Best Free Encryption Utility for Cloud Storage


In a Hurry?
Go to details...  Go straight to the Quick Selection Guide

Most cloud services, Dropbox for example, take "every precaution" to keep your data secure. For example, they use SSL encryption to make sure that your files are secure in transit. Once your files arrive though, some of them store them in uncrypted form on their servers. They use "internal policies and controls" to ensure that employees don't access your files. But there are outsiders who probably know how to gain access to your encrypted files.

That's where encryption programs like SpiderOak, Tresorit and Viivo come in. They provide client-side encryption to protect your files from access in transit and at rest. Or from the more usual threat of a rogue employee gaining access your files. Automatic client-side encryption assures that your files never leave your computer in an unencrypted state.

On-the-fly encryption is the the most convenient way to protect your files the cloud. Your programs have direct access to the unencrypted contents of your files, and the on-the-fly encryption process presents the encrypted files to the cloud. Once on-the-fly encryption is set up, the smooth, client-side conversion requires no direct action by the user. But because encryption adds complexity, it makes local backup even more important.

Special notes

TrueCrypt is the seasoned but abandonded predecessor to VeraCrypt. It once fully met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. (It's complicated...) TrueCrypt did pass a preliminary independent audit in 2015, but the dereliction of TrueCrypt now changes everything. For example, recent (September, 2015) vulnerabilities (which will never be patched) have been discovered in TrueCrypt.


Fred Langa reported* that VeraCrypt, TrueCrypt, and similar products interfere with File History, Custom Recovery Image creation and UEFI Secure Boot in Windows 8. The portable configurations are no better, because they install the same low-level drivers, which cause the problem) as the installed version. It's not clear if Windows 10 is also effected. It may depend on the devices specific hardware configuration.

UEFI is a complex system that is easily disrupted. Elements of those encryption products were developed long before Microsoft introduced UEFI. It's not surprising that the low level drivers that these encryption programs rely on aren't compatible with UEFI.

* "Why VeraCrypt won’t work with Windows 8" and "VeraCrypt: A superior alternative to TrueCrypt?" by Fred Langa. Scroll half way down those pages to find the titles shown here.

On the other hand: I have installed both TrueCrypt and VeraCrypt on the one Windows 10 PC with UEFI boot that I have available, and Windows File History works correctly on it. I have also been able to create a Custom System Image for Windows 10.

2. It's too early to consider Cloudfogger and BoxCryptor seasoned, and they are not open-source software, so while I like all the other indicators I've seen, I'm not ready to declare them fully vetted. On the other hand, your encryption program and your cloud service must both be compromised at the same time to expose your files. Your may feel that the risk of joint compromise may be low enough for you to put your files in the cloud using one of these products.

3. Viivo is not open source either, but its a seasoned product from a business whose business is encryption-centered.

 Cautionary Notes

  1. Recent revelations about NSA crippling, and/or hacking encryption software are sobering if you store or transfer sensitive data via the Internet. I do not think that it is prudent to trust any of the products listed here to protect information that you would not want agents of any government to have access to. Not unless you have means to independently valididate them.
  2. It still seems reasonable at this point to trust these products for protection from civilian attacks. Example: TrueCrypt might be the most secure alternative for cloud storage security, but the reality is "nobody knows" about TrueCrypt, or about any other encryption software/service for that matter.
  3. Operating systems are messy: Echos of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use to access the data. It is a trivial task to extract those echos.
    For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it remain on your hard drive. Unless you purge -- not just delete -- those clear-text files. :-(
  4. The fact that an encryption program "works" does not mean that it is secure. New encryption utilities often appear after someone reads up on applied cryptography, selects or devises an algorithm - maybe even a reliable open source one - implements a user interface, tests the program to make sure it works, and thinks he's done. He's not. Such a program is almost certain to harbor fatal flaws.
    1. "Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure." --Bruce Schneier, in Security Pitfalls in Cryptography
  5. It is possible to inadvertently upload unencrypted files to cloud services using some of the solutions described here. See the notes under BoxCryptor and Viivo in the discussion below.
  6. Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need to do beyond encryption to be sure your private data is not lost or exposed.

Special note: Wuala has announced they're shutting down. They are recommending that users switch to Tresorit, as they think Tresorit can take good care of their data. Tresorit has a tool to get your data out of Wuala and into Tresorit.

