Encrypted Cloud Storage?


#1

One thing I tend to cycle through is cloud storage. If you ask me what I’m using today, my answer may be different from last month. Always trying to get the simplest experience that integrates with my style, and be at least reasonably competitive on price, even if just in line with Dropbox.

One thing I’ve thought more about lately is encrypted cloud storage. Perhaps then I might use it for a few more things. I’m wondering if any of you all have experience with any providers that do encryption. Ideally client side and with a mobile app, tall order as that may be.


#2

I remember I met Arq Backup client because of a comment from you. Wasn’t good?


#3

I’ve always used GSuite Business. Install rclone on whatever machine you want to back up. Then set up the GSuite endpoint and crypt to encrypt whatever you upload. Downside is that (AFAIK) you can’t access the data without rclone crypt setup, but not too bad if you have it good to go on all your machines. Also, no way to access the unencrypted data on mobile. Plus side is that it’s dirt cheap and pretty flexible (mount, sync, etc.)


#4

Not bad for a backup, but looking for something more along the lines of Dropbox/Nextcloud.


#5

Personally, if it’s something I don’t want anyone else to take a peak at, I keep them offline. I don’t ever transfer it across the web.


#6

Not a bad idea for some safe keeping at least.


#7

Dropxbox with file encrypted? I think that would be easy to use. Maybe.


#8

I use rclone to minio running on a VM. Not exactly what you’re after, but super effective from cron.


#9

If you’re willing to roll your own (the lazy way): get a copy of Resilio Sync (BT Sync) when it’s 50% off (one-time fee, I think I paid like $20) - desktop apps are decent and the iOS app works fine for me - and set up some shares. Get one of those fancy VPS things you may know about, perhaps one with some block storage, and install it on there as well.

Give a normal Read/Write or Read-Only key to your local machine/devices, but only give the offsite box the encrypted share key. So your local devices will store the data as normal and can interact with it, the remote machine only gets encrypted data.

You can play with it without buying the license, but last I remember you needed the paid license to do the encrypted folders.


#10

You can setup Seafile on a server/vps; it does encryption, and there’s a mobile app IIRC. You can even use the PRO edition up to 3 users for free.
The syncing is (way) faster than Nextcloud, and it integrates with Windows dropbox style.

But personnaly I’m now rocking Syncthing + filerun, it better suits my needs - but no encryption though.


#11

There was this big outbreak about SpiderOak ditching their canary and no longer being secure. Looks like this is all solved, though?


#12

So a bit of what I arrived at:

ES File Explorer for Android can encrypt files, meaning I can dump things from my phone that maybe I would prefer not be public. We’re not talking credit card data, just “I’m willing to sacrifice some security for convenience but still need to be mindful of it’s value” kind of data. Basically it’s more about me, less about other people.

With that, I could settle on the backend not being encrypted. I could go with OwnCloud and call it a day, but where’s the fun in that.

  1. Dedicated server running Caddy with PHP-FPM, serving Filerun (thanks @sshd). Filerun behind http auth for good measure.

  2. Constant sync with distributed minio cluster (2x hetzner cloud, 1x hetzner dedi). The minio cluster is ready to go, just need to finalize the job by mounting a bucket to the location Filerun is serving from, have been focused on other things.


#13

Check out https://cryptomator.org/


#14

Storj.io seemed an interesting concept ever since I’ve first heard of it, have you looked into it yet?