Securely encrypt drives before syncing them to Amazon S3 Cloud

Discussion in 'privacy technology' started by krneki, Sep 13, 2016.

  1. krneki

    krneki Registered Member

    Jan 25, 2014
    I intend to backup my whole system, secondary and external HDDs to Amazon Cloud. Currently my drives are not encrypted at all. I'm running Windows 10 (no UEFI).

    I was wondering what is the best way to securely encrypt private data before uploading it to Amazon's cloud? I would like to have on the fly encryption, so there would be no need to create a container any sync it manually with Amazon's cloud software afterwards, but rather sync and encrypt the whole drive in real-time.

    Quite some people recommend Boxcryptor, but it doesn't support Amazon's Cloud. Cryptomator seems like a good choice, but how secure is it, since it's not open source? There is also Duplicati, SyncBackPro and StableBit, do you have any experience with any? How do they compare? Any other recommendations?
  2. Palancar

    Palancar Registered Member

    Oct 26, 2011
    How large a system are you talking about in Gigs?? Also, what level of safety are you wanting? By that I mean just privacy from prying eyes OR wanting to combat a 3 letter agency. The approach is different depending upon that answer.

    Syncing as you refer to it creates data logistical nightmares when you don't control both ends of the handshake. Placing secure data on a cloud and then returning that data safely and securely is actually easy. However all aspects of that are handled locally because the cloud is unable to do anything to encrypted data. Let me explain. e.g. you can use Macrium Reflect on Win 10 and that software allows you to write out data to a location on the cloud. The data going up to the cloud is already encrypted by Macrium and can only be decrypted or of use to Macrium leaving the cloud provider in the dark (as you want it to be). Then you can setup incremental backups using Macrium so that you won't have to backup the entire system every time. Restores if needed simply reverse the process.

    In my case I would save the backup (completely) locally and send it up as an encrypted file/folder. Do a sha checksum on it and then record that sum. This allows me to monitor the returned file and before I would use it, I would examine the checksum for certainty of being unchanged.

    IMPORTANT note: files leaving a computer and headed to a cloud don't travel in a pretty little straight line like you might imagine in your mind. The internet is full of gateways and actors in elevated positions on the connection trace. This means you just cannot allow anything to pass through in plain text or your plan is dead in the water. Encrypt locally and do checksum integrity examinations, which are perfectly determinable.
  3. deBoetie

    deBoetie Registered Member

    Aug 7, 2013
  4. LockBox

    LockBox Registered Member

    Nov 20, 2004
    Here, There and Everywhere
    I obviously don't know exactly what you are wanting to do and what resources you have. The free version is limited, but the $99 a year is a steal for what you get. Zero-Knowledge protocol is used with ODrive program. More info
    I've streamed a few of their live presentations (archived on YouTube) and they are impressive.
    They bring all of your storage providers (Dropbox, Amazon Cloud Drive and S3, Yandex, and many more) under one application that encrypts everything before it ever leaves your computer. Watch some of the videos. It sounds expensive until you realize how powerful this single service is. Here is their main site
  5. dogbite

    dogbite Registered Member

    Dec 13, 2012
    Last edited: Oct 7, 2016