Best Free Encryption Utility for Cloud Storage

In a Hurry?
Go to details...  Go straight to the Quick Selection Guide
 
Introduction

Most cloud services, Dropbox for example, take "every precaution" to keep your data secure. For example, they use SSL encryption to make sure that your files are secure in transit. Once your files arrive though, some of them store them in uncrypted form on their servers. They use "internal policies and controls" to ensure that employees don't access your files. But there are outsiders who probably know how to gain access to your encrypted files.

That's where encryption programs like SpiderOak, Tresorit and Viivo come in. They provide client-side encryption to protect your files from access in transit and at rest. Or from the more usual threat of a rogue employee gaining access your files. Automatic client-side encryption assures that your files never leave your computer in an unencrypted state.

On-the-fly encryption is the the most convenient way to protect your files the cloud. Your programs have direct access to the unencrypted contents of your files, and the on-the-fly encryption process presents the encrypted files to the cloud. Once on-the-fly encryption is set up, the smooth, client-side conversion requires no direct action by the user. But because encryption adds complexity, it makes local backup even more important.

Special notes

Update 1: TrueCrypt is a seasoned product. It fully met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. It's complicated. On the other hand, TrueCrypt recently passed a preliminary independent audit, but the dereliction of TrueCrypt changes everything. [a trustworthy opinion] [another synopsis]

Update 2: Fred Langa recently reported* that VeraCrypt, TrueCrypt, and similar products interfere with File History, Custom Recovery Image creation and UEFI Secure Boot in Windows 8, and 10 as well. The portable configuration is no better.

Now I know why File History quit working in my Windows 8.1 PC last March. Restoring to an earlier restore point did not repair it either. I solved the problem by upgrading to Windows 10 Technical Preview. ;)

UEFI is a complex system that is easily disrupted. Elements of those encryption products were developed long before Microsoft introduced UEFI. It's not surprising that the low level drivers that these encryption programs rely on aren't compatible with UEFI.

* "Why VeraCrypt won’t work with Windows 8" by Fred Langa (behind a pay-wall). Scroll way down the page to that header.


2. It's too early to consider Cloudfogger and BoxCryptor seasoned, and they are not open-source software, so while I like all the other indicators I've seen, I'm not ready to declare them fully vetted. On the other hand, your encryption program and your cloud service must both be compromised at the same time to expose your files. Your may feel that the risk of joint compromise may be low enough for you to put your files in the cloud using one of these products.

3. Viivo and Wuala are not open source either, but they are seasoned products from sources whose business is encryption-centered.

 Cautionary Notes

  1. Recent revelations about NSA crippling, and/or hacking encryption software are sobering if you store or transfer sensitive data via the Internet. I do not think that it is prudent to trust any of the products listed here to protect information that you would not want agents of any government to have access to. Not unless you have means to independently valididate them.
  2. It still seems reasonable at this point to trust these products for protection from civilian attacks. Example: TrueCrypt might be the most secure alternative for cloud storage security, but the reality is "nobody knows" about TrueCrypt, or about any other encryption software/service for that matter.
  3. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge -- not just delete -- those clear-text files. :-(
  4. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
    1. "Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure." --Bruce Schneier, in Security Pitfalls in Cryptography
  5. It is possible to inadvertently upload unencrypted files to cloud services using some of the solutions described here. See the notes under BoxCryptor and Viivo in the discussion below.
  6. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.
 
Discussion

Tresorit is a significant entry in the "client plus cloud" encryption arena, with a free 5 GB plan. The Tresorit interface is gloriously simple, and they describe their approach to encryption quite well. It could be the most secure one on this list. They have an impressive analysis of why they doubt that Tresorit has been hacked. Being based in Switzerland doesn't hurt either. ;)

Tresorit support is comprehensive and well written, and they have added tutorials for all platforms (look at the bottom of the left column of the interface). You should be able to easily figure out how to get Tresorit going.

