Tresorit is a significant entry in the client-plus-cloud encryption arena. It includes integral free cloud storage (3 GB plan, expandable by completing a few "tutorial tasks", etc.). Tresorit provides seamless sync via the cloud, encrypted links for sharing, and secure collaboration.

Tresorit uses Type 1 encryption (defined above in the Introduction), including its pros and cons. They describe the features of their system quite well. The Tresorit interface is well organized. They have an impressive analysis of why they doubt that Tresorit has been hacked. Being based in Switzerland doesn't hurt either. Tresorit may be the most secure way to encrypt files/folders for the cloud. ;)

Tresorit support is comprehensive and well written, and they have added tutorials for all platforms (look at the bottom of the left column of the interface). You should be able to easily figure out how to get Tresorit going.

I've been using Tresorit for my most sensitive data since September, 2013, and it has performed flawlessly. There is a sizable development team at Tresorit, and they are actively introducing new apps and features. For example, they have recently implemented file versioning, and a clever secure URL method for sharing individual files securely.

SpiderOak is not just an encryption program. It combines client-side encryption with 2 GB of free cloud storage (more storage is availale for a fee). In other words, you don't need a separate cloud-storage service. SpiderOak also provides sync between PCs and portable devices in addition to backup. In sum, SpiderOak provides encryption backup, sync and storage space. Backup and sync can be automatic.

Your files are unencrypted on all your synced devices, but are always encrypted for transmission and storage in the cloud.You can use SpiderOak for as many folders as you like. Of course you can use up the free 2 GB pretty quickly, but it is inexpensive to get more. It is challenging to discover all the functions of SpiderOak intuitively, but they have excellent "getting started" guides and a users manual.

The SpiderOak statement on privacy and passwords is a good example of what you should look for to evaluate the security of any encryption service for cloud storage. In particular, be very leary of any service that offers password recovery. If there is a mechanism for password recovery, it is likely your data on the server is also accessible to a determined hacker or agency.

I used SpiderOak for some time, and I liked the way it worked. One thing to understand is that SpiderOak breaks files into blocks so that only the changed or added sections of files need to be stored. That way many versions of the file by just storing the incremental blocks. It offers fine-grain control of the backup/sync process, which helps you stay within the 2 GB of free storage. It's a bit tricky to use SpiderOak until you get used to how it processes backups and syncing.

Cryptomator is a new entry in this category of encryption for cloud storage. It is well matched to the needs of many of the readers of this article and most home users. One key design objective is security through simplicity. Cryptomator provides transparent (on-the-fly), client-side encryption for cloud storage. Cryptomator is free and open-source software, which assures that backdoors are unlikely.

Cryptomator is platform independent, and especially suitable for less technically experienced users. The user interface is very simple, and it is fairly easy to intuitively discover all the functions and options of Cryptomator. A FAQ and a rough version of a user manual already exist. They provide good help in getting started. The architecture is "Type 3" as discussed above in the Introduction.

Cryptomator is based on simple, clean, and straightforward architecture, which uses time-proven, standard encryption functions. That, and the evident attention by the developers to detail and documentation lend a great deal to my confidence in the security of Cryptomator.

The developers consulted with university mathematicians and other encryption experts, and received extensive feedback from the encryption community in their quest to avoid and eliminate vulnerabilities. They recently received a CeBIT Innovation Award (from the German Federal Ministry of Education and Research and a sponsoring Partner) for their design.

Cloudifile is a cloud encryption entry from an established organization. I applied my criteria for encryption software, and while it is relatively new I am comfortable including Cloudifile in this encryption category. Cloudifile is offered by Cloud Labs, which is a product spin-off of Apriorit. Apriorit has extensive experience in security projects that relate to a product like Cloudifile.

Here's how it works: Cloudifile creates a new folder in Dropbox, and encrypts and moves the files you want to store in the cloud to that Dropbox folder. It also creates a virtual drive where you can access the files (when you are logged in). Your local files are always encrypted at rest on your computer as well as in the cloud, but available in cleartext when you are logged in to Cloudifile. There is also a right-click context menu item for Windows Explorer that allows you to "Cloudify" any other files you want to encrypt and add to Dropbox.

BoxCryptor and Viivo both use a virtual-drive interface [this link has great stuff about BoxCryptor] that is linked to an ordinary folder. clarify type, etc, and coordinate with Cryptomater They encrypt a single folder, and augment it with the virtual-folder overlay to give cleartext access. With this approach, you work directly with an unencrypted local files, which is faster, but not as secure against local attack. Viivo is not open source, but it is a seasoned product offered by an encryption-centered enterprise.

Their two folder approach also leaves users open to fatal mistakes. All files to be encrypted must be placed in the unencrypted local folder. or they will not be encrypted in the cloud-facing folder. Any files placed directly in the encrypted folder will not be encrypted. That could be hard to remember, and there is no warning or other indication of mistakes.

Special notes

Special notes on TrueCrypt

TrueCrypt is the venerable, but abandonded predecessor to VeraCrypt. It once met my criteria for selecting encryption software. The maintainers of TrueCrypt dropped a walk-off bombshell though. TrueCrypt did pass a preliminary independent audit in 2015, but the dereliction of TrueCrypt changes everything. VeraCrypt is the best new fork of TrueCrypt. For more TrueCrypt vulnerability examples read TrueCrypt Travails Continue.

Bizarre backstory: The Atavist Magazine ran a special 5 episode series, The Mastermind, on the origins and demise of TrueCrypt. It's a riviting story. Certainly more surprising than fiction. You can deduce a more plausible truth about the origins and demise of TrueCrypt from that series than from any of the many other stories on the internet. Scroll down to the bottom of each page to find the link to each next episode.


Please rate this article: 

Your rating: None
No votes yet