Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Ask Slashdot: Which Encrypted Cloud Storage Provider?

timothy posted 1 year,20 days | from the all-I-hear-is-line-noise dept.

Cloud 200

An anonymous reader writes "Almost three years ago, I started looking for a cloud storage service. Encryption and the "zero-knowledge" concept were not concerns. Frankly, after two weeks testing services, it boiled down to one service I used for almost 2 years. It was perfect — in the technical sense — because it simply works as advertised and is one of the cheapest for 500GB. But this year, I decided changing that service for another one, that would encrypt my files before leaving my machine. Some of these services call themselves 'zero-knowledge' services, because (as they claim) clear text does not leave your host: they only receive encrypted data — keys or passwords are not sent. I did all testing I could, with the free bit of their services, and then, chose one of them. After a while, when the load got higher (more files, more folders, more GB...), my horror story began. I started experiencing sync problems of all sorts. In fact, I have paid for and tested another service and both had the same issues with sync. Worse, one of them could not even handle restoring files correctly. I had to restore from my local backup more than once and I ended up losing files for real. In your experience, which service (or services) are really able to handle more than a hundred files, in sync within 5+ hosts, without messing up (deleting, renaming, duplicating) files and folders?"

Sorry! There are no comments related to the filter you selected.

Ooh I know this one (3, Insightful)

symbolset (646467) | 1 year,20 days | (#45316381)

Build a couple Backblaze boxes and work out a deal with some KC residents. That gets you 180TB offsite stuff with whatever sw leverage you want to lay on top of that.

Re:Ooh I know this one (1)

symbolset (646467) | 1 year,20 days | (#45316383)

Compared to what SANs cost you might consider buying up some KC residential real estate. BTW: you're already late to this game so expect to pay a premium.

Re:Ooh I know this one (1)

slick7 (1703596) | 1 year,20 days | (#45317245)

One that does not evaporate when the sun comes out?

Re:Ooh I know this one (-1, Troll)

Anonymous Coward | 1 year,20 days | (#45316487)

I think the submission is actually a troll. Cloud? Hello? Anyone using the expression "The Cloud" is either a troll or lost cause.

Either

1) Put your stuff on TPB.

or

2) If you are serious about actually storing stuff, get yourself a server and secure it.

Now shut up.

Re:Ooh I know this one (-1)

Anonymous Coward | 1 year,20 days | (#45316499)

No grey area with you huh?

Re:Ooh I know this one (1, Insightful)

Anonymous Coward | 1 year,20 days | (#45316595)

I think the submission is actually a troll. Cloud? Hello? Anyone using the expression "The Cloud" is either a troll or lost cause.

Either

1) Put your stuff on TPB.

or

2) If you are serious about actually storing stuff, get yourself a server and secure it.

Now shut up.

Not very helpful, eh?

Here, let me elaborate. Either contribute to the conversation, or kindly STFU.

Cloud can work. It all depends on your own SLA (and their ability to actually work as advertised), which is the technical dilemma being debated here, so knock it off with your snarky attitude as if someone just brought up a Kardashian using Windows 98. "Cloud", much like the internet, is likely here to stay for a while whether you like it or not.

And over history, I'm sure the people who were "serious" about storage have lost a shitload of data even with tape backup too, so don't act like that solution is magically bulletproof.

Re:Ooh I know this one (4, Insightful)

SuricouRaven (1897204) | 1 year,20 days | (#45316619)

Cloud is not a technical term. It's a business term.

Re:Ooh I know this one (0)

Anonymous Coward | 1 year,20 days | (#45316817)

Cloud is not a technical term. It's a business term.

And Linux is not an OS, but everyone knows what is meant by the term.

Re:Ooh I know this one (3, Insightful)

BrokenHalo (565198) | 1 year,20 days | (#45317289)

2) If you are serious about actually storing stuff, get yourself a server and secure it.

I hate those FTFY posts, but if you are really serious about storing stuff, then you should do it yourself. The so-called "cloud" services might be convenient (depending on the cost and availability of your internet connection), but they are totally out of your control, especially if you care even the slightest about security.

Copy (1)

unitarian (2861481) | 1 year,20 days | (#45316395)

I'm not sure if it is "zero-knowledge" or just "little-knowledge" (file meta-data might be transmitted. I honestly don't know), but I've had very good luck with Copy, which was created by Barracuda (the company that's always advertising in airports, for some reason). Check them out: https://www1.copy.com/home/ [copy.com]

Re:Copy (3, Interesting)

Anonymous Coward | 1 year,20 days | (#45316429)

A Barracuda will always be able to help in those cases where you forget your password.

http://krebsonsecurity.com/2013/01/backdoors-found-in-barracuda-networks-gear/ [krebsonsecurity.com]

Re: Copy (0)

Anonymous Coward | 1 year,20 days | (#45316763)

Good catch. If you can recover your files without your password, then there's no meaningful encryption happening. Simple as that.

Re: Copy (1)

BrokenHalo (565198) | 1 year,20 days | (#45317309)

Good catch.

