Encryption for the cloud

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
Topic Author
fire5soon
Posts: 604
Joined: Tue Feb 20, 2007 3:07 pm

Encryption for the cloud

Post by fire5soon »

Hello, all. I know this is a well worn topic but I didn't see this issue while searching previous threads.

I have a 10 year old laptop on its last legs which has been replaced with a Chromebook. The Chromebook will be my only computer so I will no longer be able to use traditional software like Backblaze to backup files, so I will need to utilize Google Drive more heavily. I have used Drive lightly in the past and I like it, but I want to encrypt more sensitive files prior to uploading.

I've read many positive threads on Boxcryptor so I downloaded the app. However I didn't realize I had to supply my Google email and password to Boxcryptor in order to use it with Drive. For obvious reasons this is a concern.

Are there any solid encryption apps (again, not traditional software) that can encrypt files without requiring me to provide my Google password? Or am I making too big of a deal out of Boxcryptor's requirement?

Thanks again!
Last edited by fire5soon on Fri Jul 03, 2020 1:17 pm, edited 1 time in total.
A man is a success if he gets up in the morning and gets to bed at night, and in between he does what he wants to do. - Bob Dylan
gtd98765
Posts: 702
Joined: Sun Jan 08, 2017 4:15 am

Re: Encryption for the cloud

Post by gtd98765 »

Could you create a separate GMail account and password just for use of Boxcryptor, and still use your main GMail account for email? That would alleviate the problem of giving away your main GMail credentials to someone else.
abracadabra11
Posts: 195
Joined: Sat May 01, 2010 2:09 pm

Re: Encryption for the cloud

Post by abracadabra11 »

Cryptomator is another option. It's my go to for keeping sensitive data on cloud. It definitely was not as refined as Boxcryptor early on, but it has improved significantly since its early days.
ChesterK
Posts: 5
Joined: Fri Jul 03, 2020 9:02 am

Re: Encryption for the cloud

Post by ChesterK »

PGP is a standard (and free) tool for encrypting / decrypting files, if you're comfortable with learning to use the command line. https://en.m.wikipedia.org/wiki/Pretty_Good_Privacy You can just encrypt all the files you want encrypted before syncing.

I advise against sharing your email credentials with a third party for obvious reasons. If you are encrypting files yourself do remember that your files are only as secure as the password you use to generate a security key. Most people choose terrible passwords as good passwords tend to be hard to remember. But a bad password isn't going to deter someone who's after your files. They can easily spin up a bunch of machines to brute force hack a poor password.
dukeblue219
Posts: 858
Joined: Fri Jan 29, 2016 12:40 pm

Re: Encryption for the cloud

Post by dukeblue219 »

Have you looked at sync.com? Like Dropbox but with end to end encryption built in. Its entirely separate from Drive (not an overlay like Boxcryptor) so might not be what you're looking for.
User avatar
Topic Author
fire5soon
Posts: 604
Joined: Tue Feb 20, 2007 3:07 pm

Re: Encryption for the cloud

Post by fire5soon »

Thanks for everyone's thoughts. I'll research the options mentioned. I've heard really good things about Boxcryptor but I'm not crazy about giving them my Google password.

Thanks again!
A man is a success if he gets up in the morning and gets to bed at night, and in between he does what he wants to do. - Bob Dylan
nalor511
Posts: 1109
Joined: Mon Jul 27, 2015 1:00 am

Re: Encryption for the cloud

Post by nalor511 »

I had only bad experiences with Boxcryptor (totally unreliable, cancelled/failed uploads, partial files left all over the place) and Cryptomator (same sort of thing). I also did some full encrypted backups with Duplicati, and when I went to try a restore everything went to hell (was never able to successfully restore a file back from the encrypted cloud backup on gdrive).

I do not think you will be able to successfully do encryption in the cloud in the way you want with only a Chromebook.

