Get our latest top picks
Subscribe to our Top Picks RSS Feed or enter your email address below to get the feed delivered to you by email:
|
Follow Gizmo |
 |
 |
 |
Register/Login
Top Rated
Best Free Encryption Utility for Cloud Storage
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
Most cloud services, Dropbox for example, take "every precaution" to keep your data secure. For example, they use SSL encryption to make sure that your files are secure in transit. Once your files arrive though, some of them store them in uncrypted form on their servers. They use "internal policies and controls" to ensure that employees don't access your files. But there are outsiders who probably know how to gain access to your encrypted files. That's where encryption programs like SpiderOak, Tresorit and Viivo come in. They provide client-side encryption to protect your files from access in transit and at rest. Or from the more usual threat of a rogue employee gaining access your files. Automatic client-side encryption assures that your files never leave your computer in an unencrypted state. On-the-fly encryption is the the most convenient way to protect your files the cloud. Your programs have direct access to the unencrypted contents of your files, and the on-the-fly encryption process presents the encrypted files to the cloud. Once on-the-fly encryption is set up, the smooth, client-side conversion requires no direct action by the user. But because encryption adds complexity, it makes local backup even more important. Special notes Update 1: TrueCrypt is a seasoned product. It fully met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. It's complicated. On the other hand, TrueCrypt recently passed a preliminary independent audit, but the dereliction of TrueCrypt changes everything. [a trustworthy opinion] [another synopsis] Update 2: Fred Langa recently reported* that VeraCrypt, TrueCrypt, and similar products interfere with File History, Custom Recovery Image creation and UEFI Secure Boot in Windows 8, and 10 as well. The portable configuration is no better. Now I know why File History quit working in my Windows 8.1 PC last March. Restoring to an earlier restore point did not repair it either. I solved the problem by upgrading to Windows 10 Technical Preview. ;) UEFI is a complex system that is easily disrupted. Elements of those encryption products were developed long before Microsoft introduced UEFI. It's not surprising that the low level drivers that these encryption programs rely on aren't compatible with UEFI. * "Why VeraCrypt won’t work with Windows 8" by Fred Langa (behind a pay-wall). Scroll way down the page to that header. 2. It's too early to consider Cloudfogger and BoxCryptor seasoned, and they are not open-source software, so while I like all the other indicators I've seen, I'm not ready to declare them fully vetted. On the other hand, your encryption program and your cloud service must both be compromised at the same time to expose your files. Your may feel that the risk of joint compromise may be low enough for you to put your files in the cloud using one of these products. 3. Viivo and Wuala are not open source either, but they are seasoned products from sources whose business is encryption-centered. Cautionary Notes
|
|
Discussion
|
|
Tresorit is a significant entry in the "client plus cloud" encryption arena, with a free 5 GB plan. The Tresorit interface is gloriously simple, and they describe their approach to encryption quite well. It could be the most secure one on this list. They have an impressive analysis of why they doubt that Tresorit has been hacked. Being based in Switzerland doesn't hurt either. ;) Tresorit support is comprehensive and well written, and they have added tutorials for all platforms (look at the bottom of the left column of the interface). You should be able to easily figure out how to get Tresorit going. I've been using Tresorit for my most sensitive data since September, 2013, and it has performed flawlessly. There is a sizable development team at Tresorit, and they are actively introducing new apps and features. For example, they have recently implemented file versioning, and a clever secure URL method for sharing individual files securely. Cloudifile is a new cloud encryption entry from an established organization. I have applied my criteria for encryption software, and while it is new I am comfortable including Cloudifile in this encryption category. Cloudifile is offered by Cloud Labs, which is a product spin-off of Apriorit. Apriorit has extensive experience in security projects that relate to a product like Cloudifile. Here's how it works: Cloudifile creates a new folder in Dropbox, and encrypts and moves the files you want to store in the cloud to that Dropbox folder. It also creates a virtual drive where you can access the files (when you are logged in). Your local files are always encrypted at rest on your computer as well as in the cloud, but available in cleartext when you are logged in to Cloudifile. There is also a right-click context menu item for Windows Explorer that allows you to "Cloudify" any other files you want to encrypt and add to Dropbox. SpiderOak is not just an encryption program. It combines client-side encryption with 2 GB of free cloud storage (more storage is availale for a fee). In other words, you don't need a separate cloud-storage service. SpiderOak also provides sync between PCs and portable