How can I encrypt my data in the cloud, so only I can access it?

« Other questions
0
0

I have my documents backed up to Box.com. They do claim to encrypt all user information, but they have the encryption keys, and I have no control over this.

If they have a rogue employee, he/she could in theory access all my data or if they get hacked, somebody else could.
Is there any way that I can access my data in Box and run my own encryption of my data that only I can access?

  • You must to post comments
0
0

Good question. The simple answer is that you can never be 100% sure that Box is encrypting your data. Even if you used third-party encryption software on your system you can’t be sure that your data has been encrypted properly (checking the output file doesn’t guarantee this). Short of designing your own system from the bottom-up you have to take a realistic approach.

Remember Box, Dropbox, OneDrive, Google Drive are designed with convenience in mind, not security.

You’d be better looking at an ultra-high security system (i.e. where security is the main consideration) such as Tresorit or SpiderOak. These solutions encrypt your data on your computer BEFORE uploading them to the servers. When you download the file they decrypt the file in real-time. Only you have the key – the obvious problem is that if you forget your password then all your data is lost and your only option (unless you’re logged in on a trusted computer) is to delete your account and start afresh.

Tresorit for example has a free version but for the full feature set you’re going to have to pay. Security and privacy are a trade-off – most companies make their money selling your data; when you have total privacy you have to pay them for the privilege as this is their only source of income (they’re unable to ‘monetise’ your data). They have apps for Windows, Linux, Mac, Android, iOS, Windows Phone and Blackberry. They also have a web interface although using the apps is more secure as they share a certificate in the background to make sure your connection to them isn’t subject to a MITM attack.

Have a look here:

https://tresorit.com/cloud-storage-comparison
https://tresorit.com/security
https://tresorit.com/security/end-to-end-encryption
https://tresorit.com/files/tresoritwhitepaper.pdf
https://tresorit.com/files/encrypted-link-whitepaper.pdf

Alternatively, supporting fewer platforms is SpiderOak:

https://spideroak.com/

  • You must to post comments
0
0

Here’s the link to their free version.

https://tresorit.com/pricing/basic

If you’re a very technical user here’s another service:

https://www.tahoe-lafs.org/

  • You must to post comments
0
0

I’ve had good experiences with BoxCryptor.

https://www.boxcryptor.com

  • You must to post comments
0
0

SpiderOak is the one I’d recommend. One of its more high profile endorsers/users is a certain Mr Edward Snowden.

  • You must to post comments
0
0

I highly recommend https://www.sync.com/ and it supports 2FA for a bit of extra confidence.

  • You must to post comments
0
0

Tarsnap (https://www.tarsnap.com/), “Online backups for the truly paranoid”, is an excellent solution. The base install is a command line interface which gives you very fine control. There are some GUI frontends on Github too.

  • You must to post comments
0
0

Hi

I have been looking at the MEGA solution that claims to offer end to end encryption with apps for all major platforms. https://mega.nz/. Depends on your feelings of Kim.com

  • You must to post comments
Showing 7 results
Your Answer

Please first to submit.