SBN

Avoid The Hack: 4 Best Secure Cloud Storage Providers

While convenient, many of the most well-known and popular cloud storage providers have direct access to your files – in some cases, third-parties may have access to your files as well.

Encrypted cloud storage providers respect user privacy and use zero knowledge end-to-end encryption implementations to secure user data and to uphold promises of respecting user privacy.

At a glance…

Service Logo Name Jurisdiction Free tier File types MFA types Mobile app availability E2EE link sharing Infrastructure Go to service
proton drive logo Proton Drive Switzerland 1GB Most files TOTP, hardware keys Android, iOS In-house Visit Service
official cryptee logo Filen Germany 10GB Most files TOTP Android, iOS In-house Visit Service
official ente logo ente EU (Netherlands, France, Germany) 1GB/year Images and Videos TOTP Android, iOS
(receiver requires free Ente account)
Rented Visit Service
official cryptee logo Cryptee Estonia 100MB Images and Videos
(includes document editor)
TOTP Progressive Web App ? In-house Visit Service

Proton Drive

proton drive logo

Highlights

  • Free tier (1GB)
  • Supports MFA hardware keys
  • Servers directly owned and operated by Proton
  • Access to other Proton products

Proton is an encrypted cloud storage provider based in Switzerland.

According to Proton’s breakdown of their Drive security model, Proton Drive’s implementation encrypts files and file metadata, effectively keeping the server blind to its contents (or hints of its contents.)

Proton Drive’s end-to-encryption works for sharing files and folders. For additional security features when sharing files, users can choose to password protect files (by setting their own or using a randomly generated password) or set a file sharing link to expire; Proton cannot access shared content as the URL is not revealed to the server.

Proton’s Drive service has been audited, with audit results posted publicly.

According to Proton, their Drive service is also tamper-evident, using signatures to verify authenticity of files and folders

Proton Drive supports strong multifactor authentication (MFA) methods, such as time-based codes (TOTP) and hardware keys.

The free tier of Proton Drive grants users 1GB of storage. Apps are available for mobile platforms like Android and iOS. The platform and its clients are open-source.

Creation of a Proton account also grants users access to the free tiers of Proton Calendar, Proton VPN, and Proton Mail.

Proton is also an avoidthehack recommended VPN and encrypted email provider.

Visit Service

Filen

filen official logo

Highlights

  • Free trial (10GB)
  • Wide platform compatibility
  • In-house infrastructure based in Germany

Filen is an encrypted cloud provider based in Germany.

According to Filen’s whitepaper, folder names and file metadata(ex: size) are also encrypted client-side with the user’s encryption key. Per Filen’s main privacy policy, transactional metadata (exchange with the server) like the user’s email and IP address are recorded.

Filen supports sharing files with both other Filen users and non-Filen users via public links. Public links can be set to expire or protected with a password (that must be pre-shared to intended recipients.) In either case (sharing with Filen or non-Filen users) sharing link URLs are hidden from Filen’s servers.

Filen supports TOTP for strong MFA. Its apps are open-source and support most platforms, including iOS and Android.

Filen offers a tree trial with a storage limit of 10GB, which includes the unlimited bandwidth found in the paid plans.

Visit Service

Ente (photos and videos)

ente official logo

Highlights

  • Free trial (1GB/year)
  • Wide platform compatibility
  • Viable direct replacement for Google Photos

Ente is an encrypted photo and video cloud storage provider.

Ente’s implementation of end-to-end encryption on its platform is well documented on their architecture page. Your account has a masterkey, which doesn’t leave your device unencrypted and is required to begin the decryption (access) process to stored files.

Ente’s implementation also encrypts metadata, such as location EXIF data often attached to photos and videos taken with a GPS-enabled camera (ex: a smartphone.)

Additionally, Ente can automatically sync photos from the device to the cloud. This can be set to only complete when connected to a Wi-Fi network. The service syncs in the background, providing convenient functionality similar to iCloud Photos and Google Photos – however, large numbers of uploads might take some time.

Ente supports strong MFA methods like TOTP. Apps are available for most platforms, including mobile platforms like Android and iOS. The platform and its clients are open-source.

Ente offers a free trial of 1GB of storage for 365 days (1 year).

Visit Service

Cryptee (photos and videos)

cryptee official logo

Highlights

  • Free tier (100MB)
  • Progressive web app (wide availability across platforms)
  • Document editor

Cryptee is an encrypted storage provider with a focus on photos and videos based in Estonia. Cryptee also features a web-based and encrypted document editor.

Cryptee’s implementation encrypts files as well as file metadata prior to upload to the server. With the document editor, contents inside documents are also kept “hidden” from the server.

Cryptee does not have a dedicated mobile app found in any traditional app store. Rather, it is a progressive web app, which can be independently installed on all devices – including mobile operating systems like iOS and Android. Cryptee’s web client is open-source.

Cryptee offers 100MB of storage for its free tier.

Visit Service

A word on Nextcloud

nextcloud blue official logo

Nextcloud is open-source client-server software for creating file hosting (cloud storage) on private servers controlled by the end-user (you). Self-hosting a Nextcloud storage server enables the user to truly take control of their data, metadata, and stored files.

Nextcloud GmBH provides a list of cloud storage provider using their platform. As of writing, listed Nextcloud providers provide free accounts ranging from 2GB to 5GB storage.

A word on iCloud

big blue cloud image apple icloud logo

In December 2022, Apple introduced an update to iDevices and iCloud enabling users to enable Advanced Data Protection – which provides end-to-end encryption for most data and files synced to iCloud.

This is a definite “win” on both the privacy and security fronts for most Apple users – however, be aware that neither iCloud Mail, Contacts, nor Calendar events are end-to-end encrypted even with Advanced Data Protection successfully enabled.

Avoid The Hack features a detailed guide on enabling Advanced Data Protection in a separate post.

Criteria

At minimum, to be listed on avoidthehack, secure cloud storage providers must:

Provide end-to-end encryption

End-to-end encryption provided should make the service’s server blind to what exactly is stored in a user’s account.

This helps prevent unwarranted file “scanning” by the service provider’s servers, metadata ingestion (a consequence to user privacy), and helps prevent third-party access to a user’s files. Implementations should encrypt data on the client-side prior to upload to the server.

Encryption should include file metadata as well; this helps prevent unwarranted…

*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoidthehack! RSS. Read the original post at: https://avoidthehack.com/best-cloud-storage