Get our latest top picks
Subscribe to our Top Picks RSS Feed or enter your email address below to get the feed delivered to you by email:
|
Follow Gizmo |
 |
 |
 |
Register/Login
Top Rated
Best Free Encryption Utility for Cloud Storage
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
Cloud services, Dropbox for example, take "every precaution" to keep your data secure. They use SSL encryption to make sure that your files are secure in transit. Once your files arrive, they store them encrypted on their servers. They also use internal policies and controls to ensure that employees don't access your files. Of course things can go horribly wrong when you don't have physical control of your documents. That's where encryption programs like SpiderOak, Tresorit and Viivo come in. They provide client-side encryption to protect your files from access at rest. Or from the more usual threat of a rogue employee gaining access your files. Automatic client-side encryption assures that your files never leave your computer in an unencrypted state. On-the-fly encryption is the the most convenient way to protect your files the cloud. Your programs have direct access to the unencrypted contents of your files, and the on-the-fly encryption process presents the encrypted files to the cloud. Once on-the-fly encryption is set up, the smooth, client-side conversion requires no direct action by the user. But because encryption adds complexity, it makes local backup even more important. Notes on "due dilligence" TrueCrypt is a seasoned product. It fully meets my criteria for selecting encryption software. Unfortunately, it's not a convenient solution in some cases, and it may not work well with the cloud service you choose (see backup trap under True Crypt below). It's too early to consider Cloudfogger and BoxCryptor seasoned, and they are not open-source software, so while I like all the other indicators I've seen, I'm not ready to declare them fully vetted. On the other hand, your encryption program and your cloud service must both be compromised at the same time to expose your files. Your may feel that the risk of joint compromise may be low enough for you to put your files in the cloud using one of these products. Viivo and Wuala are not open source either, but they are seasoned products from a source whose business is encryption-centered. Cautionary Notes
|
|
Discussion
|
|
SpiderOak is not just an encryption program. It combines client-side encryption with 2 GB of free cloud storage (more storage is availale for a fee). In other words, you don't need a separate cloud-storage service. SpiderOak also provides sync between PCs and portable devices in addition to backup. In sum, SpiderOak provides encryption backup, sync and storage space. Backup and sync can be automatic. Your files are unencrypted on all your synced devices, but are always encrypted for transmission and storage in the cloud.You can use SpiderOak for as many folders as you like. Of course you can use up the free 2 GB pretty quickly, but it is inexpensive to get more. It is challenging to discover all the functions of SpiderOak intuitively, but they have excellent "getting started" guides and a users manual. The SpiderOak statement on privacy and passwords is a good example of what you should look for to evaluate the security of any encryption service for cloud storage. In particular, be very leary of any service that offers password recovery. If there is a mechanism for password recovery, it is likely your data on the server is also accessible to a determined hacker or agency. I have have been using SpiderOak for the small set of sensitive files that I want to backup and sync. One thing to understand is that SpiderOak breaks files into blocks so that only the changed or added sections of files need to be stored. That way many versions of the file by just storing the incremental blocks. It offers fine-grain control of the backup/sync process, which helps you stay within the 2 GB of free storage. It's a bit tricky to use SpiderOak until you get used to how it processes backups and syncing. Wuala is similar to SpiderOak, and also provides selective sharing by file or folder. They offer a more-generous 5 GB free storage. I had intended to use Wuala, but it requires Java, which exposes your PC to a seemingly perpetual string of serious vulnerabilities. I truncated my evaluation after learning that it worked well. I liked the general capabilities of Wuala, and judging from some papers they have written it is likely that their encryption is sound. If you're willing to live with the hazards of Java, it is nice to work with. Wuala uses AES- 256 for encryption, RSA 2048 for signatures and for key exchange when sharing folders, and SHA-256 for integrity checks, which is good in principle, but keep in mind that AES is an NSA "approved" algorithm. Their servers are in Switzerland, Germany, and France, which may offer you more privacy. Tresorit is the latest significant entry in this "client plus cloud" active encryption arena, with a free 5 GB plan. The Tresorit interface is gloriously simple, and they describe their approach to encryption quite well. It could be the most secure one on this list. They have an impressive analysis of why they doubt that Tresorit has been hacked. Being based in Switzerland doesn't hurt either. ;) Tresorit may be little puzzling when you first set it up. You might think nothing is happening. Their support is comprehensive and well written though, so you should be able to figure out how to get Tresorit going. I've been using Tresorit for my most important data since September, 2013, and it