I've been using Tresorit for my most sensitive data since September, 2013, and it has performed flawlessly. There is a sizable development team at Tresorit, and they are actively introducing new apps and features. For example, they have recently implemented file versioning, and a clever secure URL method for sharing individual files securely.

Cloudifile is a new cloud encryption entry from an established organization. I have applied my criteria for encryption software, and while it is new I am comfortable including Cloudifile in this encryption category.

Cloudifile is offered by Cloud Labs, which is a product spin-off of Apriorit. Apriorit has extensive experience in security projects that relate to a product like Cloudifile.

Here's how it works: Cloudifile creates a new folder in Dropbox, and encrypts and moves the files you want to store in the cloud to that Dropbox folder. It also creates a virtual drive where you can access the files (when you are logged in). Your local files are always encrypted at rest on your computer as well as in the cloud, but available in cleartext when you are logged in to Cloudifile. There is also a right-click context menu item for Windows Explorer that allows you to "Cloudify" any other files you want to encrypt and add to Dropbox.

SpiderOak is not just an encryption program. It combines client-side encryption with 2 GB of free cloud storage (more storage is availale for a fee). In other words, you don't need a separate cloud-storage service. SpiderOak also provides sync between PCs and portable devices in addition to backup. In sum, SpiderOak provides encryption backup, sync and storage space. Backup and sync can be automatic.

Your files are unencrypted on all your synced devices, but are always encrypted for transmission and storage in the cloud.You can use SpiderOak for as many folders as you like. Of course you can use up the free 2 GB pretty quickly, but it is inexpensive to get more. It is challenging to discover all the functions of SpiderOak intuitively, but they have excellent "getting started" guides and a users manual.

The SpiderOak statement on privacy and passwords is a good example of what you should look for to evaluate the security of any encryption service for cloud storage. In particular, be very leary of any service that offers password recovery. If there is a mechanism for password recovery, it is likely your data on the server is also accessible to a determined hacker or agency.

I used SpiderOak for a time, and liked the way it worked. One thing to understand is that SpiderOak breaks files into blocks so that only the changed or added sections of files need to be stored. That way many versions of the file by just storing the incremental blocks. It offers fine-grain control of the backup/sync process, which helps you stay within the 2 GB of free storage. It's a bit tricky to use SpiderOak until you get used to how it processes backups and syncing.

Wuala is similar to SpiderOak, and also provides selective sharing by file or folder. They offer a more-generous 5 GB free storage. I had intended to use Wuala, but it requires Java, which exposes your PC to a seemingly perpetual string of serious vulnerabilities. I truncated my evaluation after learning that it worked well.

I liked the general capabilities of Wuala, and judging from some papers they have written it is likely that their encryption is sound. If you're willing to live with the hazards of Java, it is nice to work with.

Wuala uses AES- 256 for encryption, RSA 2048 for signatures and for key exchange when sharing folders, and SHA-256 for integrity checks, which is good in principle, but keep in mind that AES is an NSA "approved" algorithm. Their servers are in Switzerland, Germany, and France, which may offer you more privacy.

SafeMonk is similar in operation to Cloudfogger, but quite a bit simpler to use. It is a bit unsual in that it uses public/private encryption instead of shared key. That enables a very flexible sharing capability that works on a folder-by-folder basis. SafeMonk presents the same hazard that many cloud encryption products do. If you copy a file to the SafeMonk folder without SafeMonk running it will be unencrypted on your computer and in the cloud.

BoxCryptor and Viivo provide most of the same functions that Cloudfogger does. They are integrated with the file-system in a different way though. Both use an encrypted virtual-drive interface that is linked to an ordinary folder. They encrypt a single folder, and augment it with the virtual-folder overlay to give cleartext access. With this approach, you work directly with an unencrypted local files, which is faster, but not as secure against local attack.

