  • Nextcloud with Swiss providers (e.g. Lenotra, Infomaniak) → No CLOUD Act risk

If you are in Germany:

  • Google Drive, OneDrive, iCloud → CLOUD Act risk, despite EU GDPR
  • Nextcloud with German provider → No CLOUD Act risk

If you are in the EU:

  • Just like Germany

If you are in the USA:

  • The CLOUD Act plays less of a role (you are already under US jurisdiction)
  • Google Drive / OneDrive / iCloud and others are affected

Sources: Opsone revDSG vs. GDPR, 2024 (external link, german), KMU.admin.ch revDSG, 2024 (external link), others

Which provider is right for me?

Test: Answer these questions

Question 1: What am I saving?

  • Only non-private photos & files without sensitive content → Google/Apple/Microsoft if necessary
  • Intimate photos, diary, sensitive business data → Nextcloud is better

Question 2: How tech-savvy am I?

  • Beginner – I just want to click → Google/Apple/Microsoft if I have to
  • Normal user – my data is mine → Nextcloud
  • Nerd – I set everything up myself → Nextcloud (Self-Hosting)

Question 3: How important is data sovereignty to me?

  • No matter what – as long as it works / I'd rather be monitored → Google/Apple/Microsoft
  • Important – I want to know who has my data → Nextcloud
  • Critical – I want 100% control → Nextcloud Self-Hosting

Question 4: How important is price* to me?

  • Free or very cheap → Google Drive (15 GB free)
  • Up to CHF 10/month → OneDrive or iCloud
  • Up to CHF 7/month → Nextcloud with a secure provider
  • Nextcloud for free (power costs for your server) → Self-operated

* = Offer price, the price for giving up Digital Sovereignty cannot be quantified

Question 5: Where do I live?

  • In the US, the CLOUD Act is a native reality; choose based on convenience, surveillance is inevitable either way
  • In the EU / Switzerland, normal files → Google/Apple/Microsoft OK (accept the risk), better Nextcloud with a secure provider
  • In the EU/Switzerland, sensitive data → Choose Nextcloud with a provider in Switzerland

Frequently Asked Questions?

Am I making a mistake by using Google Drive?

Yes, giving up Digital Sovereignty is never a good idea.

Is Nextcloud complicated?

No, there are trustworthy providers (especially in Switzerland) that make the transition very easy. If you choose self-hosting, you'll need technical experience for setup and operation.

Can I switch from Google Drive to Nextcloud?

Yes, simply:

1. Download files from Google Drive

2. Upload to Nextcloud

3. Done

For synchronization with a PC/laptop (Windows, MacOS, Linux), mobile phone (Android, iOS), or tablet (Android, iOS), Nextcloud's synchronization clients are available for free download. Alternatively, you can also purchase a fully set-up integrated solution (mobile & cloud).

Have fun switching to secure solutions and expanding your Digital Self-Determination.

Further resources

Blog post

Digital Principles

The Digital Principles: Digital Sovereignty - Digital Self-Determination - Digital Integrity. Discover the ways to protect yourself.

Learn more →
Blog post

Google-free phone: Android without Google services

How to increase the security of an Android phone using tracker blog, no-log VPN, sandboxing, and exploit protection.

Learn more →
Blog post

Android Phone Security

Increasing the security of your Android phone makes sense, is not complicated, and often only takes a few minutes - tips & tricks

Learn more →