Slashdot Mirror
Ask Slashdot: Keeping Cloud Data Encrypted Without Cross-Platform Pain?
bromoseltzer writes: I use cloud storage to hold many gigs of personal files that I'd just as soon were not targets for casual data mining. (Google: I'm thinking of you.) I want to access them from Linux, Windows, and Android devices. I have been using encfs, which does the job for Linux fairly well (despite some well-known issues), but Windows and Android don't seem to have working clients. I really want to map a file system of encrypted files and encrypted names to a local unencrypted filesystem — the way encfs works. What solutions do Slashdot readers recommend? Ideal would be a competitive cloud storage service like Dropbox or Google Drive that provides trustworthy encryption with suitable clients. Is there anything like that?
I hope you find what you're looking for, but I would suggest that:
This isn't possible.
Unless you own the crypto bits, and you know for a fact that they don't have any way to access your keys, you should assume any provider can probably comply with court orders and hand over your data.
Some of them might be peaking even if they claim not to be.
The only way you can be guaranteed your stuff is secure is to encrypt it yourself, and cut the cloud out of the process entirely.
There pretty much is no such thing as "trustworthy encryption" you didn't do yourself.
Lost at C:>. Found at C.
with ownCloud or SeaFile, a Raspberry Pi 2, and whatever size USB you want.
ZIP -e
and feel safe finally.
Nuf said.
spideroak cloud storage encrypts and de-dupes client-side. clients for major platforms (android is read-only). has a warrant canary, transparency report, and all that stuff too.
veracrypt for containers - has "native" clients for windows and linux, and I use "EDS" on Android.
I use encfs for exactly this and there are clients for both android and windows. The windows is similar in concept to the *nix one (mapped mount/drive). The Android one behaves more like the Android dropbox client.
You might want to take a look at
https://www.boxcryptor.com/en/...
Microsft spel chekar vor sail, worgs grate !!!
Arq from Haystack software: https://www.arqbackup.com/
If you get rid of the mobile requirement, http://mega.co.nz/ might be the solution for you.
Specifically designed by Kim Dotcom's folks so that they CANNOT access your data (so they don't tell if you've got financial paperwork or pirated movies). Has a method for sync'ing a local unencrypted filesystem into their cloud architecture.
There's Wuala, which is essentially Dropbox with client-side encryption. It used to be free for personal use, but now plans start at 1 EUR per month. Also, the encrypted data is stored in Europe, which is nice. http://www.wuala.com
Shitpost!!!!!
SpiderOak is a cloud-based, zero-knowledge storage and backup system. It has clients for Windows, Mac, Linux, Andorid, and iOS. You can also access from the web, but you have to provide a password, which means it is no longer zero-knowledge. I signed up a few years ago when large fires burned through my city, and I needed a secure, automated, off-site backup. The fires are gone, but now I still use it on Windows and Linux. The GUI is a little clunky, but it works. I stay in the first pricing tier by loading my old family photos (>>50GB) instead onto Google Nearline, which is cheaper but less convenient.
For the windows front there's CryptSync.
It encrypts files with 7zip so you can still grab them from other platforms.
http://sourceforge.net/project...
BT Sync - Aka "Bittorrent Sync" aka "Sync" is pretty close. In that setup, your own computers act as the cloud. Android and Linux clients, etc. I primarily use it to keep photos backed up from my phone to home, but also keep folders and movies on my home computer which sync with my phone as well.
It's not a "cloud solution" in the normal sense - you can't keep files on the cloud and dynamically choose which ones to push around later, but it's CLOSE and may suit your needs.
I use Tarsnap. Cheap. Fast. Reliable. *Secure*. Client for almost all major platforms. Source included for the client. Check it out.
Look at Citrix Sharefile. Its an expensive option, but depending on the options you choose, you can use your own certificate so that everything stays encrypted and they have no access to your data.
I'm sorry, what?
“He’s not deformed, he’s just drunk!”
If you're comfortable rolling your own solution I've found owncloud (http://owncloud.org) to work quite well. Runs inside your webserver of choice and easily be configured to be TLS only for file transfer.
These guys do transparent encryption/decryption of DropBox and other cloud providers with web access as well as native clients for Windows, Mac, IOS and Android: https://www.encryptedcloud.com/
CrashPlan has a higher security option to use your own encryption keys that they never store. The downside is that if you forget your password or key then the data is lost for good on their end.
I think they have windows and linux clients.
Tresorit - client-side encryption. Trustworthy? Examine it by yourself.
Did you even try searching? Linux support may be hard to find, but OSX and Windows apps seems readily available. I'm sure most of these companies are working on Linux support too. There is no technical reason why this can't work seamlessly. The only disadvantage is using the native web interfaces to search for and view files.
http://www.cloudlock.com/ [looks like this runs from the cloud, so will work anywhere]
https://www.cloudfogger.com/en...
https://www.boxcryptor.com/en
http://www.syncdocs.com/downlo... [windows only]
If the cloud provider created an encryption that even they couldn't work with they wouldn't have clients. For starters, search wouldn't work. Secondly, the average Joe would expect the cloud solution to be like someone holding something for him in a safe. Should he lose the key for the safe, he would still expect a way to prove his identity and have the owner of the safe open it for him on his behalf.
