Cloud Services

DO NOT USE:

Google Drive
Onedrive
Dropbox
iCloud

USE:

Nextcloud
MEGA (see warning.)
SpiderOak (see warning.)

Why shouldn't I use iCloud?

Although Apple may seem like a privacy friendly company, they aren't. iCloud stores your decryption keys on the server and Apple are PRISM partners. This means Apple or the NSA can easily decrypt your data. Enabling iCloud on iOS also opens you up to lots of tracking by Apple.

iCloud logo

Can't I just encrypt my data manually first?

This does work but not in the long term. The cloud you're uploading the files to can harvest your metadata. All the clouds I recommended you do not use are owned by PRISM partners or possible PRISM partners. Google, Microsoft and Apple are partners and Dropbox may be one. This means they could be sending all your files to the NSA and when they have working quantum computers they will be able to decrypt all of your data.

MEGA Warning

MEGA is now under control of the New Zealand government who are part of the 5 eyes. This should not be much of a problem as MEGA encrypts data locally and their clients are open source. There has not yet been an audit of MEGA as far as I am aware of so this encryption could be weak. You should encrypt your files manually before uploading them but do not upload important files as they can still be decrypted in the future.

Mega logo

SpiderOak Warning

SpiderOak took down their warrant canary a few months ago. They did put it back up but this is still suspicious. They also defended taking down the warrant canary and replaced it with a transparency report. As of now the warrant canary has not yet been updated but it is not time for it to be updated so this isn't a concern. You should still be wary of SpiderOak.

Spideroak logo