How to Do Cloud File Encryption?
I don’t know about you, but cloud storage services like Google Drive and DropBox have completely changed the way I work. While I still own a few flash drives, they are simply gathering dust in a drawer somewhere. I love being able to access important files, such as copies of travel documents.
I know I’m not the only one to become so dependent on the cloud. Through devices like my smartphone, I have become accustomed to having my info available at all times. There’s one problem though - privacy and control.
When your data is in the cloud, you have to put a lot of trust in the providers of the service. They have your data, have to keep it safe and stay out of it. Do you feel 100% comfortable with that?
Your Data is Already Encrypted
You’ll read those cloud providers are some of the best at keeping information safe and hackers out. This is actually true. The chances that a hacker is going to breach the likes of Google are slim. Your cloud drive information is in fact heavily-encrypted.
That’s not the problem. It’s all about who has the keys to that encryption. I think you’ve probably figured out that it’s not you. The cloud provider is perfectly capable of seeing exactly what’s in your files.
On the one hand, this can make things much more convenient. It allows for file indexing and organizations. It’s why you can also search for keywords inside documents you store with services like DropBox.
On the other hand, it means that if the company wanted to, they could have a good look through your stuff. Imagine if you worked for a company and put your patents into your cloud drive. If they had set certain keywords to create a flag, it’s possible to make copies of those files without you ever knowing about it.
The Quest for Zero Knowledge
Usually, ignorance is considered a bad thing, but in the context of giving your personal data to a third party for safekeeping, it can be a very important asset. This is known as zero knowledge encryption. All that means is that the online service that you use doesn’t know anything about the content of your data. In fact, they can’t know anything because the architecture of the service is set up in such a way that it’s impossible.
There are some of the best VPN services that are zero-knowledge. They don’t look at your data packets and keep no records at all. So if an authority were to force compliance from them they could legitimately say they really don’t know anything. Messaging apps like Whatsapp now employ end-to-end encryption. Which is also essentially a form of zero-knowledge encryption. Whatsapp doesn’t hold the keys. It’s set up in such a way that only you and the other person know what’s being said.
So what we want to do is use cloud services like Google Drive and DropBox, but in a way that amounts to a zero-knowledge architecture. There are a few ways to do this, so let’s get right into it.
Encrypt Before Upload
The easiest way to prevent the likes of DropBox or Google from sniffing around your files is to encrypt them on the local machine before you upload them. On a desktop, this is fairly simple. Just use a program like VeraCrypt to selectively encrypt files and then upload them.
If you are using local folder integration with DropBox or Google Drive then you can simply set that folder to be encrypted. So anything you copy into it will be encrypted before syncing.
With the popular tool VeraCrypt, you can create something known as a container. This is an encrypted volume that does not affect the rest of your drive. Many DropBox users have reported good success using this method. Although the initial upload of the container is quite large, DropBox will only sync changes made to the volume in future. This is in contrast to services like OneDrive where the entire file is reuploaded every time a change is made. It’s not the most elegant solution, but a relatively small container can be used as a sort of safety deposit box for the most important and confidential information.
Alternatively, you can simply use the encryption function of something like 7-Zip and then upload those Zip files for later use.
Using Specialized Apps and Services
You might be thinking that all of this manual encryption seems like a lot of work. That's why you'd generally want to limit it to just handful of truly crucial files. To do anything more would be impractical.
Luckily there is always some business ready to fill even the smallest niche. The most common example would be BoxCryptor, which provides end-to-end encryption for a number of popular cloud services. These include DropBox, Google Drive, One Drive, and Box. It's completely automated and invisible to you. If you can afford it and have to use one of these popular services, then BoxCryptor or something like it is the best option.
Switch to a Proper Zero Knowledge Service
One of the simplest and most logical things to do is switch from mainstream apps and sign up for a native zero-knowledge cloud storage service. This way you don’t have to worry about slipping up or configuring a bunch of things on several devices to make it all work.
The downside is that many of these services have to charge a fee, which tends to be higher thanks to their smaller install bases. Not enough people value zero-knowledge cloud storage to really drive competition. At least not yet.
MEGA is one of the best examples of an end-to-end cloud storage solution, but there are a number of choices.
Decentralized Apps
A new way of using cryptography to secure cloud data has recently emerged. It’s known as a decentralized application and uses the power of blockchain to keep your files hidden from anyone but you.
These apps are referred to as “decentralized” because there is no data center. Instead, all the information is stored in a shared peer-to-peer system Not unlike BitTorrent.
You probably already use decentralized apps and just don’t know it. BitMessage, Tor and Popcorn Time are examples of decentralized apps. However, as a replacement for cloud storage more is needed. So now we have DApps that work a lot like Google Docs or Office 365 Live. You can create and upload documents, edit them, collaborate and have all of the other advantages that mainstream services provide. The difference is that no one but you can ever access the information.
Graphite Docs is a decentralized app that allows you to use decentralized cloud storage along with a Google Docs clone. If you only want to store files, then you can look at services like Sia and Filecoin
Conclusion
It's easy to simply accept that big companies like Google or Microsoft are on your side. However, even if that's true today, who knows what will change in the future. What's to stop new owners or new management to look at all that juicy information and then decide to make use of it? You can't un-leak information. So it's best to preempt the possibility by securing your files today. You don't have to give up on the convenience of the cloud, just use it with more care.