How to secure cloud storage from providers, hackers, and surveillance

We all know the critique that has followed cloud storage around since it was first conceived: is our stuff safe when it’s stored on the web? The truth of the matter is fairly mixed. Generally speaking, your cloud-based files are not just up for grabs. On the other hand, all prominent cloud storage providers have been hacked or have turned over user data to authorities.In an era where many people have multiple devices from which they want to access their personal files and internet speed is fast enough for easy file transfers, it makes perfect sense to store some or all of your files in the cloud.

There are a few different ways you might be vulnerable when you do this:

  • The cloud storage provider hasn’t secured your data and snoopers/hackers intercept your information.
  • The cloud storage provider inspects your files and decides whether or not they are appropriate.
  • Government surveillance agencies command the cloud storage provider to turn over all of your data.

Luckily, you can take precautions for these issues.

At this point, all the well-known cloud storage providers–Dropbox, Box, OneDrive, Google Drive–are fairly hardened to leaking your data to the average hacker. As we have so often stressed, check and make sure that you are connected securely with an HTTPS connection when you uploading or downloading files, and you can be fairly assured that your data transfer is secure.

Of course, there is always a chance of something going wrong when you send unencrypted data over the internet. For those that are most worried about security, you’ll want to look into ways that you can have the data be encrypted before you send it to the cloud storage provider. This way, even if they lose your data, it is useless without your password.

Which providers reserve the right to look at your files? Well, nobody likes to say these things outright, but it seems that Microsoft OneDrive (formerly SkyDrive) has looked at its users’ files multiple times, penalizing them for potentially inappropriate or illegal content. Their Code of Conduct has not changed since these incidents were reported.

Google has attracted attention for its broad claim to use the content you store with them on personal accounts, saying as much in its terms of service:

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.

Of course, they don’t own your data. Likewise, they clarify in their Drive privacy help section that they will not make private documents public, won’t use your private documents for promotional campaigns, and they will get rid of your data if you ask them to. It’s not all bad. They will eagerly give you up to authorities if they suspect you of copyright infringement, though.

Dropbox has the most user-friendly policies, but they aren’t bulletproof either. They have avoided NSA backdoors and any big controversies, which means they only sacrifice your data when there is a warrant out for it. This isn’t great, since we know warrants are not hard for surveillance agencies to get, but at least they are doing this much. They also have worked to try to give foreign-based users the same protections as everyone else.

Still – if your cloud storage provider can see your data, then they can give it away. Let’s look at how to secure cloud storage beyond what these mainstream providers can do alone.

Add encryption to your existing cloud storage accounts

boxcryptor

Boxcryptor is a solution that allows you to encrypt some or all of your files before they are uploaded into your normal cloud storage provider. You download Boxcryptor on your computer and/or mobile devices, it encrypts your files before you upload them, and you use your password to decrypt the files whenever you want to access them.

Your files will never travel on the world wide web in a form where they could be used by a hacker. Even if someone broke into the secure connection between you and Dropbox, for instance, your files would be uncrackable if they were encrypted by Boxcryptor. They will be encrypted while they are on your computer too, making them unusable for viruses or home intruders.

Boxcryptor will not have your security information; they cannot access your files because they do not have your password or an equivalent way to decrypt your files. They could be hacked or required by the government to turn over user data, but that data would be useless to whoever needs it without the password that only you will know.

Boxcryptor is available on Windows, Mac, Android, and iOS. There is a Chrome extension in beta as well. They claim that they are actively developing apps for Windows Phone, Windows RT, and Blackberry as well.

The free version gives you AES 256-bit encryption, which is the most secure type of encryption available. It also gives you access to the mobile apps and the ability to share encrypted files with other Boxcryptor users. Free users are limited to using a single cloud account and can only connect to two devices at a time. For $48/year, you can connect to unlimited cloud accounts on unlimited devices with priority support.

Boxcryptor works well with Dropbox, Google Drive, OneDrive, Box, SugarSync, and any providers that use the WebDAV standard.

ViivoViivo is a bit newer to the game, but offers services similar to Boxcryptor. For some users, you may get more out of Viivo for free than you do with Boxcryptor.

As one would hope, your files are encrypted on your device rather than in the cloud, meaning your encrypted files are absolutely safe as you upload them to your familiar cloud storage providers. They use AES 256-bit encryption, the gold standard, to encrypt files. They then encrypt your folders separately with another encryption standard before also separately encrypting your password.

Viivo cannot access your security keys, files, or passwords. Without your password, nobody, not even you, can get into your files. Like we said with Boxcryptor, they may have to turn over your files to authorities, but they will be useless to them due to the encryption.

At the free tier, you can use Viivo to encrypt an unlimited amount of supported cloud storage providers. They have mobile apps, but the free plan only allows you to decrypt files; you can’t upload new encrypted files from mobile. For those that will be doing most of their file uploads on their computers, Viivo probably offers more value at the free level.

The software is compatible on Windows and Mac. There are mobile apps on iOS and Android, but the iOS app is the only one that supports encryption for paid users at the time of this writing. It supports Dropbox, Box, OneDrive, and Google Drive by default and offers advanced support for other providers for savvy users.