has performed flawlessly. There is a sizable development team at Tresorit, and they are actively introducing new apps and features. They plan to implement file versioning soon, for example. [whitepaper] SafeMonk is similar in operation to Cloudfogger, but quite a bit simpler to use. It is a bit unsual in that it uses public/private encryption instead of shared key. That enables a very flexible sharing capability that works on a folder-by-folder basis. SafeMonk presents the same hazard that many cloud encryption products do. If you copy a file to the SafeMonk folder without SafeMonk running it will be unencrypted on your computer and in the cloud. BoxCryptor and Viivo provide most of the same functions that Cloudfogger does. They are integrated with the file-system in a different way though. Both use an encrypted virtual-drive interface that is linked to an ordinary folder. They encrypt a single folder, and augment it with the virtual-folder overlay to give cleartext access. With this approach, you work directly with an unencrypted local files, which is faster, but not as secure against local attack. Their two folder approach also leaves users open to fatal mistakes. All files to be encrypted must be placed in the unencrypted local folder. or they will not be encrypted in the cloud-facing folder. Any files placed directly in the encrypted folder will not be encrypted. That could be hard to remember, and there is no warning or other indication of mistakes. TrueCrypt is a top-rated product for most uses, but there is a potential backup trap when it is used for files that will be synced or stored in the cloud. Encryption programs that create encrypted "volumes" (files that contain encrypted files) do not change the size of the volume (container file), and often - intentionally - do not change the modified date of the volume, even though files in the volume have been changed or added. The result can be that your cloud service does not recognize that the volume file has changed, and will fail to update the online copy. TrueCrypt is an example of an encryption program that does not change the modified date of volume files (encrypted file container). However, some cloud backup services - Dropbox for example - check the hash value of volume files, not the date, and if that changes Dropbox stores the latest copy of the volume file. If you're using Dropbox, that makes TrueCrypt an excellent way to implement client-side encryption for your most sensitive files. SkyDrive, monitors the modified date - not a hash value - so TrueCrypt volumes are not updated in the cloud by SkyDrive after their content changes client-side. |
|
Related Products and Information
|
|
Requires Microsoft .NET
|
Editor
|
|
This category is maintained by volunteer editor philip. Registered members can contact the editor with any comments or suggestions they might have by clicking here. |
|
Tags
|
|
encrypt cloud storage file folder |
Back to the top of the article.
- Article type:
- Login or register to post comments
Printer-friendly version
Gizmo's Freeware is Recruiting
We are looking for people with skills or interest in the following areas:
- Mobile Platform App Reviews for Android and iOS
- Windows, Mac and Linux software reviews Interested? Click here
Gizmo's Freeware is Recruiting!
Share your knowledge of free software with millions of Gizmo's readers by joining our editing team. Details here.
Best Freeware Lists
- Best Free Windows Desktop Software
- Best Free Windows 64 bit Software
- Best Free Portable Windows Software
- Best Free Mac Software
- Best Free Linux Software
- Best Free Online Apps
- Best Free Windows Store Apps
- Best Free iPhone Apps
- Best Free iPad Apps
- Best Free Android Apps
- Best Places for Free eBooks & Audio Books
New Articles
Updated Articles
| Best Free Windows 64-bit Software | 04/17/14 |
| Best Free Screen Session Recorder | 04/17/14 |
| Best Free Streaming Media Recorder | 04/17/14 |
| Best Free Personal Finance Software | 04/17/14 |
| Probably the Best Free Security List in the World | 04/17/14 |
Comments
I think Cloudfogger is dead. Their blog and twitter haven't seen a new post since 2012. Would love to see an updated version of this article re-reviewing the programs that are still active and listing any new contenders. I'm guessing much has changed. Boxcryptor now wants a yearly subscription from you to get the same functionality that used to be free, etc.
Hi theelostone,
Yes, I appears that they are not in an active mode at Cloudfogger. Their blog, Twitter and Facebook entries all stopped, and their webpage still states "free for non-commercial use." I will be moving Cloudfogger off the main list.
I keep an eye on this encryption category, and recently moved Tresorit to the main list. I've been using it for nearly a year with great results.
I haven't looked closely at Mega yet (comment below), but I like the fact that they are located in New Zealand.
Take a look at Mega, a file hosting and cloud storage site with top notch security. The site uses an advanced AES encryption algorithm at client side. Even the site owners doesn't have access to the encryption keys, so they can't decrypt the content.
Also you get 50GB free storage space with 10GB bandwidth.
Well, the joke's on me. I should have recognized Mega at the start. It is the colorful Kim Dotcom's old Megaupload rising from the ashes. This search at DuckDuckGo will give you a feel for my surprise when I began to vet Mega. I wanted to go beyond their rather (pun intended, but apropos) cryptic website. It will be interesting to keep an eye on it. Could turn out to be the world's best or something else.
