Cloud-storage for a paranoid person

Discussion in 'privacy technology' started by ako, Feb 8, 2015.

  1. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    My friend asked me:

    "Are there any cloud services that you can trust to store company secrets. Only services outside USA are accepted."
     
  2. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Personally my opinion is that if you have company secrets then you have 3 options.

    1.) Dont use a cloud (safest)
    2.) Use a self hosted cloud, personally I use Owncloud
    3.) Use an encryption tool that works with your cloud, that way the cloud provider is only storing pseudo random numbers. Examples include boxcryptor.

    Any option that involves you trusting the cloud provider is asking for trouble.
     
  3. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Thanks!
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    I would be tempted to shift your friend's attitude away from any level of trust in non-US services either. Most countries seem to be at the illegal mass surveillance, and do so beyond the 5-eyes.

    The critical point being that you use strong encryption, and are fanatically careful with keys and key management. This is a significant amount of work wherever it is hosted. Internal networks are not necessarily that much better than cloud providers due to inside-jobs. And you have to be very careful similarly to manage certificates properly as the data flows inside the internal network.
     
  5. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Thanks.
     
  6. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    Honestly, I would work out some type of system to have micro SD on my person before I would use ANY cloud server. Encryption is necessary whatever choice he makes. If one has data that is mission or life critical, putting it on the net only opens up a security hole.
     
    Last edited: Feb 16, 2015
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    I don't have any issues with cloud storage IF the encryption occurs locally and ALL decryption key management is controlled by ME. The problem with micro SD, USB pocket flash devices, etc... is that the storage sizes are too small for many needs. Now, if I can upload any files I want to the cloud with an encryption scheme I don't have to worry about I do. Just as with locally held externals, you can manipulate your data so there is a "decoy" that can be presented under duress. You never open the data from the cloud but pull it down and "unlock" it locally.
    Using this scheme I have no worries at all with clouds and use them quite often. I can access them from anywhere in the world with the proper credentials.
     
  8. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    Personally, I prefer to combine zero knowledge cloud with local encryption. This way even if one of them have serious vulnerability, still my data are protected.
     
  9. GreenStreetHooligan

    GreenStreetHooligan Registered Member

    Joined:
    Feb 18, 2015
    Posts:
    12
  10. ako

    ako Registered Member

    Joined:
    Nov 16, 2006
    Posts:
    627
    Thanks all!
     
  11. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Use Viivo, then you can use/trust any cloud service you want. I wouldn't mess with these small outfits like Spideroak, they could disappear overnight.. Stick with the big boys, secure yourself with Viivo.
     
  12. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Found these:

    http://www.privacytools.io/#cloud

    disk42.com is flagged as malware by Bitdefender's Traffic Light, but I guess is a false positive.

    Personally, I have moved away from Google Drive and I am now using Mega. Their Sync clients works great and it's multiplatform (Linux as well, which is something I needed). I know it might not be the most secure cloud in the world but I still believe is far better than the usual ones. And with 50GB for free I can also store photos and less confidential documents. All in the same place.
    Because I am a bit paranoid about having redundant backups, all my personal documents (around 2GB) get uploaded as a blowfish 448 encrypted .arc archive file (made by Peazip) to hubic.com (based in France, 25GB free, 100GB for 1€/month)
     
    Last edited: Apr 2, 2015
  13. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Have you considered the benefits of physical off-site backup? Of course, there are circumstances when they will not be available, but that is also true of individual cloud services, and also, if you want to be really paranoid, the internet itself. Given the level of intrusion into the core, it's quite feasible for our democracies to cut off access to any service they fancy without judicial review, all in the name of the usual excuses.
     
  14. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Well, this is my current set up for my personal documents which in my opinion deserve some secure backing up.
    I work paperless. All documents, invoices, letters, bills, etc. get scanned and saved. I create lots of PDF.

    1. Original files in my work PC, where usually they get created, modified, deleted, etc.
    2. Those files are located in a so called "Mega" folder which is synced with the cloud.
    3. Back up on an external HDD, which is usually disconnected from the work PC and switched off, being used for backup only. Photos on this external HDD are backed up normally. Documents in an encrypted (Veracrypt) container, just in case some burglar steps in and take the HDD away.
    4. Third back up in my personal PC, done through Mega Sync (this still has to be done)
    5. Fourth back up (docs only, no photos nor music) in hubic.com, encrypted archive.
    6. Fifth back up off-site. 64GB memory stick which is placed in a safety box in the bank. Needless to say that this last backup is not really up to date, basically I update this only twice a year. However this covers me from a worst case scenario, limiting the loss of all the data.

    Am I paranoid enough? :D:D:D
     
  15. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Nearly(!);) - now you have to diversify media types (e.g. to include optical), different filesystems, and then save in multiple document types including archive pdf, font-embedded.

    And then you have to wonder, is it worth keeping all this stuff?! There's a lot to be said for travelling light and looking forward (not that I've managed that...)
     
  16. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    That looks good list. Well, not very detailed nor covered widely, and I even have doubt about some tools listed there for technical reason they didn't take into account, but easy to view/navigate and quite concise. Thanks.
    I have similar redundant backups, but most of them are locally encrypted even when cloud service have its own 0 knowledge encryption.
     
  17. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Disk42 is shutting down.

    I think after Snowden many companies jumped on the boat of privacy/encryption etc (think also Lavaboom) and then just did not get a sustainable way to make it.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,025
    Just do Reed-Solomon, and then put each shard on a different cloud service.
    https://github.com/Backblaze/JavaReedSolomon
     
  19. Overdone

    Overdone Registered Member

    Joined:
    Sep 7, 2014
    Posts:
    87
    Never heard of hubic before. Their pricing seems quite nice. I wonder how are they able to offer 25GB for free and 100GB for 1eur/month?

    Also, do they offer a linux client? Does it support file-versioning?
     
  20. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    I use Jungle disk which is a subsidiary of Rackspace. Their TOS states they guarantee the security and safety of your data, providing you use there software and encryption. That way the data is encrypted before leaving your machine. When you set it up they warn you that you should set a good key, and if you lose it your data is gone. If you are really paranoid, you can even password protect the gui on your machine, so no one else can activate it. I've talked with them and they have 3 layers of network protection as well as very strong physical security.
     
  21. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    They are French based. Actually hubic is run by OVH which is a very big hosting company.
    They have a linux client, but without GUI.
    From my understanding they do not offer encryption, so I would not use for confidential files.
    I use it myself but I uploaded just encrypted 7z archives.
     
  22. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    Pete, what do you think of CrashPlan?
     
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    I've used it, but I wasn't as comfortable with their security. Also there tech support was sketchy whereas Jungle disk folks were online with on and off almost for a day, as I wrapped my mind about how to set it up for my needs.
     
  24. TomAZ

    TomAZ Registered Member

    Joined:
    Feb 27, 2010
    Posts:
    1,002
    Location:
    USA
    Other than for the 'security' issue you mentioned, are Jungle Disk's features, speed and ease-of-use, etc. fairly similar to CrashPlan's?

    From what I could tell, CrashPlan offers reasonably adequate security, but I'm not sure exactly where their encryption process takes place.
     
Loading...