Join 3,377 readers in helping fund MetaFilter (Hide)


How should I encrypt files before uploading to the cloud?
January 20, 2014 2:46 PM   Subscribe

I want to back up some of my media files to various cloud storage sites (box, Dropbox, Google drive and skydrive.) I don't want them to easily see the file names or types.

I will be the only person accessing these files in the future. I use Windows and usually get a new machine every 2-3 years. What is the best way to make the data unreadable to the storage place but readable to me on a new or remote computer with minimal fuss?
posted by anonymous to Computers & Internet (14 answers total) 10 users marked this as a favorite
 
Password-protected ZIP?
posted by Thorzdad at 3:02 PM on January 20 [1 favorite]


You probably want to create a locally encrypted archive using any of many available tools, and then store that in the cloud, if you're serious about this. That way the cloud service only has access to the archive itself, not any of the contents. As long as you retain the appropriate passwords and/or keys, you'll be able to access it simply by subscribing to the service on your new computer.

If any level of "good enough" is good enough (i.e. you're not worried about any imperial NSA entanglement), then keep in mind that Google Drive is obfuscated and encrypted ("The data is made confusing and opaque so that it cannot be discerned, except by the server itself."). I don't know enough about the situation with the other services to say whether they're up to that same standard, but that's what you're looking for. Keep in mind that some of these cloud services have serious corporate clients to please.
posted by dhartung at 3:16 PM on January 20


Generic password protected zip is not a standard or well trusted algorithm, and is in practice pretty weak.

Though there are other zip passwording utilities (ie. 7zip as mentioned in the above link) that use standard secure encryption algorithms.
posted by idiopath at 3:17 PM on January 20 [1 favorite]


I would suggest Axcrypt since you are using Windows.

I started developing such an app myself and have a pretty good sense of what's out there for file encryption (which is different from disk encryption). I stopped developing my app before completion due to some programming challenges and uncertainty about demand (a lot of people are not willing to sacrifice convenience for security).
posted by Dansaman at 3:20 PM on January 20


Create a TrueCrypt partition in a file, which you can mount in Windows. TrueCrypt is cross-platform (useful in case you want to access the file from elsewhere at some point) and generally considered very secure. Recently they raised money to pay for a true full security audit, which will likely make it even more secure. In security, openness is usually a good idea, don't trust security products that have some sort of proprietary encryption technology.
posted by anateus at 3:24 PM on January 20 [2 favorites]


Seconding TrueCrypt...
posted by carlodio at 3:49 PM on January 20


But when you create a truecrypt partition in a file and store this on a cloud drive of some sort, wouldn't that file be uploaded every time the contents changes? I heard that dropbox does a delta update, but I have not tried this. I also have not researched this, just a thought.
posted by nostrada at 3:56 PM on January 20


I don't know much about it or how it works (at the moment), but I recently talked with a lawyer who specializes in technology and IP protection, and he said TrueCrypt is the way to go if you want to securely store anything on the cloud that you want to keep secret. It's the best way you can make sure ONLY YOU can open the file, he said, even if it is on someone else's servers. He said if you rely on their encryption, they still have the encryption keys and will release them if they get a court order. He definitely knew his stuff, I could tell, just by talking with him. So, thirding TrueCrypt based on an expensive specialist's recommendation.
posted by KinoAndHermes at 4:00 PM on January 20


Duplicati encrypts files on your local system first, then sends them to the remote server (sftp, ftp, Amazon Cloud, Google Drive, whatever); it does not reveal filenames to the remote server. It also does incremental backups, includes a scheduler, and a number of other features.

If you use it, you'll need to tune it a bit; like if you're doing large media files, send data in larger chunks than their default.
posted by mistersix at 4:43 PM on January 20


SpiderOak is a cloud backup service that does this automatically, if you want something that is more seamless/polished.
posted by Aleyn at 4:48 PM on January 20


I think you'll find a file encryption app much easier to use than a disk encryption app.
posted by Dansaman at 6:49 PM on January 20


Depends. Who are you trying to stop looking at your data?

You could use file-level encryption, like the password feature in modern versions of Office, but then you have to deal with that for *every single file*.

You could use disk-on-disk like truecrypt, but then you have a giant file that needs to be synced. Not ideal, especially if you can't let the sync finish.

I'd suggest you look at Boxcryptor for a hybrid approach. It encrypts each file individually and uses a single passphrase (like truecrypt does), so you get the best of both worlds. (If you use Linux, you can use encfs with Dropbox).
posted by devnull at 2:07 AM on January 21


If you decide to go with Boxcryptor (which I use) check out Boxcryptor Classic. It is their older version, before they went to a subscription model, but you can still get it.
posted by Philosopher Dirtbike at 2:13 AM on January 21


I installed Boxcryptor today to try it out and personally I found it buggy and confusing. I think what they are doing is a good idea, but IMHO the execution is seriously lacking. I haven't used Axcrypt before so I can't speak to the quality of that app.
posted by Dansaman at 5:45 PM on January 21


« Older I'm applying for a new tech su...   |  I want to buy my bf a tool box... Newer »

You are not logged in, either login or create an account to post comments