How safe is encryption actually?

JustAnotherSaver

So on the back of what happened with my drive & the fact that the external HDD I bought & received today refuses to be seen in Computer, I've been looking at breaking my rule & using cloud storage temporarily until I get a NAS sorted.

I've read Google Drive in terms of pricing is quite decent. I'd blitz the free allowance that's for sure, so I looked at what I could & couldn't upload, if there even is a banned category.

One of the things I wanted to look at was can I upload encrypted files. Theory being, I could use VeraCrypt, create a file, bang a load of files in it & job done - loads uploaded in one, and encrypted too.

Everyone (online) had previously told me how encryption is super safe & the only way anyone can know what's in there is with your password.

So why then do I find this: https://www.quora.com/Should-I-encrypt-files-before-uploading-them-on-Google-drive

Basically saying it's a waste of time & they can see what's in there.

Andy_L

JustAnotherSaver said:

So on the back of what happened with my drive & the fact that the external HDD I bought & received today refuses to be seen in Computer, I've been looking at breaking my rule & using cloud storage temporarily until I get a NAS sorted.

I've read Google Drive in terms of pricing is quite decent. I'd blitz the free allowance that's for sure, so I looked at what I could & couldn't upload, if there even is a banned category.

One of the things I wanted to look at was can I upload encrypted files. Theory being, I could use VeraCrypt, create a file, bang a load of files in it & job done - loads uploaded in one, and encrypted too.

Everyone (online) had previously told me how encryption is super safe & the only way anyone can know what's in there is with your password.

So why then do I find this: https://www.quora.com/Should-I-encrypt-files-before-uploading-them-on-Google-drive

Basically saying it's a waste of time & they can see what's in there.

Why are you placing more weight on one bloke on Quora 5 years ago rather than than "Everyone (online)".

Reducto ad absurdum - GCHQ, NSA etc could upload all their intercepted, encrypted Russian/Chinese communications & have Google decrypt them. Does that seem likely?

JustAnotherSaver

Andy_L said:

Why are you

Since you're wanting to know what I'm doing & seem confused then let me clarify again...

What I am doing is looking in to storing things online until I get my NAS setup sorted out.

While looking in to what types of files can & can't be uploaded (file types such as .exe for example as well as actual content as in what the files actually ARE, not just their types - and that will instantly get the fingers pointing thinking of the wrong files I am sure) I thought i better look in to encryption - see whether it's ok to or not ok to.

Which is when I came across that link.

As I'm not registered with that site & can't be bothered to do so and I am registered here, I thought I would at least ask the question.

Nothing more, nothing less.

Aside from not even noticing how long ago it was posted, how relevant is it you bringing up that it was 5 years ago? Are you saying that 5 years ago Google would be able to see precisely what I uploaded in an encrypted file but today they wont?

Or is the 5 year thing irrelevant?

Peter999_2

If I were you I'd sign up to Boxcrypter.    It gives you a drive letter in Windows to copy/save stuff to and automatically encrypts everything.      It's free for use with two computers.   Should do you until you get a NAS again.

https://www.boxcryptor.com/en/

gefnew

You need to take some time out and have a look at the situation you have created through shear panic,
then use a proper approach to it.

Andy_L

JustAnotherSaver said:

Andy_L said:

Why are you

Since you're wanting to know what I'm doing & seem confused then let me clarify again...

What I am doing is looking in to storing things online until I get my NAS setup sorted out.

While looking in to what types of files can & can't be uploaded (file types such as .exe for example as well as actual content as in what the files actually ARE, not just their types - and that will instantly get the fingers pointing thinking of the wrong files I am sure) I thought i better look in to encryption - see whether it's ok to or not ok to.

Which is when I came across that link.

As I'm not registered with that site & can't be bothered to do so and I am registered here, I thought I would at least ask the question.

Nothing more, nothing less.

Aside from not even noticing how long ago it was posted, how relevant is it you bringing up that it was 5 years ago? Are you saying that 5 years ago Google would be able to see precisely what I uploaded in an encrypted file but today they wont?

