Over the past several years, online privacy has been one of the most dominant topics in technology. Questions about an individual’s right to own their online footprint, NSA surveillance, celebrity phone hacks and the most recent Facebook data controversy are a just a few examples.
For those looking to limit the potential for abuse while not giving up the benefits of the internet, there are several ways to limit the amount of personal data exposed, such as those found in our online privacy guide. In this article, we’re going to be focusing on the topic of cloud storage privacy, and how to protect the files you keep there so that only you can decrypt them.
The approach is sometimes called zero-knowledge encryption, and is a favorite topic here at Cloudwards.net. Zero-knowledge cloud storage services dominate our rankings for the best cloud storage reviews, in fact, mostly on account of their strong approach to security.
While popular services like Dropbox and Google Drive don’t offer the same advantage, third-party software can change that. In a bit, we’ll show you how to use one of the best, Boxcryptor, to keep your files private.
Before we get to how to encrypt your data for cloud storage, though, let’s review the reasons you might want to in a bit more detail.
The Problem with Managed Encryption
Nearly all cloud storage services encrypt the data customers store on their servers, with only a few notable exceptions like Amazon Drive (read our Amazon Drive review). However, the fact that most of those services also manage the keys used for encryption means that your files are more vulnerable than they need to be.
While many cloud storage services won’t exploit that vulnerability for financial gain, corporations don’t always take the ethical path when there’s money to be made. Google, for its part, states in its terms of service that it may scan sent, received and stored data to for marketing analysis:
“Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.”
One of Google’s closest competitors in the cloud storage market, Dropbox, doesn’t make similar allowances in its privacy terms. In fact, the terms very clearly state, “Your Stuff is yours.” However, that doesn’t change the fact that Dropbox also scans your data, in part to block pirated content.
On top of that, Dropbox, Google Drive, OneDrive and any other U.S.-based cloud service is subject to legally-enforced government data requests. That includes requests to feed mass surveillance programs, like the NSA PRISM initiative.
Finally, you need to worry about cybercrime, with data breaches being the most relevant problem to cloud storage. While cloud services generally host data in secure data centers built to prevent malicious attacks, such measures have historically been designed to protect against outside threats rather than inside threats (e.g., negligent or naughty employees).
Your data, remember, is worth money. Even if a corporation seems completely trustworthy, there’s more than one way to skin a cat. The best approach is to only trust cloud services with your data as much as you have to, and otherwise take privacy into your own hands.
Easy Route: Zero-Knowledge Cloud Storage
The best way to protect your cloud data from privacy issues like marketing, surveillance and cybercrime is to take the ability decrypt your files out of corporate hands. The solution is private, end-to-end encryption, which some corners of the internet have taken to calling zero-knowledge encryption, a phrase we used earlier.
Zero-knowledge encryption means your files get encrypted before leaving your machine and don’t get decrypted until you download them again from the cloud. Only you know the decryption key, which is tied to a password you set, meaning your cloud provider couldn’t unscramble your files even if director of the NSA came knocking on the data center doors.
For those that prefer simplicity, you can sign up for a zero-knowledge cloud storage service to keep your files protected. While there aren’t many such options out there, the best of the bunch are more than capable Dropbox alternatives. For our money, we like Sync.com, which not only provides superior security but great value, with 2TB of storage for around $8 per month.
With Sync.com, any file you drop in the sync folder installed in your system gets scrambled using private encryption automatically. There’s nothing you need to do to facilitate the process, which we discuss in more detail in our Sync.com review.
As much as we like Sync.com, though, it doesn’t have the collaboration features discussed in our Google Drive review or those of most of the best enterprise sync and share services. That however, doesn’t mean you need to give up your privacy. It just means you need to do a little bit more work to protect it.
Slightly Less Easy Route: Zero-Knowledge Encryption Services
For the rest of this article, we’re going to be looking at how to encrypt files yourself before sending them to the cloud. Thankfully, there are a handful of zero-knowledge tools available that integrate with big names in cloud storage to provide an extra security layer.
nCrypted Cloud and Sookasa are two decent options, but neither offers the versatility and value of Boxcryptor. One of the things we like is that Boxcryptor integrates out-of-box with over 20 different cloud storage providers.
The list includes Dropbox, Google Drive, Egnyte Connect, OneDrive, Box and Amazon Drive. Additionally, you can use Boxcryptor with any cloud service that’s WebDAV capable with minimal work.
We have a full Boxcryptor review if you’d like to learn more about the pros and cons of the service. Now, let’s take a closer look out how to use Boxcryptor.
Signup and Install Boxcryptor
Before you start scrambling your files with Boxcryptor to outmaneuver Google’s marketing team and black-site NSA nerds, you need to create an account. Boxcryptor offers a free account for non-commercial use that can be used to integrate with one cloud storage service. For business use or to integrate with unlimited cloud storage services, you’ll need to subscribe.
Once you’ve signed up, you can download and install the Boxcryptor app.
After that, Boxcryptor will give you a quick tour of its features. Then, there’s a tutorial to show you how to use those features. You can either choose to complete the tutorial or not.
Connect Boxcryptor to Your Cloud Storage
Boxcryptor creates a virtual drive on your computer that you can access through your file system or by right-clicking on the Boxcryptor taskbar icon and selecting “open.”
This drive puts all of the files Boxcryptor is protecting for the various cloud services you use in one place, which itself is pretty convenient. However, first you need to establish the integration between those services and Boxcryptor.
To do that, right-click on the Boxcryptor taskbar icon and click “settings.” A control panel will open with several tabs at the top. The tab called “locations” is where you can create a cloud storage connection.
One of the nice things about Boxcryptor is that will automatically detect any cloud storage service you have installed as long as it’s supported out of box. All you need to do is click the radio button near the service you want to encrypt files for, and the integration is established.
Going forward, that service will appear in your Boxcryptor virtual drive.
Encrypt Files with Boxcryptor
Although we’ve now connected Boxcryptor to Dropbox, that doesn’t mean all of the Dropbox files on our test computer are automatically encrypted. We have to encrypt folders and files sent to Dropbox manually.
To do so, right click on the object, folder or file, that you want to encrypt and select “Boxcryptor > encrypt.”
Going forward, that object will be protected in the cloud.
Since encrypting a bunch of individual files individually can take a good deal of time and lead to missteps, we recommend creating a special encryption folder for your cloud storage account. That way, you can just move files into the folder that you want encrypted.
On a final note, file names aren’t automatically encrypted by Boxcryptor. You have to click a toggle in the security tab of the Boxcryptor control panel.
This feature, by the way, isn’t available on free accounts. Given that file names themselves can be used to tell a fair amount about a person, you may want to consider a subscription even if you only use one cloud storage service.
There are many ways you can protect your privacy online, from using one the best VPN services while browsing websites or torrenting, to using a cloud password manager to create more complex passwords than “iloveApplexoxo.” Privately encrypting files you intend to store in the cloud is one of the easiest things you can do.
Whether you go with a top zero-knowledge service like Sync.com or pCloud, or use Boxcryptor to protect files, you can limit the chances your personal photos, documents and other files end up in a marketing or government database, or used for identity theft or blackmail.
Any questions? Let us know in the comments below, and thanks for reading.