Their two folder approach also leaves users open to fatal mistakes. All files to be encrypted must be placed in the unencrypted local folder. or they will not be encrypted in the cloud-facing folder. Any files placed directly in the encrypted folder will not be encrypted. That could be hard to remember, and there is no warning or other indication of mistakes.

 
Related Products and Information
 
Quick Selection Guide

Tresorit
5
 
Gizmo's Freeware award as the best product in its class!

Combines a web service with a stand-alone program
Possibly the most secure choice of products listed here. Clean, simple interface. Sync works quickly and well. Well written support documentation. Has worked very reliably for me. Based in Switzerland. :)
The number of synced devices is limited to 3 for the free version.
https://tresorit.com/
2.0
9.3 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.
Windows XP, 7, 8; Mac; Android; or iOS. Requires .NET 4.0 to run on Windows.
SpiderOak
4
 
Combines a web service with a stand-alone program
SpiderOak provides 2 GB of free cloud storage, along with client-side encryption. More storage is available for a fee. You can select as many local files or folders as you'd like - within the storage limit- for backup and sync. Your files are remain unencrypted on your synced devices, but are always encrypted before transmission and in the cloud.
SpiderOak keeps previous versions of files you back up - which is good - but those versions count against your 2 GB allocation. Although you can delete old file versions, 2 GB could get to be a little tight eventually. The user interface is logical, but it's a bit complex to discover it all if you want to use more than basic options.
https://spideroak.com/
4.8.4
20 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.
Windows XP, 7 & 8; Linux; Mac; iPad and iPhone: Android; and other smartphones in the works
Cloudifile
4
 
Combines a web service with a stand-alone program
Files are encrypted on your computer as well as in the cloud (Dropbox). Integrated nicely with Windows Explorer, so the interface is familiar. Sets everything up automatically during installation.
A recent entry, so little or no independent information about Cloudifile is available. Works only with Dropbox in the present version. Other cloud services will be available in future releases.
http://www.cloudifile.com/
1.0.1
16.7 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.
Windows (7, 8, 8.1). Will be available for iOS and Android devices in next versions.
BoxCryptor
2.5
 
Runs as a stand-alone program on a user's computer
On-the-fly encryption gives you transparent access and quick sync for encrypted files when signed in. Strong security. Simple operation. For Windows, Mac, iPhone, iPad, and Android. Some users will find the virtual drive with an assigned letter convenient (but see Cons).
The file system interface could lead to confusion, with files left unencrypted in the cloud (see discussion above). Requires Microsoft .NET. Only one encrypted folder is allowed in the free version, and it is limited to 2 GB.
https://www.boxcryptor.com/
1.3.2
7.1 MB
32 bit but 64 bit compatible
Free for private use only
A portable version of this product is available from the developer.
Windows, Mac, iPhone, iPad, and Android

Requires Microsoft .NET

Viivo
2.5
 
Runs as a stand-alone program on a user's computer
On-the-fly encryption gives you transparent access and quick sync for encrypted files when signed in. Strong security. Simple operation. For Windows, Mac, iPhone, iPad, and Android. Some users will find the virtual drive with an assigned letter convenient (but see Cons in the discussion).
The file system interface could lead to confusion, with files left unencrypted in the cloud (see discussion above). Supports Dropbox only at this time.
http://viivo.com/
http://viivo.com/
1.01.0042
20.4 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.
Windows 7 & 8, Mac OS X 10.7 and 10.8, iOS 6.0 and later, and Android 4.0 and later.
SafeMonk
2.5
 
Runs as a stand-alone program on a user's computer
Best Free Encryption Utility for Cloud Storage. Simple operation. Supports account recovery in case you lose your password or have other trouble. Files are encrypted when SafeMonk is not running. Secure sharing on a folder by folder basis is easy to set up.
Preview release. Works with Dropbox only. If you copy or save a file to the SafeMonk folder when SafeMonk is not running it will be unencrypted on your computer and in the cloud.
https://beta.safemonk.com/
0.3.1
12.7 MB
32 bit but 64 bit compatible
Free for private or educational use only
There is no portable version of this product available.
Windows 7 & 8, OSX 10.8, iOS 6.1 or later (iPhone app is available)
TrueCrypt
1
 
