Introduction
Most cloud storage services claim they "take every precaution" to keep your data secure. For example, most use encryption to make sure your files are secure in transit. They "have internal policies and controls" to ensure that employees don't access your files. But things do go horribly wrong.
For many cloud-storage users, privacy and robust encryption are top priorities. It is essential for data and documents to be encrypted before leaving their device, and it is essential that no other entities have their encryption key or any other way to gain clear-text access to their files.
On-the-fly encryption is the the most convenient way to protect your files in transit and in the cloud. That's where client-side products like SpiderOak, Tresorit, Sync and Cryptomator come in. Client-side on-the-fly encryption assures that your files never leave your computer in an unencrypted state. And your encryption key should never leave your computer.
Once it is properly set up, good client-side, on-the-fly encryption applications require no direct action by users. They and their client-side processes have fast, direct access to unencrypted files. But encryption adds complexity (things do go horribly wrong), and local backups are still important.
See also Encryption Methods at the end of this article.
Rated Products
Platforms/Download: [field_blackberry_download] | iOS | Linux | Mac OS | Web App | Windows (Desktop) |
Version reviewed: 4.8.4
Gizmos Freeware
| Our Rating: 4/5 |
|
Read more...
Sync
Provides sync, sharing, 5 GB of free storage and software to sync files with the encrypted cloud storage.
Platforms/Download: [field_blackberry_download] | iOS | Mac OS | Web App | Windows (Desktop) |
Version reviewed: 1.1.7
Gizmos Freeware
| Our Rating: 4/5 |
Read more...
Cryptomator
Free and open-source software provides transparent (on-the-fly), client-side encryption for cloud storage.
Platforms/Download: [field_blackberry_download] | iOS | Linux | Mac OS | Windows (Desktop) |
Version reviewed: 1.0.3
Gizmos Freeware
| Our Rating: 4/5 |
Read more...
BoxCryptor
Provides on-the-fly encryption giving you transparent access and quick cloud-sync for encrypted files.
Platforms/Download: [field_blackberry_download] | Blackberry | iOS | Mac OS | Windows (App) | Windows (Desktop) |
Version reviewed: 2.15
Gizmos Freeware
| Our Rating: 2.5/5 |
Read more...
Tresorit
Provides seamless sync via the cloud, encrypted links for sharing and secure collaboration.
Platforms/Download: [field_blackberry_download] | Blackberry | iOS | Linux | Mac OS | Windows (Desktop) |
Version reviewed: 3.0
Gizmos Freeware
| Our Rating: 2/5 |
Read more...
Cautionary Notes on Encryption
- Recent revelations about NSA crippling, or hacking encryption software are sobering if you store or transfer sensitive data via the internet. I would not suggest that it is prudent to trust any of the products listed here to protect your information from government agents or nation states, or determined cyber criminals.
- It still seems reasonable at this point to trust these products for protection from most hacker attacks.
- Operating systems are messy: Echoes of your personal data -- swap files, temp files, hibernation files, erased files, browser artifacts, etc -- are likely to remain on any computer that you use. For example, when you encrypt and compress files, clear-text versions that existed before you compress/encrypt the file or clear-text copies that are created after you decrypt/decompress it may remain on your hard drive. It is not difficult to extract those echoes.
- Further advice about how to use encryption are discussed in Encryption is Not Enough, including what you need beyond encryption to be sure your private data is not lost or exposed.
New encryption applications often appear when an individual reads up on applied cryptography, selects or devises an algorithm, maybe even a reliable open source one, and then implements a user interface, tests the program to make sure it works, and thinks he's done. They are not. Such a program is certain to harbor fatal flaws.
"Functionality does not equal quality, and no amount of beta testing will ever reveal a security flaw. Too many products are merely buzzword compliant; they use secure cryptography, but they are not secure." --Bruce Schneier, in Security Pitfalls in Cryptography
Related Products
- 7-Zip offers strong encryption, but it is not convenient for use with cloud applications.
