Secure Cloud storage Tahoe LAFS

Image from
Secure Cloud storage Tahoe LAFS

In light of ongoing debate about data privacy and security and government surveillance, courtesy of the decision that Edward Snowden made, a significant percentage of users have been flocking to companies that provide some form of security and privacy guarantees. Those guarantees should, however, only be taken with a grain of salt. Put another way, only trust them as far as you can throw them.

True host-proof or PRISM-proof (as these services have come to be called) services and applications can be tough to bet your right-thump on, but they are not impossible to create. There are just challenges and trade-offs. If you have data that you don’t want any unauthorized person to have read-access to, just be sure to find how the system works. If it doesn’t provide client-side encryption that can be verified, take a step back and look around.

While you are trying to make up your mind about these services, here’s a quote from Ken Thompson, the co-creator of the original UNIX operating system, that I hope will help you make the best decision for you and your data:

The moral is obvious. You can’t trust code that you did not totally create yourself.(Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code.

And here’s another one from Jon Callas, the founder of Silent Circle, a company that provides encrypted communication services:

Whenever we run an app, we’re trusting it. We’re also trusting the operating system that it runs on, the random number generator, the entropy sources, and so on. You’re trusting the CPU and its microcode. You’re trusting the bootloader, be it EFI or whatever as well as SMM on Intel processors – which could have completely undetectable code running, doing things that are scarily like Descartes’s evil demon.

Another little detail to keep in mind: Just because a service is located in Europe, Australia, Canada or New Zealand does not mean that your government (you know which one I’m referring to, right?) cannot get access to the data. Companies in those countries will happily make a clone of their servers hard disk drives and ship it over here. Just ask Kim Dotcom.

Related Post:  PC-BSD 8 installation guide

And if you care to know which of these services I trust, here’s where I stand. I am not an active user of any of these services. I store all my data locally. However, the only secure Cloud storage service I’ll ever use to store data that I really want to keep others from reading is the one that offers verifiable client-side encryption, and whose software is Open Source or Free Software.

With all that in mind, here’s my list of the top five Cloud storage services to choose from. The list is in alphabetical order:

1. Simple Secure Storage Service: S4, as it is also known, is the Cloud storage service of Least Authority (Yep, that the name of the company). The official mission statement of Least Authority says that the company is:

…building an affordable, ethical, usable, effective, and lasting secure data storage solution. We believe this requires free and open source software, client-side cryptography, user-friendly interfaces, and a sustainable economic model.

Why do we do what we do? To give billions of humans a real alternative for control over their own data. If someone doesn’t do this soon, then almost everyone will be beholden to a few large organizations that control all of their information.

Sounds like a mission statement I can support. The Tahoe-Least Authority File System is the application that enables the company to offer its secure Cloud storage service. It is Free Software. The cost of using S4 US$50 per month for up to 350 GB of storage. More about the service at Least Authority.

2. SpiderOak: The buzzword of SpiderOak’s service is Zero-Knowledge. Here’s how the company defines it:

In technical terms it means that the server has ‘zero-knowledge’ of your data. In non-technical terms it means that your data is 100% private and only readable to you.

In a world where more and more of our lives are online, it behooves us to think about who has access to our data from critical business documents to personal photo albums. SpiderOak provides the ability to utilize cloud technologies while retaining that precious right we call privacy.

SpiderOak gives you 2 GB of free storage. If you want more disk space, it will cost you US$10 per month or US$10 per year. More about this service at

Related Post:  How to use Deepin 2014 Guest account

3. Tarsnap: This is a service created by Dr. Colin Percival, the Security Officer of the FreeBSD project. It looks more like a geeks-only service that runs natively on UNIX-like operating systems and on Windows via Cygwin. Though the Tarsnap client is based on the Free Software libarchive library, the Tarsnap code itself is not Free Software.

After registering for an account and depositing the minimum of $5 in your account, you are billed on a per usage basis, which is similar to how Digital Ocean bills its Cloud service clients. Here’s the official description of Tarsnap:

Tarsnap is a secure online backup service for BSD, Linux, OS X, Minix, Solaris, Cygwin, and probably many other UNIX-like operating systems. The Tarsnap client code provides a flexible and powerful command-line interface which can be used directly or via shell scripts.

At the present time, Tarsnap does not support Windows (except via Cygwin) and does not have a graphical user interface.

4. Wuala: Wuala is a Switzerland-based unit of LaCie, the computer storage company. To provide a secure Cloud storage services, the company:

…employs client-side-encryption to achieve a unique level of security. All data is encrypted locally, before it is uploaded. Your password never leaves your computer. Nobody – not even we as storage provider – can access your data without your authorization. Wuala’s data centers are all located in Europe (Switzerland, Germany, France).

Users get 5 GB of free Cloud storage. Additional storage space starts at US$3.99 per month. That price will give you 20 GB of storage. You may access more information about this service at


Share on facebook
Share on twitter
Share on pinterest
Share on linkedin

Hola! Did you notice that no longer runs network ads?  Yep, no more ads from the usual suspects that track you across the Internet.  But since  I still need to pay to keep the site running, feel free to make a small donation by PayPal.

Subscribe for updates. Trust me, no spam!

Mailchimp Signup Form

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

One Response

  1. Thank you for the writeup, which will be helpful to the next iteration of some PCBSD testing I’m in the middle of now.

    Regarding a bad password entry immediately dropping you to the Grub rescue screen, the same problem crops up when using full-disk encryption (including /boot) on Linux distros with Grub2 as the bootloader. It is due not to the operating system but rather to Grub2’s cryptodisk feature, which was evidently coded with a zero tolerance policy regarding password entries when decrypting a GELI or LUKS root.

    If you’ve found a way around this annoyance since the time you wrote this article, I’d love to know it, especially since I work on some machines for which a reboot cycle to get back to GRUB is quite lengthy, an irksome price to pay for a password typo.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter
Mailchimp Signup Form

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.


The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.

Anastasia Marchenkova

An invitation from Anastasia Marchenkova

Hya, after stints as a quantum researcher at Georgia Tech Quantum Optics & Quantum Telecom Lab, and the University of Maryland Joint Quantum Institute, I’m now working on superconducting qubit quantum processors at Bleximo. I’ll be speaking during Algorithm Conference in Austin, Texas, July 16 – 18, 2020. Meet me there and let’s chat about progress and hype in quantum computing.