There was a post on Gigaom on February 2nd that makes the argument that MEGA is unique in its use of client side encryption with private keys where the users actually keep the private key.
But Mega is unique in its approach to handling encryption at rest. Rather than encrypting and storing keys for a client’s data within Mega’s infrastructure, Mega pushes their cryptography back to their users. So Mega users encrypt their own data prior to sending it to Mega’s servers, and store keys locally such that even Mega can’t read their data – or be forced to yield it to authorities.
While the author is correct that MEGA states it does client side encryption and does not store the encryption keys. Readers here would know that MEGA is not the first online storage and backup service to offer this and I find it surprising that the author at Gigaom would not have heard of some of the services that offer a private encryption key for safely storing files in the cloud.
SpiderOak – A private encryption key is the default for SpiderOak. They are one of the leaders on private cloud storage. If any one could learn anything about client side encryption and private keys, MEGA could learn from them. This is also true of SpiderOak powered services like AVG Livekive.
Mozy – Mozy, both home and pro, has always offered the option to encrypt your data with a private encryption key. It is not the default but it is available.
Carbonite – Private encryption keys are only available to Windows users only, but it is available.
CrashPlan – Offers several security options including the option of a private encryption key.
IDrive – Allows you to create a private encryption key when you install. You can’t change it after installation, you would need to create a new account according to the FAQ.
AltDrive – Offers the option to use a private encryption key on all systems.
Backblaze – Some people might argue that I should not include Backblaze here. They do offer a private encryption key option, but when you restore files from Backblaze you need to transfer your private encryption key to their servers. This means that there is a small period when they would have your private encryption key.
Bitcasa – I originally left Bitcasa off this list but it does appear that they are using a private encryption key according to this new post by them.
SpiderOak is the only one that defaults to a private encryption key it is not something new to online storage and backup services. These services offer it as a way to help protect their users data, unlike MEGA, who appears to use private encryption keys to protect themselves and not their users. I find it hard to believe the author for Gigaom could have missed all of these services as they were researching the article.
If you would like to protect your files on Dropbox, SkyDrive or Google Drive you can also take a look at some of these options to encrypt them before uploading to those services.
Or you could even take the time to check out TrueCrypt to create encrypted volumes on Windows, Mac and Linux machines. Most online storage and backup services can still copy a TrueCrypt volume to the service.
It is important to remember if you use a private encryption key with any of these services you need to keep a copy of it. If you lose it you will not be able to restore your files in the event your hard drive dies or some other type of data lose happens. Write it down and store in a safe place that only you know. A safety deposit box, a fire proof safe, on an encrypted file system anywhere that
Did I miss your favorite service that offers a private encryption key? Let me know.
Leave a Reply