5 most secure backup services

Disclosure: compensated affiliate: click here for more information

Update 22 June 2015: We have  received the following email:

‘Dear Cyphertite User,

It is with a heavy heart that I am announcing the coming closure of the Cyphertite online backup service in 2 months’ time, on August 18th, 2015.

Due to limited interest in Cyphertite, we were not able to generate enough revenue to justify continuing to operate the service. In an attempt to make transition away from using the Cyphertite service less painful for existing users, we are giving a 2 month notice that the service is ending.’

This is big shame, as Cyphertite is the only open source cloud backup solution around (and hence why it is our number one pick.) We will update this article  soon to reflect this change.

With the increasing availability of ever faster broadband and cheap storage, the appeal of backing up data to the cloud grows, and cloud storage and backup services are now big business, with companies such as Dropbox and Carbonite becoming household names (not to mention companies such as Google (Drive), Apple (iCloud) and Microsoft (SkyDrive) being keen to get in on the act).

The problem, particularly in these post-Snowden days where we are all too aware of the multitudinous threats to our privacy, is that although data is sent and stored encrypted when using these (and many other similar) services, encryption is performed server-side (i.e. files are encrypted on the company’s computers, not your own) and the encryption keys are held by the cloud company.

This means that if issued with a warrant or otherwise pushed by the authorities, the company can (and despite what it may say, almost certainly will – Lavabit being the exception which proves the rule) hand over the keys so your data can be decrypted.

Therefore, if security is important to you, strong end-to-end client-side encryption is absolutely vital, where you generate the encryption keys on your own computer, and they are never passed on to any third party storage company.

Unfortunately, while a growing number of cloud backup services are offering client-side encryption (at least as an option), only one that we know of, Cyphertite, uses open source software to perform this encryption.

This is important, because if the source code is propriety/closed, then there is no way to independently vet the software to ensure it is doing only what the company says it is (there is no way of knowing, for example, if the software is in fact passing your passwords on to the cloud storage company, or even directly on to the NSA).

For most people this may not be a massive concern, but those who want top-notch security are strongly advised to encrypt their data first, before sending off to the cloud. However, not only is this inconvenient, and we have heard reports of usability issues, but the once-trusted tool of choice to perform such client-side encryption, TrueCrypt, has become mired in controversy, the long and short of which is that it can no longer be trusted.

This is a problem compounded by the fact that no real open source and mature alternatives to TrueCrypt exist (although EncFS may provide a partial solution).

A consideration with any service that uses client-side encryption and claims to be ‘zero knowledge’, is that (at least in theory) responsibility for your encryption keys remains entirely yours. If you lose your keys, then the backup company has no way to retrieve your data. Consider yourself warned.

Note that the list of 5 best secure backup services below is based purely on our assessment of their security measures, and not on other important factors such as usability, features, cross-platform support, file transfer speeds, etc. More information on these factors can be found in reviews elsewhere, including on our sister website, Best


Rank Provider Starting price Review Link


Cyphertite logo $10/mo
8GB free
Read Review >
Visit Site


Wuala logo $0.99/mo 6.8
Read Review >
Visit Site


Tresorit logo $9.99/mo
5GB free
Read Review >
Visit Site


TeamDrive logo $5.99/mo
2GB free
Read Review >
Visit Site


SpiderOak $10/mo
2GB free
Read Review >
Visit Site
Editor’s Choice

Winner – Cyphertite

Cyphertite logo

  • Open source: yes
  • Client side encryption: yes
  • Data protected by ‘Secret File’, generated using 2x 256-bit AES_XTS keys, 1024-bits of random data (‘ salt’), a round count for PBKDF2, and a checksum for the rest of the data (using SHA-256)
  • ‘Secret file’ protected by a ‘secret passphrase’, 1024-bit salt, a round count of 156,000, and decrypted using PBKDF2
  • Based: United States

When it comes to security Cyphertite is the hands-down winner, on account of it being the only cloud backup service we know of to use open source client side encryption (except Tarsnap which discuss at the end of this article). This encryption is very good, and Cyphertite has an excellent white paper which explains the Cryptography used in great detail.