So your best bet is to go with a solution whose privacy policy states that they won't datamine your data for commercial purposes.
I use syncthing (https://syncthing.net/). Since your data is never sent to a third-party server, it should be safe from prying eyes (NSA, I'm thinking of you). It does not, however, provide encryption in the file storage.
You will effectively be limited to 1/2 of USB 2.0 speed (or less) because the Pi's network connection is via the single USB connection which is shared by that USB drive
Hi-Speed USB is nominally 480 Mbps half duplex and practically reaches half of that. If the storage shares a bus with a NIC, it could still saturate 120 Mbps. Home Internet is typically 3 to 50 Mbps down, and if you don't have a symmetric service like Verizon/Frontier FiOS, you get far less than that up.
Some Android devices have kernel support for fuse out of the box, you just need root (towelroot, anyone?) and perhaps a linux chroot to run something like encfs. You could try an alternative kernel if your device doesn't include support for fuse. I have a shield portable with a gentoo chroot in front of me, and I was able to mount a squashfs via fuse the same way, without even replacing my kernel.
I offer no direct solution for Windows. Maybe you can access your encfs over the network from a Linux box?
Tahoe-:LAFS is cross platform (linux, windows, Mac, and rooted android) and can use commercial cloud providers like Amazon S3 for storage.
There pretty much is no such thing as "trustworthy encryption" you didn't do yourself.
And, let's face it, for all but maybe a few hundred out of the 7 billion people on the planet, even if you try to do it yourself it's probably going to fail under a true attack that is targeted at getting your information and there's a good chance your home-built system will just screw up your data altogether.
Saying the only trustworthy encryption scheme is the one you create only works if you're a cryptography and programming expert. Otherwise it's like hiding your life savings in safe you built entirely from scratch.
Is it just my observation, or are there way too many stupid people in the world?
see subject
Supports EncFS on Windows and works well with different Cloud FS providers.
Dropbox combined with Boxcryptor Classic (Android & Windows) and Cryptkeeper (basically encfs) on Linux. Works for me.
It looks like SecureSafe (http://www.securesafe.com) would fit your requirements.
I haven't used them myself yet. Does anybody here have experience with their service?
https://pcloud.com/ - they have end-user encryption, currently in the desktop versions, working on getting it in the web and mobile versions. The encryption sources are open and available at their github account ( https://github.com/pcloudcom ), and they recently got an audit of the whole software and encryption schema.
(disclaimer - i worked there and helped design it)
The only trustworthy solution is a cloud service that is noting more than a Network block device. You run any encryption on the client side, and any file-system you like on top of that.
This being a tech site, I suggest you do it yourself and get a virtual private server somewhere, then install OwnCloud. It's extremely easy, just get a VPS at one of the nice providers like DigitalOcean or Linode, install Debian and use dmcrypt or ecryptfs to encrypt the filesystem.
Then share your files over HTTPS. Done.
8 of 13 people found this answer helpful. Did you?
Not a complete filesystem-level solution. But I'm pretty happy with KeePass for sensitive stuff.
Using the KeePassX client on Linux, with the .kdb file on Google Drive. .kdb back to Google Drive after making any changes.
KeePass2Android on our phones. We have a secret key not stored on Google Drive, and a passphrase to unlock that. Haven't had any trouble with the automatic sync of the
If encfs works fairly well on Linux, what's stopping you from getting http://linuxonandroid.org/ working on Android and mounting your encfs file in a full Linux chroot environment? Then on Windows just run a Linux VM that exports a Samba share of the unencrypted files.
The other thing I've always done since forever is just use my phone / internet kiosk to VNC+SSH back to my home PC.
EncFS is nice for a single logged in user but I wonder about building enc read/write into applications so that if root logs in even they can not read the users encrypted data. I think programs need to start using libraries to encrypt to the user level. So that only the user that owns the key can read(was going to add write but root can write to a file system) the encrypted file. Multi-user systems are always creating problems.
I recently went through this same issue.
I tried lots of alternatives, but EncFS is still the best solution out there.
The best and most reliable windows port of EncFS is Safe.
http://www.getsafe.org/
It does have some limitations, but in general it's the best solution out there.
They strive to be binary compatible with Linux EncFS and have versions for Windows and Mac.