Only if you consider a barracuda worth eating, which I don't...

Re:Copy (1)

gl4ss (559668) | 1 year,20 days | (#45317051)

I'm curious, how would zero knowledge go with partial syncs?

Have a box live somewhere (1)

Anonymous Coward | 1 year,20 days | (#45316407)

Bittorrent sync + local encryption. Leave a box, or several boxes, running in some datacentres somewhere without the encryption key and you have failover backups (and increased bandwidth).

Give it up. (5, Insightful)

philip.paradis (2580427) | 1 year,20 days | (#45316409)

Write yourself a simple set of scripts that use rdiff-backup or rsnapshot to perform differential/incremental backups to an internal host, make a secondary mirror encrypted at a file level with GPG/PGP, and use rsync to sync the encrypted mirror to several offsite hosts. Done. If this level of security matters to you, do it yourself.

Re:Give it up. (5, Informative)

Rosyna (80334) | 1 year,20 days | (#45316471)

Indeed. Mostly give up the idea of having the host encrypt files for you. You never know if they have a backdoor of some sort. Find/write software (I use Arq) to encrypt files and then send the encrypted files to a host like Amazon S3. It's really the only way for the host to have the "zero-knowledge" you desire.

Re:Give it up. (1)

worf_mo (193770) | 1 year,20 days | (#45316581)

I found duply [duply.net] to be a nice solution. It is a (command line) frontend for duplicity [nongnu.org] which in turn is based on librsync. This combinations makes it easy to create encrypted incremental backups.

Re:Give it up. (3, Informative)

Sun (104778) | 1 year,20 days | (#45316739)

<plug>Or, better yet, use rsyncrypto [lingnu.com] .</plug>

The advantage is that the incremental diffs don't accumolate on your computer, making your entire archive volatile (lose one rdiff, lose everything after that point). You just sync like you always do.

Theoretically, rsyncrypto is less secure. I am, of course, far from being objective about this point, but I believe this is not a practical weakness for most people, even with the renewed (justified) paranoia. Then again, the tradeoffs are clearly discussed on the project's site, so you are free to draw your own conclusions on the matter.

Shachar

Re:Give it up. (2)

OpenSourced (323149) | 1 year,20 days | (#45316741)

I'm curious. I've always thought that encrypting a lot of files individually (as opposed to as a block) would open you to attacks based on the content of well known files (example configuration files, etc.) that you may add to the lot. That is, if the attacker has knowledge of the content of a couple of files, could he derive the keys for unencrypting the rest?

Re:Give it up. (1)

vtcodger (957785) | 1 year,20 days | (#45316983)

Not that I know anything about cracking encryption or have given this much thought, but wouldn't packing well known and unknown files into single files -- e.g. zip,tar,etc -- prior to encrypting make known content analysis pretty much impractical? ... for todays computers anyway?

Re:Give it up. (1)

dyfet (154716) | 1 year,20 days | (#45316819)

Indeed, locally encrypting and then mirroring is a good solution. Another can be to use something like ecryptfs if one wants "live" usable files shared in a folder and synced over multiple machines. The service (dropbox, gdrive, whomever) only see the encrypted files, and are happy to mirror that without awareness that they are encrypted at all. You only need to make sure to not pick a NSA friendly cipher ;). You can then access your files on each machine directly through the ecryptfs mount point. ecryptfs can also generate encrypted filenames, so what little you do still leak is only file size and creation date this way.

Re:Give it up. (1)

Bruco (1176833) | 1 year,20 days | (#45317041)

Right, this. In my case, the local files aren't encrypted. I stage a backup to an encfs mount, then unmount and rsync the encrypted files to my cheap VPS many, many miles away. Yes, a small amount of metadata is visible, but not actual content. The scripts to do so aren't very long, and were fun to write, even for a relative newbie like me.

Use MEGA (1)

Anonymous Coward | 1 year,20 days | (#45316423)

Http://mega.co.nz

Why Pay Somebody Else? (3, Informative)

Jane Q. Public (1010737) | 1 year,20 days | (#45316427)

For the money you're paying a service, why not just hoop up an inexpensive machine for a server, put a TB or two in it, and use BitTorrent Sync [wikipedia.org] ?

It's pretty secure, you can share files with others, it's available for all major OSes (including iOS and Android), you don't have to mess with any 3rd parties seeing your data... what more do you want?

Re:Why Pay Somebody Else? (1)

Anonymous Coward | 1 year,20 days | (#45316469)

Why? Not everybody has the time to do it themselves and ultimately you have to pay someone for off-site storage regardless. Why not use BitTorrent Sync? It's a "A proprietary peer-to-peer file synchronization" tool. If your data is important enough to warrant encryption you don't utilize proprietary software. Hell. I wouldn't use it even if it wasn't that important. Proprietary software is a security risk I'd rather not have and it can't ever be relied upon. You don't know if- or more likely when that software will disappear. I should never be put in a position where I'm unable to access my data and thats exactly what you'll get using such tools. I shouldn't have to have Microsoft Windows XP because the data I want is encrypted using some untrustable utility that was discontinued during that era. That same thing goes for file formats and production applications.