Cyphertite is a backup-only service (no file sharing), and there are no mobile apps for it. It is perhaps not a program for the casual user, but those willing to take the time to learn how to use it should find the service works well, and most importantly, it is easily the most secure (third party) backup service we have looked at.

We generally do not trust services based in the US because they can be easily coerced into handing over encryption keys, but the fact that Cyphertite uses open source software and has prioritized security from the ground up when designing its system, gives a great deal on confidence in its robustness.

For Cyphertite’s other features, check out the Best review.

» Visit Cyphertite

2. Wuala

Wuala logo

  • Open source: no
  • Client side encryption: yes
  • 256-bit AES encryption
  • 2048-bit data authentication and key exchange when sharing folders
  • SHA-256 hash authentication
  • Uses convergent encryption (a negative)
  • Based: Switzerland, uses own servers in Switzerland, Germany and France.

Wuala is based in Switzerland, which while not a part of the EU, has some very strong data protection laws, e.g. the Swiss Federal Data Protection Act (DPA), and Swiss Federal Data Protection Ordinance (DPO).

Although support for mobile devices is very convenient, this (and remote access though its web interface) can only be achieved by temporarily storing passwords on Wuala’s servers. Most users will likely find this small security compromise easily worth it for the ability to sync data across devices, and the problem is ameliorated by the fact that files are uploaded in segments to different servers, making it difficult (in theory) to identify which segments belong to which user. Once a session has finished, all passwords are deleted.

A potentially more worrying issue is that Wuala uses convergent encryption to prevent cross-user duplication. This means that data keys are derived from the file contents, which leaves data vulnerable to ‘confirmation of a file’ and ‘learn the remaining information’ attacks’ (see here for more details). Using random salt during the hashing process would negate this danger, but that would also reduce its usefulness for de-duplicating files.

In fairness, this is a danger only under very limited circumstances (such as storing a book banned by a repressive and technologically powerful country that has access to the backup server), although it could theoretically be used to identify users of who upload pirated material etc. if the ‘fingerprint’ of that material is known.

Of course, the elephant in the room is that Wuala uses proprietary software, so although based in Switzerland, the Edward Snowden’s of this world should avoid the service, as users must just trust it to do as it says.

Wuala provides a detailed while paper on its CryptTree client-side key management system, and a more general review of the service can be found on Best

» Visit Wuala

3. Tresorit

tresorit logo

  • Open Source: no
  • Client side encryption: yes
  • Files encrypted with 256-bit AES
  • Keys encrypted with 4092-bit RSA
  • SHA-256, SHA-384 and SHA-512 hash authentication
  • Based: Switzerland

Like Wuala, Tresorit is based in Switzerland, and therefore users’ benefit from that country’s strong data protection laws. Also like Wuala, Tresorit provides client side encryption, although a kink is that users’ data is stored on Microsoft Windows Azure servers. Given widespread distrust of all things US, this is a somewhat odd choice, but as client-side encryption ensures the cryptographic keys are kept with the user at all times, this should not be a problem.

However, the fact that Tresorit uses proprietary software means there is no way to verify that keys are not passed on to a third party (although again, the fact that Tresorit is based in Switzerland gives us some confidence that this is not the case). On the plus side, Tresorit does not attempt to save storage space by using convergent encryption.

The security procedures and encryption used appear to be robust. Although we are unable to unearth the details, the fact that Tresorit supplies web access and mobile apps (iOS, Android and Blackberry 10) is likely to have slight security implications, but for most this minimal trade off for convenience will be of little concern.

Interestingly, Tresorit offers a Hacker Challenge, offering a $50,000 prize to anyone who can compromise its security. So far ‘no one has succeeded despite attempts by hundreds including MIT, Stanford, Caltech, and Harvard’.