I ended up using rclone on top of gdrive, and it was a bit messy, but if you can figure out something like rsync that it should be no trouble. Here's a tutorial (read through until they do the first "copy", then skip down to the "encryption" section, since that's what you want): https://www.andyibanez.com/posts/rclone ... ncryption/ . I was able to backup and restore just fine, no issues, and everything is encrypted and speedy. If you want a GUI, after you set up the rclone config, you can download rclonebrowser, which will let you do all the copy/restore/etc graphically.

You will need Linux, Windows, or Mac, though, chromebook won't do it, I do not think. Linux is like a more expanded chromebook, and will run on very similarly poor/underpowered hardware. I have no problem with Lubuntu on 2013 hardware, it still flies. It also ran fine on 2010 hardware, but video streaming (netflix) crashed sometimes.
michaelingp
Posts: 419
Joined: Tue Jan 17, 2017 8:46 pm

Re: Encryption for the cloud

Post by michaelingp »

fire5soon wrote: Fri Jul 03, 2020 7:30 am
Are there any solid encryption apps (again, not traditional software) that can encrypt files without requiring me to provide my Google password? Or am I making too big of a deal out of Boxcryptor's requirement?
I believe you are. How else would Boxcryptor access your Drive if it doesn't have the password? When it comes down to it, you have to trust your security provider. They could be taking all your sensitive files and sending them to hackers. How would you know? I'd be much more concerned about the complexity of the app than giving them my password, which they obviously need to work.
ChesterK
Posts: 5
Joined: Fri Jul 03, 2020 9:02 am

Re: Encryption for the cloud

Post by ChesterK »

You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right
palanzo
Posts: 1836
Joined: Thu Oct 10, 2019 4:28 pm

Re: Encryption for the cloud

Post by palanzo »

ChesterK wrote: Fri Jul 03, 2020 7:01 pm You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right
Why would Boxcrypytor have access to your email if you use a different Google account?
Last edited by palanzo on Fri Jul 03, 2020 7:57 pm, edited 1 time in total.
tiburblium
Posts: 148
Joined: Thu Apr 11, 2019 4:28 pm

Re: Encryption for the cloud

Post by tiburblium »

michaelingp wrote: Fri Jul 03, 2020 6:49 pm
fire5soon wrote: Fri Jul 03, 2020 7:30 am
Are there any solid encryption apps (again, not traditional software) that can encrypt files without requiring me to provide my Google password? Or am I making too big of a deal out of Boxcryptor's requirement?
I believe you are. How else would Boxcryptor access your Drive if it doesn't have the password? When it comes down to it, you have to trust your security provider. They could be taking all your
michaelingp wrote: Fri Jul 03, 2020 6:49 pm
fire5soon wrote: Fri Jul 03, 2020 7:30 am
Are there any solid encryption apps (again, not traditional software) that can encrypt files without requiring me to provide my Google password? Or am I making too big of a deal out of Boxcryptor's requirement?
I believe you are. How else would Boxcryptor access your Drive if it doesn't have the password? When it comes down to it, you have to trust your security provider. They could be taking all your sensitive files and sending them to hackers. How would you know? I'd be much more concerned about the complexity of the app than giving them my password, which they obviously need to work.
Most services like boxcryptor use OAuth to handle deligate access. You are not sharing credentials like a password, rather you login to Google and then grant resource access that is
requested by Boxcryptor to your account
ChesterK
Posts: 5
Joined: Fri Jul 03, 2020 9:02 am

Re: Encryption for the cloud

Post by ChesterK »

palanzo wrote: Fri Jul 03, 2020 7:27 pm
ChesterK wrote: Fri Jul 03, 2020 7:01 pm You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right
Why would Boxcrypytor have access to your email if you use a different Google account?
They won't. But they'll still potentially have access to your files. If you don't trust Google to access your files why do you trust another third party?
palanzo
Posts: 1836
Joined: Thu Oct 10, 2019 4:28 pm

Re: Encryption for the cloud

Post by palanzo »

ChesterK wrote: Fri Jul 03, 2020 8:37 pm
palanzo wrote: Fri Jul 03, 2020 7:27 pm
ChesterK wrote: Fri Jul 03, 2020 7:01 pm You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right
Why would Boxcrypytor have access to your email if you use a different Google account?
They won't. But they'll still potentially have access to your files. If you don't trust Google to access your files why do you trust another third party?
They won't. Google would have "access" to encrypted files. Boxcrypytor has zero knowledge encryption which means the encryption is done on your local machine and only you know the passphrase.