Tresorit is a significant entry in the "client plus cloud" encryption arena, with a free 3 GB plan (expandable by completing a few tutorial "tasks", etc). The Tresorit interface is gloriously simple, and they describe their approach to encryption quite well. It could be the most secure one on this list. They have an impressive analysis of why they doubt that Tresorit has been hacked. Being based in Switzerland doesn't hurt either. ;)

Tresorit support is comprehensive and well written, and they have added tutorials for all platforms (look at the bottom of the left column of the interface). You should be able to easily figure out how to get Tresorit going.

I've been using Tresorit for my most sensitive data since September, 2013, and it has performed flawlessly. There is a sizable development team at Tresorit, and they are actively introducing new apps and features. For example, they have recently implemented file versioning, and a clever secure URL method for sharing individual files securely.

Cloudifile is a new cloud encryption entry from an established organization. I have applied my criteria for encryption software, and while it is new I am comfortable including Cloudifile in this encryption category.

Cloudifile is offered by Cloud Labs, which is a product spin-off of Apriorit. Apriorit has extensive experience in security projects that relate to a product like Cloudifile.

Here's how it works: Cloudifile creates a new folder in Dropbox, and encrypts and moves the files you want to store in the cloud to that Dropbox folder. It also creates a virtual drive where you can access the files (when you are logged in). Your local files are always encrypted at rest on your computer as well as in the cloud, but available in cleartext when you are logged in to Cloudifile. There is also a right-click context menu item for Windows Explorer that allows you to "Cloudify" any other files you want to encrypt and add to Dropbox.

SpiderOak is not just an encryption program. It combines client-side encryption with 2 GB of free cloud storage (more storage is availale for a fee). In other words, you don't need a separate cloud-storage service. SpiderOak also provides sync between PCs and portable devices in addition to backup. In sum, SpiderOak provides encryption backup, sync and storage space. Backup and sync can be automatic.

Your files are unencrypted on all your synced devices, but are always encrypted for transmission and storage in the cloud.You can use SpiderOak for as many folders as you like. Of course you can use up the free 2 GB pretty quickly, but it is inexpensive to get more. It is challenging to discover all the functions of SpiderOak intuitively, but they have excellent "getting started" guides and a users manual.

The SpiderOak statement on privacy and passwords is a good example of what you should look for to evaluate the security of any encryption service for cloud storage. In particular, be very leary of any service that offers password recovery. If there is a mechanism for password recovery, it is likely your data on the server is also accessible to a determined hacker or agency.

I used SpiderOak for a time, and liked the way it worked. One thing to understand is that SpiderOak breaks files into blocks so that only the changed or added sections of files need to be stored. That way many versions of the file by just storing the incremental blocks. It offers fine-grain control of the backup/sync process, which helps you stay within the 2 GB of free storage. It's a bit tricky to use SpiderOak until you get used to how it processes backups and syncing.SafeMonk is similar in operation to Cloudfogger, but quite a bit simpler to use. It is a bit unsual in that it uses public/private encryption instead of shared key. That enables a very flexible sharing capability that works on a folder-by-folder basis. SafeMonk presents the same hazard that many cloud encryption products do. If you copy a file to the SafeMonk folder without SafeMonk running it will be unencrypted on your computer and in the cloud.

BoxCryptor and Viivo provide most of the same functions that Cloudfogger does. They are integrated with the file-system in a different way though. Both use an encrypted virtual-drive interface that is linked to an ordinary folder. They encrypt a single folder, and augment it with the virtual-folder overlay to give cleartext access. With this approach, you work directly with an unencrypted local files, which is faster, but not as secure against local attack.

Their two folder approach also leaves users open to fatal mistakes. All files to be encrypted must be placed in the unencrypted local folder. or they will not be encrypted in the cloud-facing folder. Any files placed directly in the encrypted folder will not be encrypted. That could be hard to remember, and there is no warning or other indication of mistakes.

Related Products and Information
Quick Selection Guide


Gizmo's Freeware award as the best product in its class!