Re:Why Pay Somebody Else? (1)

Jane Q. Public (1010737) | 1 year,20 days | (#45316479)

s/hoop/hook

Re:Why Pay Somebody Else? (1)

Anonymous Coward | 1 year,20 days | (#45316505)

They are also planning to add a feature that allows you to sync your files to an untrusted computer, leaving them completely encrypted in the whole process.

http://forum.bittorrent.com/topic/16836-support-for-untrusted-encrypted-node/?p=62836

(FWIW, BTSync uses AES128-CTR. Good enough for random files and pictures but I would not use it for anything sensitive.)

Re: Why Pay Somebody Else? (1)

Anonymous Coward | 1 year,20 days | (#45316803)

AES128-CTR is a very respected algorithm. I don't understand why that would be the past you're worried about. The worrying part is that Bittorrent sync is closed source.

Re:Why Pay Somebody Else? (0)

Anonymous Coward | 1 year,20 days | (#45316867)

Bittorrent Sync *might* be pretty secure. We simply can't take that risk at this stage. Once the code is open we can take it seriously.

Re:Why Pay Somebody Else? (0)

Anonymous Coward | 1 year,20 days | (#45316985)

Maybe because BTSync uses unencrypted nodes for trackers?

Re:Why Pay Somebody Else? (1)

vtcodger (957785) | 1 year,20 days | (#45317013)

For the money you're paying a service, why not just hoop up an inexpensive machine for a server, put a TB or two in it?

Fires, thefts, etc can happen to pretty much anyone. There's something to be said for encrypted off-site storage. OTOH, there's no particular reason that can't be on a usb flash drive in the glove compartment of a car. (I'd suggest in the trunk under the spare tire instead). After all, the data is encrypted. What can possibly go wrong?)

Roll your own - but choose the right SW (3, Interesting)

Anonymous Coward | 1 year,20 days | (#45316431)

I've not tried this, but always meant to. Sparkleshare is an attempt to make an open source Dropbox - and a couple of years after I first bookmarked it it's still going strong.

You can get a cheap dedicated server for under £10 a month and roll your own based on this?

Also has client-side encryption
https://github.com/hbons/SparkleShare/wiki/Client-Side-Encryption

Re:Roll your own - but choose the right SW (2)

franciscohs (1003004) | 1 year,20 days | (#45316583)

Depending on your needs this might not be the right choice, as stated on their home:

Great:

Frequently changing project files, like text, office documents, and images
Tracking and syncing files edited by multiple people
Reverting a file to any point in its history
Preventing spying on your files on the server using encryption

Not so great:

Full computer backups
Storing your photo or music collection
Large binary files that change often, like video editing projects

For general purpose Dropbox replacement I recommend ownCloud

Re: Roll your own - but choose the right SW (0)

Anonymous Coward | 1 year,20 days | (#45316731)

OwnCloud seems to be pretty good too

Re:Roll your own - but choose the right SW (0)

Anonymous Coward | 1 year,20 days | (#45317135)

Tried them both - sparkleshare and owncloud. They're a complete joke, bug ridden and lacking in basic functionality.

Re:Roll your own - but choose the right SW (2)

SpzToid (869795) | 1 year,20 days | (#45317277)

I've tried SparkleShare and it works really well, so long as you don't have many large binary files, like images or videos. It fails where traditional GIT fails.

What I found that works better is git-annex assistant and either your own redundant and cheap hardware disks, or you can also ssh somewhere, OR you can also use Amazon Glacier for a very very low cost. Yes, you can also encrypt everything before it leaves your machine. Check out the nice video tutorials.

http://git-annex.branchable.com/assistant [branchable.com]

EncFS or BoxCryptor (1)

Anonymous Coward | 1 year,20 days | (#45316437)

Use EncFS or, if that's too tedious for you (it's not that polished on Windows), BoxCryptor.

Advantages: (i) you can use any cloud storage provider you want and (ii) EncFS is open source, so you have some means of verifying that there's strong encryption on your end without backdoors.

NO !! (-1)

Anonymous Coward | 1 year,20 days | (#45316439)

Next !!

None of them. (5, Insightful)

MrL0G1C (867445) | 1 year,20 days | (#45316451)

After all of this NSA business, why would you ask which storage provider keeps you safe when clearly none of them do.

If you want your data encrypted, why would you not do it yourself, then you don't need to pay for an encrypted storage provider because you can upload your encrypted data to any storage provider. Paying extra for something you're not guaranteed to get is not very intelligent.

This article brought to you by an anonymous reader / encrypted storage provider.

Re:None of them. (1)

MrL0G1C (867445) | 1 year,20 days | (#45316467)

Perhaps I should RTFS before posting. I still wouldn't trust these services anyway, how do you know the keys are made securely and stay secure?