Or is the 5 year thing irrelevant?

Based on "So why then do I find this:" I was assuming you were concerned that Google could read them despite being encrypted, not that you didn't know if you could upload encrypted files

5 years is relevant in that it's one of a number of data points that suggest it's not a highly reliable source of info, in that:

1. It's old

2. Some random dude said it on Quora

3. Only 3 posts were made on the thread, and the other 2 say it's fine

4. he's making a claim that seems outlandish

5. "everyone" else disagrees.

Now it's possible that this dude is the lone sensible voice in the wilderness or it's possible that he's a tin-foil hat conspira-loon and you can safely ignore him

[Deleted User]

As per above comments, Google can't see your data if it is properly encrypted.

I think I've mentioned before about the difference between trying to make a solution fit your needs instead of posing your requirements and then asking for a solution.

Cloud backup should really be your secondary and not your primary backup. Local should be primary - fast and easy to access.

Google drive as a solution is ideal for file sharing and accessing your files on the go outside the house etc and it does the job - but it isn't great for high volume backups. Google drive is too expensive for backup / archive storage - especially when you are getting in the TB's of data. Chances are with a good local backup as the primary, you will never ever need to access the cloud backup data, so finding the cheapest storage is key.

VeraCrypt isn't ideal either, you need to put your files into containers that are encrypted. One tiny bit of corruption and the whole container is useless rather than just losing one file. You also need to do the encryption locally so you need as much space as a local backup would take before transferring it to the cloud - so just do a local backup. You can't retrieve just one file from the container either, you will need to download the whole backup. You can't just add another file to the contained either. You can't verify your Veracrypt backup in the cloud so you have no idea if it is good. Don't use VeraCrypt on your original files unless you have a local backup.

I also want to mention that whilst encrypting your backup is a good idea, just as much as encrypting your local data - there is a risk - losing those encryption keys. Chances are it will be many years down the line that you need to rely on that backup - so where did you put the encryption keys? Stored them on your hard drive that has just failed? Scrap of paper in the kitchen draw? Kept them in the cloud with another provided and trusted them instead? On a USB stick that fails when you need it? Or did you do away with that risk and just use a memorable password instead that can be brute force attacked?

Also you have mentioned how impatient you are - do you realise it will take over 10 days per 1 TB of data to upload your backup to the cloud? (assuming 10mbps upload speed on a FTTC / VDSL and nobody else using it) I'm sure you've mentioned having 6TB of data so you are looking at 2 months to upload. Any interruption during an upload of a big encrypted container and you might be starting again or end up with corrupt data.

Meanwhile your upload connection is saturated and your browsing experience for the whole household will be poor (yes a saturated upload link interferes with download speeds)

And when you need to restore your full backup in an emergency that will take days to weeks retrieve 6TB depending on internet speed - so local backup is always preferable as the primary.

From recent posts you are saying you are after a backup solution so I'd approach this problem totally differently and keep it really simple - your requirement is an emergency measure to protect your data, not storing state secrets with military grade encryption - so just bite the bullet and buy local storage today and backup tomorrow.

Anyway for cloud backup I use Amazon S3 Glacier, cheapest storage you will find in the cloud 0.3p per GB - it will cost me about 7p per GB to retrieve the data but that will be an unlikely event as I have 3 local copies of my data.

As for encryption, yes I use it throughout but there has to be an element of trust vs convenience and my encryption keys and passwords are backed up with different cloud providers so I won't ever find myself totally locked out of my data. My PC bitlockered and passwordless Microsoft account (biometric or 2fa only), NAS is encrypted with a password and 2FA - keys & password backed up to Google (2FA), Amazon Glacier is 2FA and backup is encrypted client + server side, keys & password also backed up to Google.

Why backup my passwords? Because I don't even know them, they look something like:

Le:5/P.Z^Yz)2qvU~{4S:C-T)<>]p#

Ergates

JustAnotherSaver said:

So why then do I find this: https://www.quora.com/Should-I-encrypt-files-before-uploading-them-on-Google-drive

Basically saying it's a waste of time & they can see what's in there.