One needs to look carefully at these technologies to understand whether "they'll still potentially have access to your files".

https://www.boxcryptor.com/en/
Last edited by palanzo on Fri Jul 03, 2020 10:57 pm, edited 1 time in total.
User avatar
JoMoney
Posts: 10521
Joined: Tue Jul 23, 2013 5:31 am

Re: Encryption for the cloud

Post by JoMoney »

There is a Chrome app called "My Little Password"
https://chrome.google.com/webstore/deta ... pbmgbbdijf
Not the most professional looking, as it's decorated with 'My Little Pony' characters... but it's free and it works.

You can 'zip' files on a Chromebook by just right-clicking on a file or folder in the 'Files' app and choosing 'ZIP selection', then open the "My Little Password" app to password protect the zip file. If you use a strong password, password protected zip files offer very strong level of encryption and are broadly portable (note the current version of the MLP app uses AES-256)... most modern operating systems support unzipping a password protected zip even if they don't natively support adding the password to begin with.
"To achieve satisfactory investment results is easier than most people realize; to achieve superior results is harder than it looks." - Benjamin Graham
ChesterK
Posts: 5
Joined: Fri Jul 03, 2020 9:02 am

Re: Encryption for the cloud

Post by ChesterK »

palanzo wrote: Fri Jul 03, 2020 9:49 pm
ChesterK wrote: Fri Jul 03, 2020 8:37 pm
palanzo wrote: Fri Jul 03, 2020 7:27 pm
ChesterK wrote: Fri Jul 03, 2020 7:01 pm You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right
Why would Boxcrypytor have access to your email if you use a different Google account?
They won't. But they'll still potentially have access to your files. If you don't trust Google to access your files why do you trust another third party?
They won't. Google would have "access" to encrypted files. Boxcrypytor has zero knowledge encryption which means the encryption is done on your local machine and only you know the passphrase.

One needs to look carefully at these technologies to understand whether "they'll still potentially have access to your files".

https://www.boxcryptor.com/en/
If the encryption is done on your own machine why do they need your Google credentials at all? Also what key is being used to encrypt the files? If it's one derived from a password then this isn't any better than just using freely available software (e.g. PGP). If it's a randomly generated key that Boxcryptor is storing for you then they both have the key and access to your Google credentials, which is equivalent to having access to your files. It can't be a randomly generated key that's just stored on your computer as you would need this key to recover your data if your device were stolen.
palanzo
Posts: 1836
Joined: Thu Oct 10, 2019 4:28 pm

Re: Encryption for the cloud

Post by palanzo »

ChesterK wrote: Sat Jul 04, 2020 4:36 am
palanzo wrote: Fri Jul 03, 2020 9:49 pm
ChesterK wrote: Fri Jul 03, 2020 8:37 pm
palanzo wrote: Fri Jul 03, 2020 7:27 pm
ChesterK wrote: Fri Jul 03, 2020 7:01 pm You shouldn't share passwords with third parties. This actually opens bigger attack vectors than just encrypting nothing at all. Your email has so much personal information..Boxcrypytor doesn't need to be malicious to make basic mistakes. This stuff is difficult to get right
Why would Boxcrypytor have access to your email if you use a different Google account?
They won't. But they'll still potentially have access to your files. If you don't trust Google to access your files why do you trust another third party?
They won't. Google would have "access" to encrypted files. Boxcrypytor has zero knowledge encryption which means the encryption is done on your local machine and only you know the passphrase.

