> In what ways will the average homebox be more secure than the average cloud hosting?
No third parties will be automatically rummaging through your files and using it to stuff a dossier with details about you to sell or exploit for profit.
The webserver in your living room will only host your personal files, so it isn't a single target that can grant a hacker massive amounts of valuable data from hundreds of thousands of users at once if they can manage to get in. If a hacker takes the time to break into your server, they maybe get a handful of baby photos and MP3s, but before that they'd have to somehow know about and find your server specifically in the first place.
When your server gets hacked, you aren't going to pretend it isn't happening, or lie to yourself about what happened, and you won't have to spend days wondering what the impact to you was, and you won't bend over backwards to try to downplay that impact for the sake of your shareholders.
>The webserver in your living room will only host your personal files, so it isn't a single target that can grant a hacker massive amounts of valuable data from hundreds of thousands of users at once if they can manage to get in.
Just because it's not running under a single domain doesn't mean hundereds of thousands of users can't be affected by a single vulnerability. If everyone was using Nextcloud on Ubuntu and a vulnerability is found somewhere in that stack then attackers could easily scan the internet for unpatched installations. Happens all the time with corporate IT.
Also, people don't just store family photos and MP3s. They also store intimate photos, financial data, company data, health data, scans of passports and other official documents, utility bills, plenty that can be used as proof of identity and proof of address. If you had access to the contents of my hard drive you could easily impersonate me in almost every context.
> Just because it's not running under a single domain doesn't mean hundereds of thousands of users can't be affected by a single vulnerability.
That's fair, although it's much easier to find a heavily advertised corporate network and scan that than it is to scan the entire IPv4/6 space looking for a particular vulnerable server (which isn't to say that it doesn't happen). One advantage you have with a home server too is that hackers can't create legitimate accounts on your server to poke around and look for holes.
> They also store intimate photos, financial data, company data, health data, scans of passports and other official documents, utility bills,
People do have those things on hard drives, but I don't think most people would put that on their living room webserver. At least I don't think that was what was meant by "Imagine a future where all your photos, videos stay at your house on a box and others who have access can view them from anywhere." I assumed that "box" was a separate web/file server specifically designed and used for sharing your personal files and not the same device people would use to pay their bills and store their nudes. Keeping those two things separate would certainty be good practice!
>People do have those things on hard drives, but I don't think most people would put that on their living room webserver.
I was thinking of self hosted replacements for things like iCloud, Google Photos or OneDrive. People use cloud services to access, share and upload their files from all their devices wherever they may be.
No third parties will be automatically rummaging through your files and using it to stuff a dossier with details about you to sell or exploit for profit.
The webserver in your living room will only host your personal files, so it isn't a single target that can grant a hacker massive amounts of valuable data from hundreds of thousands of users at once if they can manage to get in. If a hacker takes the time to break into your server, they maybe get a handful of baby photos and MP3s, but before that they'd have to somehow know about and find your server specifically in the first place.
When your server gets hacked, you aren't going to pretend it isn't happening, or lie to yourself about what happened, and you won't have to spend days wondering what the impact to you was, and you won't bend over backwards to try to downplay that impact for the sake of your shareholders.