Plus it's free and open source. (GPLv3)
https://git-annex.branchable.com/
> git-annex allows managing files with git, without checking the file contents into git. While that may seem paradoxical, it is useful when dealing with files larger than git can currently easily handle, whether due to limitations in memory, time, or disk space.
https://git-annex.branchable.com/assistant/
> git-annex is designed for git users who love the command line. For everyone else, the git-annex assistant turns git-annex into an easy to use folder synchroniser.
https://git-annex.branchable.com/encryption/
> Encryption is needed when using special remotes like Amazon S3, where file content is sent to an untrusted party who does not have access to the git repository.
S3 (Amazon S3, and other compatible services)
Amazon Glacier
bup
ddar
gcrypt (encrypted git repositories!)
directory
rsync
webdav
tahoe
web
bittorrent
xmpp
hook
The above special remotes are built into git-annex, and can be used to tie git-annex into many cloud services.
There are specific instructions for using git-annex with various services:
Amazon S3
Amazon Glacier
Internet Archive via S3
Box.com
Google drive
Google Cloud Storage
Mega.co.nz
SkyDrive
OwnCloud
Flickr
IMAP
Usenet
chef-vault
hubiC
pCloud
ipfs
Isn't this more or less what Micrsoft's OneDrive for Business is? Not all of the features you've asked for are there yet, but they are on the roadmap. Microsoft does not mine your data and will be introducing a "Bring your own Key" encryption service shortly. There are clients for Windows (obviously), MAC, iOS, and Android. There is no offical Microsoft OneDrive client for Linux, but there is an opensource project called "onedrive-d", or you could use a browser for access.
Storage is also being expanded from 1TB to unlimited in the near future.
Keep all your files on a BlackBerry and use Blend on the other devices. I'm only half kidding.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Exactly what you are asking for will be announced next month. PrivacyBox will use strong end-to-end encryption and unlimited storage capacity. Keep checking https://www.privacybox.com for details.
Perhaps you can keep on using encfs, but have your Windows and Android clients connect to NFS or Samba shares, exported from the Linux box. (Or in the case of Windows, the Linux "box" could really be the local host, that the Windows VM connects to.)
Own Cloud, on a cloud VM with encrypted HD ?
'EDS', a file vault for Android, works with Windows containers ('VeraCrypt', 'TrueCrypt') and Linux containers ('LUKS').
'KeePass', a file vault for every platform, including J2ME, although it's designed to contain mostly textual data.
Get yourself a Raspberry Pi 2 and an SSD. Attach it to your home router and setup a dynamic DNS with somebody like no-ip.org. Use LUKS encryption on the SSD for physical security. Setup an sftp server with strong crypto options (e.g. https://stribika.github.io/2015/01/04/secure-secure-shell.html) Then configure rsync / unison with your clients. Problem solved.
For Windows and Android there's Syncdocs which does end-to-end encryption of Google Drive.
http://www.syncdocs.com/easily-enable-google-drive-encryption/
I allows you to select which folders to encrypt and uses generic AES256. You can also share encrypted files with a password.
I am surprised nobody mentioned Wuala. It encrypts the files on client side and transfer the encrypted files across. It has multi platform clients for windows, Linux, mac, android and iPhone as well as browser based access. There used to be a free tier for Wuala but not anymore. I think the cheapest plan is $10 per year. I have been using it for winodws for over a year and generally happy. Their servers are in Switzerland which can be a plus!
I use and suggest Seafile. All the parts are open source, folders can be client-side encrypted.
Its crypto isn't perfect (they use some odd AES settings, and the design leaks some metadata) and every now and then I manage to bug the sync system and have to remove/re-add a file to get it to sync properly, but it has good clients for Linux (gui or cli), Windows, Mac, Android, and iOS, as well as web access (You have to give your passphrase to the server for that, which is security-harming in theory, it is supposed to be flushed after N minutes). They have free AWS-backed instances with a small amount of storage to try, and it isn't bad to set up a server for on a VPS or the like, they also have a specialized RPi installer.
Mount the drive-storage solution 'normally', and use it as a local git repository.
If you use something like https://github.com/shadowhand/... you can encrypt all files that you store in git, hence on the cloud. There are likely similar solutions for svn, and cross platform solutions.
A bit like Spideroak but not US based.
Seems good. Linux, Windows, Mac, Android, iOS clients.
https://wuala.com
On android (free) and windows (semi-free) there is a encfs client called boxcryptor classic.
Hint: Create the encfs folder unter linux and mount it with boxcryptor. I faced some problems the other way round.
best regards
Here is a short manual I found on the net:
http://www.schnatterente.net/software/verschluesselter-cloudspeicher-encfs-meets-boxcryptor
If you want your data to be secured then the only way really is to run a server yourself.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
Mobile platforms are inherent insecure. Not only the OS is not designed to be secure (against what you're fearing), the manufacturers are not your friend (you already said "hello google"), but the apps are per default spyware as well. if you have installed a security framework, you will know, that 9/10 apps access data they do not need to function as very first action after being installed. Stuff like calendar, contacts, call log, android serial, active/installed apps ...
So on a mobile device almost everything is your enemy. you do not want to access sensible data there.