devices in addition to backup. In sum, SpiderOak provides encryption backup, sync and storage space. Backup and sync can be automatic. Your files are unencrypted on all your synced devices, but are always encrypted for transmission and storage in the cloud.You can use SpiderOak for as many folders as you like. Of course you can use up the free 2 GB pretty quickly, but it is inexpensive to get more. It is challenging to discover all the functions of SpiderOak intuitively, but they have excellent "getting started" guides and a users manual. The SpiderOak statement on privacy and passwords is a good example of what you should look for to evaluate the security of any encryption service for cloud storage. In particular, be very leary of any service that offers password recovery. If there is a mechanism for password recovery, it is likely your data on the server is also accessible to a determined hacker or agency. I used SpiderOak for a time, and liked the way it worked. One thing to understand is that SpiderOak breaks files into blocks so that only the changed or added sections of files need to be stored. That way many versions of the file by just storing the incremental blocks. It offers fine-grain control of the backup/sync process, which helps you stay within the 2 GB of free storage. It's a bit tricky to use SpiderOak until you get used to how it processes backups and syncing. Wuala is similar to SpiderOak, and also provides selective sharing by file or folder. They offer a more-generous 5 GB free storage. I had intended to use Wuala, but it requires Java, which exposes your PC to a seemingly perpetual string of serious vulnerabilities. I truncated my evaluation after learning that it worked well. I liked the general capabilities of Wuala, and judging from some papers they have written it is likely that their encryption is sound. If you're willing to live with the hazards of Java, it is nice to work with. Wuala uses AES- 256 for encryption, RSA 2048 for signatures and for key exchange when sharing folders, and SHA-256 for integrity checks, which is good in principle, but keep in mind that AES is an NSA "approved" algorithm. Their servers are in Switzerland, Germany, and France, which may offer you more privacy. SafeMonk is similar in operation to Cloudfogger, but quite a bit simpler to use. It is a bit unsual in that it uses public/private encryption instead of shared key. That enables a very flexible sharing capability that works on a folder-by-folder basis. SafeMonk presents the same hazard that many cloud encryption products do. If you copy a file to the SafeMonk folder without SafeMonk running it will be unencrypted on your computer and in the cloud. BoxCryptor and Viivo provide most of the same functions that Cloudfogger does. They are integrated with the file-system in a different way though. Both use an encrypted virtual-drive interface that is linked to an ordinary folder. They encrypt a single folder, and augment it with the virtual-folder overlay to give cleartext access. With this approach, you work directly with an unencrypted local files, which is faster, but not as secure against local attack. Their two folder approach also leaves users open to fatal mistakes. All files to be encrypted must be placed in the unencrypted local folder. or they will not be encrypted in the cloud-facing folder. Any files placed directly in the encrypted folder will not be encrypted. That could be hard to remember, and there is no warning or other indication of mistakes. |
|
Related Products and Information
|
|
Requires Microsoft .NET
|
Editor
|
|
This category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here. |
|
Tags
|
|
encrypt cloud storage file folder |
Back to the top of the article.
- Article type:
- Login or register to post comments
Printer-friendly version
Gizmo's Freeware is Recruiting!
Share your knowledge of free software with millions of Gizmo's readers by joining our editing team. Details here.
Share your knowledge of free software with millions of Gizmo's readers by joining our editing team. Details here.
Windows
Mac
Linux
Android
iPad
iPhone
Online Apps
Computer Tips
Security Guides
eBooks /Audiobooks
Comments
Who needs cloud storage if you have a NAS and BittorrentSync ?
You use BTSync to sync the encrypted folder with its content anywhere you go on any mobile or stationary device you use.
Thus far the only tools that can handle this requirement well are encfs (for linux/unix) and boxcryptor (for windows). Big problem I have with boxcryptor is that it's really slow and hogging my OS. Probably because it does all encryption and decryption on-the-fly in memory(?). It doesn't store the unencrypted files anywhere, it's just showing a virtual drive. That is to say, this works with Boxcryptor Classic. The new version is messy, puts your virtual folder one folder deep, I see no advantage in that 'feature' to be honest.
I used to use TrueCrypt, still unbeated in its footprint, don't know how they did that. The virtual drive-letter linked to a tc volume, and it was blazing fast (both directions), I used it with Firefox Portable and many other apps straight from encrypted volume. But it got larger and larger over time. I need one that can handle about 20 GB of space. This you just can't sync, such a volume doesn't even sync while in use (it's locked), so that was not workable for me.
By the way, Gostcrypt seems to be your best bet if you want the TrueCrypt options.
