This is the sixth entry in my “Encrypt All The Things!” series.
Let’s face it. Cloud storage SUX! Why? Because all of the most popular cloud storage services do NOT provide end to end encryption. Oh sure, you’re files travel over an https connection from your PC to their server, but your files are not encrypted with a public key from a private key that only YOU have access too. Sure, the cloud storage providers may encrypt your files (with THEIR keys) AFTER they receive your upload and before they store them on their own drives.
THEY have access to the contents of your files. They can see the file names in clear text. They have access to the entire contents. THEY own the encryption keys on their end and you sent them your files without encrypting them first. Therefore, you are NOT in control of your data. If that cloud service gets hacked or if there’s a bad employee, or they get subpoena’d, other people can (and likely WILL) gain access to your personal data. It’s simply NOT protected.
There’s only ONE option
When it comes to cloud storage, you have only one option for realistic security. That is, your files MUST be encrypted ON YOUR END before they’re sent over the wire to the cloud storage provider and that encryption on your end MUST be done with your public key and your private key MUST be a key that ONLY YOU have access to. It should exist ONLY on your own PC or phone. PERIOD. There are no if, ands, or buts about it. This is called “zero knowledge” encryption.
Please see “Understand Encryption” on a discussion of public/private keys. It’s kind of critical to your understanding of how to judge whether a cloud storage service is doing it right.
Spideroak.com has this to say about zero knowledge encryption:
“Zero Knowledge means we know nothing about the encrypted data you store on our servers. This unique design means nothing leaves your computer until after it is encrypted and is never decrypted until it is unlocked with your password on your computer. It’s not just “end to end encryption;” it’s a Zero Knowledge System.”
Spideroak.com, by the way, is a cloud drive service provider. Though, there are some critiques of the way they password protect your local key on your own PC, it is far more secure than Google Drive, Microsoft One Drive, Amazon cloud storage, DropBox, Box.Net, etc…
Another one with zero knowledge is Mega.co.nz. This cloud storage provider was created by the infomous Kim DotCom who’s wanted by the United States government for hosting a similar service for copyright pirates. So, some reasonable questions have arisen as to the true privacy of this site. And recently Kim DotCom has come out and said he’s no longer affiliated with Mega and that you shouldn’t trust it, that it’s not safe (but can you trust HIM?)
Anyway, the point is, you need to either encrypt your own files BEFORE uploading them to a cloud service or use a cloud service that does it for you (ON YOUR END!).
Alternatively, you can do it yourself by manually encrypting your Individual Files then upload the encrypted files to any cloud storage provider you want. It’s a bit of a hassle, but it will provide you actual protection. You should note that if you upload your encrypted files, but keep the file names, a LOT can be known about what you’re storing. Best to zip up the file first (storing the name in the zip file), giving the zip file an arcane name, like the date and time it was zipped, encrypt the zip file (not with the weak ass encrypting provided in the zip products, but with how I describe to encrypt Individual Files), THEN upload it.
- Save yourself some headaches and use only “zero knowledge” cloud services and thoroughly research what others have to say about their encryption.
- Hide your meta-data (file names, folder names, folder structures, etc…) if you’re going to home-brew it.
Do you have any experience with encrypted cloud storage? Please share your experience in the comments.
Thank you for sharing this article. See this image?
You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.