Re:None of them. (1)

rvw (755107) | 1 year,20 days | (#45316587)

Perhaps I should RTFS before posting. I still wouldn't trust these services anyway, how do you know the keys are made securely and stay secure?

Exactly! How will you ever know for sure that the program won't send your private key to the server - encrypted with another key so you will never see it if you would try to monitor traffic? I think it's impossible with hundreds of gigabytes of traffic.

Re:None of them. (1)

rmstar (114746) | 1 year,20 days | (#45316691)

Exactly! How will you ever know for sure that the program won't send your private key to the server - encrypted with another key so you will never see it if you would try to monitor traffic? I think it's impossible with hundreds of gigabytes of traffic.

You need an open source client, and you have to build it yourself.

That said - this slashdot news item looks like a psyop to me. Why would a halfway decent cloud storage provider botch up data integrity so badly? This isn't rocket science after all. I suspect this is FUD to keep people from using these encrypted storage solutions.

Re:None of them. (1)

rvw (755107) | 1 year,20 days | (#45316709)

EncFS might just do what you and I need!

Re:None of them. (1)

St.Creed (853824) | 1 year,20 days | (#45316779)

Why would a halfway decent cloud storage provider botch up data integrity so badly? This isn't rocket science after all. I suspect this is FUD to keep people from using these encrypted storage solutions.

While it may not be rocket science, a lot of people underestimate the amount of corruption that files incur from bits flipping at random in storage or during transfer. It's one of the reasons many of those cloud services have checksums at EVERY step in the process. And if you use the wrong type of checksum you're going to get collisions once the number of customers goes up. Apart from that, you get sync issues if the clocks of all devices don't match up exactly, and you need to make sure you have a globally available checkpoint (a counter, or a good clock) that works.

It's a bit like cryptography. While the principles are well understood, a minor bug in the implementation can make the difference between a working solution and a subtly non-functional one.

Re:None of them. (1)

Anonymous Coward | 1 year,20 days | (#45316835)

I've had US providers just deleting my whole VM just because they didn't "like it" (I was maintaining a legitimate mailinglist on it, that never got abused).
I was "free" to restore the VM on my own time and my own backups. Of course, if I bought their "backup-plan", they could help me with this problem in the future.

This was a monthly paid plan, and I made sure our organization stopped using and paying it promptly.
Fortunately, I had backups of the mailinglists, but we stopped using "cloud providers" from that point on.

Good luck with "your cloud"..

Captcha: dreading

Re:None of them. (-1)

Anonymous Coward | 1 year,20 days | (#45316617)

After all of this NSA business, why would you ask which storage provider keeps you safe when clearly none of them do.

If you want your data encrypted, why would you not do it yourself, then you don't need to pay for an encrypted storage provider because you can upload your encrypted data to any storage provider. Paying extra for something you're not guaranteed to get is not very intelligent.

This article brought to you by an anonymous reader / encrypted storage provider.

For fucks sake, enough about the goddamn NSA paranoia already.

Here, let me put it this way. If you're truly worried about the NSA getting in, you might as well turn OFF the computer, for they own and control backdoors into the operating system, the wireless radio, the BIOS/firmware, and every single piece of encryption used to "secure" it all.

If embassies and entire countries cannot protect themselves from the NSA, I laugh at you nickel-budget armchair crypto nerds who think you can.

And if you do NOT have that level of paranoia about the NSA after recent revelations, then STFU about them already. You're either all in with that paranoia, or you're not.

Re: None of them. (0)

Anonymous Coward | 1 year,20 days | (#45316677)

Well hey, embassies and other countries more likely than not use Microsoft Windows.

For the original question, Tahoe-LAFS should do it. Keep the keys secure in non-connected storage such as USB.

Re:None of them. (1)

Pav (4298) | 1 year,20 days | (#45317011)

Because it's good security practice to assume an adversary who is everywhere with huge resources perhaps? If you don't want to call your adversary NSA, call them the Gestapo or something (personally I call them "Chaos"... the evil team from Get Smart). They're always going to get in so why bother? Guess what... assuming that they will always get in is ALSO good security practice. You can continue to assume retarded script kiddies though... good luck with that.

Re:None of them. (0)

Anonymous Coward | 1 year,20 days | (#45316699)

After all of this NSA business, why would you ask which storage provider keeps you safe when clearly none of them do.

If you want your data encrypted, why would you not do it yourself, then you don't need to pay for an encrypted storage provider because you can upload your encrypted data to any storage provider. Paying extra for something you're not guaranteed to get is not very intelligent.

This article brought to you by an anonymous reader / encrypted storage provider.

Agreed.

If someone were _genuinely_ afraid of the government, why would they give their stuff to ANYONE?
They aren't.

If they do not secure theirthings, it's like handing a stranger in a possibly foreign country a folded letter and asking them not to read it.
If their staffers read it and don't tell you, does it matter? I'm tired of people yelling police state when they'd give complete strangers their stuff but act "afraid" of their government.