Combines a web service with a stand-alone program
Possibly the most secure choice of products listed here. Clean, simple interface. Sync works quickly and well. Well written support documentation. Has worked very reliably for me. Based in Switzerland. :)
The number of synced devices is limited to 3 for the free version.
9.3 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.


Combines a web service with a stand-alone program
SpiderOak provides 2 GB of free cloud storage, along with client-side encryption. More storage is available for a fee. You can select as many local files or folders as you'd like - within the storage limit- for backup and sync. Your files are remain unencrypted on your synced devices, but are always encrypted before transmission and in the cloud.
SpiderOak keeps previous versions of files you back up - which is good - but those versions count against your 2 GB allocation. Although you can delete old file versions, 2 GB could get to be a little tight eventually. The user interface is logical, but it's a bit complex to discover it all if you want to use more than basic options.
20 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.


Combines a web service with a stand-alone program
Files are encrypted on your computer as well as in the cloud (Dropbox). Integrated nicely with Windows Explorer, so the interface is familiar. Sets everything up automatically during installation.
A recent entry, so little or no independent information about Cloudifile is available. Works only with Dropbox in the present version. Other cloud services will be available in future releases.
16.7 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.


Runs as a stand-alone program on a user's computer
On-the-fly encryption gives you transparent access and quick sync for encrypted files when signed in. Strong security. Simple operation. For Windows, Mac, iPhone, iPad, and Android. Some users will find the virtual drive with an assigned letter convenient (but see Cons).
The file system interface could lead to confusion, with files left unencrypted in the cloud (see discussion above). Requires Microsoft .NET. Only one encrypted folder is allowed in the free version, and it is limited to 2 GB.
7.1 MB
32 bit but 64 bit compatible
Free for private use only
A portable version of this product is available from the developer.
Requires Microsoft .NET


Runs as a stand-alone program on a user's computer
On-the-fly encryption gives you transparent access and quick sync for encrypted files when signed in. Strong security. Simple operation. For Windows, Mac, iPhone, iPad, and Android. Some users will find the virtual drive with an assigned letter convenient (but see Cons in the discussion).
The file system interface could lead to confusion, with files left unencrypted in the cloud (see discussion above). Supports Dropbox only at this time.
20.4 MB
32 bit but 64 bit compatible
Unrestricted freeware
There is no portable version of this product available.


Runs as a stand-alone program on a user's computer
Best Free Encryption Utility for Cloud Storage. Simple operation. Supports account recovery in case you lose your password or have other trouble. Files are encrypted when SafeMonk is not running. Secure sharing on a folder by folder basis is easy to set up.
Preview release. Works with Dropbox only. If you copy or save a file to the SafeMonk folder when SafeMonk is not running it will be unencrypted on your computer and in the cloud.
12.7 MB
32 bit but 64 bit compatible
Free for private or educational use only
There is no portable version of this product available.

This category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.


encrypt cloud storage file folder

Back to the top of the article.


Please rate this article: 

Your rating: None
Average: 4.4 (34 votes)


Just checked out Tresorit, and their free storage is down to 3GB, not 5GB anymore.

Thanks FlyingHawk. Duly noted. Some free ways to increase storage to 5GB after you install Tresorit are still available though.

Wuala has announced they're shutting down. They are recommending that users switch to Tresorit, as they think Tresorit can take good care of their data. Tresorit has a tool to get your data out of Wuala and into Tresorit.

Based on several review sites, we chose Vivo for encryption of corporate files on Dropbox (about 200,000 files with 20 users).

There is no user guide for Vivo and there are 2 versions of the product. Responses by email from the company were minimal.

After two months of frustration and wasted labor hours, we gave up. The software may indeed be as good as the reviews indicate. Add in the costs of implementation since there is no user manual.

Who needs cloud storage if you have a NAS and BittorrentSync ?
You use BTSync to sync the encrypted folder with its content anywhere you go on any mobile or stationary device you use.

Thus far the only tools that can handle this requirement well are encfs (for linux/unix) and boxcryptor (for windows). Big problem I have with boxcryptor is that it's really slow and hogging my OS. Probably because it does all encryption and decryption on-the-fly in memory(?). It doesn't store the unencrypted files anywhere, it's just showing a virtual drive. That is to say, this works with Boxcryptor Classic. The new version is messy, puts your virtual folder one folder deep, I see no advantage in that 'feature' to be honest.