Runs as a stand-alone program on a user's computer
TrueCrypt is a proven product with strong security. It offers familiar use for many users. Works well with Dropbox.
TrueCrypt is long-in-the tooth and there are significant (unrepairable) problems with Windows 8 (and 10). TrueCrypt is possibly still secure, but its status is no longer clean. See the comments under "Special Notes: in the discussion above.
http://www.truecrypt.org/
7.1a
3.0 MB
32 and 64 bit versions available
Open source freeware
A portable version of this product is available from the developer.
Windows XP/Vista/2000/7/(damages 8); Mac OS X; Linux

 
Editor

This category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

 
Tags

encrypt cloud storage file folder

Back to the top of the article.

 

Share this
4.333335
Average: 4.3 (27 votes)
Your rating: None

Comments

by richardlatu on 8. December 2014 - 7:15  (120037)

Thank you for this wonderful article. It helps me a lot.

by philip on 8. December 2014 - 13:10  (120047)

I'm glad it was helpful Richard.

by richardlatu on 11. December 2014 - 8:43  (120079)

You are welcome Mr. Philip. I am looking forward to more nice article on this subject. Thank you for your effort.

Warm regards,
Richard

by snakyjake on 7. December 2014 - 21:54  (120028)

Most of the suggestions require some sort of dependency on someone else. I prefer CryptSync to avoid dependencies.

by Fairportfan on 7. December 2014 - 20:50  (120025)

I just attempted to download a file at Mega (one stored there for readers to download as an example in a how-to Android article).

It refused to function with three different browsers (Opera, Firefox and IE), saying that i needed to update to the latest versions.

I verified that my IE was up-to-date, updated Firefox and refused to "update" Opera (since i'm using the last version of what i consider to be the "real" Opera before they completely screwed up the UI and their bookmarks system).

Still, none of them worked - got the same message.

There was, however, a link (which i refused to even mouse over) offering to "update" your browser for you...

by richtea on 7. December 2014 - 14:16  (120023)

To Kahomono:
A very good link. TrueCrypt forever, as far as I am concerned.

by jiffy on 7. December 2014 - 13:36  (120021)

Spideroak is fine until you reach the 2Gb limit.

then it gets stuck. It seems impossible to remove anything once you have stored it there and yet it opens and tries to keep updating itself with yoru data changes causing it to just hang.

Upgrading to the paid version would be ok if there were sensible upgrades like 5 or 10gb but the lowest available is 100Gb priced accordingly.

by Kahomono on 7. December 2014 - 9:24  (120019)

TrueCrypt is still quite viable.

See https://www.grc.com/misc/truecrypt/truecrypt.htm

by philip on 7. December 2014 - 13:40  (120022)

Steve Gibson, who runs GRC, is one of the few people writing on the internet who truly understand both online security and security software. His opinion aout TrueCrypt agrees with my own. In fact, I rely on TrueCrypt myself. Thanks for the link Kahomono.

by abatonime on 12. November 2014 - 16:46  (119588)

Sharedsafe is not listed and sounds great. I just installed it a few minutes ago so I dont know on the long run but so far it seems good.
https://www.sharedsafe.com/

by aznemesis on 29. October 2014 - 1:05  (119376)

Since comments are still being added here, I will note that Wuala (which was my favorite of all the client-side encryption storage options because it integrates with the file system on Windows) is ending its free offering. Beginning at the end of the year, all users must either pay up or have their data deleted. That's why I'm searching for a new option. Tresorit looks okay, but it doesn't integrate with Windows Explorer the way Wuala does. Damn. I'm going to miss using that service.

by DocMelVis on 14. October 2014 - 18:29  (119175)

Hi Folks,

Wondering if anyone has given any thought to the local storage space requirements of these encryption utilities. From what I have seen most of them store both cleartext and encrypted copies of the same data locally. Putting aside compression for the moment, this essentially doubles the space requirement. So if I want cloud security, I need to double the size of my hard drive? Is that the best that's out there right now? Besides, this model does not exactly match the "on-the-fly" concept. I see it more as slowly crawl from cleartext to encrypted, and then more slow crawl from encrypted to cloud.