- However CryptSync, which utilizes 7-Zip is convenient, particularly if you use the "Run in background" option. It also has the advantage of allowing multiple pairs of encrypted/unencrypted folders.
- Encryption is Not Enough offers further cautions on encryption, and on what you need to do beyond encryption to be sure your private data is not lost or exposed.
- Best Free File Encryption Utility has reviews of programs used to encrypt files and/or folders directly.
- Best Free Drive Encryption Utility has reviews of programs used to encrypt entire drives, including partitions and removable storage media like USB drives.
- Best Free Encrypted Virtual Drive Utility reviews programs used for on-the-fly encryption of files and folders.
- Best Free Encryption Utility for Personal Use at Work reviews alternative encryption programs that you can use in portable mode.
-
TrueCrypt is the seasoned but abandonded predecessor to VeraCrypt. It once met my criteria for selecting encryption software. The developers of TrueCrypt dropped a bombshell though. It's complicated.... TrueCrypt did pass a preliminary independent audit in 2015, but the dereliction of TrueCrypt now changes everything. For example, recent (September, 2015) vulnerabilities (which will never be patched) have been discovered in TrueCrypt.
Bizarre story behind TrueCrypt: The Atavist Magazine ran a special 7 episode series, The Mastermind, on the backstory of TrueCrypt and it's demise. [Index at Longform.org] It's a great read. Certainly more surprising than fiction. You can deduce a more plausible truth about the origins and demise of TrueCrypt from that series than from any of the many other stories on the internet. Scroll down to the bottom of each page to find the link to each next episode.
Encryption Methods
Common ways to implement on-the-fly, sometimes called transparent encryption
There are pitfalls and limitations in most systems for cloud-storage encryption. Perhaps you can spot them below, but this list might be best used as a reminder. Go learn more about these encryption methods in the Selecting an Encryption Method for Cloud Storage article and then come back here.
Type 1 = [Unencrypted folder] << >> [Integrated encryption & cloud sync] << >> [Cloud storage]
Examples: Tresorit | SpiderOak
Type 2 = [Virtual Drive - virtual clear-text files] << >> [Encryption] << >> [Folder - encrypted files] << >> [Cloud sync] << >> [Cloud storage]
Examples: BoxCryptor | Cryptomator | Cloudifile |
Type 3 = [User Folder - clear-text files] << >> [Encryption] << >> [Folder - encrypted files] << >> [Cloud sync] << >> [Cloud storage]
Example: Cloudfogger
Type 4 = [Virtual drive - clear-text files are virtual only] << >> [Encryption] << >> [Encrypted volume - single encrypted file] << >> [Cloud sync] << >> [Cloud storage]
Examples: VeraCrypt | TrueCrypt (not recommended, see in Related Products and Information below)
Editor
This category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here.
We are looking for people with skills or interest in the following areas:
Comments
I have been using Ncryptedcloud for a couple of years and it has served me well.
I have been using BoxCryptor Classic locally for several years. Rather than attach to cloud directly, I've put the base encrypted files folder into OneDrive's local structure & let OneDrive do the sync work. I have about 15GB of files synced like that and access via 3 similarly configured Win10 PC's and 2 android devices. It has run like clockwork for 3 three years so far.
I just received notice from PKWare that Viivo will be shut down as of 1 July 2017 (but says servers will run until 1 July 2018).
Thanks for the heads-up bb1769,
I've remove Viivo. I don't know of any new alternatives.
Is Cryptomator Type 2 or Type 3 architecture? Under Encryption Methods it is listed as an example of Type 2. But in its Full Review, it says it is Type 3.
Thanks for the question. Cryptomator is Type 2 (fixed in Full Review). Files and folders are stored in an encrypted "vault" (structured/encrypting folder). You access them via a virtual drive, which has its own drive letter. So files and folders, including their names, are encrypted on your hard drive, and you enter your password in Cryptomator to open the virtual drive.
