How to encrypt Cloud backups?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

How to encrypt Cloud backups?

Post by get_g0ing » Thu Jul 11, 2019 12:52 pm

Hi,

I'd like to request if people can suggest or share ways to encrypt files backed up online (Goolge Drive, Dropbox, etc).

I know some of these services do encryption of some sort, but it was recommended to do your own encryption. So I would like to explore how.

The easiest option I had considered was to use Winzip to create a password protected zip and save that on the cloud. I think this should work okay for infrequently updated data. But couple of issues for frequently accessed data:

- You'd need to keep two copies. An unencrypted version on an offline/unsynced folder. And a zipped version on the Google drive or Dropbox folder. Each time you edit the data, you would need to remember to create a new zip.
- Or if you just kept one copy, the encrypted one, then you would need to unzip each time you wanted to access the data (and zip again afterwards).
- Both these ways sound cumbersome.

Another solution I came across is called Cryptomator (and I think encfs works similarly). You point it to your online/synced folder and it saves the encrypted version there (and takes care of encryption/decryption in the background). But one security/privacy feature of these programs is: scrambling the filenames. There is no way to disable this for people who don't want it. I think this feature conflicts with the online store function when it comes to recovering a single file. Let's say you backup 20 files online, the filenames will be scrambled. Now if you want to recover just one of them, you'll need to download all 20, and open them in the unencrypted container to see the actual filenames.
Similarly I don't think you'd be able to use the file versioning feature of some cloud providers.

I think similar issues would occur with Veracrypt or Truecrypt.

Have you thought about these things and found something that works well? Please share.

Thank you.
Last edited by get_g0ing on Mon Jul 15, 2019 7:32 am, edited 1 time in total.

User avatar
dual
Posts: 601
Joined: Mon Feb 26, 2007 7:02 pm

Re: How to encrypt Cloud backups?

Post by dual » Thu Jul 11, 2019 1:02 pm

I use Veracrypt to create an encrypted archive file that is then accessed as if it were a letter drive partition on your disk. Copy the files that you want to archive to the drive including a directory tree to organize them. Then close Veracrypt and upload the archive to the cloud storage.

Since you will probably want to do this periodically, I use ViceVersaPro to copy only the files that have been changed on your local computer to the archive and then replace the complete archive with the updated one in the cloud.

Some limitations:
You have to specify the size of the archive beforehand. But, if you need a larger archive, you can create a blank one with a larger size and then copy the files in the old archive to the new one.

It would be nice to only update the changed files in the cloud archive but I do not know how to do that securely.

User avatar
Ice-9
Posts: 1395
Joined: Wed Oct 15, 2008 12:40 pm
Location: Rockville, MD

Re: How to encrypt Cloud backups?

Post by Ice-9 » Thu Jul 11, 2019 1:32 pm

+1 on Veracrypt

I put our virtual replacement for a physical file cabinet on Dropbox encrypted with VeraCrypt. It's split into containers for Health, Tax, Statements, and a couple others, each about 200 - 500 Mb. I have a Python script that fires twice a month that then copies the containers to similar folders on my OneDrive and GoogleDrive folders for additional backup. (And all of that is further backed up to Time Machine and BackBlaze.) I learned after setting up this Python script that I could have accomplished the same thing simply using the Mac's Automator to create a Calendar event - oh well.

IMPORTANT: You need to change one of the VeraCrypt preferences to use the time stamp so the cloud services will know it's been updated.

I used to use GoogleDrive as the master copy, but someone on Bogleheads mentioned that Dropbox doesn't take as long to upload when you make updates because it does some special cloud magic that only detects changes. I was skeptical, but when I tested it, the upload indeed went faster with Dropbox, so I switched.

I usually access the containers on our computers. On the rare occasion that I was elsewhere and needed to download a container, install VeraCrypt, and open it, the experience wasn't that bad compared to the alternative of not having the needed docs available.

Also, I don't even keep an unencrypted copy. When a container is needed, I open it right there in the Dropbox folder.

armeliusc
Posts: 311
Joined: Wed Dec 21, 2011 9:40 am

Re: How to encrypt Cloud backups?

Post by armeliusc » Thu Jul 11, 2019 2:29 pm

Take a look at 'rclone': https://rclone.org/ . It can do exactly what you ask. You can encrypt the content but not the filename, so you can see that filename directly from the Cloud web interface like Google Drive, etc.

Another way is to just use Rclone itself to browse the cloud. In that case eventhough you also encrypt the filename (and the name looks scrambled for example from Google Drive web interface), you see the actual filename from Rclone interface, which you can then selective select which file to get.

I use it exactly like what you describe to backup to the cloud, using its encryption to backup the encrypted copy of the files.

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Thu Jul 11, 2019 3:39 pm

armeliusc wrote:
Thu Jul 11, 2019 2:29 pm
Take a look at 'rclone': https://rclone.org/ . It can do exactly what you ask. You can encrypt the content but not the filename, so you can see that filename directly from the Cloud web interface like Google Drive, etc.

Another way is to just use Rclone itself to browse the cloud. In that case eventhough you also encrypt the filename (and the name looks scrambled for example from Google Drive web interface), you see the actual filename from Rclone interface, which you can then selective select which file to get.

I use it exactly like what you describe to backup to the cloud, using its encryption to backup the encrypted copy of the files.
So rclone doesn't have a GUI right?

Winston19
Posts: 134
Joined: Mon Jan 21, 2019 5:42 pm

Re: How to encrypt Cloud backups?

Post by Winston19 » Thu Jul 11, 2019 5:21 pm

Microsoft is slowly rolling out personal vault to onedrive which has additional security beyond the encryption already in onedrive. https://arstechnica.com/gadgets/2019/06 ... nal-vault/

abracadabra11
Posts: 122
Joined: Sat May 01, 2010 2:09 pm

Re: How to encrypt Cloud backups?

Post by abracadabra11 » Thu Jul 11, 2019 5:35 pm


Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Thu Jul 11, 2019 6:16 pm

dual wrote:
Thu Jul 11, 2019 1:02 pm
I use Veracrypt to create an encrypted archive file that is then accessed as if it were a letter drive partition on your disk. Copy the files that you want to archive to the drive including a directory tree to organize them. Then close Veracrypt and upload the archive to the cloud storage.

Since you will probably want to do this periodically, I use ViceVersaPro to copy only the files that have been changed on your local computer to the archive and then replace the complete archive with the updated one in the cloud.

Some limitations:
You have to specify the size of the archive beforehand. But, if you need a larger archive, you can create a blank one with a larger size and then copy the files in the old archive to the new one.

It would be nice to only update the changed files in the cloud archive but I do not know how to do that securely.
Hi,

So if you need to recover a single file from the cloud copy, I am assuming you'd need to download the whole container right?

Alchemist
Posts: 282
Joined: Sat Aug 30, 2014 6:35 am
Location: Florida

Re: How to encrypt Cloud backups?

Post by Alchemist » Thu Jul 11, 2019 6:41 pm

get_g0ing wrote:
Thu Jul 11, 2019 12:52 pm

Another solution I came across is called Cryptomator (and I think encfs works similarly). You point it to your online/synced folder and it saves the encrypted version there (and takes care of encryption/decryption in the background). But one security/privacy feature of these programs is: scrambling the filenames. There is no way to disable this for people who don't want it. I think this feature conflicts with the online store function when it comes to recovering a single file. Let's say you backup 20 files online, the filenames will be scrambled. Now if you want to recover just one of them, you'll need to download all 20, and open them in the unencrypted container to see the actual filenames.
Similarly I don't think you'd be able to use the file versioning feature of some cloud providers.

I think similar issues would occur with Veracrypt or Truecrypt.

Have you thought about these things and found something that works well? Please share.

Thank you.
The underlined portion is not correct. Cryptomator containers work like virtual drives, you will have to enter the password to 'open' the virtual drive that is mounted in the Cloud, but once open you can see all the contents in unencrypted form. Once you open a specific file, that is when it is fully downloaded and decrypted. But you can see all the individual files/file names just as if you opened up an external drive connected to your computer prior to downloading them. My Cryptomator drives in my Google Drive are multi gb, but I can open the Cryptomator vault then select a single file to download when needed.

I use Cryptomator with google drive and like it quite a lot. Mainly due to simplicity and the ease of using it across devices. There is Cryptomator for Windows, Mac, Linux, iOS, and Android. Files uploaded by your computer are accessible by just about any device you use. Previously I had used SpiderOak but was very disappointed with it. It was expensive, cumbersome and had significant security flaws in the mobile app while lacking any form of two factor auth.

I am unfamiliar with rclone but it seems to have a healthy number of people using it, as another alternative to look into.

michaeljc70
Posts: 5193
Joined: Thu Oct 15, 2015 3:53 pm

Re: How to encrypt Cloud backups?

Post by michaeljc70 » Thu Jul 11, 2019 6:43 pm

I have a script (Powershell) that encrypts and zips my files before uploading them for backup using 7-Zip. I will not have anything sensitive in the cloud without my own encryption (well, own encryption password only I know- I didn't write the actual encryption). I zip/encrypt each file as I only backup what was changed (vs one huge zip of everything everyday). The source directory structure is also used. If Google/Drop Box/One Drive/Whatever were to be hacked, they could only access my useless encrypted files. The cost is zero (depending on how much free space you get and need). It is all automated.

I am not that familiar with cloud backup providers (like Carbonite) and if they store your encryption password only locally. You'd still have to trust them to some degree.

I do use cloud storage for many things I don't care about being hacked like not sensitive documents, music, photos, etc.

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Thu Jul 11, 2019 7:00 pm

Alchemist wrote:
Thu Jul 11, 2019 6:41 pm
get_g0ing wrote:
Thu Jul 11, 2019 12:52 pm

Another solution I came across is called Cryptomator (and I think encfs works similarly). You point it to your online/synced folder and it saves the encrypted version there (and takes care of encryption/decryption in the background). But one security/privacy feature of these programs is: scrambling the filenames. There is no way to disable this for people who don't want it. I think this feature conflicts with the online store function when it comes to recovering a single file. Let's say you backup 20 files online, the filenames will be scrambled. Now if you want to recover just one of them, you'll need to download all 20, and open them in the unencrypted container to see the actual filenames.
Similarly I don't think you'd be able to use the file versioning feature of some cloud providers.

I think similar issues would occur with Veracrypt or Truecrypt.

Have you thought about these things and found something that works well? Please share.

Thank you.
The underlined portion is not correct. Cryptomator containers work like virtual drives, you will have to enter the password to 'open' the virtual drive that is mounted in the Cloud, but once open you can see all the contents in unencrypted form. Once you open a specific file, that is when it is fully downloaded and decrypted. But you can see all the individual files/file names just as if you opened up an external drive connected to your computer prior to downloading them. My Cryptomator drives in my Google Drive are multi gb, but I can open the Cryptomator vault then select a single file to download when needed.

I use Cryptomator with google drive and like it quite a lot. Mainly due to simplicity and the ease of using it across devices. There is Cryptomator for Windows, Mac, Linux, iOS, and Android. Files uploaded by your computer are accessible by just about any device you use. Previously I had used SpiderOak but was very disappointed with it. It was expensive, cumbersome and had significant security flaws in the mobile app while lacking any form of two factor auth.

I am unfamiliar with rclone but it seems to have a healthy number of people using it, as another alternative to look into.
Hi, thanks for reply. So is all your Cryptomator data on the cloud, with no local copy?

So the way I understood Cryptomator to work is that the Cryptomator virtual drive (container) resides locally. When you open the container, cryptomator unencrypts the data, and as you makes changes or add data it encrypts it. This data resides on a local folder, but outside the cryptomator virtual drive you'd just see random files names (encrypted data). You could use it like this even without cloud involved. But to backup this encrypted data online, you would just point the cryptomator container to the cloud folder. Now all the encrypted files are on this synced folder. And Google drive or Dropbox would do the rest, i.e. upload this to the cloud.
So you'd have two encrypted copies of the data, one local, and one online.

Is that not how it works? Let's discuss please. Thanks.

[New edit]
Please see this youtube clip: https://www.youtube.com/watch?v=zhDg2qnLgfo
This is how I understood. Dropbox will only contain files as seen on the right side. So if we edit cat1.jpeg 3 times, dropbox should contain all three revisions, but it will be impossible to tell which file corresponds to cat1.jpeg.

Also see:
https://community.cryptomator.org/t/can ... drive/1268
https://github.com/cryptomator/cryptomator/issues/101
Last edited by get_g0ing on Thu Jul 11, 2019 9:20 pm, edited 3 times in total.

User avatar
Huygens
Posts: 26
Joined: Tue Dec 04, 2018 8:35 pm

Re: How to encrypt Cloud backups?

Post by Huygens » Thu Jul 11, 2019 8:08 pm

As with anything in security, it's important to consider what the threat vector is. In this case, why are you encrypting your backups? Why is "scrambling" file names important?

Depending on your operating system and how comfortable you are with scripting and a shell, you may consider using Tarsnap: https://www.tarsnap.com. It's my backup client of choice.

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Thu Jul 11, 2019 9:17 pm

Huygens wrote:
Thu Jul 11, 2019 8:08 pm
As with anything in security, it's important to consider what the threat vector is. In this case, why are you encrypting your backups? Why is "scrambling" file names important?

Depending on your operating system and how comfortable you are with scripting and a shell, you may consider using Tarsnap: https://www.tarsnap.com. It's my backup client of choice.
"scrambling" file name is not important for me. Cryptomator has this by default (no way to avoid) and I am looking to not scramble.

https://community.cryptomator.org/t/can ... drive/1268
https://github.com/cryptomator/cryptomator/issues/101

User avatar
dual
Posts: 601
Joined: Mon Feb 26, 2007 7:02 pm

Re: How to encrypt Cloud backups?

Post by dual » Fri Jul 12, 2019 2:12 am

get_g0ing wrote:
Thu Jul 11, 2019 6:16 pm
Hi,

So if you need to recover a single file from the cloud copy, I am assuming you'd need to download the whole container right?
Yes, that is correct. I use online backup as a contingency in case the backups on external hard drives at my home are destroyed or stolen.

CFM300
Posts: 1538
Joined: Sat Oct 27, 2007 5:13 am

Re: How to encrypt Cloud backups?

Post by CFM300 » Fri Jul 12, 2019 3:38 am

get_g0ing wrote:
Thu Jul 11, 2019 6:16 pm
So if you need to recover a single file from the cloud copy, I am assuming you'd need to download the whole container right?
Perhaps the idea you're missing is that you can download a Dropbox or Google Drive app that will keep a local folder constantly synced with the cloud. So...

Create an encrypted VeraCrypt container on your local computer. Put the container in your Dropbox or Google Drive sync folder. Mount the local container whenever you need to put something in or get something out. No need to download anything. The container is just a file sitting on your local drive. Unmount it when you're done. Since the container is in your Dropbox or Google Drive folder, it will automatically sync to the cloud.

I have been doing this with multiple containers, on multiple computers, using multiple cloud sync services, for years.

User avatar
msi
Posts: 462
Joined: Sun Feb 17, 2008 11:15 pm

Re: How to encrypt Cloud backups?

Post by msi » Fri Jul 12, 2019 4:28 am

I use Arq https://www.arqbackup.com

It supports S3, Backblaze b2, Wasabi, various Google storage options, etc., as well as their own cloud storage option. The app encrypts it locally and then uploads to whichever service you choose, based on the schedule and budget limits that you set.

simmias
Posts: 234
Joined: Sun May 17, 2015 4:18 pm

Re: How to encrypt Cloud backups?

Post by simmias » Fri Jul 12, 2019 4:45 am

I've always used AxCrypt, but Veracrypt is a good choice as well.

Freefun
Posts: 465
Joined: Sun Jan 14, 2018 3:55 pm

Re: How to encrypt Cloud backups?

Post by Freefun » Fri Jul 12, 2019 4:46 am

Apple does encryption automatically with FileVault.
Remember when you wanted what you currently have?

student
Posts: 3381
Joined: Fri Apr 03, 2015 6:58 am

Re: How to encrypt Cloud backups?

Post by student » Fri Jul 12, 2019 5:25 am

The suggestions of Veracrypt and fievault (mac) are good.

User avatar
F150HD
Posts: 2234
Joined: Fri Sep 18, 2015 7:49 pm

Re: How to encrypt Cloud backups?

Post by F150HD » Fri Jul 12, 2019 7:56 am

"How to encrypt Cloud backups?" - Have wondered this same thing...but many options I've read about, I always fear using program X, and the company then disappears a year later once you're up and running. Or the software fails and you cannot un-encrypt the files/data. Throw in a Windows 10 update that mars up the whole process and it quickly becomes a mess.

armeliusc
Posts: 311
Joined: Wed Dec 21, 2011 9:40 am

Re: How to encrypt Cloud backups?

Post by armeliusc » Fri Jul 12, 2019 8:08 am

get_g0ing wrote:
Thu Jul 11, 2019 3:39 pm
armeliusc wrote:
Thu Jul 11, 2019 2:29 pm
Take a look at 'rclone': https://rclone.org/ . It can do exactly what you ask. You can encrypt the content but not the filename, so you can see that filename directly from the Cloud web interface like Google Drive, etc.

Another way is to just use Rclone itself to browse the cloud. In that case eventhough you also encrypt the filename (and the name looks scrambled for example from Google Drive web interface), you see the actual filename from Rclone interface, which you can then selective select which file to get.

I use it exactly like what you describe to backup to the cloud, using its encryption to backup the encrypted copy of the files.
So rclone doesn't have a GUI right?
That is correct, not from rclone official anyway. There is a third party GUI "RcloneBrowser" https://martins.ninja/RcloneBrowser/ but I won't know more about it than you do from reading their site. I mainly use it from with command-line and put it in an scheduled jobs. Don't be afraid of the command-line version, it's pretty clear and prompts you for answer, etc.

armeliusc
Posts: 311
Joined: Wed Dec 21, 2011 9:40 am

Re: How to encrypt Cloud backups?

Post by armeliusc » Fri Jul 12, 2019 8:19 am

F150HD wrote:
Fri Jul 12, 2019 7:56 am
"How to encrypt Cloud backups?" - Have wondered this same thing...but many options I've read about, I always fear using program X, and the company then disappears a year later once you're up and running. Or the software fails and you cannot un-encrypt the files/data. Throw in a Windows 10 update that mars up the whole process and it quickly becomes a mess.
Yes, so the point is to avoid dependence of a proprietary program or company X. I use the so-called "cloud provider" only as the storage provider. But I own the password, encryption, and programs (scripts) to perform the backup that can use any cloud storage as a backend: Google Drive, Amazon S3, Dropbox, etc, take your pick (based on price, speed, etc). Hopefully big company won't willy-nilly close down their cloud storage space, but even if they do, there should be some time to get set up on another storage location. You do lose sometime in sending up a whole new set of backup, but that should be minimal.

I think there is a niche side-hustle opportunity here to provide a 'local' backup advisor :).

Alchemist
Posts: 282
Joined: Sat Aug 30, 2014 6:35 am
Location: Florida

Re: How to encrypt Cloud backups?

Post by Alchemist » Fri Jul 12, 2019 10:23 am

get_g0ing wrote:
Thu Jul 11, 2019 7:00 pm
Hi, thanks for reply. So is all your Cryptomator data on the cloud, with no local copy?

So the way I understood Cryptomator to work is that the Cryptomator virtual drive (container) resides locally. When you open the container, cryptomator unencrypts the data, and as you makes changes or add data it encrypts it. This data resides on a local folder, but outside the cryptomator virtual drive you'd just see random files names (encrypted data). You could use it like this even without cloud involved. But to backup this encrypted data online, you would just point the cryptomator container to the cloud folder. Now all the encrypted files are on this synced folder. And Google drive or Dropbox would do the rest, i.e. upload this to the cloud.
So you'd have two encrypted copies of the data, one local, and one online.

Is that not how it works? Let's discuss please. Thanks.

[New edit]
Please see this youtube clip: https://www.youtube.com/watch?v=zhDg2qnLgfo
This is how I understood. Dropbox will only contain files as seen on the right side. So if we edit cat1.jpeg 3 times, dropbox should contain all three revisions, but it will be impossible to tell which file corresponds to cat1.jpeg.

Also see:
https://community.cryptomator.org/t/can ... drive/1268
https://github.com/cryptomator/cryptomator/issues/101
Upon further looking into the details, this appears to be a case of "it depends".

https://community.cryptomator.org/t/doe ... pting/1769

Normally a desktop client working with a sync folder (like Dropbox, Google Drive, etc) does have two copies. One in the cloud, one in the sync folder. But if you are accessing the vault via a mobile app like iOS, Cryptomator is just decrypting file names in real time and only decrypting/downloading entire files when they are opened/selected for download. Apparently there are also desktop apps you can get to have the same functionality as the mobile version, though I have not used them and cannot vouch for their performance.

I have tested this with my MacBook Pro and my iPhone. On my laptop, there is double of the cryptomator vault in my google drive sync folder. On my iPhone it decrypts file names (which are encrypted via a separate process to the file itself) when the vault is 'unlocked' in the app but dynamically downloads files if I select them to open.

I hope this helps, sorry for any confusion I caused with my previous post.

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Fri Jul 12, 2019 10:39 am

CFM300 wrote:
Fri Jul 12, 2019 3:38 am
get_g0ing wrote:
Thu Jul 11, 2019 6:16 pm
So if you need to recover a single file from the cloud copy, I am assuming you'd need to download the whole container right?
Perhaps the idea you're missing is that you can download a Dropbox or Google Drive app that will keep a local folder constantly synced with the cloud. So...

Create an encrypted VeraCrypt container on your local computer. Put the container in your Dropbox or Google Drive sync folder. Mount the local container whenever you need to put something in or get something out. No need to download anything. The container is just a file sitting on your local drive. Unmount it when you're done. Since the container is in your Dropbox or Google Drive folder, it will automatically sync to the cloud.

I have been doing this with multiple containers, on multiple computers, using multiple cloud sync services, for years.
Hi, yes I understand that the cloud app will keep local synced with cloud. But my point was in case you deleted a file locally (or it was corrupted), or you edited the local file but now want the version from 4 days ago. In that case you would need to go online to the Dropbox website and download the deleted file (or go to file history and download a previous version).

So if you are using Veracrypt, you would download an earlier version of the container (with all the contents). Then open it locally and find the file.
But if using Cryptomater (which encrypts each file individually), I don't think it is possible to recover an earlier version.

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Fri Jul 12, 2019 11:11 am

Alchemist wrote:
Fri Jul 12, 2019 10:23 am
get_g0ing wrote:
Thu Jul 11, 2019 7:00 pm
Hi, thanks for reply. So is all your Cryptomator data on the cloud, with no local copy?

So the way I understood Cryptomator to work is that the Cryptomator virtual drive (container) resides locally. When you open the container, cryptomator unencrypts the data, and as you makes changes or add data it encrypts it. This data resides on a local folder, but outside the cryptomator virtual drive you'd just see random files names (encrypted data). You could use it like this even without cloud involved. But to backup this encrypted data online, you would just point the cryptomator container to the cloud folder. Now all the encrypted files are on this synced folder. And Google drive or Dropbox would do the rest, i.e. upload this to the cloud.
So you'd have two encrypted copies of the data, one local, and one online.

Is that not how it works? Let's discuss please. Thanks.

[New edit]
Please see this youtube clip: https://www.youtube.com/watch?v=zhDg2qnLgfo
This is how I understood. Dropbox will only contain files as seen on the right side. So if we edit cat1.jpeg 3 times, dropbox should contain all three revisions, but it will be impossible to tell which file corresponds to cat1.jpeg.

Also see:
https://community.cryptomator.org/t/can ... drive/1268
https://github.com/cryptomator/cryptomator/issues/101
Upon further looking into the details, this appears to be a case of "it depends".

https://community.cryptomator.org/t/doe ... pting/1769

Normally a desktop client working with a sync folder (like Dropbox, Google Drive, etc) does have two copies. One in the cloud, one in the sync folder. But if you are accessing the vault via a mobile app like iOS, Cryptomator is just decrypting file names in real time and only decrypting/downloading entire files when they are opened/selected for download. Apparently there are also desktop apps you can get to have the same functionality as the mobile version, though I have not used them and cannot vouch for their performance.

I have tested this with my MacBook Pro and my iPhone. On my laptop, there is double of the cryptomator vault in my google drive sync folder. On my iPhone it decrypts file names (which are encrypted via a separate process to the file itself) when the vault is 'unlocked' in the app but dynamically downloads files if I select them to open.

I hope this helps, sorry for any confusion I caused with my previous post.
Thanks for clarifying :)

investor4life
Posts: 163
Joined: Fri Oct 08, 2010 9:45 am

Re: How to encrypt Cloud backups?

Post by investor4life » Fri Jul 12, 2019 12:00 pm

Do DropBox or Google Drive keep previous versions of your container *indefinitely*? Could one retrieve the version of a file from (say) 2015?

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Fri Jul 12, 2019 12:15 pm

investor4life wrote:
Fri Jul 12, 2019 12:00 pm
Do DropBox or Google Drive keep previous versions of your container *indefinitely*? Could one retrieve the version of a file from (say) 2015?
It's 30 days for the free versions.

jebmke
Posts: 9330
Joined: Thu Apr 05, 2007 2:44 pm

Re: How to encrypt Cloud backups?

Post by jebmke » Fri Jul 12, 2019 2:11 pm

investor4life wrote:
Fri Jul 12, 2019 12:00 pm
Do DropBox or Google Drive keep previous versions of your container *indefinitely*? Could one retrieve the version of a file from (say) 2015?
Indefinite versioning is a hard spec for me. I am pretty sure that SpiderOak provides indefinite and unlimited versioning. I'd have to check iDrive to be sure - but I think they do as well. My local backup to NAS is configured for infinite versioning (at least as long as the disk space holds up). I've had to go back a few layers more than once.
When you discover that you are riding a dead horse, the best strategy is to dismount.

CFM300
Posts: 1538
Joined: Sat Oct 27, 2007 5:13 am

Re: How to encrypt Cloud backups?

Post by CFM300 » Fri Jul 12, 2019 8:50 pm

get_g0ing wrote:
Fri Jul 12, 2019 10:39 am
I understand that the cloud app will keep local synced with cloud. But my point was in case you deleted a file locally (or it was corrupted), or you edited the local file but now want the version from 4 days ago. In that case you would need to go online to the Dropbox website and download the deleted file (or go to file history and download a previous version).
Dropbox and Google Drive are really syncing tools with limited backup features. If you want to be able to retrieve previous versions of files, I think you should look into actual backup programs. But this may solve your cloud encryption problem:

https://www.boxcryptor.com/en/

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Fri Jul 12, 2019 10:06 pm

CFM300 wrote:
Fri Jul 12, 2019 8:50 pm
get_g0ing wrote:
Fri Jul 12, 2019 10:39 am
I understand that the cloud app will keep local synced with cloud. But my point was in case you deleted a file locally (or it was corrupted), or you edited the local file but now want the version from 4 days ago. In that case you would need to go online to the Dropbox website and download the deleted file (or go to file history and download a previous version).
Dropbox and Google Drive are really syncing tools with limited backup features. If you want to be able to retrieve previous versions of files, I think you should look into actual backup programs. But this may solve your cloud encryption problem:

https://www.boxcryptor.com/en/
Hi,

Can you give a short note on what's the difference between the two? I thought Google and Dropbox were backup. Maybe I am not using the right terminology. And can you please mention the main backup programs around?

CFM300
Posts: 1538
Joined: Sat Oct 27, 2007 5:13 am

Re: How to encrypt Cloud backups?

Post by CFM300 » Sat Jul 13, 2019 12:19 am

get_g0ing wrote:
Fri Jul 12, 2019 10:06 pm
Can you give a short note on what's the difference between the two? I thought Google and Dropbox were backup. Maybe I am not using the right terminology. And can you please mention the main backup programs around?
Syncing means that when you make a change to a file in one location, it gets changed in all locations. Change a file on computer A, and Dropbox will update the file in the cloud, and also on computer B.

Making a backup is just copying a file to another location -- i.e., another folder on the same drive, to an external drive, to the cloud. Traditionally, when you make a backup, it's static. In fact, that's the purpose of the backup. To make and keep a copy of a file as it is at the time of the backup.

Dropbox and Drive have added some backup-like features -- e.g., like the ability to restore a previous version of a file, but are not really backup services per se.

Wirecutter has a review of several online backup services, with Backblaze getting their recommendation. The article also explains the shortcomings of using Drive and Dropbox as backup tools.

https://thewirecutter.com/reviews/best- ... p-service/

For non-cloud backup software, lots of people recommend Macrium Reflect -- which can do incremental backups, encryption, imaging, etc.

User avatar
Maple
Posts: 37
Joined: Fri Aug 07, 2015 11:46 pm

Re: How to encrypt Cloud backups?

Post by Maple » Sat Jul 13, 2019 12:55 am

I used Mozy for years (recently purchased by and converted to Carbonite). It costs ~$6 / month for plenty of storage. The software allows for the encryption key to be maintained solely by me, and encryption of my files occurs automatically one step before the files are uploaded to the Carbonite file storage servers.

Once the software is setup (which is relatively easy), all backups are automatic and near real-time.

For me, this is relatively simple, inexpensive, private and robust file backup.

jjface
Posts: 2587
Joined: Thu Mar 19, 2015 6:18 pm

Re: How to encrypt Cloud backups?

Post by jjface » Sat Jul 13, 2019 2:07 am

Seems like a lot of complicated suggestions.

Is there something wrong with something like idrive?

Seems to do it all fairly simply. Own encryption key. Incremental backup. Versioning.

onourway
Posts: 1938
Joined: Thu Dec 08, 2016 3:39 pm

Re: How to encrypt Cloud backups?

Post by onourway » Sat Jul 13, 2019 7:04 am

These suggestions to use an entire backup container sound extremely cumbersome to me, unless you intend on keeping the backup very small. Every time you modify the contents of a file - even a single character - you’ll have to re-upload the entire container - the same - as you appear to realize - to retrieve a file from the backups. Modern backup systems are secure, cheap, keep a nearly infinite revision history, and work seamlessly in the background. The risk of one of those companies going under seems smaller than the many inconveniences introduced by this method. Backups need to be convenient in order for you to keep up with them in the long run - and preferably hands-off.

jebmke
Posts: 9330
Joined: Thu Apr 05, 2007 2:44 pm

Re: How to encrypt Cloud backups?

Post by jebmke » Sat Jul 13, 2019 7:47 am

jjface wrote:
Sat Jul 13, 2019 2:07 am
Seems like a lot of complicated suggestions.

Is there something wrong with something like idrive?

Seems to do it all fairly simply. Own encryption key. Incremental backup. Versioning.
iDrive works quite well. I have been using the free version for a portion of my files for a year and a half. I have tested and used the restore function more than once.
When you discover that you are riding a dead horse, the best strategy is to dismount.

CFM300
Posts: 1538
Joined: Sat Oct 27, 2007 5:13 am

Re: How to encrypt Cloud backups?

Post by CFM300 » Sat Jul 13, 2019 9:57 am

onourway wrote:
Sat Jul 13, 2019 7:04 am
These suggestions to use an entire backup container sound extremely cumbersome to me, unless you intend on keeping the backup very small. Every time you modify the contents of a file - even a single character - you’ll have to re-upload the entire container
That's actually not true, at least with VeraCrypt and Dropbox. I can mount a 5GB VeraCrypt container on my local drive, add a small text file, unmount the container, and Dropbox will sync it in a matter of seconds.

I agree with everything else you wrote. Encrypted containers are for security/privacy, not backup.

User avatar
Ice-9
Posts: 1395
Joined: Wed Oct 15, 2008 12:40 pm
Location: Rockville, MD

Re: How to encrypt Cloud backups?

Post by Ice-9 » Sat Jul 13, 2019 10:54 am

CFM300 wrote:
Sat Jul 13, 2019 9:57 am
onourway wrote:
Sat Jul 13, 2019 7:04 am
These suggestions to use an entire backup container sound extremely cumbersome to me, unless you intend on keeping the backup very small. Every time you modify the contents of a file - even a single character - you’ll have to re-upload the entire container
That's actually not true, at least with VeraCrypt and Dropbox. I can mount a 5GB VeraCrypt container on my local drive, add a small text file, unmount the container, and Dropbox will sync it in a matter of seconds.

I agree with everything else you wrote. Encrypted containers are for security/privacy, not backup.
+1 everything CFM300 said.

I have no need to keep an unencrypted copy or do any manual downloading/uploading in my normal course of using the containers. I simply launch Veracrypt, mount the container in the Dropbox folder, do what I need to do with the files, and unmount it. Dropbox automatically uploads it (because I've adjusted my time stamp settings so it knows it's changed) in mere seconds.

The file then gets backed up automatically by both Time Machine and Backblaze, like everything else on my hard drive. Having it in the Dropbox folder isn't the "backup" but makes it conveniently accessable from elsewhere if ever needed.

All my containers are like drawers in a physical file cabinet and range from 200 Mb to 500 Mb.

investor4life
Posts: 163
Joined: Fri Oct 08, 2010 9:45 am

Re: How to encrypt Cloud backups?

Post by investor4life » Sat Jul 13, 2019 12:13 pm

CFM300 wrote:
Sat Jul 13, 2019 9:57 am
onourway wrote:
Sat Jul 13, 2019 7:04 am
These suggestions to use an entire backup container sound extremely cumbersome to me, unless you intend on keeping the backup very small. Every time you modify the contents of a file - even a single character - you’ll have to re-upload the entire container
That's actually not true, at least with VeraCrypt and Dropbox. I can mount a 5GB VeraCrypt container on my local drive, add a small text file, unmount the container, and Dropbox will sync it in a matter of seconds.

I agree with everything else you wrote. Encrypted containers are for security/privacy, not backup.
So Dropbox is able to "see" into the encrypted container and copy just the added text file to the Dropbox cloud? How's this possible if the container is encrypted and only you have the key?

CFM300
Posts: 1538
Joined: Sat Oct 27, 2007 5:13 am

Re: How to encrypt Cloud backups?

Post by CFM300 » Sat Jul 13, 2019 1:40 pm

investor4life wrote:
Sat Jul 13, 2019 12:13 pm
So Dropbox is able to "see" into the encrypted container and copy just the added text file to the Dropbox cloud? How's this possible if the container is encrypted and only you have the key?
The syncing occurs after the encrypted container is dismounted. At that point, I think Dropbox can see which blocks of the encrypted container changed, and only re-syncs those. It's just syncing bits of encrypted data.

But I'm not an expert. I'm just reporting my experiences from a decade of using TrueCrypt (and now VeraCrypt) with Dropbox. Detailed explanations are out there. Just Google it.

tibbitts
Posts: 8821
Joined: Tue Feb 27, 2007 6:50 pm

Re: How to encrypt Cloud backups?

Post by tibbitts » Sat Jul 13, 2019 3:03 pm

get_g0ing wrote:
Thu Jul 11, 2019 12:52 pm
Hi,

I'd like to request if people can suggest or share ways to encrypt files backed up online (Goolge Drive, Dropbox, etc).

I know some of these services do encryption of some sort, but it was recommended to do your own encryption. So I would like to explore how.

The easiest option I had considered was to use Winzip to create a password protected zip and save that on the cloud. I think this should work okay for infrequently updated data. But couple of issues for frequently accessed data:

- You'd need to keep two copies. An unencrypted version on an offline/unsynced folder. And a zipped version on the Google drive or Dropbox folder. Each time you edit the data, you would need to remember to create a new zip.
- Or if you just kept one copy, the encrypted one, then you would need to unzip each time you wanted to access the data (and zip again afterwards).
- Both these ways sound cumbersome.

Another solution I came across is called Cryptomator (and I think encfs works similarly). You point it to your online/synced folder and it saves the encrypted version there (and takes care of encryption/decryption in the background). But one security/privacy feature of these programs is: scrambling the filenames. There is no way to disable this for people who don't want it. I think this feature conflicts with the online store function when it comes to recovering a single file. Let's say you backup 20 files online, the filenames will be scrambled. Now if you want to recover just one of them, you'll need to download all 20, and open them in the unencrypted container to see the actual filenames.
Similarly I don't think you'd be able to use the file versioning feature of some cloud providers.

I think similar issues would occur with Veracrypt or Truecrypt.

Have you thought about these things and found something that works well? Please share.

Thank you.
Given that sensitive files are already encrypted on local storage, why does the backup also have to be encrypted? Won't they be copied to the cloud in encrypted form?

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Sat Jul 13, 2019 9:50 pm

tibbitts wrote:
Sat Jul 13, 2019 3:03 pm
get_g0ing wrote:
Thu Jul 11, 2019 12:52 pm
Hi,

I'd like to request if people can suggest or share ways to encrypt files backed up online (Goolge Drive, Dropbox, etc).

I know some of these services do encryption of some sort, but it was recommended to do your own encryption. So I would like to explore how.

The easiest option I had considered was to use Winzip to create a password protected zip and save that on the cloud. I think this should work okay for infrequently updated data. But couple of issues for frequently accessed data:

- You'd need to keep two copies. An unencrypted version on an offline/unsynced folder. And a zipped version on the Google drive or Dropbox folder. Each time you edit the data, you would need to remember to create a new zip.
- Or if you just kept one copy, the encrypted one, then you would need to unzip each time you wanted to access the data (and zip again afterwards).
- Both these ways sound cumbersome.

Another solution I came across is called Cryptomator (and I think encfs works similarly). You point it to your online/synced folder and it saves the encrypted version there (and takes care of encryption/decryption in the background). But one security/privacy feature of these programs is: scrambling the filenames. There is no way to disable this for people who don't want it. I think this feature conflicts with the online store function when it comes to recovering a single file. Let's say you backup 20 files online, the filenames will be scrambled. Now if you want to recover just one of them, you'll need to download all 20, and open them in the unencrypted container to see the actual filenames.
Similarly I don't think you'd be able to use the file versioning feature of some cloud providers.

I think similar issues would occur with Veracrypt or Truecrypt.

Have you thought about these things and found something that works well? Please share.

Thank you.
Given that sensitive files are already encrypted on local storage, why does the backup also have to be encrypted? Won't they be copied to the cloud in encrypted form?
Local data is not already encrypted.

anoop
Posts: 915
Joined: Tue Mar 04, 2014 1:33 am

Re: How to encrypt Cloud backups?

Post by anoop » Sun Jul 14, 2019 2:07 am

deleted

lotusflower
Posts: 225
Joined: Thu Oct 24, 2013 12:32 am

Re: How to encrypt Cloud backups?

Post by lotusflower » Sun Jul 14, 2019 2:58 am

investor4life wrote:
Sat Jul 13, 2019 12:13 pm
CFM300 wrote:
Sat Jul 13, 2019 9:57 am
onourway wrote:
Sat Jul 13, 2019 7:04 am
These suggestions to use an entire backup container sound extremely cumbersome to me, unless you intend on keeping the backup very small. Every time you modify the contents of a file - even a single character - you’ll have to re-upload the entire container
That's actually not true, at least with VeraCrypt and Dropbox. I can mount a 5GB VeraCrypt container on my local drive, add a small text file, unmount the container, and Dropbox will sync it in a matter of seconds.

I agree with everything else you wrote. Encrypted containers are for security/privacy, not backup.
So Dropbox is able to "see" into the encrypted container and copy just the added text file to the Dropbox cloud? How's this possible if the container is encrypted and only you have the key?
Dropbox cannot see the into the container. Veracrypt (nee Truecrypt) was designed to make this possible. AFAIK the encryption is done in chunks or clusters, with each chunk encrypted with the master key but salted with the cluster number (or something like that) So if you change a file that's somewhere in the middle of the disk, then only those clusters containing it would actually change, and Dropbox can detect the partial change, and sync efficiently.

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Sun Jul 14, 2019 5:40 am

CFM300 wrote:
Sat Jul 13, 2019 12:19 am
get_g0ing wrote:
Fri Jul 12, 2019 10:06 pm
Can you give a short note on what's the difference between the two? I thought Google and Dropbox were backup. Maybe I am not using the right terminology. And can you please mention the main backup programs around?
Syncing means that when you make a change to a file in one location, it gets changed in all locations. Change a file on computer A, and Dropbox will update the file in the cloud, and also on computer B.

Making a backup is just copying a file to another location -- i.e., another folder on the same drive, to an external drive, to the cloud. Traditionally, when you make a backup, it's static. In fact, that's the purpose of the backup. To make and keep a copy of a file as it is at the time of the backup.

Dropbox and Drive have added some backup-like features -- e.g., like the ability to restore a previous version of a file, but are not really backup services per se.

Wirecutter has a review of several online backup services, with Backblaze getting their recommendation. The article also explains the shortcomings of using Drive and Dropbox as backup tools.

https://thewirecutter.com/reviews/best- ... p-service/

For non-cloud backup software, lots of people recommend Macrium Reflect -- which can do incremental backups, encryption, imaging, etc.
Interesting, thanks for the details. But now I am confused :confused I read up on this, so one backup option is Duplicati (same wirecutter article). Duplicati says it can work with cloud providers like Google and Dropbox. But these cloud services already upload local files to store online. And if any file is lost or corrupted I can recover it from online copy. So I was calling all this "backup". Do you know what Duplicati adds or does differently?

Thanks

fogalog
Posts: 99
Joined: Sat Nov 07, 2015 11:31 am

Re: How to encrypt Cloud backups?

Post by fogalog » Sun Jul 14, 2019 1:46 pm

msi wrote:
Fri Jul 12, 2019 4:28 am
I use Arq https://www.arqbackup.com

It supports S3, Backblaze b2, Wasabi, various Google storage options, etc., as well as their own cloud storage option. The app encrypts it locally and then uploads to whichever service you choose, based on the schedule and budget limits that you set.
+1 for Arq. Very, very easy to set up and use. Excellent support from the original developer. I've been using it for many years. It "just works".

...and - most importantly - I have used it to successfully recover data that got deleted accidentally. I say this because I worked in the industry for many years and you wouldn't believe how many people don't verify their backups actually work.

Good luck!

CFM300
Posts: 1538
Joined: Sat Oct 27, 2007 5:13 am

Re: How to encrypt Cloud backups?