While Viivo is fairly new to the game, its parent company, PKWARE, has been in computer security since 1986 and has even been influential in creating modern-day encryption standards. I’m not too worried about the long-term support for Viivo users.

Cloud storage providers that are secure without separate encryption clients

SpideroakSpideroak is the gold standard for secure cloud storage providers. They give you the ease of use that makes people opt for Dropbox, Onedrive, and the like, but with the security assurances offered by Boxcryptor and Viivo.

With support for PC, Mac, and all mainstream Linux distributions, Spideroak can work with all of the ease of your current cloud provider. It does encryption like Boxcryptor and Viivo, but it is a standard part of the service and thus is something that happens almost invisibly. You won’t feel like you’re using a bastardized version of another service. As a matter of fact, it won’t feel any different at all. You’ll just be safer.

You can have 2GB of storage for free, with some room for expansion if you refer friends. You can also buy extra storage for monthly or yearly fees that are on par with the rest of the storage market. If you’re willing to pay for a year upfront at just over $10/month (which normally gets you 100GB if you pay monthly), [We all know the critique that has followed cloud storage around since it was first conceived: is our stuff safe when it’s stored on the web? The truth of the matter is fairly mixed. Generally speaking, your cloud-based files are not just up for grabs. On the other hand, all prominent cloud storage providers have been hacked or have turned over user data to authorities.In an era where many people have multiple devices from which they want to access their personal files and internet speed is fast enough for easy file transfers, it makes perfect sense to store some or all of your files in the cloud.

There are a few different ways you might be vulnerable when you do this:

  • The cloud storage provider hasn’t secured your data and snoopers/hackers intercept your information.
  • The cloud storage provider inspects your files and decides whether or not they are appropriate.
  • Government surveillance agencies command the cloud storage provider to turn over all of your data.

Luckily, you can take precautions for these issues.

At this point, all the well-known cloud storage providers–Dropbox, Box, OneDrive, Google Drive–are fairly hardened to leaking your data to the average hacker. As we have so often stressed, check and make sure that you are connected securely with an HTTPS connection when you uploading or downloading files, and you can be fairly assured that your data transfer is secure.

Of course, there is always a chance of something going wrong when you send unencrypted data over the internet. For those that are most worried about security, you’ll want to look into ways that you can have the data be encrypted before you send it to the cloud storage provider. This way, even if they lose your data, it is useless without your password.

Which providers reserve the right to look at your files? Well, nobody likes to say these things outright, but it seems that Microsoft OneDrive (formerly SkyDrive) has looked at its users’ files multiple times, penalizing them for potentially inappropriate or illegal content. Their Code of Conduct has not changed since these incidents were reported.

Google has attracted attention for its broad claim to use the content you store with them on personal accounts, saying as much in its terms of service:

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.

Of course, they don’t own your data. Likewise, they clarify in their Drive privacy help section that they will not make private documents public, won’t use your private documents for promotional campaigns, and they will get rid of your data if you ask them to. It’s not all bad. They will eagerly give you up to authorities if they suspect you of copyright infringement, though.

Dropbox has the most user-friendly policies, but they aren’t bulletproof either. They have avoided NSA backdoors and any big controversies, which means they only sacrifice your data when there is a warrant out for it. This isn’t great, since we know warrants are not hard for surveillance agencies to get, but at least they are doing this much. They also have worked to try to give foreign-based users the same protections as everyone else.

Still – if your cloud storage provider can see your data, then they can give it away. Let’s look at how to secure cloud storage beyond what these mainstream providers can do alone.

Add encryption to your existing cloud storage accounts

boxcryptor

Boxcryptor is a solution that allows you to encrypt some or all of your files before they are uploaded into your normal cloud storage provider. You download Boxcryptor on your computer and/or mobile devices, it encrypts your files before you upload them, and you use your password to decrypt the files whenever you want to access them.

Your files will never travel on the world wide web in a form where they could be used by a hacker. Even if someone broke into the secure connection between you and Dropbox, for instance, your files would be uncrackable if they were encrypted by Boxcryptor. They will be encrypted while they are on your computer too, making them unusable for viruses or home intruders.

Boxcryptor will not have your security information; they cannot access your files because they do not have your password or an equivalent way to decrypt your files. They could be hacked or required by the government to turn over user data, but that data would be useless to whoever needs it without the password that only you will know.

Boxcryptor is available on Windows, Mac, Android, and iOS. There is a Chrome extension in beta as well. They claim that they are actively developing apps for Windows Phone, Windows RT, and Blackberry as well.

The free version gives you AES 256-bit encryption, which is the most secure type of encryption available. It also gives you access to the mobile apps and the ability to share encrypted files with other Boxcryptor users. Free users are limited to using a single cloud account and can only connect to two devices at a time. For $48/year, you can connect to unlimited cloud accounts on unlimited devices with priority support.

Boxcryptor works well with Dropbox, Google Drive, OneDrive, Box, SugarSync, and any providers that use the WebDAV standard.

ViivoViivo is a bit newer to the game, but offers services similar to Boxcryptor. For some users, you may get more out of Viivo for free than you do with Boxcryptor.

