Secure Cloud storage Tahoe LAFS

Image from SpiderOak.com.
Secure Cloud storage Tahoe LAFS

In light of ongoing debate about data privacy and security and government surveillance, courtesy of the decision that Edward Snowden made, a significant percentage of users have been flocking to companies that provide some form of security and privacy guarantees. Those guarantees should, however, only be taken with a grain of salt. Put another way, only trust them as far as you can throw them.

True host-proof or PRISM-proof (as these services have come to be called) services and applications can be tough to bet your right-thump on, but they are not impossible to create. There are just challenges and trade-offs. If you have data that you don’t want any unauthorized person to have read-access to, just be sure to find how the system works. If it doesn’t provide client-side encryption that can be verified, take a step back and look around.

While you are trying to make up your mind about these services, here’s a quote from Ken Thompson, the co-creator of the original UNIX operating system, that I hope will help you make the best decision for you and your data:

The moral is obvious. You can’t trust code that you did not totally create yourself.(Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code.

And here’s another one from Jon Callas, the founder of Silent Circle, a company that provides encrypted communication services:

Whenever we run an app, we’re trusting it. We’re also trusting the operating system that it runs on, the random number generator, the entropy sources, and so on. You’re trusting the CPU and its microcode. You’re trusting the bootloader, be it EFI or whatever as well as SMM on Intel processors – which could have completely undetectable code running, doing things that are scarily like Descartes’s evil demon.

Another little detail to keep in mind: Just because a service is located in Europe, Australia, Canada or New Zealand does not mean that your government (you know which one I’m referring to, right?) cannot get access to the data. Companies in those countries will happily make a clone of their servers hard disk drives and ship it over here. Just ask Kim Dotcom.

Related Post:  Is that a backdoor or an "administrative password" on your Verizon Internet router?

And if you care to know which of these services I trust, here’s where I stand. I am not an active user of any of these services. I store all my data locally. However, the only secure Cloud storage service I’ll ever use to store data that I really want to keep others from reading is the one that offers verifiable client-side encryption, and whose software is Open Source or Free Software.

With all that in mind, here’s my list of the top five Cloud storage services to choose from. The list is in alphabetical order:

1. Simple Secure Storage Service: S4, as it is also known, is the Cloud storage service of Least Authority (Yep, that the name of the company). The official mission statement of Least Authority says that the company is:

…building an affordable, ethical, usable, effective, and lasting secure data storage solution. We believe this requires free and open source software, client-side cryptography, user-friendly interfaces, and a sustainable economic model.

Why do we do what we do? To give billions of humans a real alternative for control over their own data. If someone doesn’t do this soon, then almost everyone will be beholden to a few large organizations that control all of their information.

Sounds like a mission statement I can support. The Tahoe-Least Authority File System is the application that enables the company to offer its secure Cloud storage service. It is Free Software. The cost of using S4 US$50 per month for up to 350 GB of storage. More about the service at Least Authority.

2. SpiderOak: The buzzword of SpiderOak’s service is Zero-Knowledge. Here’s how the company defines it:

In technical terms it means that the server has ‘zero-knowledge’ of your data. In non-technical terms it means that your data is 100% private and only readable to you.

In a world where more and more of our lives are online, it behooves us to think about who has access to our data from critical business documents to personal photo albums. SpiderOak provides the ability to utilize cloud technologies while retaining that precious right we call privacy.

SpiderOak gives you 2 GB of free storage. If you want more disk space, it will cost you US$10 per month or US$10 per year. More about this service at SpiderOak.com.

Related Post:  So what happened to PC-BSD?

3. Tarsnap: This is a service created by Dr. Colin Percival, the Security Officer of the FreeBSD project. It looks more like a geeks-only service that runs natively on UNIX-like operating systems and on Windows via Cygwin. Though the Tarsnap client is based on the Free Software libarchive library, the Tarsnap code itself is not Free Software.