One needs to look carefully at these technologies to understand whether "they'll still potentially have access to your files".

https://www.boxcryptor.com/en/
If the encryption is done on your own machine why do they need your Google credentials at all? Also what key is being used to encrypt the files? If it's one derived from a password then this isn't any better than just using freely available software (e.g. PGP). If it's a randomly generated key that Boxcryptor is storing for you then they both have the key and access to your Google credentials, which is equivalent to having access to your files. It can't be a randomly generated key that's just stored on your computer as you would need this key to recover your data if your device were stolen.
The Google credentials are needed to write the encrypted blobs. How else would the data be written to the Google drive? There is an excellent security white paper available on their site that will answer your questions.
User avatar
abuss368
Posts: 23043
Joined: Mon Aug 03, 2009 2:33 pm
Location: Where the water is warm, the drinks are cold, and I don't know the names of the players!
Contact:

Re: Encryption for the cloud

Post by abuss368 »

I use iCloud form Apple. No sensitive documents or need to keep encryption. I focused on cleaning up and deleting our devices. I realized how much we did not need. Funny thing, I think the devices may be running and performing better!
John C. Bogle: “Simplicity is the master key to financial success."
michaeljc70
Posts: 7383
Joined: Thu Oct 15, 2015 3:53 pm

Re: Encryption for the cloud

Post by michaeljc70 »

JoMoney wrote: Fri Jul 03, 2020 10:09 pm There is a Chrome app called "My Little Password"
https://chrome.google.com/webstore/deta ... pbmgbbdijf
Not the most professional looking, as it's decorated with 'My Little Pony' characters... but it's free and it works.

You can 'zip' files on a Chromebook by just right-clicking on a file or folder in the 'Files' app and choosing 'ZIP selection', then open the "My Little Password" app to password protect the zip file. If you use a strong password, password protected zip files offer very strong level of encryption and are broadly portable (note the current version of the MLP app uses AES-256)... most modern operating systems support unzipping a password protected zip even if they don't natively support adding the password to begin with.
This. There are other apps that do this too. I do this for my cloud backups (using a different program in Windows). No one can open your files unless they have your cloud credentials AND zip password. A file manager like ES File Explorer can create/extract password protected ZIP files on a Chromebook that supports Android Apps.
CycloRista
Posts: 203
Joined: Sun Feb 16, 2020 11:53 am

Re: Encryption for the cloud

Post by CycloRista »

If you insist on using Gmail and Google drive for storage, I'd suggest you look into Google Advanced Protection Program to secure your data. It limits who can access your data by using two forms of hardware-based multi-factor authentication.

You can use your Android 7.0+ phone, or iPhone running iOS 10.0+ with the free Google Smart Lock app installed. I prefer using the Bluetooth/NFC/USB, USB-A/NFC, USB-C (Titan) security key (separate from my phone) to authenticate wirelessly.

Note: for maximum protection, it is best to authenticate each time you access your data rather than selecting "remember this device" in order to prevent web browser session hijacking.
michaeljc70
Posts: 7383
Joined: Thu Oct 15, 2015 3:53 pm

Re: Encryption for the cloud

Post by michaeljc70 »

CycloRista wrote: Sun Jul 05, 2020 8:14 am If you insist on using Gmail and Google drive for storage, I'd suggest you look into Google Advanced Protection Program to secure your data. It limits who can access your data by using two forms of hardware-based multi-factor authentication.

You can use your Android 7.0+ phone, or iPhone running iOS 10.0+ with the free Google Smart Lock app installed. I prefer using the Bluetooth/NFC/USB, USB-A/NFC, USB-C (Titan) security key (separate from my phone) to authenticate wirelessly.

Note: for maximum protection, it is best to authenticate each time you access your data rather than selecting "remember this device" in order to prevent web browser session hijacking.
This likely wouldn't keep your data safe if the cloud storage company is hacked though. If you encrypt the data yourself it would. You hear about breaches and sensitive information stolen all the time and it isn't because they had individual credentials.
Post Reply