Thanks for the tip George. I'll take a look.
With more attention on "taking the keys back" with regard to security in the cloud, this article has a nice roundup of offerings. With Viivo specifically, there have been a few updates since it was first publishing, including new features, UX and support for Box, Drive & SkyDrive (or whatever it'll be called next). Others updated, too, I'm sure, as attention in this area of security is understandably booming.
Philip I don't see Bitcasa mentioned here. They offer 10 Gb free. I have been using their free service for a few months with mixed feelings. You can access you files in the cloud and download them if need be, but you cannot delete them when in their website. The deletion needs to be done locally by unmirroring the file or folder you want deleted. They used to offer email support to free accounts as well, but have recently stopped doing that and reserve it for paid accounts only. In any case Bitcasa should be considered I think.
With the recent upheaval from the Snowden revelations I am not sure anymore about the security of all these client-side encryption programs, and am considering doing my own encryption (TrueCrypt?)in combination with a cloud service.
To wrap up what I've learned about Bitcasa: 1) They use what is known as Convergent Encryption, which may not be secure against determined snooping (see the Wikipedia article on the technology). 2) Their focus is on storing all your data in the cloud (so you never run out of space, and can access your files from anywhere), not highly secure storage. 3) In a video pitch that I watched, the key founder was brilliant, but he is young, and seemed overconfident. So it's not for me. ;)
Thanks for your comment DutchPete. I'll take a look at Bitcasa. I don't know how to respond to the Snowden revelations yet. For me, it's not the surveillance that I'm concerned about so much as it is the corruption that they have imposed on encryption. It's not going to be long before cyber criminals learn how to break the compromised utilities, and there is no way to know which ones those are. Oh bother.
Love CryptSync. It is basically a watch folder front end for 7-Zip.
Try http://tools.tortoisesvn.net/CryptSync.html
From it's website:
" CryptSync is a small utility that synchronizes two folders while encrypting the contents in one folder. That means one of the two folders has all files unencrypted (the files you work with) and the other folder has all the files encrypted.
The synchronization works both ways: a change in one folder gets synchronized to the other folder. If a file is added or modified in the unencrypted folder, it gets encrypted. If a file is added or modified in the encrypted folder, it gets decrypted to the other folder. "
Thanks for the tip autohost,
CryptSync is a clever little wrapper for 7-Zip. I presume that it uses DES-256 encryption which is native to 7-Zip. A little experimentation with CryptSync is a good way to see how tools like BoxCryptor and Viivo work. You can also open individual files in the encrypted folder directly with 7-Zip.
When I open a CryptSync file with 7-Zip it reports "Method: LZMA 7zAES".
Just found Viivo http://viivo.com/ new from PKWARE (of .zip fame). Looks interesting!
Yes indeed, newbino. Thanks for the lead. The parent firm is in the secure cloud business for enterprises, so this could be a good one. Found nothing beyond that at their site to answer the questions that I use to vet encryption software. I'll be doing more research online soon.
Secured Cloud Drive provides you with the highest military-grade encryption for the files you store using any online storage:
http://www.secured-cloud-drive.com/
One functionality that I am missing from Cloudfogger (or I must have missed it) is a way to access my *.cfog files via a browser from any device if need be. Perhaps a browser plugin or API could do the trick. Any thoughts on that?
Hi Barrett,
There are no browser add-ons for Cloudfogger. There are now apps for iPad, iPhone and Android. There is also a Mac program. You'll find details for these apps/programs on their Download page (see the link in the Quick Selection Guide section for Cloudfogger on this page).
Regarding the TrueCrypt "backup Trap" comment in the review, it is possible for TrueCrypt to change the modified date of volume files by unchecking the "Preserve modification timestamp of file containers" option within Settings / Preferences.
Hi Am
You know, I've tried that more than once over the years and the modification timestamp did not change for me. Maybe you need to do that before creating the volume, i.e., maybe it doesn't work for previously created volumes. I guess I need to experiment some more.
Hi Philip,
FYI, I have also used this on previously created volumes and it works fine (after making a change to a file within the volume and then dismounting the volume).
Thanks Am,
Yes, that might make the difference. I've noticed that the hash values of TrueCrypt volumes don't change until you dismount them. That's a clue that changed virtual-drive contents are in memory and/or the swap file until the volume is dismounted.
