When uploading my files to the cloud, are they automatically encrypted before they leave my computer?
February 5, 2012 6:46 PM

When uploading my files to major cloud services (Microsoft SkyDrive, Google Docs and Google Picasaweb), are they automatically encrypted before they leave my computer?

Today I was listening to an episode of the Tech Talker (An Introduction to the Cloud), and he said:

Most online backup solutions, services, and programs will encrypt your data on your home computer before sending it to a data center. What this means is that your data is already scrambled, encrypted, and locked before it ever leaves your home computer. So even if someone were to break into a data center and steal every shred of data, all they would have really stolen is a bunch of random zeros and ones that would take millions of years to crack.

Is this true of Microsoft SkyDrive, Google Docs and Google Picasaweb?

If this is correct, does this mean that even these service providers, while hosting my files, are unable to access the contents of those files?
posted by paleyellowwithorange to Computers & Internet (7 answers total) 2 users marked this as a favorite
The stream is encrypted, but afaik, the data is not encrypted on their servers.
posted by empath at 6:52 PM on February 5, 2012


I expect very few of these services encrypt your data in storage. Google Docs and Picasaweb, for instance, both let you search the contents of the files; they're working with your data unencrypted. Some cloud backup services do encrypt the stored data; CrashPlan explicitly encrypts it on your computer before transmitting it. But that's the exception; any cloud service that's processing your data won't encrypt it.

(Please don't confuse data encrypted in storage with SSL encryption of the data while in transit.)
posted by Nelson at 7:08 PM on February 5, 2012


Essentially 'no' for all of them.

They all probably encrypt the data in transit, meaning it can't be snooped by someone in between.

They may or may not encrypt it in storage on their end. But the important thing is, is it doesn't matter since they're able to decrypt it when you need to retrieve the files. So if a hacker is able to get in and get all the encrypted data, they'd also be able to decrypt it.

The only case where your data is truly protected is where you encrypt it on your end, and then send this encrypted blob to them to store. Services like, say, tarsnap do this. But if any cloud service that you use operated like this, then you'd know it because there'd be set-up involved on your end to manage encrypting/decrypting the data and stuff.
posted by losvedir at 7:20 PM on February 5, 2012


I think some online backup services do encrypt before sending, but most file-sharing services (e.g. DropBox) do not encrypt. DropBox got in trouble recently for claiming that their storage was more secure than it is -- and they fixed it by recanting their statements, not by improving their security.

I only know of one major-ish file sharing service that does client-side encryption: Spideroak.

As Nelson says, don't confuse SSL encryption (encryption while the data is moving from place to place) with client-side encryption of data before sending or storing (which is the only way that has any hope of keeping secrets over a longer period of time).

(Full disclosure: I am the CTO of a cloud storage company that is working diligently to assure long-term data security plus reliable recovery due to lost passwords, etc.)
posted by spacewrench at 7:23 PM on February 5, 2012


Like spacewrench, the only cloud storage provider that encrypts the data before it leaves your computer and doesn't have access to the keys is Spideroak. Everyone else makes various encryption guarantees but, when you read the fine print, they hold your keys and employ them on their servers for deduplication, etc.
posted by introp at 9:26 PM on February 5, 2012


> the only cloud storage provider [..] doesn't have access to the keys is Spideroak

That's not quite true. Spideroak's software has access to your key to encrypt your data. The difference is that they (hopefully) never let this key leave your computer.
posted by devnull at 11:35 PM on February 5, 2012


Google Docs doesn't, to my knowledge, use any server-side encryption on individual files. But if you were to break into a Google data center, I don't think you'd be able to grab a computer and steal useful files off of it, simply due to the way their multitenant architecture works. I'd expect the same of SkyDrive, but don't know much about it.

There are plenty of vendors that act as intermediaries to Amazon S3 or Rackspace or whatever, and some of those do allow you to encrypt files locally using their client, then store the encrypted files. I used Jungle Disk, which does this (or did this in the past, they may have changed that). The downside is that if you lose the encryption key, you're screwed. You also have to use a client application to access these files, rather than using a web browser.
posted by me & my monkey at 7:01 AM on February 6, 2012


« Older How do I disable a pitch cancellation feature?   |   This seems hard. Is this hard? Newer »
This thread is closed to new comments.