Tag: encrypted cloud storage

To truly secure your data in the cloud it is necessary to encrypt it before it leaves your computer and not to trust others to do this for you. You can encrypt files yourself with something like Truecrypt, DiskCryptor or 7Zip but it requires time and extra work.

This list contains cloud storage services that apply encryption before uploading it to their servers and give you full control of the decryption keys, making it impossible for the company to decrypt anything.

TeamDrive: Company based in Germany, data is encrypted in the computer with AES256-bit using your own encryption key that the company has no access to. You can decide whether to store your files in Amazon EC2 USA, Ireland or Hong Kong servers, account data is only held in German servers.

Mega: Based in New Zealand, all data is encrypted with AES128-bit before uploading it to the cloud, a RSA2048-bit key is used to share already encrypted files in between users, their FAQ is very complete explaining the security measures they use and what possible vulnerabilities exist against their business model.

Powerfolder: German company, it can be used to store and share files in the cloud, they have no servers in the USA and everything is encrypted client side with the AES algorithm. You can password protect folders before sharing them with others.

TresorIt: Hungarian company, they use AES256-bit to encrypt data before uploading it to the cloud. The company offered $US10.000 to whoever can break their security software. Data can accessed in your smarphone or desktop computer. There are free and paid for plans.

Unseen.is: A full communications suite with encrypted cloud storage on top of email and instant messenger. With headquarters and servers in Iceland, encryption is end to end, the company does not have the key and can not read any messages. Unseen.is is transparent about their technological encryption set up and privacy policy. Have into account that online storage is limited, the service has been designed to only back up your most important files, not a whole computer.

Notice: Even if the company is not based in the USA, they might be using American servers for storage unless specified.

Even with local encryption, it is not impossible for a government to subpoena a tech company and force them to introduce a backdoor in their software. A few of the US companies below allow you to download the security software source code to make it much harder for a government to tamper with it unnoticed.

Another way to strengthen your security is to use third party cloud encryption programs like Viivo or BoxCryptor, they come with an easy to use interface that makes cloud encryption effortless. These programs can be used in conjunction with cloud services own encryption and it will add a second encryption layer that will have to be broken.

If you use Linux, EncFS can create an encrypted version of your files inside a folder before syncing it online.

iDrive: Data is secured with AES256-bit encryption before moving it to the cloud. The encryption key is provided by you and not stored anywhere in iDrive servers, or you can opt for their system based encryption scheme where the company holds the key.

JungleDisk: Used to back up your computer files to Rackspace Cloud Files Service or Amazon S3. During installation you can create your own AES256-bit encryption key that nobody else will know with data being encrypted before leaving your computer.

Cubby: Client side encryption with AES256-bit, any content added inside the Cubby software is automatically encrypted before syncing it with the cloud, there is an option to sync data in between your computers and avoid the cloud altogether.

Elephant Drive: You are given a choice of using the company encryption keys or creating your own, if you create your own keys Elephant Drive will only store a hash value of them to compare it with the entered password when you ask for access. The company will not be able to access your data even if they are forced to at gunpoint.

SpiderOak: It can be used to share and back up files, data is encrypted in your computer with AES256-bit in CFB mode and HMAC-SHA256, the company has no knowledge of what data is stored in their servers or what your password is. SpiderOak software works in smartphones and Linux as well as Windows.

Bitcasa: They implement convergent encryption to remove duplicate files stored in their servers, a way to save space in cloud servers by not backing up duplicate files that exist in another user account. With this system the company does not have to decrypt or see the data which is kept ciphered with AES256-bit.

TarSnap: Targeted at the open source community, Tarsnap works in Linux, BSD, Solaris and other Unix based operating systems. Command line interface or shell scripts will encrypt and sign your data before uploading it, the software source code is available for download.

Make sure not to fall for Dropbox or Google Cloud Storage security marketing ploys. Those companies only encrypt data server side. They do not protect you against a subpoena forcing a company to hand over the encryption keys.

The only way to be safe from NSA accessing your data stored in the cloud, is if if the cloud company never had access to the encryption key. In that case, the NSA could only try a brute force attack against hashed passwords and it would not get them too far if you have assembled a very long encryption passphrase.