Because it's the internet and you can find anyone saying literally anything - for instance: flat earthers.

Encryption is safe, google can't read it.  It's generally overkill for most storage though - the sad reality of life is that nobody cares about you or your data.  A burglar might steal a laptop or desktop (so enable encryption on those) because they can sell it.  They're not going to rummage through draws looking for an external hard drive as it has little to no resale value.

As a general rule, if I find one person expressing an opinion on a subject that seems at odds with the prevailing opinion, I check what else they've been saying to see if a) they seem knowledgeable about the subject manner and/or b) they sound like a loon.

GDB2222

I use gmail, so Google knows plenty about me. I don’t think that anyone at Google is drooling over the photos of my grandchild that my phone automatically uploads to the cloud.  

If I could be bothered to rip DVDs, I certainly wouldn’t be bothered about encryption of the backups. 

There’s privacy, and there’s paranoia, but I don’t have anything illegal on my PC, or even illegal thoughts.

Exodi

GDB2222 said:

I use gmail, so Google knows plenty about me. I don’t think that anyone at Google is drooling over the photos of my grandchild that my phone automatically uploads to the cloud.  

If I could be bothered to rip DVDs, I certainly wouldn’t be bothered about encryption of the backups. 

There’s privacy, and there’s paranoia, but I don’t have anything illegal on my PC, or even illegal thoughts.

Hahaha we have very exactly the same view on this. It is always suprising to me that people think their data is so valuable.

Unless the OP has bomb schematics or his logins and passwords saved in a text file called 'bank details', I don't think hackers will care too much about downloading his entire windows directory, his copy of Assassins Creed and save files, or pictures of his dog.

I have smart devices throughout my house. People say 'aren't you worried Google might spy on your indoor cameras' or 'aren't you worried Google will listen to your smart device recordings' - if a staff member at Google wants to hear me talk about what I'm cooking for dinner that night, they're welcome to.

JustAnotherSaver

Ok I started reading your post & thought I'll actually respond to it so stopped reading. I'll reply on the go...

Deleted_User said:

Cloud backup should really be your secondary and not your primary backup. Local should be primary - fast and easy to access.

Google drive as a solution is ideal for file sharing and accessing your files on the go outside the house etc and it does the job - but it isn't great for high volume backups. Google drive is too expensive for backup / archive storage - especially when you are getting in the TB's of data. Chances are with a good local backup as the primary, you will never ever need to access the cloud backup data, so finding the cheapest storage is key.

It would be. I also didn't mean I'd be uploading EVERYTHING to Google Drive.

Take my movie collection for example (since it's the largest thing in terms of file size). I wouldn't bother uploading this to the cloud. If it goes then it's annoying. Some will cost me time to re-do, others will cost me money to re-do (as said in another post, I'm not getting in to that on an open forum - too many holier-than-thous here), but if it all went then it's just annoying.

It's other things, smaller files, I would be backing up to the cloud.

I haven't even copied my movie collection. It takes up too much space so (for now) I only have 1 copy of it. Risky business but as I said, if the worst comes to the worst, it's just annoying.

I've now made copies of my music collection. To some of you that'll be put in the same category as the movies, but we're all different & when I say a lot of it can't be re-got, if someone chooses not to believe that then that's fine.

VeraCrypt isn't ideal either, you need to put your files into containers that are encrypted.

Ok this one is beyond me for now. What do you mean by that?

One tiny bit of corruption and the whole container is useless rather than just losing one file.

I understand that bit so I assume "put files into containers" means something else?

Are you saying (for example...) you have 10 files. Instead of creating an encrypted file & lumping all 10 in the 1 file, you would create 10 encrypted files for the 10 files you want to encrypt?

You also need to do the encryption locally so you need as much space as a local backup would take before transferring it to the cloud - so just do a local backup. You can't retrieve just one file from the container either, you will need to download the whole backup. You can't just add another file to the contained either. You can't verify your Veracrypt backup in the cloud so you have no idea if it is good. Don't use VeraCrypt on your original files unless you have a local backup.

