MEGA users: perhaps you find this of interest

I was too fast. This statement is wrong at least for MEGA because MEGA provides End-to-End encryption. The files are encrypted on the device before they are send. And nobody except you knows the encryption key.

1 Like

theres a few for encryption or creating encrypted zip files. I dont remember the names of them at the moment as i dont use cloud storage on my phone.

edit: here is one for all files, its OS but only on GP so you would have to use aurora store or build it yourself https://github.com/sovworks/edslite

edit 2: here is another https://github.com/cryptomator/cryptomator specifically for cloud storage

1 Like

Thanks, I’ll look into it later on. It is not a top priority at the moment though since

either but I got a bit curious how that would work to have your own encryption on your phone before uploading to a cloud storage provider, MEGA or others.

Ah, I see your edit:

Thanks a lot! I do have Aurora Store for the only one app I use that I don’t find on F-Droid and that is for controlling my router.

I’ll have a look!

Oh, another one! Thanks again! I recall now that you mention this that I had come across this one before. Good to know that there are options. I’ll certainly have a look!

cryptomator looks more interesting, the android version seems to be paid (you can get it through their site) but its for ios, macos, android, windows, and linux and looks to use similar methods to veracrypt afa i can tell

edit: nevermind, i was going based on a reddit post on it, it doesnt work the same as vera crypt.

1 Like

I does look interesting!
I like the fact that it supports so many platforms.
I just had a brief look at their website and yes, the android version is a paid app (€9.99).

Thanks again for sharing the info. I might very well give it a try later on.

:wink: :wink: :wink:

:star_struck: :star_struck: :star_struck:

Only MEGA, Sync and ProtonDrive are using E2EE (End to End encryption) by default, like “Zero-knowledge” that means Cloud providers do not know what is your data.
But other Cloud providers e.g. Dropbox, GoogleDrive, pCloud … do not use E2EE by default.

MEGA supports Linux,…
Sync does not support Linux, but Windows and MacOS
ProtonDrive is future and will support Linux, we hope. It is in Switzerland that I trust it more than other countries

It needs to be said that Switzerland isn’t some privacy magic bullet.

They can, do, and will force Proton to surrender any data they can assuming the agency or foreign power provides sufficient reason. They simply have a higher bar to meet for that in most cases. This is something Proton was forced to do fairly recently.

They’re still one of the better providers, but if privacy + security are important you’ll still need additional steps.

3 Likes

If ProtonDrive supported RClone, I would have switched from MEGA, even though the low-end paid service space is minuscule compared to MEGA.

many others thought so too and were deceived.

3 Likes

Err…just to clarify a few things.

  • End to end encryption(e2e) just means that your data is always encrypted. It says absolutely nothing about the encryption being good or the provider not having access to your data.
  • Zero knowledge means that the provider has no ability to decrypt your data. However, you are basically trusting their claim.

That being said, when you use vendor provided encryption, you are trusting the vendor. None of the things above actually protect you from a vendor who is malicious(or who has been court ordered to siphon data).

An interesting test for your zero knowledge provider. Can you view your data via their website? If so, how is that done in a truly zero-knowledge way? Even if they are using an encryption key derived from your password, how are they getting it you via a web session without having access to it along the way?

When you truly control the encryption, the cloud provider can’t access it at all. In this case, their security isn’t nearly as important.

Like everything with security, you need to decide for yourself what you are trying to protect against.

7 Likes

Yeah that’s insane.

Especially if they using encryption key derived from password (or any personal data for that matter).

There were a famous point in h4xXx0rZ history, you wouldn’t believe how many Bitcoins were stolen back in a day, for those unlucky idiots who have used and trusted so called “brainwallet” tech, which was designed to derive personal wallet key through password… :man_facepalming:

That works especially great for those who use “123456” and “password” or any dictionary word.

This guy have opened a huge can of worms back in a day with his presentation :sweat_smile:

So yeah…Any tech that uses password to generate anything - is vulnerable by definition in my view, since it’s obvious weakest point that will always be an open door for those who have some brain and will power.

Please don’t trust any cloud websites with any sensitive data, that’s just unrealistic expectations.

2 Likes

I agree with your logic. Do you trust any cloud provider?

Mega is my fallback to the main cloud backup, and it’s not national secrets I have on them, I’m not too worried.

Where do you keep those? :wink:

In case of MEGA the source of all client software is open source. It has been reviewed by security experts. And nobody so far has found evidence that “zero knowledge” is a hoax.

Please have a look at https://mega.nz/sourcecode to see how MEGA is doing it. Specifically the source code of the web client can be found here: https://github.com/meganz/webclient

1 Like

I forgot to write that Mega clients are already open source.

  1. Cloud provider uses E2EE by default
  2. It releases Open Source to let people to review and report or fix issues.
  3. Just use a native sync client app as open source on Linux, do not use Website.

I think all 3 points are trustworthy enough when your data is not worth much, no need to exaggerate even better security (you control your own encryption that is independence of Cloud provider ).

Do not trust Cloud providers if they don’t offer all 3 points.

That is how I treat my data with all remote storage.