After registering for an account and depositing the minimum of $5 in your account, you are billed on a per usage basis, which is similar to how Digital Ocean bills its Cloud service clients. Here’s the official description of Tarsnap:

Tarsnap is a secure online backup service for BSD, Linux, OS X, Minix, Solaris, Cygwin, and probably many other UNIX-like operating systems. The Tarsnap client code provides a flexible and powerful command-line interface which can be used directly or via shell scripts.

At the present time, Tarsnap does not support Windows (except via Cygwin) and does not have a graphical user interface.

4. Wuala: Wuala is a Switzerland-based unit of LaCie, the computer storage company. To provide a secure Cloud storage services, the company:

…employs client-side-encryption to achieve a unique level of security. All data is encrypted locally, before it is uploaded. Your password never leaves your computer. Nobody – not even we as storage provider – can access your data without your authorization. Wuala’s data centers are all located in Europe (Switzerland, Germany, France).

Users get 5 GB of free Cloud storage. Additional storage space starts at US$3.99 per month. That price will give you 20 GB of storage. You may access more information about this service at Wuala.com.

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer runs network ads?  Yep, no more ads from the usual suspects that track you across the Internet.  But since  I still need to pay to keep the site running, feel free to make a small donation by PayPal.

Subscribe for updates. Trust me, no spam!

Mailchimp Signup Form

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

10 Responses

    1. Sounds like a good idea, but what’s this thing about “it fully works in Chrome”? Does it work in Firefox?

      From your site: “For your security we recommend that you Get Chrome.” Does this mean that FF is not secure?

    1. Good question. Both are Linux-compatible. I prefer Spideroak because, to my knowledge, they contribute more to open source software projects than Crashplan (or Crashplan’s creators, Code 42 Software). Here’s the Spideroak open source page: https://spideroak.com/code

  1. All of these services are made redundant by using BitTorrentSync. You guys are not at the cutting edge. All Cloud services have been superceded by BTSYNC.

    1. BitTorrent Sync is interesting, but it is a proprietary product from a company based in the US of A. where tech companies like it are required by law to encode backdoors in their products.

      I’m not saying for a fact that it has a backdoor, but, but…

      1. I agree. Again, if I was using BitTorrent Sync, I would encrypt the data myself before allowing BitTorrent Sync to move it around.

          1. I hate Digital Rights Management (DRM) because it restricts my ability to use lawfully purchased devices and is used to justify government invasion of privacy.

            However, I don’t actually share any media (movies, books, music) illegally, so Hollywood is free to waste millions of dollars trying to decrypt my Bittorrent Sync traffic. They won’t find anything that justifies a criminal prosecution or a civil lawsuit.

  2. For data storage, any cloud service is fine provided you encrypt your data locally before uploading it. So pick a damn good passphrase and GnuPG to encrypt your files, and _then_ put the encrypted archive into your Dropbox folder (or whatever it is).

    I use SpiderOak, because I’m lazy – they automatically encrypt for me using my password locally and claim (?) they don’t actually have my password on their own servers. I like their products, but it’s proprietary so I don’t trust them.

    But the real problem are mobile phones, internet service providers, and email. It’s virtually impossible to have a useful mobile phone without giving lots of your private information to the phone company. For privacy in your internet service provider you need to use a VPN or Tor, and either one reduces the quality of your service and automatically increases the interest of law enforcement. And private email is virtually impossible – it’s hard for 98% of the population to run their own mail server, which means anything you send and receive can be read at the other end by the hosting companies of people sending to you and people who receive your messages.

Leave a Reply to gdazer Cancel reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter
Mailchimp Signup Form

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event for 2020.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.

Anastasia Marchenkova

An invitation from Anastasia Marchenkova

Hya, after stints as a quantum researcher at Georgia Tech Quantum Optics & Quantum Telecom Lab, and the University of Maryland Joint Quantum Institute, I’m now working on superconducting qubit quantum processors at Bleximo. I’ll be speaking during Algorithm Conference in Austin, Texas, July 16 – 18, 2020. Meet me there and let’s chat about progress and hype in quantum computing.