Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Keeping Cloud Data Encrypted Without Cross-Platform Pain?

Posted by timothy on from the thrice-distilled-optimism dept.

bromoseltzer writes: I use cloud storage to hold many gigs of personal files that I'd just as soon were not targets for casual data mining. (Google: I'm thinking of you.) I want to access them from Linux, Windows, and Android devices. I have been using encfs, which does the job for Linux fairly well (despite some well-known issues), but Windows and Android don't seem to have working clients. I really want to map a file system of encrypted files and encrypted names to a local unencrypted filesystem — the way encfs works. What solutions do Slashdot readers recommend? Ideal would be a competitive cloud storage service like Dropbox or Google Drive that provides trustworthy encryption with suitable clients. Is there anything like that?

10 of 107 comments (clear)

  1. Good luck ... by gstoddart · · Score: 4, Insightful

    I hope you find what you're looking for, but I would suggest that:

    Ideal would be a competitive cloud storage service like Dropbox or Google Drive that provides trustworthy encryption with suitable clients

    This isn't possible.

    Unless you own the crypto bits, and you know for a fact that they don't have any way to access your keys, you should assume any provider can probably comply with court orders and hand over your data.

    Some of them might be peaking even if they claim not to be.

    The only way you can be guaranteed your stuff is secure is to encrypt it yourself, and cut the cloud out of the process entirely.

    There pretty much is no such thing as "trustworthy encryption" you didn't do yourself.

    --
    Lost at C:>. Found at C.
    1. Re:Good luck ... by TWX · · Score: 2

      Yep. I imagine the only sort of thing that would work would be an encrypted archiving format, but there will not be a seamless method to open the contents. One will probably have to manually decrypt all files in order to have access to them.

      This is par for the course with cloud, aka, someone else's computer. If you want secure, you need to buy your own server, set it up with an encrypted file system, pay for colocation in a datacenter, and host everything yourself.

      --
      Do not look into laser with remaining eye.
    2. Re:Good luck ... by mcrbids · · Score: 2

      You make it sound *onerous* but it doesn't need to be. You can buy many home routers with a USB port. Plug in a thumb drive and enable webDAV shares!

      We've been using webDAV for many, many years to create a distributed, "cloud based" storage accessible anywhere with good security. (Authenticated webDAV over SSL is approximately as secure as the password)

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  2. Mega by Dredd13 · · Score: 2, Informative

    If you get rid of the mobile requirement, http://mega.co.nz/ might be the solution for you.

    Specifically designed by Kim Dotcom's folks so that they CANNOT access your data (so they don't tell if you've got financial paperwork or pirated movies). Has a method for sync'ing a local unencrypted filesystem into their cloud architecture.

  3. SpiderOak by ahziem · · Score: 2

    SpiderOak is a cloud-based, zero-knowledge storage and backup system. It has clients for Windows, Mac, Linux, Andorid, and iOS. You can also access from the web, but you have to provide a password, which means it is no longer zero-knowledge. I signed up a few years ago when large fires burned through my city, and I needed a secure, automated, off-site backup. The fires are gone, but now I still use it on Windows and Linux. The GUI is a little clunky, but it works. I stay in the first pricing tier by loading my old family photos (>>50GB) instead onto Google Nearline, which is cheaper but less convenient.

    1. Re:SpiderOak by jddj · · Score: 2

      +1 for SpiderOak, but please know that their Android client is not Zero-Knowledge. It means that mobile use is...not quite as clean as one would like.

  4. Tarsnap? by X86BSD · · Score: 3

    I use Tarsnap. Cheap. Fast. Reliable. *Secure*. Client for almost all major platforms. Source included for the client. Check it out.

  5. Half of USB 2 still saturates home Internet by tepples · · Score: 2

    You will effectively be limited to 1/2 of USB 2.0 speed (or less) because the Pi's network connection is via the single USB connection which is shared by that USB drive

    Hi-Speed USB is nominally 480 Mbps half duplex and practically reaches half of that. If the storage shares a bus with a NIC, it could still saturate 120 Mbps. Home Internet is typically 3 to 50 Mbps down, and if you don't have a symmetric service like Verizon/Frontier FiOS, you get far less than that up.

  6. Re:Not a chance by gstoddart · · Score: 2

    Saying the only trustworthy encryption scheme is the one you create only works if you're a cryptography and programming expert.

    I never said create it yourself.

    I said if you are looking for a "trusted encryption" being implemented by someone else on your behalf, there's a very high likelihood it's not secure from them. And if you want it to be secure form them, encrypt it yourself.

    So, use a solution which exists, and which has a good reputation. But the cloud provider should be left out of the process of encryption and used to only store the encrypted data, because in all likelihood either for ease of use, or compliance with law enforcement ... if they have access to the crypto keys, your trust level is pretty much reduced to pretty much zero, because if they have the keys they can decrypt it.

    The last thing people should be doing is rolling their own damned encryption solutions. The second last thing you shouldn't do is to use a service which is doing the encryption for you unless you know explicitly they have the ability to decrypt your stuff.

    So, back when DropBox first came out and said "it's encrypted, we promise" .. it wasn't encrypted from them, they could and did look into it, and they could and would open it for law enforcement.

    If you want it secure so only you can open it, you have to do it yourself, and understand that you have to take ownership for it if you screw up. Just don't assume that when a service says they'll encrypt your stuff that it means it's secure or private from that service.

    That's not possible.

    --
    Lost at C:>. Found at C.
  7. Keep Using EncFS by ZeroNullVoid · · Score: 3, Interesting

    I recently went through this same issue.

    I tried lots of alternatives, but EncFS is still the best solution out there.

    The best and most reliable windows port of EncFS is Safe.
    http://www.getsafe.org/

    It does have some limitations, but in general it's the best solution out there.

    They strive to be binary compatible with Linux EncFS and have versions for Windows and Mac.

    Plus it's free and open source. (GPLv3)