» Visit Tresorit

4. TeamDrive (version 3)

TeamDrive logo

  • Open Source: no
  • Client side encryption: yes
  • RSA-2048 key generated for each account, salted and MD5/MD6 hashed
  • Separate 256-bit AES key produced for each ‘Space’ (folder)
  • Files stored using 256-bit AES in CBC mode

Although this German cloud backup and file synchronisation service is primarily aimed at businesses, it does offer free and low cost personal accounts. TeamDrive uses proprietary software, but it has been certified by the Independent Regional Centre for Data Protection of Schleswig-Holstein.

Data is stored on third party servers (e.g. all data belonging to European users is stored on Amazon S3 servers in Ireland), but as long as TeamDrive does not hold users’ encryption keys, this is not much of a worry. TeamDrive’s website allows basic account management but not space manipulation, which prevents users from sending their account keys to TeamDrive’s servers

As with all such services, logging in through the website introduces some security risks (your password is sent in plaintext over HTTPS, then salted and hashed on TeamDrive’s servers). It is therefore advisable to stick with using the (closed source) client.

» Visit TeamDrive

5. SpiderOak


  • Open Source: no
  • Client side encryption: yes
  • Files encrypted with 256-bit AES in CFB mode
  • Keys encrypted with ‘256-bit AES, using a key created from your password by the key derivation/strengthening algorithm PBKDF2 (using sha256) with a minimum of 16384 rounds, and 32 bytes of random salt
  • HMAC-SHA256 file authentication
  • Each account also has 3072-bit RSA key pair, which SpiderOak hopes to use in the future for multi-user private collaborative and sharing features

Despite being US based and using closed source software, SpiderOak has successfully positioned itself at the forefront of the end-to-end-encrypted data backup market. While these factors mean that anyone who is worried about the NSA should run a mile, SpiderOak should otherwise be commended for its dedication to security (note that an article by Wired throws some doubts on SpiderOak’s security methodology, but as it includes it number of factual errors e.g. Dropbox does use encryption, we are uncertain of the article’s veracity).

As with Wuala (and presumably Tresorit), logging in through SpiderOak’s web interface or mobile apps (iOS & Android) means temporarily handing your password over to SpiderOak’s severs for authentication (and SpiderOak does not use Wuala’s file-splitting technique to reduce this problem). SpiderOak at least has the decency to flag this up as an issue, and as the software is closed source, you are putting a fair bit of trust in SpiderOak anyway, so it is probably not worth worrying too much about.

It should be noted that SpiderOak has open-sourced some its software tools, but its core code remains closed.

Now go check out Best’s SpiderOak review!

» Visit SpiderOak


For all but the most paranoid user, all the above services provide very secure end-to-end encrypted backup of your precious data. Unless you have strong reasons for needing ultra-secure backup, the ease of use and convenience of web management and being able to effortlessly share and synchronize files across devices will likely outweigh the security limitations of the likes of Wuala and SpiderOak (although SpiderOak should be avoided by the NSA conscious).

Those wanting top-notch privacy, however, should stick with open source solutions – which leaves only Cyphertite (or one of the alternatives mentioned below).

Alternatives Solutions

Self-host using OwnCloud

OwnCloud is an open-source platform that allows you to build your own cloud backup and file sharing service (and which includes mobile apps). Encryption is performed server-side (i.e. it is not end-to-end), but as you own the server, this does not really matter. Encryption details are available here (basically 128-bit AES, secured with an asymmetric 4096-bit strong key-pair).

We may write a detailed guide to hosting your own cloud storage service using OwnCloud in the future.


Tarsnap is a very secure (see here for details) online backup service that uses open source end-to-end encryption, with encrypted data being stored on Amazon S3 servers. The snag is that Tarsnap is only available for UNIX-like systems such as for BSD, Linux, OS X, Minix, OpenIndiana, and Cygwin, and it relies on a command line interface. As such, we do not consider it suitable consumer level competition for the services listed above, but it is very worthy of consideration by technically competent users with high security needs.