The compression helps save a bit of space but you still need almost double, and it comes at a pretty big price in performance. Using Viivo right now and I am seeing it does not give you a choice to turn compression off - seems pretty ridiculous. User should be able to choose if they wnat the files faster or smaller.

Would love to hear thoughts on this.

Thanks!

by philip on 15. October 2014 - 1:31  (119179)

Tresorit avoids the problem you mention. The only files on your hard drive are the plain-text ones. The cloud data is dynamically encrypted or decrypted during transfer, depending on the direction of data flow.

by DocMelVis on 17. October 2014 - 14:28  (119237)

Thanks Philip! Yes I looked at Tresorit but the storage costs about 10 times what dropbox costs right now for 1 TB. And they have a lot of limitations even for the paid pro and business versions (e.g. max 2 GB file size, etc.) Also does not support selective sync of subfolders within a Tresor. I guess the perfect solution doesn't exist :-(! I remember several years ago I used IDrive and Mozy and they both supported "zero-knowledge" encryption with private key known only to the user. But unfortunately these are more for backup than for sync and they both had their own limitations as well.

If anyone in this forum knows about a client-side cloud encryption utility that works with dropbox and other similar clods without doubling my local storage - would still love to hear about it.

Thanks!

by ChaToX on 2. September 2014 - 6:58  (118338)

I use Ubuntu Linux. What works for me is to use ENCFS to create an encrypted directory.

ENCFS works by creating two directories: an encrypted one (which is a real directory in your filesystem), and an unencrypted one (which is mounted by ENCFS). Then, I keep the encrypted directory inside a cloud storage server (Dropbox). It works great across computers as long as you use the same (secure) password, and optionally keyfiles, across machines.

The Gnome Encfs manager makes these partitions automatically mount upon login. It can also auto-dismount after a user-defined timeout.

ENCFS: http://www.arg0.net/encfs to create an encrypted partition
GNOME ENCFS: https://help.ubuntu.com/community/FolderEncryption

by theelostone on 24. February 2014 - 2:05  (114618)

I think Cloudfogger is dead. Their blog and twitter haven't seen a new post since 2012. Would love to see an updated version of this article re-reviewing the programs that are still active and listing any new contenders. I'm guessing much has changed. Boxcryptor now wants a yearly subscription from you to get the same functionality that used to be free, etc.

by philip on 24. February 2014 - 19:25  (114626)

Hi theelostone,

Yes, I appears that they are not in an active mode at Cloudfogger. Their blog, Twitter and Facebook entries all stopped, and their webpage still states "free for non-commercial use." I will be moving Cloudfogger off the main list.

I keep an eye on this encryption category, and recently moved Tresorit to the main list. I've been using it for nearly a year with great results.

I haven't looked closely at Mega yet (comment below), but I like the fact that they are located in New Zealand.

by George.J on 12. February 2014 - 4:43  (114418)

Take a look at Mega, a file hosting and cloud storage site with top notch security. The site uses an advanced AES encryption algorithm at client side. Even the site owners doesn't have access to the encryption keys, so they can't decrypt the content.

