privacyguides.org/docs/cloud.md
redoomed1 905ace5334
update: Add Picocrypt audit (#2781)
Signed-off-by: kimg45 <138676274+kimg45@users.noreply.github.com>
Signed-off-by: Freddy <freddy@privacyguides.org>
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
2024-10-24 15:25:19 +10:30

9.6 KiB
Raw Blame History

meta_title title icon description cover
The Best Private and Secure Cloud Storage Providers - Privacy Guides Cloud Storage material/file-cloud Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! cloud.webp

Protects against the following threat(s):

Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure E2EE.

If these alternatives do not fit your needs, we suggest you look into using encryption software like Cryptomator with another cloud provider. Using Cryptomator in conjunction with any cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients.

Looking for Nextcloud?

Nextcloud is still a recommended tool for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do not recommend Nextcloud's built-in E2EE functionality for home users.

Proton Drive

Proton Drive logo{ align=right }

Proton Drive is an encrypted cloud storage provider from the popular encrypted email provider Proton Mail. The initial free storage is limited to 2GB, but with the completion of certain steps, additional storage can be obtained up to 5GB.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

The Proton Drive web application has been independently audited by Securitum in 2021.

Proton Drive's brand new mobile clients have not yet been publicly audited by a third party.

Tresorit

Tresorit logo{ align=right }

Tresorit is a Swiss-Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" }

Downloads

Tresorit has received a number of independent security audits:

  • 2022: ISO/IEC 27001:20131 Compliance Certification by TÜV Rheinland InterCert Kft
  • 2021: Penetration Testing by Computest
    • This review assessed the security of the Tresorit web client, Android app, Windows app, and associated infrastructure.
    • Computest discovered two vulnerabilities which have been resolved.
  • 2019: Penetration Testing by Ernst & Young.
    • This review analyzed the full source code of Tresorit and validated that the implementation matches the concepts described in Tresorit's white paper.
    • Ernst & Young additionally tested the web, mobile, and desktop clients: "Test results found no deviation from Tresorits data confidentiality claims."

They have also received the Digital Trust Label, a certification from the Swiss Digital Initiative which requires passing 35 criteria related to security, privacy, and reliability.

Peergos

Peergos logo{ align=right }

Peergos is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant end-to-end encryption and ensures all data about your files remains private. It is built on top of IPFS (InterPlanetary File System), a peer-to-peer architecture that protects against :material-close-outline: Censorship{ .pg-blue-gray }.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server which negates the need to register for a remote account and subscription. The Peergos server is a .jar file, which means the Java 17+ Runtime Environment (OpenJDK download) should be installed on your machine to get it working.

Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.

Peergos was audited by Cure53 in June 2019, and all found issues were subsequently fixed.

An Android app is not available but it is in the works. The current workaround is to use the mobile PWA instead.

Criteria

Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.

Minimum Requirements

  • Must enforce end-to-end encryption.
  • Must offer a free plan or trial period for testing.
  • Must support TOTP or FIDO2 multi-factor authentication, or passkey logins.
  • Must offer a web interface which supports basic file management functionality.
  • Must allow for easy exports of all files/documents.

Best-Case

Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.

  • Clients should be open source.
  • Clients should be audited in their entirety by an independent third-party.
  • Should offer native clients for Linux, Android, Windows, macOS, and iOS.
    • These clients should integrate with native OS tools for cloud storage providers, such as Files app integration on iOS, or DocumentsProvider functionality on Android.
  • Should support easy file-sharing with other users.
  • Should offer at least basic file preview and editing functionality on the web interface.

  1. ISO/IEC 27001:2013 compliance relates to the company's information security management system and covers the sales, development, maintenance and support of their cloud services. ↩︎