I'm really surprised by the fact that TrueCrypt is the only software capable of encrypting and decrypting with such low memory usage and practically no noticeable performance loss. NONE of the other packages allow me to have a virtual drive-letter open content that is always stored in encrypted state. The only ones that offer this are really slow and sluggish (that is encfs and boxcryptor), plus they have all kinds of security issues (filenames not encrypted, watermarking easy to find out what the key should be etc.)
If anyone has tips on this, let me know.
CryptSync does not work, it always leaves a stored unencrypted folder on my device when not in use, that's definitely NOT what I look for. I need something that leaves my btsynced storage folder always encrypted when my laptop gets stolen etc. except for when I access it as that virtual drive-letter using my passphrase.
Thank you for this wonderful article. It helps me a lot.
I'm glad it was helpful Richard.
You are welcome Mr. Philip. I am looking forward to more nice article on this subject. Thank you for your effort.
Warm regards,
Richard
Most of the suggestions require some sort of dependency on someone else. I prefer CryptSync to avoid dependencies.
I just attempted to download a file at Mega (one stored there for readers to download as an example in a how-to Android article).
It refused to function with three different browsers (Opera, Firefox and IE), saying that i needed to update to the latest versions.
I verified that my IE was up-to-date, updated Firefox and refused to "update" Opera (since i'm using the last version of what i consider to be the "real" Opera before they completely screwed up the UI and their bookmarks system).
Still, none of them worked - got the same message.
There was, however, a link (which i refused to even mouse over) offering to "update" your browser for you...
To Kahomono:
A very good link. TrueCrypt forever, as far as I am concerned.
Spideroak is fine until you reach the 2Gb limit.
then it gets stuck. It seems impossible to remove anything once you have stored it there and yet it opens and tries to keep updating itself with yoru data changes causing it to just hang.
Upgrading to the paid version would be ok if there were sensible upgrades like 5 or 10gb but the lowest available is 100Gb priced accordingly.
TrueCrypt is still quite viable.
See https://www.grc.com/misc/truecrypt/truecrypt.htm
Steve Gibson, who runs GRC, is one of the few people writing on the internet who truly understand both online security and security software. His opinion aout TrueCrypt agrees with my own. In fact, I rely on TrueCrypt myself. Thanks for the link Kahomono.
Sharedsafe is not listed and sounds great. I just installed it a few minutes ago so I dont know on the long run but so far it seems good.
https://www.sharedsafe.com/
Since comments are still being added here, I will note that Wuala (which was my favorite of all the client-side encryption storage options because it integrates with the file system on Windows) is ending its free offering. Beginning at the end of the year, all users must either pay up or have their data deleted. That's why I'm searching for a new option. Tresorit looks okay, but it doesn't integrate with Windows Explorer the way Wuala does. Damn. I'm going to miss using that service.
Hi Folks,
Wondering if anyone has given any thought to the local storage space requirements of these encryption utilities. From what I have seen most of them store both cleartext and encrypted copies of the same data locally. Putting aside compression for the moment, this essentially doubles the space requirement. So if I want cloud security, I need to double the size of my hard drive? Is that the best that's out there right now? Besides, this model does not exactly match the "on-the-fly" concept. I see it more as slowly crawl from cleartext to encrypted, and then more slow crawl from encrypted to cloud.
The compression helps save a bit of space but you still need almost double, and it comes at a pretty big price in performance. Using Viivo right now and I am seeing it does not give you a choice to turn compression off - seems pretty ridiculous. User should be able to choose if they wnat the files faster or smaller.
Would love to hear thoughts on this.
Thanks!
Tresorit avoids the problem you mention. The only files on your hard drive are the plain-text ones. The cloud data is dynamically encrypted or decrypted during transfer, depending on the direction of data flow.
Thanks Philip! Yes I looked at Tresorit but the storage costs about 10 times what dropbox costs right now for 1 TB. And they have a lot of limitations even for the paid pro and business versions (e.g. max 2 GB file size, etc.) Also does not support selective sync of subfolders within a Tresor. I guess the perfect solution doesn't exist :-(! I remember several years ago I used IDrive and Mozy and they both supported "zero-knowledge" encryption with private key known only to the user. But unfortunately these are more for backup than for sync and they both had their own limitations as well.
If anyone in this forum knows about a client-side cloud encryption utility that works with dropbox and other similar clods without doubling my local storage - would still love to hear about it.
Thanks!
I use Ubuntu Linux. What works for me is to use ENCFS to create an encrypted directory.
