Prevent a rainy day disaster by using Cloud services for backup
These days it seems that all the online services are offering online storage space. Recently, prices have been dropping across the board with Google Drive, Dropbox, Microsoft and others slashing prices to encourage users to move services to them.
Dropbox, one of the first online storage services, now offers 1TB of storage for $10 a month, however this has been undercut by services such as Hubic (offering 25GB for free, 100GB for €1 a month or 10TB for €5 a month). With all that storage space, it's easy to upload as much data as you want - which in turn makes it easy to backup data to the cloud offsite, if that's what you want. In doing so, though, you no longer have total control over the data and it could potentially be viewed by others that shouldn't have access to your files. Data can be encrypted during transit, and services state that they encrypt the data on their servers, but there are unseen factors - if an employee was to turn rogue, for example, or a system be hacked - that could see usernames and passwords stolen, or data accessed.
As Edward Snowden has shown us all with his leaking of NSA files on US Government spying, and with our own new government already discussing implementing a so-called 'snooper's charter' again, it's not just hackers that might access your data. Certain agencies appear to have the capability to trawl files at will - Google states that it scans files, Dropbox allow files that are the same as ones in someone else's account to be uploaded instantly (i.e. they store a single copy) and Microsoft have banned users for uploading images that they deemed broke their terms of service, which de facto means they're taking a look at them.
However, if you upload data to the services already encrypted, then the services cannot view the data that you've uploaded and it's much more secure against prying eyes. Doing so means you can use whatever service you want to use without fearing for the safety of your data (in terms of data security). If you hold the encryption keys, theoretically, no one can view the data other than you.
So how can you upload the data to these services encrypted? And how can you keep your computer backed up to the cloud using these free services? This article explains a range of options.
Services
There are a few programs that will allow you to upload to different data services after the data has been encrypted locally. These apps may not require that the services own backup/sync program is installed, and therefore you can often backup to multiple services with just one backup app. For example, Arq does not require the OneDrive program to be installed for it to backup to OneDrive. It also backs up to Dropbox and Google Drive without requiring them to be installed, and therefore you can use one program to backup to multiple services without having each services own programs installed.
Note that, in most instances, if you lose the encryption key you will also lose access to your files - so make sure you keep a (secure) backup of your passwords.
Arq ($40)
www.arqbackup.com
Arq has been around for the Mac since 2009. It was created initially to backup encrypt data and backup offsite using Amazon S3. Since then, it's been updated to send data to Amazon Glacier, Google Drive, Google Nearline, SFTP servers, OneDrive and Dropbox. It's also recently released a Windows version, but unfortunately there is no Linux support.
Arq encrypts and compresses all data locally before it uploads it to the service you choose. Data is also compressed, and you can select any folder you want to backup on you computer or NAS drive. Each service can be backed up with a different password as well, so you don't have to repeat the password for each one. For those that are familiar with Apple's Time Machine, the program works in a similar way - by default it runs every hour and uploads changes to the files. It doesn't delete any files that you've uploaded it unless you tell it to.
Arq costs $40 for a software license (for an additional $20, you can get a lifetime upgrade version), but with one license you can upload to multiple services. These services will cost extra, but it does allow you some flexibility as to what service you use - bearing in mind that Dropbox gives 50GB for a Samsung phone purchase, Google give 100GB with every Chromebook purchase and Microsoft give Unlimited storage with Office 365 subscriptions.
Setup is easy - once the program is installed, Arq lets you choose the account you want to sign into on first starting. This will then let you select a passphrase for your encrypted backups to that service and if you're using Google Drive, you can opt to hide the files you upload to the service so they're not visible when you browse the website of the service online (this is specifically a Google Drive feature, as it can hide Android uploads etc. within the hidden area that you can't edit directly). This is handy as it can prevent you from editing the files within the backup folder, which would cause issues with backups and recovery.
Once the setup is done, you choose the folders to upload; these can be any folder you want on your system, including NAS files. Selective upload can be achieved by either selecting each file and folder individually or by using the filter to filter out files by name or extension. The software then compresses and encrypts the data and sends it to the server.
Boxcryptor (Free/$48 a year)
www.boxcryptor.com
Boxcryptor takes a different approach to that of Arq. It requires each service you want to backup or sync with to be downloaded and be running on your computer. It then creates a virtual drive on your computer that encrypts all data you move into this folder. This means that only the encrypted data is uploaded to the service you're using. As the service creates a virtual drive on your computer, you can use it with any backup or sync service you want that can run on your system. To backup your data already on your machine, you have to move into the Boxcryptor drive.
The data is stored on your local device (as well as the offsite service) as encrypted data. It is only by accessing the data though the virtual drive that you can access the unencrypted data itself. This can potentially cause issues with other backup programs, like Time Machine, that would backup the encrypted data. You would need to point the backup program to the unencrypted drive, rather than the Dropbox/Drive folder.
Boxcryptor operates a freemium model. That is, the software works on two devices for free (say, a computer and a tablet application) and you can use a single web service (such as Dropbox), but if you want unlimited installs and to use more than one service, you would need to move for the subscription based service. This currently costs $48 a year, but allows allows you to share files with others using the links - and to encrypt the filenames of the files for extra discretion - along with unlimited installs and unlimited services.