Re:None of them. (0)

Anonymous Coward | 1 year,20 days | (#45316801)

Obviously you shouldn't use non-opensource solutions for this. And if it's opensource then you and the community can check the source code to make sure your keys aren't transferred and that only the encrypted information is transferred.

It's not ready yet (1)

Anonymous Coward | 1 year,20 days | (#45316459)

Considering the sorry state of basic cloud sync services, I would not be surprised if the advanced versions are even worse. The only service I can actually recommend is Dropbox - it is expensive, but it works, and even so it eats a lot of CPU time and hard disk activity at boot up.

The alternatives are worse to terrible. Google Drive claims that files are in sync when they aren't. It also seems to fight with files open in MS Office. It creates conflicts for no reason. It just plain fails to deliver, even if you neglect the absence of a Linux client. Box is much worse in my experience, although it has a nice and clean design. Skydrive is interesting, but I repeatedly ran into installation issues with it - funny given that it is MS software, or maybe to be expected.

Obviously encryption makes things a lot more difficult, especially the handling of temporary files and the merging of conflicts. So it should not be a surprise that it does not quite work yet.

Re:It's not ready yet (1)

icebike (68054) | 1 year,20 days | (#45316537)

None of the services you mentioned are zero knowledge services. The all can and will hand your data to the first cop in the door with something vaguely resembling a warrant.

Spideroak claims to be zero knowledge, they don't have your keys and couldn't decrypt your Data if they were ordered to.

Unless or until they open source their client side software you have to take their word for this. Although they did say they would open source the client some time ago.

I have it backing up two different machines, and have not had it lose any files. It also can be used to sync machines but I use it for version backups (you can roll it back many increments).

HP Autonomy Cloud Backup Service (0)

Scott Ragen (3378093) | 1 year,20 days | (#45316493)

This probably won't be a popular comment given Slashdot's DIY mentality, but why not go for an online backup system instead of cloud storage?

You stated you need it for backup, so use a backup service. They have the benefit of alerting you when backups occur and do not occur, can sync as little as every 15 minutes, provide up to 7 years of snapshots.
With block level synchronisation, it encrypts the data before leaving the server and I believe it is PCI compliant.

Re:HP Autonomy Cloud Backup Service (1)

rtb61 (674572) | 1 year,20 days | (#45316559)

Do it yourself means that you manage risk and cost. Handing it over to an outside contractor means, inevitably, eventually, with all companies, some douche nozzle accountant executive with limited tech knowledge in the pursuit personal bonuses and claiming great savings and extra profit with the typical B$ spreadsheet. Will take a series of cost savings short cuts that allow risk of data loss to become a certainty of data loss. They lose customers, the customers go elsewhere but unfortunately so do those douche nozzle executives and the problem relocates. It the cycle of greed, build trust, sell that trust for extra profit, fail and back too build trust (there ain't no profit, just bonuses for no nothing douche nozzle executives, you know, psychopaths in suits). It is always just a matter of time, to greed driven contractor failure.

Re:HP Autonomy Cloud Backup Service (0)

Anonymous Coward | 1 year,20 days | (#45316643)

So you're willing to pay top dollar to keep your data stored online, securely and encrypted? Who do you work for, the mob?

Focus on your local encryption method first (5, Interesting)

tiznom (1602661) | 1 year,20 days | (#45316495)

Your problem isn't the storage, it's whatever you are doing locally that is the issue. I've got tens of thousands of files backed up with no issues, across several devices.

You didn't mention your OS. I'll assume you are running Linux because if you are running WIndows/MacOS you are missing a fundamental weakness already.

On Linux, use EncFS which also has a nice GUI manager via GEncfsM [bitbucket.org] for those that prefer it.

Using EncFS means you don't have to upload entire files when you edit them, only the changes are synced. This is efficient, open-source, and works perfectly.

Once EncFS is working, pick any cloud storage you want and sync the encrypted folder(s). I do it with Dropbox + symlinks and it is flawless, no issues for years now.

Re:Focus on your local encryption method first (2)

bolt_the_dhampir (1545719) | 1 year,20 days | (#45316551)

Parent needs voting up. With EncFS, you can even use the reverse function, in case you like your local files unencrypted for some reason, to get an encrypted "view" of the files and sync that. You can mount a remote Windows machine's drive, for instance, get an encrypted view of said drive and sync that to the cloud. Also, check out Jottacloud if you have a Windows machine available. I don't think their "unlimited storage" deal can be beaten.

Only one answer... (0)

Anonymous Coward | 1 year,20 days | (#45316501)

The NSA.

TarSnap (4, Interesting)

broknstrngz (1616893) | 1 year,20 days | (#45316509)

tarsnap.com. Not very user-friendly, but it does what it says on the tin.

GET READY FOR IT !! (-1)

Anonymous Coward | 1 year,20 days | (#45316511)

Timeshare !!

Do not maintain home-site servers !!

Ever !!

Rent your compute CPU !!

Rent your STORAGE !!

