# Encrypted cloud storage



## VictorBravo (Jun 23, 2011)

A while back Rich recommended CrashPlan for backups. I use it to backup to an external hard drive and another network computer, but I was hesitant to commit to the cloud version because of my own peculiar security concerns.

But I ran across another service, which looks similar to Dropbox and SugarSync, but allows encryption of files. The important part: the key stays with you and not the company.

Backup Online for PC, Mac and iPhone | IDrive

There is a free version allowing 5 GB of storage, and a $4.95 a month version allowing 150 GB of storage.

This looks very promising for those who want a back up that is secure from any sort of legal challenge--particularly those in legal, banking, or forensic investigation fields who seek to be sure they have protected confidential client data.

I don't know anything about the company, but I'm going to check them out.

Basically, nobody has an excuse to not do at least a rudimentary backup. At the very least, you can sync valuable files to a secure off-site location.


----------



## O'GodHowGreatThouArt (Jun 24, 2011)

In my personal opinion, its better to fork over the money for an external hard drive wired up with military grade encryption software (either obtained a la carte or with the hard drive), and store your backups there.

I'm not saying clouds aren't terrible. I use them, but when it comes to personal information that you don't want someone to steal, its not the safest route to go. Even the most rudimentary password breakers can crack both account and encryption information without too much difficulty if given enough time. You can't crack a hard drive that is locked behind six inches of metal that takes 6 hours to burn through, only to find the cables for the hard drive, and discover the actual hard drive is locked inside a safety deposit box behind three feet of concrete and steel. 

They give up and go home, and you fetch the second hard drive out of a secret safe installed directly into your floor and covered by carpet.

That, my friend, is true security.


----------



## JohnGill (Jun 24, 2011)

You do know you can encrypt the data on your computer first and then upload a copy of the encrypted data to a cloud server? There is free, GPL, NSA quality encryption software out there. The GNU Privacy Guard - GnuPG.org 

Of course you should read this article first: NSA Can Break PGP Encryption
http://www.austinlinks.com/Crypto/break-pgp.html
Horrors!


----------



## Andres (Jun 24, 2011)

O'GodHowGreatThouArt said:


> You can't crack a hard drive that is locked behind six inches of metal that takes 6 hours to burn through, only to find the cables for the hard drive, and discover the actual hard drive is locked inside a safety deposit box behind three feet of concrete and steel.
> 
> They give up and go home, and you fetch the second hard drive out of a secret safe installed directly into your floor and covered by carpet.



what are you doing on your computer that you feel you need this kind of security?


----------



## O'GodHowGreatThouArt (Jun 24, 2011)

Call it overzealous caution, borderline OCD.


----------



## JohnGill (Jun 24, 2011)

O'GodHowGreatThouArt said:


> Call it overzealous caution, borderline OCD.



Three phrases I live by:

Just because you're paranoid, doesn't mean they're not out to get you.
Paranoia isn't a disease, it's an heightened sense of awareness.
Better paranoid than dead.

Nothing wrong with overzealous caution.


----------



## VictorBravo (Jun 24, 2011)

JohnGill said:


> You do know you can encrypt the data on your computer first and then upload a copy of the encrypted data to a cloud server? There is free, GPL, NSA quality encryption software out there. The GNU Privacy Guard - GnuPG.org
> 
> Of course you should read this article first: NSA Can Break PGP Encryption
> http://www.austinlinks.com/Crypto/break-pgp.html
> Horrors!



Yes, I'm aware of that. I've been a Truecrypt user for quite a while for that purpose.

But I was impressed that this is out-of-the-box automatic. No extra steps.

I mentioned that my security needs were peculiar--but not that peculiar. Among lawyers there is a debate about whether you can ethically store client data in the cloud. The question mostly boils down to whether the cloud company reserves the right to access your data. This service is the first one I've run across that allows you to keep your own key.

The key point on maintaining confidentiality is "reasonable precautions", not over the top precautions. Sure, I'd like a bullet-proof hard drive behind a water jacketed firewall behind a 6 inch steel door with redundant locks--who wouldn't?

But if you wait for that arrangement before doing anything, almost certainly you are going to lose something. I've blown up 6 or 7 hard drives in my career--and none of them occurred at a convenient time.


----------



## ClayPot (Jun 24, 2011)

Spideroak is similar to Dropbox or Sugarsync but encrypts the information before the files are transferred. Additionally, the encryption key is on your computer, so they don't have the ability to view your files. It is more of a cloud syncing service than storage, though it technically does both. Also, it is truly cross-platform with Windows, Mac, Linux, and mobile devices.


----------



## VictorBravo (Jun 24, 2011)

Joshua, thanks for the info. Spideroak looks very interesting. 

It's good to see Dropbox get some competition on the security front. I really liked using Dropbox until they changed their privacy policies.


----------

