Cloud & Privacy: Boxcryptor

Abandon privacy all ye who enter the cloud” is something that should be engraved over the entrance of most, if not all, cloud services.

At least this is what it feels like to me, having to relinquish all notion of privacy and intimacy knowing my files will be analysed—some cloud providers being more invasive than other in that regard. 

I’ll gladly open all my files and folders to any legit authority asking me to do so, provided they have a reason and the right to ask. But I don’t want anyone else accessing my files–be it on purpose, in order to offer me some service, or because of a security breach–to be able to read them.

I don’t want anyone to discover that I’m the author hiding behind the pen name of dear « Dulcinea Von Liebe, Duchess of Hot Steamy Romance ». I don’t want anyone or any algorithm to be able to read my medical documents, or to see the pictures of my cat. That’s none of their business. That’s, you know private. And that’s not the reason why I decided to use cloud to store my files.

The obvious solution would be to not use the cloud at all. Problem solved, thx for reading, bye. Save that I want to use the cloud: it’s a great tool. It’s just the lack of a stricter legislation that makes it such this Wild West and this Eldorado for those companies, giving them free rein over our data.

Enters Boxcryptor. 

Boxcryptor

In a nutshell, Boxcryptor is a service that will sit between your files, on your computer, and your cloud provider–they claim to work with most if not all cloud services–and they will encrypt your files before syncing them with your cloud.

It’s available for Mac, Windows, iOS and Android.

What’s great with Boxcryptor is that it’s invisible. Once installed, you can keep using whatever cloud you fancy and access your files like you’d normally do. Beside an occasional speed hit, you won’t notice any change.

Remember the first screenshot in this article? Here is what the same files would normally look like when accessed through Boxcryptor:

The only noticeable change in your workflow is that you must always access your files through Boxcryptor’s virtual drive, not directly from the cloud app itself. Why? Because if you don’t, you’ll access your encrypted files–see first screenshot–and you won’t be able to do much with those.

On a Mac it means that instead of opening the Finder in OneDrive->My Folder->My File, I now open it in Boxcryptor->OneDrive->My Folder->My File.

As you can see, it’s a tiny change. For the rest, you’ll be able to open, edit, share, copy, delete all your files and so on, as long as you remember to access them from Boxcryptor and not from your cloud directly.

Is it really secure?

I’m no expert, but they use strong encryption and, unlike all cloud service providers, they don’t own your private key: only you have it.

Technically, as far as I can understand, what you are the only one to own is the password used to connect (once) to your Boxcryptor account, not the key itself. But don’t quote me on that. The thing is that without this password, no one can read your files–so, do not loose it, there is no recovery.

Can the NSA bypass it? No idea, but for me it’s more about keeping private companies at large than fighting the NSA (hi, guys).

No cons?

Sure.

I already mentioned the occasional speed hit. For no apparent reason the Finder, as the File Explorer on Windows, will sometime slow down. I can live with that.

Boxcryptor being some kind of virtual drive on your computer, doesn’t always play nice with other apps but nothing dramatic either, just occasional hiccups.

Some apps & services don’t like that privacy layer. Using Boxcryptor you’ll loose access to some options, like say automated versioning and auto-save in Microsoft Office 365/OneDrive. So, use the free version of Boxcryptor to check you can still access everything you need, before committing.

Always check every file has completely been synced before reopening it. I learned it the hard way with Calibre’s metadata and library, as I store my ebook library in the cloud–which is strongly advised not to do so it’s neither Calibre’s or Boxcryptor’s fault here.

Help could be better: simpler and more detailed. That said, coupled with their support forum you should find all you need to know.

There is an iOS version too, which is great, but its UI is lacklustre.

The initial setup can be tricky. I mean, it’s simple but it still is geeky and many options make little sense if you don’t take time to read the online help.
Here are the key steps you must follow to avoid any surprise:

  1. Check you’ve already configured and synced all the cloud services you want to use on your computer: Boxcryptor comes in a free tier (allowing one cloud only, and sync up to two devices) and a paid one (as many cloud and devices as you want, and a few other benefits).
  2. Install Boxcryptor, login.
  3. In its Preferences, check that Boxcryptor has correctly identified your cloud service, then click the link button for each one: Boxcryptor needs to access your cloud files.
  4. Finally, tell Boxcryptor what folder to encrypt. Do not encrypt the root folder of your cloud service, use a dedicated folder, or multiple ones.
  5. It will copy the folder to encrypt (to avoid conflicts with your files on the cloud) and add an «_encrypted » extension to it. Don’t touch it while it’s doing its stuff. When it’s done encrypting, you can remove this extension.
  6. Let it encrypt your files and let your cloud sync all changes back before you start working with your files again. Here again, it will prevent any conflict.
  7. One last suggestion, though: if you use Boxcryptor’s paid version you’ll have the ability to encrypt file names too (not only their content). If you plan to use that option, activate it before you start encrypting any file or folder, otherwise Boxcryptor will have to process them once again, and sync them back to your cloud.
    Go to the Preferences and in the Security tab, check Enable Filename Encryption.

Having to pay for something that should come as a default with any cloud storage? Sure, it’s a pain. Alas, a stricter respect of online privacy is not something I see coming anytime soon: there is too much money involved in mining our data, preferences and habits. And there are so few politicians willing to push legislations forcing companies to respect our privacy. So, unless you have a better solution…

Free or paid version?

The free version works exactly like the paid one, but will only let you use one cloud service (unlimited, with the paid tier) and sync up to two devices (vs unlimited), and you won’t be able to encrypt file names, only their content.

That last bit is an obvious weakness in protecting your privacy, as it’s much harder to just guess what is in a file named “怐濗搎戬晌沝涞汀䀤” than, say “Secret Plan to Conquer the World.docx”.

The paid version is €36/year.

It’s up to you to decide what a better privacy is worth to you. There is no question for me, if only for the peace of mind it gives me to know that even if some hacker could access my cloud storage (s)he won’t be able to read my files that easily.

Boxcryptor

My Must Have Dark Mode Friendly Apps

My eyesight being what it is, I’m now almost to the point where I can not read a bright screen anymore: it’s really painful on the eyes. Everything is much easier when the screen is dark. So, no surprise, I welcomed Mojave’s Dark Mode as a blessing–a perfectible one, though.

Here is the list of the apps and utilities that help me to take full advantage of this. There are many more, but those are the one I use the most.

Continue reading “My Must Have Dark Mode Friendly Apps”