-

2025-09-26 09:59:58

Hubzilla Support Forum

adminsforum@hubzilla.org

Comrade Ferret wrote the following post Fri, 26 Sep 2025 09:59:37 +0200

Are user uploaded files accessible by system admins? Is there a way in general to prevent abuse?

2025-09-26 10:02:04

citc

citc@zotum.net

@Hubzilla Support Forum
Wait for the usual answer: self-host! ;)

2025-09-26 10:57:52

Harald Eilertsen

harald@hub.volse.no

@Comrade Ferret Yes, anyone with access to the file system of the hub has access to the files. There's really no practical way to avoid this, other than the user uploading the file encrypting it before doing so.

2025-09-26 11:01:32

Comrade Ferret

ferret@hub.workersofthe.world

@Harald Eilertsen That's what I'm hoping for. I'm asking how I do this. :P

I can see via the 'attach' SQL table that they're all in /store but they aren't in a readable format.

2025-09-26 11:21:19

Der Pepe (Hubzilla) ⁂

pepecyb@hub.hubzilla.hu

@Comrade Ferret

I can see via the 'attach' SQL table that they're all in /store but they aren't in a readable format.

The files are stored there with a hash file name without a file type (which is now superfluous anyway). They are usually images. They can be displayed, but like any image file, they are of course unreadable as ‘text’ for humans.

If a user has stored a plain text file in their cloud, for example, you could also find the file there and read it normally with a text editor or a tool (cat).

2025-09-26 11:55:12

Harald Eilertsen

harald@hub.volse.no

@Comrade Ferret Are you asking how you can encrypt a file, or how you can make other people encrypt their files before uploading them?

In the first case there's several good encryption tools available. Age, Sequoia PGP, GnuPG, etc. Find out which tool works best for you, and encrypt away. Make sure you also have a good way of managing your private and public keys!

There's really no way you can enforce other users to perform such encryption. Hubzilla could in theory encrypt the files with a user specific key known to Hubzilla, but as an admin you also have access to this key, so you're still able to decrypt the files, but with a little more work.

In the end it's really hard to protect any data from a malicious admin, regardless of what system you use. There are ways, but key management is always the weak spot, and there's a significant risk that the user will loose access to their own uploads.

2025-09-26 18:58:57

Comrade Ferret

ferret@hub.workersofthe.world

@Harald Eilertsen Neither, I was asking how to monitor uploads for potential abuse, but I think I've got it figured.

2025-09-26 19:40:44

Der Pepe (Hubzilla) ⁂

pepecyb@hub.hubzilla.hu

@Comrade Ferret

I was asking how to monitor uploads for potential abuse

I hope you mention this in the terms of use for your hub and obtain the consent of users.

2025-09-26 23:33:41

Harald Eilertsen

harald@hub.volse.no

@Comrade Ferret Ok, then I misunderstood your question :) Anyways, good that you figured it out.

2025-09-26 22:20:08

citc

citc@zotum.net

@Harald Eilertsen

Hubzilla could in theory encrypt the files with a user specific key known to Hubzilla

Is this the 'encrypt text' option in the 'reply' dialogue text box for replies to posts?

If an image was encoded (base 64), then encrypted via hubziila 'encrypt text', possible?

As for the "illegal" classification of any images, UK online safety act would make the hubzilla administrator to be legal liability for _public_ distribution of illegal content (but seems to be possibly not liable if distribution is _private_ similar to e-mail)

2025-09-26 19:34:02

oj@isar.digitalesparadies.de

Yes, hubzilla runs smootly at home...

Image/photo