Rank Provider Starting price Review Link


Cyphertite logo $10/mo
8GB free
Read Review >
Visit Site


Wuala logo $0.99/mo 6.8
Read Review >
Visit Site


Tresorit logo $9.99/mo
Read Review >
Visit Site


TeamDrive logo $5.99/mo
Read Review >
Visit Site


SpiderOak $10/mo
2GB free
Read Review >
Visit Site

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage


28 responses to “5 most secure backup services

  1. Hi Doug

    I will probably replicate the NAS on another one, that will be stored at another place.
    Thank you for pointing out Veracrypt however, I will check this and may then replicate the NAS on a cloud.
    Using Nedrive makes it possible to access the NAS as a network mounted drive on computers when you don’t want to have a sync folder.
    I will also check Boxcryptor in combination with a NAS.

    1. Hi
      In response to id, it is possible to store the keys of Boxcryptor in a local file. The solution that I may use and am testing:
      – use a Synology NAS to replicate local folders on the NAS
      – possibly use Boxcryptor before the sync with the Synology NAS to sync the crypted files
      – it is possible to use crypted folders on the NAs and I need to check this (and the possibility to mount such cyrpted drives)
      – replicate (or synchronize) the NAS either on another NAS on another location (getting the 3 and 1 from the 3-2-1 theory), or on a cloud service, potentially further using the encryption that is offered by Synology (through DSM 5.2 with CloudSync) (although this may not be needed with files already crypted by Boxcryptor).
      I don’t see the need to overcrypt, so will chose what to use.
      However, it is a pain that Wuala closes.

      1. Boxcryptor 2.0. The key is created on a server and then downloaded to the local Computer. Key password is used to log in to your account on the site. This raises doubts about security.
        Boxcryptor Classic. The above problems, such as missing. But this version is no longer updated. Also it does not support synchronization.

        Wuala Before I used about the same as the NAS. But faced with two problems:
        – Several times the electricity was lost and I could not turn on a server remotely.
        – The server did not provide a remote backup because it was near the main computing system.

        If I use encrypted container (I have about 10 gigabytes) I’m not sure that it will normally be synchronized with the cloud / NAS and mounted on a mobile device on a slow Internet. Maybe someone tried?

        The Synology NAS encrypted folder will not be available through NFS (Network File System – Network File System).
        You may be useful review of several NAS, if you can translate the text: encryption performance nas

  2. I am also not very satisfied by these solutions.

    I am thinking of setting up a NAS, and using it either with the self-synchronization software, or with opendrive.

    Still looking at these matters.

    1. Hi Onurb,

      Setting up a NAS is a very good idea, but following the 3-2-1 theory of data backup you should also consider a cloud backup solution. If you are not happy with using a third party provider, you might want to consider encrypting the data yourself using in a VeraCrypt container, which you can then store safely on any cloud server (no matter how insecure it is (e.g. Dropbox).

    1. Hi
      I left 4 candidates to replace wuala:
      opendrive, bitcasa, confidesk (+ good email service), boxcryptor.

      Opendrive encryption can be tasted only in the paid version. If others do not fit, then I paid for one month to test. To start looking pretty good. But how encryption works …

      1. In bitcasa questionable safety. It allows you to recover your password via the website. Does not fit.
        I remain 3 service. (all of the above is also analyzed before). Or is there more suggestions?

          1. opendrive – slow loading of files, synchronization schedule.
            confidesk – unstable work, there is no synchronization.
            boxcryptor – holds the key to the server.
            pcloud – also I found even bought encryption. But the encrypted folder does not support synchronization. I tried to chat with support, but support is very tight and did not understand what she sells. Why is there no synchronization, I have not received clear answers. Some answers conflict with other answers. They have a pleasant and fast software but not open source. They promise in the near future access through a browser, but I was not happy, there may be a lot of problems for security.
            As a result, I have not found a good analogy Wuala.