Also you get 50GB free storage space with 10GB bandwidth.

by philip on 25. February 2014 - 14:40  (114646)

Well, the joke's on me. I should have recognized Mega at the start. It is the colorful Kim Dotcom's old Megaupload rising from the ashes. This search at DuckDuckGo will give you a feel for my surprise when I began to vet Mega. I wanted to go beyond their rather (pun intended, but apropos) cryptic website. It will be interesting to keep an eye on it. Could turn out to be the world's best or something else.

by philip on 12. February 2014 - 14:52  (114425)

Thanks for the tip George. I'll take a look.

by PK_justin on 10. February 2014 - 16:37  (114386)

With more attention on "taking the keys back" with regard to security in the cloud, this article has a nice roundup of offerings. With Viivo specifically, there have been a few updates since it was first publishing, including new features, UX and support for Box, Drive & SkyDrive (or whatever it'll be called next). Others updated, too, I'm sure, as attention in this area of security is understandably booming.

by DutchPete on 19. September 2013 - 10:43  (110862)

Philip I don't see Bitcasa mentioned here. They offer 10 Gb free. I have been using their free service for a few months with mixed feelings. You can access you files in the cloud and download them if need be, but you cannot delete them when in their website. The deletion needs to be done locally by unmirroring the file or folder you want deleted. They used to offer email support to free accounts as well, but have recently stopped doing that and reserve it for paid accounts only. In any case Bitcasa should be considered I think.
With the recent upheaval from the Snowden revelations I am not sure anymore about the security of all these client-side encryption programs, and am considering doing my own encryption (TrueCrypt?)in combination with a cloud service.

by philip on 25. September 2013 - 16:49  (111000)

To wrap up what I've learned about Bitcasa: 1) They use what is known as Convergent Encryption, which may not be secure against determined snooping (see the Wikipedia article on the technology). 2) Their focus is on storing all your data in the cloud (so you never run out of space, and can access your files from anywhere), not highly secure storage. 3) In a video pitch that I watched, the key founder was brilliant, but he is young, and seemed overconfident. So it's not for me. ;)

by philip on 19. September 2013 - 12:23  (110866)

Thanks for your comment DutchPete. I'll take a look at Bitcasa. I don't know how to respond to the Snowden revelations yet. For me, it's not the surveillance that I'm concerned about so much as it is the corruption that they have imposed on encryption. It's not going to be long before cyber criminals learn how to break the compromised utilities, and there is no way to know which ones those are. Oh bother.

by DonsEars on 29. July 2013 - 20:59  (109738)

Love CryptSync. It is basically a watch folder front end for 7-Zip.

by autohost on 29. April 2013 - 20:54  (107384)

Try http://tools.tortoisesvn.net/CryptSync.html

From it's website:
" CryptSync is a small utility that synchronizes two folders while encrypting the contents in one folder. That means one of the two folders has all files unencrypted (the files you work with) and the other folder has all the files encrypted.

The synchronization works both ways: a change in one folder gets synchronized to the other folder. If a file is added or modified in the unencrypted folder, it gets encrypted. If a file is added or modified in the encrypted folder, it gets decrypted to the other folder. "

by philip on 30. April 2013 - 15:26  (107400)

Thanks for the tip autohost,

CryptSync is a clever little wrapper for 7-Zip. I presume that it uses DES-256 encryption which is native to 7-Zip. A little experimentation with CryptSync is a good way to see how tools like BoxCryptor and Viivo work. You can also open individual files in the encrypted folder directly with 7-Zip.

by DonsEars on 29. July 2013 - 21:04  (109739)

When I open a CryptSync file with 7-Zip it reports "Method: LZMA 7zAES".

by newbino on 14. March 2013 - 9:34  (106237)

Just found Viivo http://viivo.com/ new from PKWARE (of .zip fame). Looks interesting!

by philip on 14. March 2013 - 17:56  (106246)

Yes indeed, newbino. Thanks for the lead. The parent firm is in the secure cloud business for enterprises, so this could be a good one. Found nothing beyond that at their site to answer the questions that I use to vet encryption software. I'll be doing more research online soon.

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.