By locally you mean on the PC, right?

I do all the encrypting on the PC. I wasn't aware you could encrypt using VeraCrypt online tbh. I haven't actually long been using the program.

I also want to mention that whilst encrypting your backup is a good idea, just as much as encrypting your local data - there is a risk - losing those encryption keys.

The knowledgable chap I referred to in my last post on the drive thread said this exact same thing.

I tried to understand him but struggled. We're talking passwords right?

Yet we can't be because I imagine if someone meant a password they'd say a password, so what are these "keys"?

As the only thing I've needed to access my encrypted file has been a password then I'm not sure how this password can be lost?

Ok fair enough if you have 1000 encrypted files to access with 1000 passwords. Then you could be in bother.

But literally the only way I could forget the password to this is if I took a bump to the head & had severe memory loss. I have 4 variations of this 1 password. If I don't get it with the first attempt then it will be got in 1 of the other 3, no question.

Chances are it will be many years down the line that you need to rely on that backup - so where did you put the encryption keys? Stored them on your hard drive that has just failed? Scrap of paper in the kitchen draw? Kept them in the cloud with another provided and trusted them instead? On a USB stick that fails when you need it? Or did you do away with that risk and just use a memorable password instead that can be brute force attacked?

Hmm that's what I get for replying on the go.

Well I guess it could be but then that brings up my old thread of asking about hiding a drive from Joe Bloggs.

I knew the drive could still be accessed. I also knew that's what the replies that came in would say ... completely ignoring the fact I was asking about your average user - turn PC on, browse youtube, turn PC off.

Similarly here, the chances of some master criminal wanting access to the encrypted content is slim. I have no proof of that, it's just my opinion.

So I would say, my password which isn't even a word, but I can remember 4 variations of it, is safe enough.

Also you have mentioned how impatient you are - do you realise it will take over 10 days per 1 TB of data to upload your backup to the cloud? (assuming 10mbps upload speed on a FTTC / VDSL and nobody else using it) I'm sure you've mentioned having 6TB of data so you are looking at 2 months to upload. Any interruption during an upload of a big encrypted container and you might be starting again or end up with corrupt data.

Nope, wasn't aware of that, thank you.

That might've just sealed the deal.

Meanwhile your upload connection is saturated and your browsing experience for the whole household will be poor (yes a saturated upload link interferes with download speeds)

And when you need to restore your full backup in an emergency that will take days to weeks retrieve 6TB depending on internet speed - so local backup is always preferable as the primary.

From recent posts you are saying you are after a backup solution so I'd approach this problem totally differently and keep it really simple - your requirement is an emergency measure to protect your data, not storing state secrets with military grade encryption - so just bite the bullet and buy local storage today and backup tomorrow.

Anyway for cloud backup I use Amazon S3 Glacier, cheapest storage you will find in the cloud 0.3p per GB - it will cost me about 7p per GB to retrieve the data but that will be an unlikely event as I have 3 local copies of my data.

Interesting. You've been a massive help throughout & as said in the drive thread, you clearly know what you are talking about.

You also seem to be very similar to the other chap I referred to who's helped me elsewhere. I was discussing backups with him & wasn't even aware of the difference between a backup and an archive, which he explained to me.

He also uses Amazon S3 Glacier like yourself.

As for encryption, yes I use it throughout but there has to be an element of trust vs convenience and my encryption keys and passwords are backed up with different cloud providers so I won't ever find myself totally locked out of my data. My PC bitlockered and passwordless Microsoft account (biometric or 2fa only), NAS is encrypted with a password and 2FA - keys & password backed up to Google (2FA), Amazon Glacier is 2FA and backup is encrypted client + server side, keys & password also backed up to Google.

Why backup my passwords? Because I don't even know them, they look something like:

Le:5/P.Z^Yz)2qvU~{4S:C-T)<>]p#