Yes the unticking "Preserve modification timestamp of file containers" in truecrypt works perfectly for me. I also only found this out and applied it after I'd created the containers. I was ready to drop truecrypt becasue the containers weren't being updated to the cloud. Once i dismount the containers the modified date gets updated (If I've made any changes) and the cloud app reocgnises this. I have been using this method with Wuala and it's been working well so far. Also Wuala does not seem to upload the whole container each time, so i think it's similar to dropbox and only updating the parts that have changed.
Tried cloudfogger and had a bit of a nightmare with it. so won't be using it again. I also use 7zip encrpytion for cloud storage, it isn't really a hassle for me but i don't add new files that frequently.
PQ, looking at the Wuala site it seems that they offer good client-side encryption with real security. The storage provider cannot be forced to hand over your data to government agencies as they do not have access to it. So why do you use TrueCrypt in addition to Wuala? Is it because you want an extra layer of security because you do not fully trust Wuala?
Thanks for the feedback PQ. I've also noticed that some services only update a small fraction of my TrueCrypt volumes when I change the content. Evidently they hash each block of the file and only upload the ones that change. I didn't know about Wuala. I'll be evaluating it soon.
I have used multiple Truecrypt virtual drives for many years, with no problems. I have recently started using Sugarsync in conjunction with those drives, again with no problem.
However, this combination does not provide complete security for two-way communication, because incoming files are stored in the My Documents folder. It would be easy to move this to a Truecrypt drive. The problem here, however, is that on start-up, Windows would not find the folder, so would create another. At the least, this would necessitate 'moving' the location of the folder at each start-up.
The solution would seem to be to use a system such as Cloudfogger to encrypt the files in the Truyecrypt drives. For synchronisation between, say, a desktop and a laptop, the same user-identity would be used on both machines. Thus, at all stages the files would be encrypted.
I'm puzzled: Let's see if I understand how your setup works. You set up TrueCrypt volumes, say one on a desktop and a matching one on a laptop. You then open the volume on one machine and start Sugarsync, which uploads the files from the virtual drive to the cloud. Later, you open the virtual drive on the other machine, start Sugarsync, and it downloads any new and changed files from the cloud.
I see a problem if your objective is to have individual files encrypted while in transit and also in the cloud. The client-side encryption is undone when you open virtual drives, and Sugarsync is working with cleartext files. They are not encrypted in transit or in the cloud.
I also use TrueCrypt virtual drives, but I sync the TrueCrypt volumes themselves, not the contents of the virtual drives when they are mounted. Perhaps your objective is simply to have the files encrypted on the desktop and laptop when the volumes are not open?
Philip
My main aim is to secure the files on the two computers. Encryption in the cloud is a bonus.
I've tested the concept with SecretSync and Dropbox. (SecretSync say that the system works with other cloud storage products, or I would not have bothered.) I located the SecretSync folder in a Truecrypt virtual drive. A file placed in that folder appeared (encrypted) in the SecretSync "Tunnel" folder in the Dropbox folder. Therefore, on the other machine it would arrive encrypted, and would be automatically decrypted in the corresponding SecretSync folder, which would also be in a Truecrypt virtual drive. That's how it seems to me, anyway, but I have not yet tested the second part (which is actually on a machine in another location; I access this, if needs be, with Logmein).
I note that you have reservations about SecretSync because it is Java-based. Given that CloudFogger permits five top-level folders, and does not use Java, this might be a better bet.
That's great, Paranoid.
Just the kind of clever idea that a fellow paranoid would like to have invented. You're actually cloning one cleartext file into two independent ciphertext streams - one local, and one for the cloud. Splendid.
As for Java, I wonder if Oracle has the know-how to root out vulnerabilities before the hackers find them. They don't seem to come up with well conceived fixes when someone else finds one. I've cut out Java permanently. Not the liquid kind though.
Cloudfogger should work too. Cloudfogger has no tunnel. The files are always encrypted. You only see what looks like cleartext files through an on-the-fly file-system overlay. There are no static cleartext files. Cloudfogger streams virtual cleartext on demand (in both directions). I don't see any reason that nesting Cloudfogger in TrueCrypt virtual drives would not work though.
I should perhaps have said that when I first starting using Sugarsync, there was indeed a problem. If Sugarsync was started before the Truecrypt drives were opened (the default, of course) SS assumed that the files had been deleted. When the Truecrypt drives were opened, all the previously synchronised files were deleted on the user-machine!
The worst aspect of that particular problem has been resolved; files are no longer deleted on the user-machine. If the drive is not found, the link is temporarily broken, but can be restored. The way to avoid the problem is to ensure that SS is never started before Truecrypt, and always closed before Truecrypt. One safeguard would be for the shortcut to SS to be on the virtual drive.