Don’t stop with cloud storage…ENCRYPT EVERYTHING!
You can’t open a blog or a social media post without hearing of the risks that are associate with cloud storage. The most substantial of which is that online files are at greater risk of compromise should your account be breached. Additionally this is compounded by the barrage of privacy issues with concerns that service providers are obligated to present our data to law enforcement agencies under circumstances that warrant that they comply with this “legal” action.
While cloud storage service providers do encrypt data. The problem here is that since they encrypted it, they can decrypt it as they hold the keys!
It becomes too easy for service providers who then have the ability to decrypt your data to cater to the authorities should those actions ever be requested of them. Additionally, we are at the mercy of the service provider and their employment practices to ensure staff have been bonded and fully vetted.
Dependent on how keys are managed within the environment it is possible that if your account is compromised, the data in your account is now available to the hacker in its decrypted state, just as it’s available to you. So while ease of use and feeling of security exists. Provider based encryption is a false sense of security, as it doesn’t protect us as well as we think it does!
There is one fact that does not change in any discussion, that is the fact that your data security and privacy depend on you. Your data, you own the responsibility that comes with keeping it safe.
So what do we do about it?
While the easy answer is easy. It isn’t a realistic one for most. Don’t use cloud services! Of course the realistic side of that conversation is, the convenience these services provide are much too valuable. In most cases contributing highly to increased productivity.
A more realistic approach is taking matters into our own hands, we protect our data before uploading it anywhere.
Cryptomator is a cross-platform application, that offers both transparency being OpenSource and offers up a convenient way of encrypting data, before transitioning to the cloud. It is convenient, because all you need to do is install, create a vault (or multiple vaults as necessary), put your local file or folders into the newly created virtual drive(s), rock N’ roll!
The development team design cryptomator to offer security through simplicity! Now this is where things get good…..
Because it wasn’t easy enough, as of cryptomator-1.4.0-x86_64 distribution is now via AppImage. AppImage is now the official long-term replacement for their Linux distribution methods.
After downloading the appimage, deposit the file where you would like it to live. I have a running collection in
~/Apps which seems to work rather well.Just ensure permissions allow the file to execute!
chmod a+x cryptomator-1.4.0-x86_64.AppImage
To quickly get on your way to creating encrypted vaults. Rather duplicate efforts jotting down their instructions, you can watch a video tutorial the team had put together. (Notice the share through hooktube, (article coming soon!)
To recap: Cryptomator provides transparent, client-side encryption for the cloud (and locally, too).
The program creates an AES-encrypted file in your destination folder, be it a local share your One Drive, WebDav destination, or whatever other location you like. Just specify the file name, location and a passphrase and you’re done.
Once the vault is set up, Cryptomator mounts it as a virtual drive on your computer.
Save any documents to that drive, and they’re automatically encrypted, then uploaded to the cloud (if this is a cloud storage folder).
When you’re finished, lock the vault, the virtual drive disappears, and as they say out of sight out of mind.
Now while the main Cryptomator application is available on multiple platforms, allowing access to your data from almost anywhere free of charge, the mobile iOS app and Android App is a commercial product ($4.99) and worth every penny in my opinion.
If you find this as useful as I do. Donate! Great open source projects like this are a labor of love, they deserve any contribution they can get, doing so supports the application life cycle and helps improve and further develop the application at hand. It also supports the FOSS community as whole.
#Linux #InfoSec #HowTo #Encryption