  3. Do you have any information about SecureSafe? It seems to be the top in terms of security, but it feels strange that it is used by banks… and I could not find much information about how it actually works.
    I have been using Wuala for some time now and was very happy with it. Too bad they are quitting the service!

    1. Hi Barbara,

      SecureSafe is closed source, and as a cloud-based solution generates and keeps users’ encryption keys (i.e. no end-to-end encryption). Complete fail as far as we are concerned!

  4. Hi
    Wuala just closed yesterday (actually end of service will be on November 15, 2015).
    Have you tried, which also seems a nice alternative.

    What I like is the presence of a folder like in DropBox which is sync with the cloud server. Wuala had this feature, and it seems that Tresorit doesn’t have it.

    1. Hi Alex
      Thanks for the feedback, we are aware of this. We will look into – thanks for recommending them.

    2. I’m testing many secure/sharing services and I can’t find that feature like Wuala.
      “file system integration” option was hiding the Wuala space and all files if not logged in the app. That is a great security option.
      Tresorit support told me that we can always deselect the “sync” in the folders from the Tresorit app.
      In this way I can use only the app to share them.
      However, if I want to open a file I still have to download it from the app to my computer.
      With Wuala is possible to open the file directly from the app.
      Tested so far: Tresorit, SpiderOak, TeamDrive, None of them have this feature.
      Anyone has any suggestion?

      1. I passed this over to Ben, our resident expert on cloud systems, who responded ‘I’m not sure to be honest, and Wuala is closing down in a couple of months. Dropbox you could always opt to not download the app and as far as I know you can view files straight from the website.’

      2. I fully agree with Paolo.

        Wuala was great because of the “file system integration” which made it possible to work directly on the cloud folder without sync anything on the computer (it made it possible not to “use” some disk space on the computer when you have large folders in the cloud).
        When the application was closed or disconnected, the cloud files weren’t available anymore.
        This is really a feature that I will miss.

        + wuala made it possible to sync (or backup) any folder on your computer without the need to move it to a “sync” folder. You just had to create a new sync in the app and designate the folder which had to be synchronized.
        The other services don’t seem to be as flexible.

  5. Hi, mail from Wuala 🙁 wtf?

    Today we are announcing plans to discontinue Wuala secure cloud storage service. Please note the following important dates:

    17 August 2015 No further renewals or purchase of storage
    30 September 2015 Wuala service will transition to read-only
    15 November 2015 Wuala service terminates and all data stored in the Wuala cloud will be deleted

    1. Hi Jon,

      Yes. We just received this email:

      ‘Dear Cyphertite User,

      It is with a heavy heart that I am announcing the coming closure of the
      Cyphertite online backup service in 2 months’ time, on August 18th,

      Due to limited interest in Cyphertite, we were not able to generate
      enough revenue to justify continuing to operate the service. In an
      attempt to make transition away from using the Cyphertite service less
      painful for existing users, we are giving a 2 month notice that the
      service is ending.’

      This is big shame, as Cyphertite is the only open source cloud backup solution.

  6. you may give a look into basefolder, It is another secure storage which i have come across, in basefolder users can store their files on home computer and can access it from anywhere. basefolder provides optional cloud storage too. It is a “freeware”.

  7. Be very careful with Tresorit. After downgrading I was charged again, they answered I´d have my money back but they charged again the next month with a plan that I didn´t have ask for. After many mails to the support service…. no answer. Be very careful with them if you don´t want to be tricked.

  8. You may want to have a look at Duplicati sometime. It offers client-side encryption before sending your data to an online storage site of your choice, offers incremental and complete backups etc. I think it is open source.

    That said, it is not a fully featured “backup” system.

Leave a Reply

Your email address will not be published. Required fields are marked *