ENCFS works by creating two directories: an encrypted one (which is a real directory in your filesystem), and an unencrypted one (which is mounted by ENCFS). Then, I keep the encrypted directory inside a cloud storage server (Dropbox). It works great across computers as long as you use the same (secure) password, and optionally keyfiles, across machines.
The Gnome Encfs manager makes these partitions automatically mount upon login. It can also auto-dismount after a user-defined timeout.
ENCFS: http://www.arg0.net/encfs to create an encrypted partition
GNOME ENCFS: https://help.ubuntu.com/community/FolderEncryption
I think Cloudfogger is dead. Their blog and twitter haven't seen a new post since 2012. Would love to see an updated version of this article re-reviewing the programs that are still active and listing any new contenders. I'm guessing much has changed. Boxcryptor now wants a yearly subscription from you to get the same functionality that used to be free, etc.
Hi theelostone,
Yes, I appears that they are not in an active mode at Cloudfogger. Their blog, Twitter and Facebook entries all stopped, and their webpage still states "free for non-commercial use." I will be moving Cloudfogger off the main list.
I keep an eye on this encryption category, and recently moved Tresorit to the main list. I've been using it for nearly a year with great results.
I haven't looked closely at Mega yet (comment below), but I like the fact that they are located in New Zealand.
Take a look at Mega, a file hosting and cloud storage site with top notch security. The site uses an advanced AES encryption algorithm at client side. Even the site owners doesn't have access to the encryption keys, so they can't decrypt the content.
Also you get 50GB free storage space with 10GB bandwidth.
Well, the joke's on me. I should have recognized Mega at the start. It is the colorful Kim Dotcom's old Megaupload rising from the ashes. This search at DuckDuckGo will give you a feel for my surprise when I began to vet Mega. I wanted to go beyond their rather (pun intended, but apropos) cryptic website. It will be interesting to keep an eye on it. Could turn out to be the world's best or something else.
Thanks for the tip George. I'll take a look.
With more attention on "taking the keys back" with regard to security in the cloud, this article has a nice roundup of offerings. With Viivo specifically, there have been a few updates since it was first publishing, including new features, UX and support for Box, Drive & SkyDrive (or whatever it'll be called next). Others updated, too, I'm sure, as attention in this area of security is understandably booming.
Philip I don't see Bitcasa mentioned here. They offer 10 Gb free. I have been using their free service for a few months with mixed feelings. You can access you files in the cloud and download them if need be, but you cannot delete them when in their website. The deletion needs to be done locally by unmirroring the file or folder you want deleted. They used to offer email support to free accounts as well, but have recently stopped doing that and reserve it for paid accounts only. In any case Bitcasa should be considered I think.
With the recent upheaval from the Snowden revelations I am not sure anymore about the security of all these client-side encryption programs, and am considering doing my own encryption (TrueCrypt?)in combination with a cloud service.
To wrap up what I've learned about Bitcasa: 1) They use what is known as Convergent Encryption, which may not be secure against determined snooping (see the Wikipedia article on the technology). 2) Their focus is on storing all your data in the cloud (so you never run out of space, and can access your files from anywhere), not highly secure storage. 3) In a video pitch that I watched, the key founder was brilliant, but he is young, and seemed overconfident. So it's not for me. ;)
Thanks for your comment DutchPete. I'll take a look at Bitcasa. I don't know how to respond to the Snowden revelations yet. For me, it's not the surveillance that I'm concerned about so much as it is the corruption that they have imposed on encryption. It's not going to be long before cyber criminals learn how to break the compromised utilities, and there is no way to know which ones those are. Oh bother.
Love CryptSync. It is basically a watch folder front end for 7-Zip.
Try http://tools.tortoisesvn.net/CryptSync.html
From it's website:
" CryptSync is a small utility that synchronizes two folders while encrypting the contents in one folder. That means one of the two folders has all files unencrypted (the files you work with) and the other folder has all the files encrypted.
The synchronization works both ways: a change in one folder gets synchronized to the other folder. If a file is added or modified in the unencrypted folder, it gets encrypted. If a file is added or modified in the encrypted folder, it gets decrypted to the other folder. "
Thanks for the tip autohost,
CryptSync is a clever little wrapper for 7-Zip. I presume that it uses DES-256 encryption which is native to 7-Zip. A little experimentation with CryptSync is a good way to see how tools like BoxCryptor and Viivo work. You can also open individual files in the encrypted folder directly with 7-Zip.
When I open a CryptSync file with 7-Zip it reports "Method: LZMA 7zAES".
Just found Viivo http://viivo.com/ new from PKWARE (of .zip fame). Looks interesting!