I used to use TrueCrypt, still unbeated in its footprint, don't know how they did that. The virtual drive-letter linked to a tc volume, and it was blazing fast (both directions), I used it with Firefox Portable and many other apps straight from encrypted volume. But it got larger and larger over time. I need one that can handle about 20 GB of space. This you just can't sync, such a volume doesn't even sync while in use (it's locked), so that was not workable for me.
By the way, Gostcrypt seems to be your best bet if you want the TrueCrypt options.

I'm really surprised by the fact that TrueCrypt is the only software capable of encrypting and decrypting with such low memory usage and practically no noticeable performance loss. NONE of the other packages allow me to have a virtual drive-letter open content that is always stored in encrypted state. The only ones that offer this are really slow and sluggish (that is encfs and boxcryptor), plus they have all kinds of security issues (filenames not encrypted, watermarking easy to find out what the key should be etc.)

If anyone has tips on this, let me know.
CryptSync does not work, it always leaves a stored unencrypted folder on my device when not in use, that's definitely NOT what I look for. I need something that leaves my btsynced storage folder always encrypted when my laptop gets stolen etc. except for when I access it as that virtual drive-letter using my passphrase.

Most people don't have a NAS.
CrypSync is the one I'm using. If you worry about local copies, just use TrueCrypt (now VeraCrypt may be more suitable) to encrypt your local hard drive/system.

Thank you for this wonderful article. It helps me a lot.

I'm glad it was helpful Richard.

You are welcome Mr. Philip. I am looking forward to more nice article on this subject. Thank you for your effort.

Warm regards,

Most of the suggestions require some sort of dependency on someone else. I prefer CryptSync to avoid dependencies.

I just attempted to download a file at Mega (one stored there for readers to download as an example in a how-to Android article).

It refused to function with three different browsers (Opera, Firefox and IE), saying that i needed to update to the latest versions.

I verified that my IE was up-to-date, updated Firefox and refused to "update" Opera (since i'm using the last version of what i consider to be the "real" Opera before they completely screwed up the UI and their bookmarks system).

Still, none of them worked - got the same message.

There was, however, a link (which i refused to even mouse over) offering to "update" your browser for you...

To Kahomono:
A very good link. TrueCrypt forever, as far as I am concerned.

Spideroak is fine until you reach the 2Gb limit.

then it gets stuck. It seems impossible to remove anything once you have stored it there and yet it opens and tries to keep updating itself with yoru data changes causing it to just hang.

Upgrading to the paid version would be ok if there were sensible upgrades like 5 or 10gb but the lowest available is 100Gb priced accordingly.

Steve Gibson, who runs GRC, is one of the few people writing on the internet who truly understand both online security and security software. His opinion aout TrueCrypt agrees with my own. In fact, I rely on TrueCrypt myself. Thanks for the link Kahomono.

Sharedsafe is not listed and sounds great. I just installed it a few minutes ago so I dont know on the long run but so far it seems good.

Since comments are still being added here, I will note that Wuala (which was my favorite of all the client-side encryption storage options because it integrates with the file system on Windows) is ending its free offering. Beginning at the end of the year, all users must either pay up or have their data deleted. That's why I'm searching for a new option. Tresorit looks okay, but it doesn't integrate with Windows Explorer the way Wuala does. Damn. I'm going to miss using that service.

Hi Folks,

Wondering if anyone has given any thought to the local storage space requirements of these encryption utilities. From what I have seen most of them store both cleartext and encrypted copies of the same data locally. Putting aside compression for the moment, this essentially doubles the space requirement. So if I want cloud security, I need to double the size of my hard drive? Is that the best that's out there right now? Besides, this model does not exactly match the "on-the-fly" concept. I see it more as slowly crawl from cleartext to encrypted, and then more slow crawl from encrypted to cloud.

The compression helps save a bit of space but you still need almost double, and it comes at a pretty big price in performance. Using Viivo right now and I am seeing it does not give you a choice to turn compression off - seems pretty ridiculous. User should be able to choose if they wnat the files faster or smaller.

Would love to hear thoughts on this.


Tresorit avoids the problem you mention. The only files on your hard drive are the plain-text ones. The cloud data is dynamically encrypted or decrypted during transfer, depending on the direction of data flow.