Livin' la vida loca !! is the only way to fly !!

encfs (0)

Anonymous Coward | 1 year,20 days | (#45316519)

Linux/encfs/samba and then back up with your old provider.

Go with what works (1)

VortexCortex (1117377) | 1 year,20 days | (#45316523)

127.0.0.1 or 10.6.6.6 or 192.168.69.42. Those are my encrypted cloud service providers. Public address varies so I ping my web server for a redirect; You could use dynamic DNS. Since we're using pre-shared-key encryption no MITM can insert themselves -- data is encrypted before the session is even initiated -- No need to worry about SSL PKI shenanigans.

Re:Go with what works (0)

Anonymous Coward | 1 year,20 days | (#45316717)

127.0.0.1 or 10.6.6.6 or 192.168.69.42. Those are my encrypted cloud service providers. Public address varies so I ping my web server for a redirect; You could use dynamic DNS. Since we're using pre-shared-key encryption no MITM can insert themselves -- data is encrypted before the session is even initiated -- No need to worry about SSL PKI shenanigans.

Are you sure you understand how SSL works?
No that's the wrong question.. you might be, you're just misinformed.

SSL can do the thing you said right before it. You don't HAVE to use a certificate chained to a key held by a third party, and you don't HAVE to chain certificates at all if you don't want to, but that makes key management much easier.

No sympathy, yes solution (0)

Anonymous Coward | 1 year,20 days | (#45316569)

I had to restore from my local backup more than once and I ended up losing files for real.

So sue them! What do you mean you didn't read the terms of service which clearly (if you're a crooked business lawyer) state you cannot sue for anything...

The only solution you can trust is DIY. That way you know what is happening.

It does not matter (1)

Omegium (576650) | 1 year,20 days | (#45316589)

As far as encryption is concerned, you cannot trust anyone but yourself. So you can ignore anything your cloud provider says about encryption and focus on speed, reliability and cost.

You should make sure that your cloud provider only ever receives encrypted data from you, and if he decides to encrypt again, good for him, and if he decides to let the NSA listen in, well, it doesn't matter, your data was encrypted anyway.

Re:It does not matter (0)

Anonymous Coward | 1 year,20 days | (#45316659)

As far as encryption is concerned, you cannot trust anyone but yourself. So you can ignore anything your cloud provider says about encryption and focus on speed, reliability and cost.

You should make sure that your cloud provider only ever receives encrypted data from you, and if he decides to encrypt again, good for him, and if he decides to let the NSA listen in, well, it doesn't matter, your data was encrypted anyway.

Speaking of the NSA and trust, I'm glad you feel the only one you need to trust is yourself, as you sit back and type away on a commercial piece of hardware running commercial firmware, running a commercial OS you did not write or audit personally (and may be closed source), with a commercial wireless radio and network stack, all while assuming that the crypto used to secure it all hasn't been broken or backdoored by the NSA long ago.

I heard the cloud of ignorance is fluffy and smells like McDonalds french fries. No wonder so many are addicted.

Americans... (0)

Anonymous Coward | 1 year,20 days | (#45316591)

"I decided changing that service"

Did you. Did you really. Idiot.

"I decided TO CHANGE that service."

DIY (1)

vikingpower (768921) | 1 year,20 days | (#45316593)

Only solution. If you want a job done properly, then you best carry it out yourself. Buy a relatively cheap server, equip it with whatever you need to get a backup to it working, and have that server hosted. You'll pay for the hosting and the bandwidth ( in many cases, the latter is included in the former ). All cards are in your own hands. It takes some work, but except for man-in-the-middle attacks - which are always possible, BTW, and in any scenario - you are safe.

nau an (0)

nau an (3418961) | 1 year,20 days | (#45316609)

Thank you for share.! nau an [nauanngon123.com]

What's the point? (1)

stenvar (2789879) | 1 year,20 days | (#45316615)

If you don't control the software itself, you can't be sure that there aren't backdoors. Even if there aren't backdoors when you start, they can always get introduced later.

If you're really concerned about this, put a server somewhere and use encrypted rsync or something similar. Even then, be aware that backdoors can still be pushed onto your machine with a software update.

Least Authority (0)

Anonymous Coward | 1 year,20 days | (#45316621)

https://leastauthority.com/

They are built by the guy who manages the Tahoe LAFS project, which is a distributed encrypted datastore. Encryption happens on your side, there's nothing they can do to read your data.

Don't pick "free" (0)

Anonymous Coward | 1 year,20 days | (#45316623)

Pick a serious commerical actor if you care about your files. I've used CrashPlan for many years, since it's cheap, fast and encrypts strongly.

I think a cloud backup is a must these days...

