Update 22 June 2015: We have received the following email:
‘Dear Cyphertite User,
It is with a heavy heart that I am announcing the coming closure of the Cyphertite online backup service in 2 months’ time, on August 18th, 2015.
Due to limited interest in Cyphertite, we were not able to generate enough revenue to justify continuing to operate the service. In an attempt to make transition away from using the Cyphertite service less painful for existing users, we are giving a 2 month notice that the service is ending.’
This is big shame, as Cyphertite is the only open source cloud backup solution around (and hence why it is our number one pick.) We will update this article soon to reflect this change.
With the increasing availability of ever faster broadband and cheap storage, the appeal of backing up data to the cloud grows, and cloud storage and backup services are now big business, with companies such as Dropbox and Carbonite becoming household names (not to mention companies such as Google (Drive), Apple (iCloud) and Microsoft (SkyDrive) being keen to get in on the act).
The problem, particularly in these post-Snowden days where we are all too aware of the multitudinous threats to our privacy, is that although data is sent and stored encrypted when using these (and many other similar) services, encryption is performed server-side (i.e. files are encrypted on the company’s computers, not your own) and the encryption keys are held by the cloud company.
This means that if issued with a warrant or otherwise pushed by the authorities, the company can (and despite what it may say, almost certainly will – Lavabit being the exception which proves the rule) hand over the keys so your data can be decrypted.
Therefore, if security is important to you, strong end-to-end client-side encryption is absolutely vital, where you generate the encryption keys on your own computer, and they are never passed on to any third party storage company.
Unfortunately, while a growing number of cloud backup services are offering client-side encryption (at least as an option), only one that we know of, Cyphertite, uses open source software to perform this encryption.
This is important, because if the source code is propriety/closed, then there is no way to independently vet the software to ensure it is doing only what the company says it is (there is no way of knowing, for example, if the software is in fact passing your passwords on to the cloud storage company, or even directly on to the NSA).
For most people this may not be a massive concern, but those who want top-notch security are strongly advised to encrypt their data first, before sending off to the cloud. However, not only is this inconvenient, and we have heard reports of usability issues, but the once-trusted tool of choice to perform such client-side encryption, TrueCrypt, has become mired in controversy, the long and short of which is that it can no longer be trusted.
This is a problem compounded by the fact that no real open source and mature alternatives to TrueCrypt exist (although EncFS may provide a partial solution).
A consideration with any service that uses client-side encryption and claims to be ‘zero knowledge’, is that (at least in theory) responsibility for your encryption keys remains entirely yours. If you lose your keys, then the backup company has no way to retrieve your data. Consider yourself warned.
Note that the list of 5 best secure backup services below is based purely on our assessment of their security measures, and not on other important factors such as usability, features, cross-platform support, file transfer speeds, etc. More information on these factors can be found in reviews elsewhere, including on our sister website, Best Backups.com.
Data protected by ‘Secret File’, generated using 2x 256-bit AES_XTS keys, 1024-bits of random data (‘ salt’), a round count for PBKDF2, and a checksum for the rest of the data (using SHA-256)
‘Secret file’ protected by a ‘secret passphrase’, 1024-bit salt, a round count of 156,000, and decrypted using PBKDF2
Based: United States
When it comes to security Cyphertite is the hands-down winner, on account of it being the only cloud backup service we know of to use open source client side encryption (except Tarsnap which discuss at the end of this article). This encryption is very good, and Cyphertite has an excellent white paper which explains the Cryptography used in great detail.
Cyphertite is a backup-only service (no file sharing), and there are no mobile apps for it. It is perhaps not a program for the casual user, but those willing to take the time to learn how to use it should find the service works well, and most importantly, it is easily the most secure (third party) backup service we have looked at.
We generally do not trust services based in the US because they can be easily coerced into handing over encryption keys, but the fact that Cyphertite uses open source software and has prioritized security from the ground up when designing its system, gives a great deal on confidence in its robustness.
Although support for mobile devices is very convenient, this (and remote access though its web interface) can only be achieved by temporarily storing passwords on Wuala’s servers. Most users will likely find this small security compromise easily worth it for the ability to sync data across devices, and the problem is ameliorated by the fact that files are uploaded in segments to different servers, making it difficult (in theory) to identify which segments belong to which user. Once a session has finished, all passwords are deleted.
A potentially more worrying issue is that Wuala uses convergent encryption to prevent cross-user duplication. This means that data keys are derived from the file contents, which leaves data vulnerable to ‘confirmation of a file’ and ‘learn the remaining information’ attacks’ (see here for more details). Using random salt during the hashing process would negate this danger, but that would also reduce its usefulness for de-duplicating files.
In fairness, this is a danger only under very limited circumstances (such as storing a book banned by a repressive and technologically powerful country that has access to the backup server), although it could theoretically be used to identify users of who upload pirated material etc. if the ‘fingerprint’ of that material is known.
