Recommedations for platform-independent secure cloud-storage

Discussion topics, Linux related - not requests for help

Moderators: ChriThor, LXF moderators

Recommedations for platform-independent secure cloud-storage

Postby JohanM » Fri Oct 31, 2014 11:07 am

Currently I am using Dropbox as platform-independent cloud-storage, but according to Snowden that is not good.
He recommends SpiderOak.
After doing some research I found the following platform-independent (Microsoft, Apple, Linux, iOS, Android), secure, cloud-storage providers:

SpiderOak (free 2 GB)
Wuala (5 GB $0.99)
Mega (50 GB free)
Tresorit (5 GB free)

Which one do you recommend and why?
JohanM
 
Posts: 26
Joined: Mon Jul 07, 2008 6:16 am
Location: Belgium

Re: Recommedations for platform-independent secure cloud-sto

Postby Dutch_Master » Fri Oct 31, 2014 12:12 pm

Secure and cloud do not go together... :roll: If your data is in the cloud, it's by definition not secure: anyone can access it, if they spoof/steal/copy/guess your credentials. If security is an absolute pre-requisite, keep your valuable data off-line!
Dutch_Master
LXF regular
 
Posts: 2559
Joined: Tue Mar 27, 2007 1:49 am

Re: Recommedations for platform-independent secure cloud-sto

Postby JohanM » Fri Oct 31, 2014 12:50 pm

Okay, point taken, but there are layers of security. Which one is the most secure cloud storage system.
JohanM
 
Posts: 26
Joined: Mon Jul 07, 2008 6:16 am
Location: Belgium

Re: Recommedations for platform-independent secure cloud-sto

Postby guy » Fri Oct 31, 2014 9:58 pm

Dutch_Master wrote:Secure and cloud do not go together... :roll: If your data is in the cloud, it's by definition not secure: anyone can access it, if they spoof/steal/copy/guess your credentials. If security is an absolute pre-requisite, keep your valuable data off-line!

Nor is your own box secure if it connects to the Internet - an airgap is the traditional solution to avoiding data compromise over the network. However this is seldom practical.

In the real world, Dropbox is the touchstone that others have to beat. What is better about SpiderOak?

Oh, yeah, I should add - data security is as much about retention and recovery from loss as it is about leakage. How does SpiderOak fare in the "We'll still be in business this time next year even if our server farm gets hit by an earthquake" stakes?
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt, 4077 M*A*S*H
guy
LXF regular
 
Posts: 1278
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Re: Recommedations for platform-independent secure cloud-sto

Postby JohanM » Tue Nov 04, 2014 8:21 am

Okay, will stick with using Dropbox for now, but start encrypting my files.
For encrypting files which program do you use? TrueCrypt or 7-zip, needs to be platform-independent.
Which platform-independent password manager do you use?
JohanM
 
Posts: 26
Joined: Mon Jul 07, 2008 6:16 am
Location: Belgium

Re: Recommedations for platform-independent secure cloud-sto

Postby nelz » Thu Nov 06, 2014 10:57 am

There is one option noticeable by its absence from your list ownCloud. If you want security, run ownCloud on your own system, either locally or get yourself a VPS and install it there. Any system that uses encrypted storage requires someone to know the encryption keys. If it is your system then that is only you. Guy raises a good point, security is not only about the secrecy of your data but also its safety. OwnCloud gives you full control but also all the responsibility of keeping your system safe from hardware or software failures.

SpiderOak is more secure than DropBox because the encryption is done locally using keys stored only on your system - other systems may allow someone with the required privileges access to your data - whether that be a rogue employee selling it on or someone acting is accordance with the wishes of a government agency.

TrueCrypt is no longer supported. If you want to encrypt individual files or archives, use GPG/PGP as they are available on most platforms.

For password management, I use KeePass, it has clients for desktop and mobile platforms and stores everything in a single encrypted file, making it easy to store in the cloud safely, even on DropBox.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8943
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Re: Recommedations for platform-independent secure cloud-sto

Postby guy » Thu Nov 06, 2014 4:33 pm

nelz wrote:SpiderOak is more secure than DropBox because the encryption is done locally using keys stored only on your system


What happens if I want to update my stuff from another client system, e.g. if my old one just exploded or I am using a mobile toy today? Do we all play musical encryption keys or what?
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt, 4077 M*A*S*H
guy
LXF regular
 
Posts: 1278
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Re: Recommedations for platform-independent secure cloud-sto

Postby nelz » Thu Nov 06, 2014 4:55 pm

In a word, yes. It's the old compromise between security and convenience.

If you want the security of local encryption, you have to take responsibility for the security of the keys.
If you want someone else to take care of that for you, you'll just have to trust them with your data.

I create a GPG encrypted archive of my keys and mail it to my GMail address, so I can get at it wherever I am... provided I can remember my GMail and GPG passphrases.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8943
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK


Return to Discussion

Who is online

Users browsing this forum: No registered users and 0 guests