Crashplan (0)

Anonymous Coward | 1 year,20 days | (#45316631)

Check out Crashplan they're the company that I've decided to go with. I pay for only one host to be backed up. I then use their utility to backup all other hosts to one server. I even use their utility to back-up my parents and several friends to my NAS at home. Then I use their tools to backup that server to their cloud. You get to define your own encryption key if you wish and at that point in time they become a zero knowledge service. A really quick search on the topic provides this list of services that support private encryption keys:

SpiderOak
CrashPlan
Mozy
Backblaze
Carbonite
IDrive
AltDrive
Bitcasa

Hope this helps.

ecryptfs + rsync (0)

Anonymous Coward | 1 year,20 days | (#45316641)

As plenty of others have mentioned, you don't need or even want an "encrypted cloud provider". You cannot trust that.

Instead, use ecryptfs locally, and use rsync to copy the encrypted files to the provider. That's under your control, uses only software you can examine and build from source yourself if you want, and it works with any provider.

Using some proprietary, fragile, single-vendor solution is not a wise decision.

BoxCryptor (1)

Anonymous Coward | 1 year,20 days | (#45316669)

I use BoxCryptor which you can use with existing cloud storage providers such as dropbox.

It gives you a driver letter / mount point, any file you save there is transparently encrypted before being placed onto for example dropbox. You have a 1:1 relation between the plain file and the encrypted file so you can still use things like deleted file recvoery.

filecloud (1)

ionix5891 (1228718) | 1 year,20 days | (#45316671)

Try filecloud.io they are an Irish company with servers in Amsterdam

free accounts come with up to 1000GB free storage (reduced redundancy sort of like amazon) and more if you pay 6.99$ / month (29.99/6 months) that comes with raided storage

you can encrypt files yourself before uploading whichever method you want

they have previously went to courts and got advice from Irish Data Protection commissioner that if any 3rd party wants your data they have to get an Irish court order.

Truecrypt + Dropbox (4, Informative)

joelleo (900926) | 1 year,20 days | (#45316673)

I use Truecrypt's encrypted drive containers in my local Dropbox folder. The file sync'd to Dropbox is encrypted when the sync occurs, so that is all they ever see. Because Dropbox does a binary diff of the file and only uploads the differences which makes syncing large encrypted files feasible.

I've seen some chatter that Truecrypt may have been compromised - Bruce Schneier and Snowden use it so I'll trust in their judgement.

Re:Truecrypt + Dropbox (0)

Anonymous Coward | 1 year,20 days | (#45316723)

I use Truecrypt's encrypted drive containers in my local Dropbox folder. The file sync'd to Dropbox is encrypted when the sync occurs, so that is all they ever see. Because Dropbox does a binary diff of the file and only uploads the differences which makes syncing large encrypted files feasible.

I've seen some chatter that Truecrypt may have been compromised - Bruce Schneier and Snowden use it so I'll trust in their judgement.

I agree with you and this solution works perfectly for me as well. The sync method makes it very fast even for 10GB+ files.

Re:Truecrypt + Dropbox (1)

St.Creed (853824) | 1 year,20 days | (#45316811)

That's a pretty good idea, actually. I think I'll go this route myself as well.

Re:Truecrypt + Dropbox (1)

Pav (4298) | 1 year,20 days | (#45317151)

Is it recommended for this use case? If not I'd be leary of using it without expert advice... it's very easy to break a secure system by applying it to problem domains for which it wasn't designed. Could an attacker infer things by watching changes over time?

Encrypted Google Drive (0)

Anonymous Coward | 1 year,20 days | (#45316681)

syncdocs.com - encrypts Google Drive stuff before uploading. Simple to use and secure, and Google gives away 15GB of free space anyway.

OwnDrive (0)

Anonymous Coward | 1 year,20 days | (#45316719)

use https://owndrive.com since i'm concerned about privacy and security. They are relatively new cloud storage provider, but they use strong AES server side encryption. Their web interface is the most user friendly one i've seen. And it's based on open API so i'd recommend OwnDrive.

--
Stian Sand

None of them! (0)

coder111 (912060) | 1 year,20 days | (#45316765)

Unless you do your crypto on your own machine, and your machine is not compromised, any such service is insecure. As soon as your cloud storage provide has your crypto keys, you need to assume your encryption compromised. There are several ways to implement it:

1. Use GPG and ecrypt each file before storing it on-line.
2. Pay for a normal Linux hosting server with ample storage. Export the raw block device using NBD (network block device). Encrypt it on your device using dm-crypt or luks and mount it. This encrypts the entire disk.
3. Use some kind of cloud storage, but do encryption in javascript on the browser, in your machine, without sending encryption keys anywhere. Look at http://openpgpjs.org/ [openpgpjs.org] I don't know any cloud services that would allow doing that.

--Coder

Why? (1)

Porchroof (726270) | 1 year,20 days | (#45316769)

Why in the world would anyone want to store his valuable files on someone else's computer? Makes no sense.

Artists cloud backup.? (0)

Anonymous Coward | 1 year,20 days | (#45316831)

Artist do it all the time using this [thepiratebay.sx] service to backup all their important files.

Stay with the good provider and encrypt locally (0)

Anonymous Coward | 1 year,20 days | (#45316781)

If you have a provider that you're happy with, the continue using it and just encrypt the data locally.