Of course, the elephant in the room is that Wuala uses proprietary software, so although based in Switzerland, the Edward Snowden’s of this world should avoid the service, as users must just trust it to do as it says.
Wuala provides a detailed while paper on its CryptTree client-side key management system, and a more general review of the service can be found on Best Backups.com.
Like Wuala, Tresorit is based in Switzerland, and therefore users’ benefit from that country’s strong data protection laws. Also like Wuala, Tresorit provides client side encryption, although a kink is that users’ data is stored on Microsoft Windows Azure servers. Given widespread distrust of all things US, this is a somewhat odd choice, but as client-side encryption ensures the cryptographic keys are kept with the user at all times, this should not be a problem.
However, the fact that Tresorit uses proprietary software means there is no way to verify that keys are not passed on to a third party (although again, the fact that Tresorit is based in Switzerland gives us some confidence that this is not the case). On the plus side, Tresorit does not attempt to save storage space by using convergent encryption.
The security procedures and encryption used appear to be robust. Although we are unable to unearth the details, the fact that Tresorit supplies web access and mobile apps (iOS, Android and Blackberry 10) is likely to have slight security implications, but for most this minimal trade off for convenience will be of little concern.
Interestingly, Tresorit offers a Hacker Challenge, offering a $50,000 prize to anyone who can compromise its security. So far ‘no one has succeeded despite attempts by hundreds including MIT, Stanford, Caltech, and Harvard’.
RSA-2048 key generated for each account, salted and MD5/MD6 hashed
Separate 256-bit AES key produced for each ‘Space’ (folder)
Files stored using 256-bit AES in CBC mode
Although this German cloud backup and file synchronisation service is primarily aimed at businesses, it does offer free and low cost personal accounts. TeamDrive uses proprietary software, but it has been certified by the Independent Regional Centre for Data Protection of Schleswig-Holstein.
Data is stored on third party servers (e.g. all data belonging to European users is stored on Amazon S3 servers in Ireland), but as long as TeamDrive does not hold users’ encryption keys, this is not much of a worry. TeamDrive’s website allows basic account management but not space manipulation, which prevents users from sending their account keys to TeamDrive’s servers
As with all such services, logging in through the website introduces some security risks (your password is sent in plaintext over HTTPS, then salted and hashed on TeamDrive’s servers). It is therefore advisable to stick with using the (closed source) client.
Keys encrypted with ‘256-bit AES, using a key created from your password by the key derivation/strengthening algorithm PBKDF2 (using sha256) with a minimum of 16384 rounds, and 32 bytes of random salt
HMAC-SHA256 file authentication
Each account also has 3072-bit RSA key pair, which SpiderOak hopes to use in the future for multi-user private collaborative and sharing features
Despite being US based and using closed source software, SpiderOak has successfully positioned itself at the forefront of the end-to-end-encrypted data backup market. While these factors mean that anyone who is worried about the NSA should run a mile, SpiderOak should otherwise be commended for its dedication to security (note that an article by Wired throws some doubts on SpiderOak’s security methodology, but as it includes it number of factual errors e.g. Dropbox does use encryption, we are uncertain of the article’s veracity).
As with Wuala (and presumably Tresorit), logging in through SpiderOak’s web interface or mobile apps (iOS & Android) means temporarily handing your password over to SpiderOak’s severs for authentication (and SpiderOak does not use Wuala’s file-splitting technique to reduce this problem). SpiderOak at least has the decency to flag this up as an issue, and as the software is closed source, you are putting a fair bit of trust in SpiderOak anyway, so it is probably not worth worrying too much about.
It should be noted that SpiderOak has open-sourced some its software tools, but its core code remains closed.
For all but the most paranoid user, all the above services provide very secure end-to-end encrypted backup of your precious data. Unless you have strong reasons for needing ultra-secure backup, the ease of use and convenience of web management and being able to effortlessly share and synchronize files across devices will likely outweigh the security limitations of the likes of Wuala and SpiderOak (although SpiderOak should be avoided by the NSA conscious).
Those wanting top-notch privacy, however, should stick with open source solutions – which leaves only Cyphertite (or one of the alternatives mentioned below).
OwnCloud is an open-source platform that allows you to build your own cloud backup and file sharing service (and which includes mobile apps). Encryption is performed server-side (i.e. it is not end-to-end), but as you own the server, this does not really matter. Encryption details are available here (basically 128-bit AES, secured with an asymmetric 4096-bit strong key-pair).
We may write a detailed guide to hosting your own cloud storage service using OwnCloud in the future.
Tarsnap is a very secure (see here for details) online backup service that uses open source end-to-end encryption, with encrypted data being stored on Amazon S3 servers. The snag is that Tarsnap is only available for UNIX-like systems such as for BSD, Linux, OS X, Minix, OpenIndiana, and Cygwin, and it relies on a command line interface. As such, we do not consider it suitable consumer level competition for the services listed above, but it is very worthy of consideration by technically competent users with high security needs.