List of USA cloud storage services with client side encryption

Even with local encryption, it is not impossible for a government to subpoena a tech company and force them to introduce a backdoor in their software. A few of the US companies below allow you to download the security software source code to make it much harder for a government to tamper with it unnoticed.

Another way to strengthen your security is to use third party cloud encryption programs like Viivo or BoxCryptor, they come with an easy to use interface that makes cloud encryption effortless. These programs can be used in conjunction with cloud services own encryption and it will add a second encryption layer that will have to be broken.

If you use Linux, EncFS can create an encrypted version of your files inside a folder before syncing it online.

iDrive: Data is secured with AES256-bit encryption before moving it to the cloud. The encryption key is provided by you and not stored anywhere in iDrive servers, or you can opt for their system based encryption scheme where the company holds the key.

JungleDisk: Used to back up your computer files to Rackspace Cloud Files Service or Amazon S3. During installation you can create your own AES256-bit encryption key that nobody else will know with data being encrypted before leaving your computer.

JungleDisk cloud encryption Android client

JungleDisk cloud encryption Android client

Cubby: Client side encryption with AES256-bit, any content added inside the Cubby software is automatically encrypted before syncing it with the cloud, there is an option to sync data in between your computers and avoid the cloud altogether.

Elephant Drive: You are given a choice of using the company encryption keys or creating your own, if you create your own keys Elephant Drive will only store a hash value of them to compare it with the entered password when you ask for access. The company will not be able to access your data even if they are forced to at gunpoint.

SpiderOak: It can be used to share and back up files, data is encrypted in your computer with AES256-bit in CFB mode and HMAC-SHA256, the company has no knowledge of what data is stored in their servers or what your password is. SpiderOak software works in smartphones and Linux as well as Windows.

Bitcasa: They implement convergent encryption to remove duplicate files stored in their servers, a way to save space in cloud servers by not backing up duplicate files that exist in another user account. With this system the company does not have to decrypt or see the data which is kept ciphered with AES256-bit.

Bitcasa cloud encryption software

Bitcasa cloud encryption software

TarSnap: Targeted at the open source community, Tarsnap works in Linux, BSD, Solaris and other Unix based operating systems. Command line interface or shell scripts will encrypt and sign your data before uploading it, the software source code is available for download.

Make sure not to fall for Dropbox or Google Cloud Storage security marketing ploys. Those companies only encrypt data server side. They do not protect you against a subpoena forcing a company to hand over the encryption keys.

The only way to be safe from NSA accessing your data stored in the cloud, is if if the cloud company never had access to the encryption key. In that case, the NSA could only try a brute force attack against hashed passwords and it would not get them too far if you have assembled a very long encryption passphrase.

Leave a Reply