As one would hope, your files are encrypted on your device rather than in the cloud, meaning your encrypted files are absolutely safe as you upload them to your familiar cloud storage providers. They use AES 256-bit encryption, the gold standard, to encrypt files. They then encrypt your folders separately with another encryption standard before also separately encrypting your password.

Viivo cannot access your security keys, files, or passwords. Without your password, nobody, not even you, can get into your files. Like we said with Boxcryptor, they may have to turn over your files to authorities, but they will be useless to them due to the encryption.

At the free tier, you can use Viivo to encrypt an unlimited amount of supported cloud storage providers. They have mobile apps, but the free plan only allows you to decrypt files; you can’t upload new encrypted files from mobile. For those that will be doing most of their file uploads on their computers, Viivo probably offers more value at the free level.

The software is compatible on Windows and Mac. There are mobile apps on iOS and Android, but the iOS app is the only one that supports encryption for paid users at the time of this writing. It supports Dropbox, Box, OneDrive, and Google Drive by default and offers advanced support for other providers for savvy users.

While Viivo is fairly new to the game, its parent company, PKWARE, has been in computer security since 1986 and has even been influential in creating modern-day encryption standards. I’m not too worried about the long-term support for Viivo users.

Cloud storage providers that are secure without separate encryption clients

SpideroakSpideroak is the gold standard for secure cloud storage providers. They give you the ease of use that makes people opt for Dropbox, Onedrive, and the like, but with the security assurances offered by Boxcryptor and Viivo.

With support for PC, Mac, and all mainstream Linux distributions, Spideroak can work with all of the ease of your current cloud provider. It does encryption like Boxcryptor and Viivo, but it is a standard part of the service and thus is something that happens almost invisibly. You won’t feel like you’re using a bastardized version of another service. As a matter of fact, it won’t feel any different at all. You’ll just be safer.

You can have 2GB of storage for free, with some room for expansion if you refer friends. You can also buy extra storage for monthly or yearly fees that are on par with the rest of the storage market. If you’re willing to pay for a year upfront at just over $10/month (which normally gets you 100GB if you pay monthly),]26 They will honor this price forever if you buy now, too. Anyone with a valid .edu email address can get a 50% discount on any non-unlimited plans, as well.

Spideroak is extremely proud of their “Zero-Knowledge” privacy policy, which is what we’ve been shooting for which each cloud client. When your files are all encrypted on your device before upload, this means Spideroak can’t access the contents of your files. If Spideroak were hacked or subpoenaed by authorities, your data would remain just as impenetrable.

One feature that is standard on Spideroak that requires extra cost on the other services in this article is file name encryption. This means that outside observers, including Spideroak, never even know the names of your files. Even if someone wants to snoop, they won’t know which files to look at! Your video called “That Special Night in Cabo” will be just a random string of characters to hackers or a hypothetical rogue employee at Spideroak. This is an extra level of protection that goes beyond the already great AES 256-bit encryption of the file itself.

Its main shortcoming at the moment is its mobile apps. You can decrypt and access your stored files, but they lack upload ability. You’ll have to go to their website from mobile to upload.

For the general consumer, especially somebody just starting out with cloud storage, we absolutely recommend Spideroak over everything else. It offers virtually everything that the less secure competition does, but with an unassailable security process. This includes things like versioning for your backup, so your Word document that you were working on when the power goes out isn’t completely lost.

Sign up at Spideroak’s website. Note: If you follow the links here, both you and I get an extra free GB of storage because I referred you!

Wuala

 

Wuala enjoys a little less name recognition than Spideroak, but offers a similar method for protecting your privacy with even more free storage. Pairing up with well-known tech company Lacie in 2009 certainly lends Wuala some more credibility than the obscure name might suggest.

For many, Wuala may be a more appealing option than Spideroak. You get 5GB of free storage instead of 2GB with the same type of device-based encryption that makes it impossible for Wuala to share your data, even if you wanted to. They offer compatibility with PC, Mac, Linux, Android, and iOS. In this case, their mobile offerings are even better and fully featured than Spideroak.

In our experience, we had a few reservations that caused us to endorse Spideroak over Wuala. While both are technically “closed-source” operations, Spideroak releases a great deal of its code for open inspection and to help other developers and competitors make their services more secure. With Wuala, there is practically nothing open to criticize and thus users must place more trust in Wuala to 1. do what they say they are doing, such as encrypting your files on your computer and not in the cloud and 2. that they don’t have unpatched security vulnerabilities.

My subjective opinion also was that their desktop app was less user-friendly than virtually all other options, which means it might be a bigger pain to use for people and could lead to less secure habits. It was also designed with Java, which is itself renowned for its security vulnerabilities.

However, we still think it’s pretty great, and you should decide for yourself whether you prefer Wuala or Spideroak. You can download Wuala at their website.

Have you used any of these services? Did we leave a great option out? Do you need more explanation of something? Let us know in the comments!

Featured image by Perspecsys.

 

 

COMMENTS

Note: Comments are provided by Disqus, which is not affiliated with Getting Things Tech.
Search
Support This Site
Bitcoin Donations:

Litecoin Donations: