Encryption for the cloud

[fire5soon]

Hello, all. I know this is a well worn topic but I didn't see this issue while searching previous threads.

I have a 10 year old laptop on its last legs which has been replaced with a Chromebook. The Chromebook will be my only computer so I will no longer be able to use traditional software like Backblaze to backup files, so I will need to utilize Google Drive more heavily. I have used Drive lightly in the past and I like it, but I want to encrypt more sensitive files prior to uploading.

I've read many positive threads on Boxcryptor so I downloaded the app. However I didn't realize I had to supply my Google email and password to Boxcryptor in order to use it with Drive. For obvious reasons this is a concern.

Are there any solid encryption apps (again, not traditional software) that can encrypt files without requiring me to provide my Google password? Or am I making too big of a deal out of Boxcryptor's requirement?

Thanks again!

[gtd98765]

Could you create a separate GMail account and password just for use of Boxcryptor, and still use your main GMail account for email? That would alleviate the problem of giving away your main GMail credentials to someone else.

[abracadabra11]

Cryptomator is another option. It's my go to for keeping sensitive data on cloud. It definitely was not as refined as Boxcryptor early on, but it has improved significantly since its early days.

[ChesterK]

PGP is a standard (and free) tool for encrypting / decrypting files, if you're comfortable with learning to use the command line. https://en.m.wikipedia.org/wiki/Pretty_Good_Privacy You can just encrypt all the files you want encrypted before syncing.

I advise against sharing your email credentials with a third party for obvious reasons. If you are encrypting files yourself do remember that your files are only as secure as the password you use to generate a security key. Most people choose terrible passwords as good passwords tend to be hard to remember. But a bad password isn't going to deter someone who's after your files. They can easily spin up a bunch of machines to brute force hack a poor password.

[dukeblue219]

Have you looked at sync.com? Like Dropbox but with end to end encryption built in. Its entirely separate from Drive (not an overlay like Boxcryptor) so might not be what you're looking for.

[fire5soon]

Thanks for everyone's thoughts. I'll research the options mentioned. I've heard really good things about Boxcryptor but I'm not crazy about giving them my Google password.

Thanks again!

[nalor511]

I had only bad experiences with Boxcryptor (totally unreliable, cancelled/failed uploads, partial files left all over the place) and Cryptomator (same sort of thing). I also did some full encrypted backups with Duplicati, and when I went to try a restore everything went to hell (was never able to successfully restore a file back from the encrypted cloud backup on gdrive).

I do not think you will be able to successfully do encryption in the cloud in the way you want with only a Chromebook.

I ended up using rclone on top of gdrive, and it was a bit messy, but if you can figure out something like rsync that it should be no trouble. Here's a tutorial (read through until they do the first "copy", then skip down to the "encryption" section, since that's what you want): https://www.andyibanez.com/posts/rclone ... ncryption/ . I was able to backup and restore just fine, no issues, and everything is encrypted and speedy. If you want a GUI, after you set up the rclone config, you can download rclonebrowser, which will let you do all the copy/restore/etc graphically.

You will need Linux, Windows, or Mac, though, chromebook won't do it, I do not think. Linux is like a more expanded chromebook, and will run on very similarly poor/underpowered hardware. I have no problem with Lubuntu on 2013 hardware, it still flies. It also ran fine on 2010 hardware, but video streaming (netflix) crashed sometimes.

[michaelingp]

Are there any solid encryption apps (again, not traditional software) that can encrypt files without requiring me to provide my Google password? Or am I making too big of a deal out of Boxcryptor's requirement?

I believe you are. How else would Boxcryptor access your Drive if it doesn't have the password? When it comes down to it, you have to trust your security provider. They could be taking all your sensitive files and sending them to hackers. How would you know? I'd be much more concerned about the complexity of the app than giving them my password, which they obviously need to work.

[ChesterK]

You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right

[palanzo]

You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right

Why would Boxcrypytor have access to your email if you use a different Google account?

[tiburblium]

Are there any solid encryption apps (again, not traditional software) that can encrypt files without requiring me to provide my Google password? Or am I making too big of a deal out of Boxcryptor's requirement?

I believe you are. How else would Boxcryptor access your Drive if it doesn't have the password? When it comes down to it, you have to trust your security provider. They could be taking all your

Are there any solid encryption apps (again, not traditional software) that can encrypt files without requiring me to provide my Google password? Or am I making too big of a deal out of Boxcryptor's requirement?

I believe you are. How else would Boxcryptor access your Drive if it doesn't have the password? When it comes down to it, you have to trust your security provider. They could be taking all your sensitive files and sending them to hackers. How would you know? I'd be much more concerned about the complexity of the app than giving them my password, which they obviously need to work.

Most services like boxcryptor use OAuth to handle deligate access. You are not sharing credentials like a password, rather you login to Google and then grant resource access that is
requested by Boxcryptor to your account

[ChesterK]

You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right

Why would Boxcrypytor have access to your email if you use a different Google account?

They won't. But they'll still potentially have access to your files. If you don't trust Google to access your files why do you trust another third party?

[palanzo]

You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right

Why would Boxcrypytor have access to your email if you use a different Google account?

They won't. But they'll still potentially have access to your files. If you don't trust Google to access your files why do you trust another third party?

They won't. Google would have "access" to encrypted files. Boxcrypytor has zero knowledge encryption which means the encryption is done on your local machine and only you know the passphrase.

One needs to look carefully at these technologies to understand whether "they'll still potentially have access to your files".

https://www.boxcryptor.com/en/

[JoMoney]

There is a Chrome app called "My Little Password"
https://chrome.google.com/webstore/deta ... pbmgbbdijf
Not the most professional looking, as it's decorated with 'My Little Pony' characters... but it's free and it works.

You can 'zip' files on a Chromebook by just right-clicking on a file or folder in the 'Files' app and choosing 'ZIP selection', then open the "My Little Password" app to password protect the zip file. If you use a strong password, password protected zip files offer very strong level of encryption and are broadly portable (note the current version of the MLP app uses AES-256)... most modern operating systems support unzipping a password protected zip even if they don't natively support adding the password to begin with.

[ChesterK]

You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right

Why would Boxcrypytor have access to your email if you use a different Google account?

They won't. But they'll still potentially have access to your files. If you don't trust Google to access your files why do you trust another third party?

They won't. Google would have "access" to encrypted files. Boxcrypytor has zero knowledge encryption which means the encryption is done on your local machine and only you know the passphrase.

One needs to look carefully at these technologies to understand whether "they'll still potentially have access to your files".

https://www.boxcryptor.com/en/

If the encryption is done on your own machine why do they need your Google credentials at all? Also what key is being used to encrypt the files? If it's one derived from a password then this isn't any better than just using freely available software (e.g. PGP). If it's a randomly generated key that Boxcryptor is storing for you then they both have the key and access to your Google credentials, which is equivalent to having access to your files. It can't be a randomly generated key that's just stored on your computer as you would need this key to recover your data if your device were stolen.

[palanzo]

You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right

Why would Boxcrypytor have access to your email if you use a different Google account?

They won't. But they'll still potentially have access to your files. If you don't trust Google to access your files why do you trust another third party?

They won't. Google would have "access" to encrypted files. Boxcrypytor has zero knowledge encryption which means the encryption is done on your local machine and only you know the passphrase.

One needs to look carefully at these technologies to understand whether "they'll still potentially have access to your files".

https://www.boxcryptor.com/en/

If the encryption is done on your own machine why do they need your Google credentials at all? Also what key is being used to encrypt the files? If it's one derived from a password then this isn't any better than just using freely available software (e.g. PGP). If it's a randomly generated key that Boxcryptor is storing for you then they both have the key and access to your Google credentials, which is equivalent to having access to your files. It can't be a randomly generated key that's just stored on your computer as you would need this key to recover your data if your device were stolen.

The Google credentials are needed to write the encrypted blobs. How else would the data be written to the Google drive? There is an excellent security white paper available on their site that will answer your questions.

[abuss368]

I use iCloud form Apple. No sensitive documents or need to keep encryption. I focused on cleaning up and deleting our devices. I realized how much we did not need. Funny thing, I think the devices may be running and performing better!

[michaeljc70]

There is a Chrome app called "My Little Password"
https://chrome.google.com/webstore/deta ... pbmgbbdijf
Not the most professional looking, as it's decorated with 'My Little Pony' characters... but it's free and it works.

You can 'zip' files on a Chromebook by just right-clicking on a file or folder in the 'Files' app and choosing 'ZIP selection', then open the "My Little Password" app to password protect the zip file. If you use a strong password, password protected zip files offer very strong level of encryption and are broadly portable (note the current version of the MLP app uses AES-256)... most modern operating systems support unzipping a password protected zip even if they don't natively support adding the password to begin with.

This. There are other apps that do this too. I do this for my cloud backups (using a different program in Windows). No one can open your files unless they have your cloud credentials AND zip password. A file manager like ES File Explorer can create/extract password protected ZIP files on a Chromebook that supports Android Apps.

[CycloRista]

If you insist on using Gmail and Google drive for storage, I'd suggest you look into Google Advanced Protection Program to secure your data. It limits who can access your data by using two forms of hardware-based multi-factor authentication.

You can use your Android 7.0+ phone, or iPhone running iOS 10.0+ with the free Google Smart Lock app installed. I prefer using the Bluetooth/NFC/USB, USB-A/NFC, USB-C (Titan) security key (separate from my phone) to authenticate wirelessly.

Note: for maximum protection, it is best to authenticate each time you access your data rather than selecting "remember this device" in order to prevent web browser session hijacking.

[michaeljc70]

If you insist on using Gmail and Google drive for storage, I'd suggest you look into Google Advanced Protection Program to secure your data. It limits who can access your data by using two forms of hardware-based multi-factor authentication.

You can use your Android 7.0+ phone, or iPhone running iOS 10.0+ with the free Google Smart Lock app installed. I prefer using the Bluetooth/NFC/USB, USB-A/NFC, USB-C (Titan) security key (separate from my phone) to authenticate wirelessly.

Note: for maximum protection, it is best to authenticate each time you access your data rather than selecting "remember this device" in order to prevent web browser session hijacking.

This likely wouldn't keep your data safe if the cloud storage company is hacked though. If you encrypt the data yourself it would. You hear about breaches and sensitive information stolen all the time and it isn't because they had individual credentials.