Seafile (4, Informative)

Juba (790756) | 1 year,20 days | (#45316791)

I've found Seafile [seafile.com] to be quite good and reliable. It's a multiplatform, free software, self-hosted Dropbox alternative that provides file syncing, sharing, a web interface, and tools for team work. Libraries can be encrypted server-side.
I use it for several months now and it is both fast and reliable (much more than the owncloud versions I tested previously). It handles my whole pictures collection (about 90GB) very easily. You can install your own Seafile server (there's even a raspberry pi version), or buy storage space from them. Clients are multiplatform (Windows, Mac, Linux, Android, iPhone/iPad).

Tresorit (1)

Anonymous Coward | 1 year,20 days | (#45316879)

Tresorit is cross platform and work a pretty well. Don't know about pricing though. Maybe look into it?

Zero Knowledge backup (0)

Anonymous Coward | 1 year,20 days | (#45316977)

Had the exact same problem with our accounting dept. who refused to back up locally. Tried 3-4 different companies and finally settled on Altus from Cybrix Group. funny enough it IS built on Backblaze Storage pods and uses Duplicati (open source) for backups but you can bring whatever flavor of client you want as long as it backs up over SSH.

We need the security community... (1)

Pav (4298) | 1 year,20 days | (#45316979)

...to think about this HARD and give us some solutions. An insecure solution seems to work just as well as a secure one, and I'm a geek generalist... and I know what I don't know. Hopefully the big guns have already been thinking about exactly this problem for a while. We know there's no such thing as perfect security... but it would be nice to have something good, and some best-practice guides so we know how to avoid compromising ourselves too obviously.

don't trust any (closed-source) company (0)

Anonymous Coward | 1 year,20 days | (#45317085)

Mostly you're down to creating a secure cloud on your own (disclaimer: I'm involved with the archistar [github.org] project). This might be renting a couple of cheap ec2 instances or distributing some raspberry pi's at different locations.

Good thing is, that it's actually not that complex. There's for example secret-sharing [wikipedia.org] : you distribute data to ie. 4 servers, and define that you'll need at least data from 3 servers to recover the original data. This allows you to live with one storage server gone rouge. Sounds complicated but the math behind it is real simple. I hope that I'll be allowed to pulish a simple Java library next week (management needs some convincing towards GPL).

Synchronizing access and operations between servers is tough. This is BFT (byzantine fault tolerance) [wikipedia.org] country -- I am working on a BFT implementation that focuses on simlicity but this will take a couple of months. The archistar github project should include a 'real' (tm) working prototype sometime in the next half year, but I really focus on keeping most of the knowledge within small libraries to people can actually create their own secure cloud software.

cheers, A.
(also: end of shameless plug)

SpiderOak (0)

Anonymous Coward | 1 year,20 days | (#45317095)

Does exactly what OP is looking for.

Honest answer (0)

Anonymous Coward | 1 year,20 days | (#45317153)

NONE, you stupid fuck.

Google Drive + encfs (0)

Anonymous Coward | 1 year,20 days | (#45317163)

Or really, anything that supports sync + encfs. I've got XX GB and XXXX files, and since its mostly backup or changes to small files, the sync program doesn't have to be very smart.

tarnsap (0)

Anonymous Coward | 1 year,20 days | (#45317203)

Tarsnap is run by the former Security Officer of FreeBSD: http://www.tarsnap.com/design.html

There's also Crashplan, which says it encrypts everything before it leaves your machine. Tarsnap provides source code so you can verify their claim though. It should be noted that with Crashplan you don't have to use their servers: you can do peer-to-peer back up with another one of your machines (or even a friend's).

SpiderOak (1)

grub (11606) | 1 year,20 days | (#45317233)

SpiderOak [spideroak.com] is quite decent. It's not the fastest at syncing, but their compression and deduplication works very well.

They claim zero-knowledge, have clients for Mac OSX, Linux, Windows, iOS and Android. You get 2 GB for free, give it a shot!

Re:SpiderOak (2)

grub (11606) | 1 year,20 days | (#45317239)

Sorry, forgot to add: I also checked similar services some time ago and after much playing around decided on SpiderOak. I pay for 200 GB with them and am quite happy.

Just say no to cloud encryption (1)

TheloniousToady (3343045) | 1 year,20 days | (#45317237)

I don't use encrypted cloud storage. Instead, for secure backup, I use USB hard drives that I leave disconnected from the computer except during backup operations. This method places a priority on security (no hacker or virus can get to a drive that's disconnected), but it leaves me open to physical theft or destruction. I don't worry much about the former, but for the latter, I keep a copy at a relative's house.

Of course, this method doesn't solve the sync problem. I don't personally have a much need to sync data across devices (except for program code, which is easily synced across computers via Git), but for those of you who do, I recommend you use it only for data that doesn't really need to be secure, such as personal photos. Then, you can use any cloud service that syncs well, without regard to encryption.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?