Boxcryptor doesn't upload or download any data itself. It relies on the service you're using to do that. The files you put into Boxcryptor remain the same size the service itself will deal with how the file is uploaded and downloaded when the file is changed.
Unlike the others mentioned in this review (other than Crashplan and Spideroak), Boxcryptor is the only one that has a mobile app, for both Android and iPhone. This means that you can download and access your encrypted files on the go if needed. This can be handy if you need to sync files between devices or even just access a backed up file on the go.
Duplicati (Free)
www.duplicati.com
Duplicati is a backup client that securely stores encrypted, incremental, compressed backups. It works similarly to Arq, in that it encrypts data locally and then sends this data to a remote server. It deduplicates data (so you're not sending the same file to the server more than once) and like Arq, only uploads the changed portions of the file to reduce upload time and wasted bandwidth.
Duplicati is an open source software program and can be downloaded for Windows, Mac and Linux which allows it to backup all major operating systems. Like Arq, all the uploads are dealt with within the software so there isn't any requirement to be running other software other than Duplicati. However, it is more limited in where it'll upload data to. The website states that it is designed for Amazon S3, SFTP and WebDAV and Google Drive. This is more limited than Arq in terms of third party services, but is handy if you already have hosting on an SFTP site somewhere (I get 5GB free with my email account). If you want to upload to Dropbox or alternative, you'll have to use a workaround solution like DropDAV (www.dropdav.com). This can be a messy workaround, and isn't always guaranteed to work, though some storage providers (such as Box) provide WebDAV access.
Veracrypt (Free)
veracrypt.codeplex.com
Veracrypt is cross-platform on-the-fly encryption software. It creates a container file on your computer and then mounts it as a virtual drive. Everything within the Veracrypt folder is then encrypted using a specified passphrase. Veracrypt replaces the more well known, Truecrypt, which was discontinued last year.
By putting this Veracrypt file into a folder that is sent to an offsite service, all your files are encrypted. This approach is similar to Boxcyptor in that you'll need to have the services software running on your machine to allow the file to be uploaded.
Veracrypt however, suffers from a flaw in terms of offsite backup -in that the container file is a single file that is uploaded to the server. If you have a large backup, this may take some time to update the backup, even if a small file has changed within the container. Most services are built to upload delta backups only (only the changed data) but not all seem to be. Veracrypt's approach is similar to Boxcryptor, except Boxcryptor encrypts each file individually, whereas Veracrypt backs up the virtual drive within one file.
There was a concern in the last few years that Truecrypt was unsafe, but it seems from recent studies that this isn't the case - though the developers have stopped development, citing that operating systems have good encryption methods built in now. Veracrypt fills the gap of Truecrypt and is very similar in terms of looks and function. It features a number of improvements over Truecrypt in security terms.
Veracrypt is perhaps a bit more involved than other software. You have to start the program up, select 'Create New File' and follow the process through. For encrypting data for cloud storage, you need to create a container file, select the encryption methods (the default is fine) and then select the size. The software asks you for a passphrase and then gets you to select a format for the new drive to have (remember, FAT is readable and writable on Linux and Mac by default but can't have files bigger than 4GB). Once that's done, you can mount the file and write data to the file. The container file has to be as big as the files being stored within it.
Conclusion
Hopefully the above has given you some idea on how to use free online storage solutions for backup of personal data but still maintaining your privacy by encrypting the data yourself before sending it to the service.
This article doesn't cover all the available methods of encrypting and sending data. Each operating system has a number of tools built in that can do the job and there are a large number of third party tools that will also encrypt data for you.
Encrypted Online Services
If you want to use a backup service that encrypts data itself there are a couple of options. Spideroak states that it is a zero knowledge backup solution (in that the password is never sent to Spideroak servers). It was recommended by Edward Snowden as a privacy concerned service.
In addition, Crashplan can encrypt files. In it's default mode, Crashplan stores the account username and password on the Crashplan servers and therefore an employee could theoretically access your data. Crashplan does however offer the option to encrypt all data sent to the servers with a 448-bit encryption key that never leaves your computer. If you lose the key, you lose all access to your data, though!
Other options
If you encrypt the data locally, you could use something like Expandrive (www.expandrive.com) to copy the encrypted data to a number of different online backup services. Linux users have access to EncFS which perfoms in a similar function to Boxcryptor (but is free and open source). Mac users can upload encrypted disk image files, using Disk Utility and Windows can use Bitlocker with Virtual Hard Drive files (though this is limited to Windows Professional, Enterprise or Ultimate editions).
Not Encrypted
Be wary when using third party encryption tools. Recently it emerged that an encryption app for Android was easily compromised and the password was easily guessable, therefore making your encryption easily negated and therefore useless. Most will publish how they encrypt your data and you'll have to consider if this is good enough. Open source tools are considered to be the best for security as many people can review the code and see how safe the software is. However, this is not always fallible as could be seen in the case of the Heartbleed bug, which was a bug within the OpenSSL library affecting encryption between your computer and a web server.