Hey, just FYI: cloudifile.com and cloudfogger.com are now both dead. Looks like maybe odrive.com (See: https://www.odrive.com/features/encryption) might be one to add but haven't tried it out yet.
Thanks for reporting their demise AEIO. I'll remove them from the category.
Which is more secure, Tresorit or Sync.com?
Tresorit is more seasoned, and it's what I use PoxyVX. I have no definitive basis for deciding which one is more secure. I just hope I've picked the right one.
I would like to be able to encrypt files before uploading them to a cloud service, without keeping a local copy. That is, I would like to be able to park files in an encrypted state on a web storage service of my choice, and not need to keep a copy on my hard drive. It would be amazing to be able to have an account with unlimited storage, like Amazon Drive, and just be able to upload files that I don't need to keep on my computer all the time, but may want to access again at some point. I'm envisioning a program that acts as a sort of middleman with one of these services - rather than having an encrypted folder on your hard drive and in the cloud storage, it would encrypt the file and upload it to the cloud storage. And also act as an interface to allow you to download the files again.
Is there any such program?
Not that I know of boombass. Microsoft may re-enable "placeholders" (web shortcuts) for OneDrive some day. Using placehoulders, you'd upload the file, but retain just the placeholder on your device. You'd simply download it if you needed it in the future. There maybe other cloud storage services that already do something similar.
One of the worst moves Microsoft made for Windows 10 was to removed OneDrive placeholders:
http://www.computerworld.com/article/2848118/microsofts-defense-of-onedr...
There is a kind of workaround creating a network drive to access OneDrive without having any files downloaded/off-line:
http://www.windowscentral.com/fix-placeholder-limitation-onedrive-window...
And I have heard that the OneDrive Windows Store App has placeholders but I haven't checked this myself.
I just signed up with https://www.sync.com . 5GB free plus 1GB bonus for doing five tasks. Website and/or app fully encrypted outside of your computer. Located in Canada since 2011. Don't lose your password - they don't have it and can't restore your files. Website is clean and fast. I am impressed.
Phillip, You compare BoxCrytor and SafeMonk to Cloudfogger, but you never actually talk about Cloudfogger. Maybe you deleted it when editing or something? Hopefully, you have a backup. Also, I'm pretty interested in what you think about Cloudfogger. I just dropped AxCrypt do to the direction they are going and what I consider a very high price. I'm looking for a solution to replace it and Cloudfogger is high on my "maybe" list.
Wow! Nice update on the article. It's a huge help with finding the right solution for users with varying computer skills. You da MAN! Thanks!
hello all, TRESORIT is not free anymore, please update.
besides, thanks for all the worthfull information !
The free version still exists. MC - Site Manager.
https://tresorit.com/pricing/basic
"Do I have to pay to use Tresorit?
You can always switch to Tresorit Basic, offering 3GB of storage for free. You can share securely with a few people, but won't be able to set access permissions, manage other users or set policies. If you wish to start using Tresorit Basic for free, get started here".
Philip, Tresorit has changed their Plan structure:
Users who sign up after Jun. 30, 2016 get the Reader plan, not Basic! Among other big CONS, is only 1gb of space, only one device can be associated with an account, and you can only have 1 Tresorit folder. It sounds like the Basic plan is much nicer, but I'm out of luck. You may want to update the Tresorit section of this article.
I tried to post a link to the exact Tresorit article, but the spam filter would not let me post it. So, Google "tresorit reader" and click on the link "What is the Reader Plan?"
Thanks for your research and comment, Autohost1. Yes, Tresorit Reader Plan is severely hobbled compared to the original free plan [details]. I will take action to change our review.
Well done MC :-) , but no way (for me) to find the link to this page.
So thank u for the direct one
Just checked out Tresorit, and their free storage is down to 3GB, not 5GB anymore.
Wuala has announced they're shutting down. They are recommending that users switch to Tresorit, as they think Tresorit can take good care of their data. Tresorit has a tool to get your data out of Wuala and into Tresorit.
Pages