Post by CFM300 » Sun Jul 14, 2019 4:19 pm

get_g0ing wrote:
Sun Jul 14, 2019 5:40 am
Duplicati says it can work with cloud providers like Google and Dropbox. But these cloud services already upload local files to store online. And if any file is lost or corrupted I can recover it from online copy. So I was calling all this "backup". Do you know what Duplicati adds or does differently?
Yes, Drive and Dropbox are cloud storage services. But they don't provide file encryption prior to uploading (which is why you started this thread!) and they only provide limited versioning. So while you say that if a file is lost or corrupted you can recover it from Drive or Dropbox that really depends on how long ago it was lost or corrupted. If you inadvertently delete a folder containing all of your precious wedding photos and only realize the mistake a year and a day later (around the time of your anniversary, haha), you may be out of luck if you're relying on a syncing program for your backups. The situation is worse, of course, if you're using the free versions of those services. You'd better catch corruptions and mistaken deletions within 30 days. Again, Drive and Dropbox are not really backup services. They're syncing and sharing and collaboration services.

I don't know anything about Duplicati, but if it's a viable backup service then I'm sure it allows for encryption, incremental backups, and robust versioning. That it works with Drive and Dropbox probably just means that it can store your backups to those cloud services, as well as (I assume) local or external drives.

User avatar
Ged
Posts: 3784
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: How to encrypt Cloud backups?

Post by Ged » Sun Jul 14, 2019 4:40 pm

I would recommend that you look at Arq Backup. It provides encryption of the data it uploads plus it will do file version management for you. It will work with a variety of storage services include Google and Amazon.

https://www.arqbackup.com/

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Sun Jul 14, 2019 7:57 pm

CFM300 wrote:
Sun Jul 14, 2019 4:19 pm
get_g0ing wrote:
Sun Jul 14, 2019 5:40 am
Duplicati says it can work with cloud providers like Google and Dropbox. But these cloud services already upload local files to store online. And if any file is lost or corrupted I can recover it from online copy. So I was calling all this "backup". Do you know what Duplicati adds or does differently?
Yes, Drive and Dropbox are cloud storage services. But they don't provide file encryption prior to uploading (which is why you started this thread!) and they only provide limited versioning. So while you say that if a file is lost or corrupted you can recover it from Drive or Dropbox that really depends on how long ago it was lost or corrupted. If you inadvertently delete a folder containing all of your precious wedding photos and only realize the mistake a year and a day later (around the time of your anniversary, haha), you may be out of luck if you're relying on a syncing program for your backups. The situation is worse, of course, if you're using the free versions of those services. You'd better catch corruptions and mistaken deletions within 30 days. Again, Drive and Dropbox are not really backup services. They're syncing and sharing and collaboration services.

I don't know anything about Duplicati, but if it's a viable backup service then I'm sure it allows for encryption, incremental backups, and robust versioning. That it works with Drive and Dropbox probably just means that it can store your backups to those cloud services, as well as (I assume) local or external drives.
LOL, yea good points :p

I played around with Duplicati a bit and it's really neat actually. I like this program, it's free, open-source and very flexible. You are right, it can save the encrypted files to services like Google and Dropbox but also locally.

So looks like there are a few categories of these programs:
1. If you want the files to be locally encrypted -> veracrypt, cryptomator
2. If you want locally un-encrypted, but the backups to be encrypted -> Duplicati or some other like it.

Topic Author
get_g0ing
Posts: 350
Joined: Sat Dec 09, 2017 11:09 am

Re: How to encrypt Cloud backups?

Post by get_g0ing » Sun Jul 14, 2019 7:59 pm

fogalog wrote:
Sun Jul 14, 2019 1:46 pm
msi wrote:
Fri Jul 12, 2019 4:28 am
I use Arq https://www.arqbackup.com

It supports S3, Backblaze b2, Wasabi, various Google storage options, etc., as well as their own cloud storage option. The app encrypts it locally and then uploads to whichever service you choose, based on the schedule and budget limits that you set.
+1 for Arq. Very, very easy to set up and use. Excellent support from the original developer. I've been using it for many years. It "just works".

...and - most importantly - I have used it to successfully recover data that got deleted accidentally. I say this because I worked in the industry for many years and you wouldn't believe how many people don't verify their backups actually work.

Good luck!
Ged wrote:
Sun Jul 14, 2019 4:40 pm
I would recommend that you look at Arq Backup. It provides encryption of the data it uploads plus it will do file version management for you. It will work with a variety of storage services include Google and Amazon.

https://www.arqbackup.com/
I am currently testing Duplicati, which is free and I'm impressed so far.

tibbitts
Posts: 8821
Joined: Tue Feb 27, 2007 6:50 pm

Re: How to encrypt Cloud backups?

Post by tibbitts » Sun Jul 14, 2019 9:08 pm

get_g0ing wrote:
Sat Jul 13, 2019 9:50 pm
tibbitts wrote:
Sat Jul 13, 2019 3:03 pm
get_g0ing wrote:
Thu Jul 11, 2019 12:52 pm
Hi,

I'd like to request if people can suggest or share ways to encrypt files backed up online (Goolge Drive, Dropbox, etc).

I know some of these services do encryption of some sort, but it was recommended to do your own encryption. So I would like to explore how.

The easiest option I had considered was to use Winzip to create a password protected zip and save that on the cloud. I think this should work okay for infrequently updated data. But couple of issues for frequently accessed data:

- You'd need to keep two copies. An unencrypted version on an offline/unsynced folder. And a zipped version on the Google drive or Dropbox folder. Each time you edit the data, you would need to remember to create a new zip.
- Or if you just kept one copy, the encrypted one, then you would need to unzip each time you wanted to access the data (and zip again afterwards).
- Both these ways sound cumbersome.

Another solution I came across is called Cryptomator (and I think encfs works similarly). You point it to your online/synced folder and it saves the encrypted version there (and takes care of encryption/decryption in the background). But one security/privacy feature of these programs is: scrambling the filenames. There is no way to disable this for people who don't want it. I think this feature conflicts with the online store function when it comes to recovering a single file. Let's say you backup 20 files online, the filenames will be scrambled. Now if you want to recover just one of them, you'll need to download all 20, and open them in the unencrypted container to see the actual filenames.
Similarly I don't think you'd be able to use the file versioning feature of some cloud providers.

I think similar issues would occur with Veracrypt or Truecrypt.

Have you thought about these things and found something that works well? Please share.

Thank you.
Given that sensitive files are already encrypted on local storage, why does the backup also have to be encrypted? Won't they be copied to the cloud in encrypted form?
Local data is not already encrypted.
It sort of has to be encrypted already, otherwise there is an equal, or maybe even greater, vulnerability to loss: anyone with physical possession of the hardware the data is stored on will have access.

Post Reply