Privacy & Cloud Storage
@Charcol0x89
What is the cloud?
Advantages
- Restore phone contacts & settings
- Sync calendar between devices
- Share photographs with family
- Accessing a document from multiple locations
- many more...
Risks
Trusting another company with your personal info
- That they won't do anything with it
- That they don't give/sell it to other organisations (incl backdoors)
- That they secure the information from malicious individuals (identity theft, stalkers & abusers, leaking financial info & nude photographs)
Just because a company is large, doesn't make it immune to data breaches
So what can we do?
1. Encrypt files before uploading
- Cryptomator (https://cryptomator.org/)
Client-side AES encryption for files kept in the cloud
- CryFS (https://www.cryfs.org/)
Not only file contents, but sizes, metadata and directory structure are kept confidential
Both are open source and work alongside Dropbox, iCloud etc.
2. Move to an encrypted cloud provider
- Seafile - $10/mo for 100GB, hosted in Germany and the US
- Least Authority S4 - $25/mo for unlimited storage, US
- SpiderOak - $12/mo for 1TB, Closed source, although they say they have no knowledge of your data. Snowden has recommended SpiderOak over Dropbox in an interview.
- Owncloud - Similar to Dropbox but with lots of plugins
- Nextcloud - Recent fork of the owncloud project
3. Set up a hosted cloud server
Advantages:
- More control over what hardware it's on
- You choose the infra provider, location
- Less of a target
- Seafile
- Owncloud
- Pydio
- Tahoe-LAFS - decentralised
4. Set up a cloud storage server on your own hardware (ultimate tin foil hat mode)
Advantages:
- Total control
Disadvantages:
- Total control
- Have to deal with backups, bandwidth, uptime, power usage, maintenance and many other things
Seafile demo
Workshop time!
https://whatnobob.dev.blackhats.net.au/index.php/Seafile_Workshop
Shout out if you need help
Slides:
http://slides.com/charcol/cloudstorage
Privacy & Cloud Storage
By Charelle Collett
Privacy & Cloud Storage
For the Brisbane Internet Safety meetup, 7/7/16
- 898