A Defensive Computing Checklist    by Michael Horowitz
NOTE: I gave a presentation on Defensive Computing at the HOPE conference in July 2022
HOME | Full Site Index | Domain Names | VPNs | iOS | Android | About | Rules of the Road | DC Presentation |

SECURE FILE SHARING AND STORAGE

To me, the one thing makes a file storage and file sharing system secure, is whether the employees of the company providing the service can read your files.

The official buzzword that indicates secure file storage is end-to-end encryption. One indication that a system is using end-to-end encryption is when the provider warns you that if you lose your password you lose access to your files.

Another big issue is software - some services require the use of their software, others are available with a web based interface. There will always be features that require installing customized software, but there is a lot to say for a service that is available using just a web browser.

ALWAYS READ YOUR FILES

These file storage companies can read your files

  1. Google Drive
  2. Microsoft OneDrive
  3. Dropbox

NEVER READ YOUR FILES

These file storage companies can not read your files

  1. Tresorit has no free tier but there is a free 14 day trial. As of September 2023, the cheapest personal plan (there are other plans for businesses is $12/month for a terrabyte of storage.
  2. sync.com
    • As of September 2023, a free account comes with 5GB of storage. The cheapest paid account for individual use (they also have team accounts) is $8/month for 2 terrabytes of storage space. In the old days, they offered 200GB for $5/month.
    • Yes, of course, they sync your files across multiple devices but they also have a Vault feature which does not sync. That is, the Vault is just for backup.
    • Steve Gibson uses sync.com and is happy with it
    • Sync.com review: Superb, simple online device sync and backup by Jon Jacobi for PC World March 2, 2023. Surprisingly, this review says nothing about the end-to-end encryption.
  3. Proton Drive As of September 2023, the free tier offers 1GB of storage. The cheapest paid option is $4 US/month for 200GB of storage. Pricing can be confusing because Proton offers many different services and they bundle them. If you pay for Proton Drive, you also get a ProtonMail email address.
  4. FileN lets you keep as many previous versions of a file as you want. The only way to lose an old version of a file is if you delete it manually. There is no file size limit. Free accounts offer 10GB of storage space, the cheapest paid option is 12 Euros/year (as of March 2023 about $13 US dollars/year) for 100GB of space.
  5. Skiff Drive As of September 2023, the free tier offers 10GB of storage. The cheapest paid option is $3/month for 15GB and some email features (like Proton, Skiff is more than a cloud storage provider). For $8 US/month you get 200GB of storage and still more email features. Their software runs on Android, iOS and macOS. Not Windows. They say nothing about whether their system works in a browser.
  6. Mega As of March 2023, the free tier offers 20GB of storage. The cheapest paid option is $10.65 US/month for 2 Terrabytes of storage.
  7. Spider Oak was mentioned in this February 2023 article in Ars Technica: Top cloud backup services worth your money by Jim Salter. Quoting from the article: "Although Spideroak makes a big deal of its supposedly ... end-to-end encryption ... we do not recommend taking those claims at face value. Spideroak derives the encryption key from your account password, and if you ever log in to the company's website, you've broken that 'no knowledge' guarantee."

MAYBE READ YOUR FILES. MAYBE NOT.

These file storage companies swing both ways. Depending on how you configure things, they either can or can not read your files.

  1. Backblaze is a major player in the field, with many options, including end-to-end encryption. If you want the best security with Backblaze, you have to pay attention and enable that feature. Their terminology for end-to-end encryption is sloppy. I have seen them call it "Private Key" and "Private Encryption Key" and "user-selected passphrase". Ugh. See their page on encryption and this other page of theirs: Why does the Backblaze website need my private encryption key to restore? (May 2, 2022)
  2. In their own words, iDrive says: "You can also set your privacy to the highest level by creating a private key for your account during signup. That means no one but you will have access to your data. You don't get this privacy with iCloud or Google Drive. We put your privacy in your hands." As of September 2023, they offer 10GB of storage for free, 100GB for $3/year, 500GB for $10/year and up.
  3. Apple could read files stored in iCloud for years and years. However, as of iOS version 16.3 some (not all) files can be stored in iCloud in a way that Apple can not read them.

 

 This page: 6 views per day (over 306 days)   Total views: 1,956   Created: January 31, 2023
This Page
Last Updated
September 24, 2023		Site Page
Views TOTAL
 737,656		Site Page
Views TODAY
  250		Previous
Website View
38 seconds ago		 Website by
Michael Horowitz
@defensivecomput		 top
Website Average Daily Page Views: November 2023: 687   See the website change log
Copyright 2019 - 2023