Thanks Philip! Yes I looked at Tresorit but the storage costs about 10 times what dropbox costs right now for 1 TB. And they have a lot of limitations even for the paid pro and business versions (e.g. max 2 GB file size, etc.) Also does not support selective sync of subfolders within a Tresor. I guess the perfect solution doesn't exist :-(! I remember several years ago I used IDrive and Mozy and they both supported "zero-knowledge" encryption with private key known only to the user. But unfortunately these are more for backup than for sync and they both had their own limitations as well.

If anyone in this forum knows about a client-side cloud encryption utility that works with dropbox and other similar clods without doubling my local storage - would still love to hear about it.


I use Ubuntu Linux. What works for me is to use ENCFS to create an encrypted directory.

ENCFS works by creating two directories: an encrypted one (which is a real directory in your filesystem), and an unencrypted one (which is mounted by ENCFS). Then, I keep the encrypted directory inside a cloud storage server (Dropbox). It works great across computers as long as you use the same (secure) password, and optionally keyfiles, across machines.

The Gnome Encfs manager makes these partitions automatically mount upon login. It can also auto-dismount after a user-defined timeout.

ENCFS: to create an encrypted partition

I think Cloudfogger is dead. Their blog and twitter haven't seen a new post since 2012. Would love to see an updated version of this article re-reviewing the programs that are still active and listing any new contenders. I'm guessing much has changed. Boxcryptor now wants a yearly subscription from you to get the same functionality that used to be free, etc.

Hi theelostone, Yes, I appears that they are not in an active mode at Cloudfogger. Their blog, Twitter and Facebook entries all stopped, and their webpage still states "free for non-commercial use." I will be moving Cloudfogger off the main list. I keep an eye on this encryption category, and recently moved Tresorit to the main list. I've been using it for nearly a year with great results. I haven't looked closely at Mega yet (comment below), but I like the fact that they are located in New Zealand.
Take a look at Mega, a file hosting and cloud storage site with top notch security. The site uses an advanced AES encryption algorithm at client side. Even the site owners doesn't have access to the encryption keys, so they can't decrypt the content. Also you get 50GB free storage space with 10GB bandwidth.
Well, the joke's on me. I should have recognized Mega at the start. It is the colorful Kim Dotcom's old Megaupload rising from the ashes. This search at DuckDuckGo will give you a feel for my surprise when I began to vet Mega. I wanted to go beyond their rather (pun intended, but apropos) cryptic website. It will be interesting to keep an eye on it. Could turn out to be the world's best or something else.
Thanks for the tip George. I'll take a look.

With more attention on "taking the keys back" with regard to security in the cloud, this article has a nice roundup of offerings. With Viivo specifically, there have been a few updates since it was first publishing, including new features, UX and support for Box, Drive & SkyDrive (or whatever it'll be called next). Others updated, too, I'm sure, as attention in this area of security is understandably booming.

Philip I don't see Bitcasa mentioned here. They offer 10 Gb free. I have been using their free service for a few months with mixed feelings. You can access you files in the cloud and download them if need be, but you cannot delete them when in their website. The deletion needs to be done locally by unmirroring the file or folder you want deleted. They used to offer email support to free accounts as well, but have recently stopped doing that and reserve it for paid accounts only. In any case Bitcasa should be considered I think.
With the recent upheaval from the Snowden revelations I am not sure anymore about the security of all these client-side encryption programs, and am considering doing my own encryption (TrueCrypt?)in combination with a cloud service.

To wrap up what I've learned about Bitcasa: 1) They use what is known as Convergent Encryption, which may not be secure against determined snooping (see the Wikipedia article on the technology). 2) Their focus is on storing all your data in the cloud (so you never run out of space, and can access your files from anywhere), not highly secure storage. 3) In a video pitch that I watched, the key founder was brilliant, but he is young, and seemed overconfident. So it's not for me. ;)
Thanks for your comment DutchPete. I'll take a look at Bitcasa. I don't know how to respond to the Snowden revelations yet. For me, it's not the surveillance that I'm concerned about so much as it is the corruption that they have imposed on encryption. It's not going to be long before cyber criminals learn how to break the compromised utilities, and there is no way to know which ones those are. Oh bother.