ProtonDrive, pCloud and other privacy-friendly centralized clouds

Hi,
I’m trying to get away from Microsoft OneDrive into a privacy and security friendly free cloud, mainly for media storage like old photos and videos.

I’ve heard this year of ProtonDrive, but I can’t find much information on it. The beta should be released this september, and to my understanding it’s going to be a long closed test drive with paid clients from ProtonVPN/Mail.

In the meantime, is there any other recommendable cloud? Especially since PrivacyTools only lists Nextcloud which is self hosted.

I’ve heard of good things about pCloud, but their website and account creation in-app are currently not working, I guess a temporary outage. From reviews, it should provide 10gb of free storage which is nice, and it’s based in Switzerland. However, it appears its datacenters are based in United States, which seems to make the Switzerland ad a facade for baiting users.

Mega is popular but I’m not sure if that’s to be trusted.

What else is out there?

pCloud is not so secure. Without extra end-to-end encryption subscription, it is same as any other. And there were case where their automatic scanning system has recognized some copyrighted material on private users’ cloud and they got their accounts blocked. With e2ee added, it isn’t any good offer anymore.

I would suggest Sync .com, but they don’t have Linux client. That’s the reason I’m using Tresorit, which is bit more expensive. No complaints, they are great. Just not open source.

But Nextcloud also got E2EE in beta status recently, so you don’t need to self host, providers are just fine. I’m going to test it in following period, and if it wokrs well, I’ll switch from Tresorit. Just be sure to find provider who offers E2EE or admin account

In the end, you can use OneDrive (or any other service) with Cryptomator or Boxcryptor.

i would say, use anything but encrypt it first using GPG/AES or any good encryption software but if you still want something good, give next cloud a try (and no there is some already hosted but then we are going to talk about again if you should trust service provider or not so in all of the cases, encrypt it first)

How much are random Nextcloud providers to be trusted? Personally, I have little faith. Potentially worse security than bigger independent companies, as well as possible end of service.

If your concerns are privacy related, you could encrypt them in your machine before uploading them to the cloud. There are some considerations doing this:

Pros:

• No need to rely on company’s policies and statements to know that your data is properly encrypted.

• You can use any cloud storage provider.

Cons:

• It’s a manual process that you have to do yourself and can take some time if you have large files.

• Likewise, downloaded data is encrypted and you’d have to decrypt it which makes it inconvenient if you need quick access to it or share it with someone (especially on mobile devices).

That said, I personally find pCloud + Cryptomator a fantastic combination to work on Windows. It’s super fast and easy and virtually removes all the cons of storing encrypted data on the cloud. I don’t think there’s a Linux client but there is a command line utility you can use, if you’re comfortable using the terminal.

Personally I encrypt all my data before uploading it and I use several services like pCloud and also Disroot. Mega is extremely unreliable, not only in the reputation but the technical part as well: upload/download speeds are TERRIBLE, constantly being interrupted and failing, etc.

There is (or at least was) pCloud client for linux. But If’m going to use Cryptomator, I would stay with OneDrive, and have Office and Skype credit as well for the same price.

Regarding (small) Nextcloud providers, they can be as secure as the large ones, if they are following industry’s standards and best practices. They are also smaller targets. Plus, all the large ones had data breaches in the past (Dropbox, Amazon, Microsoft…)

I was using Seafile few years ago, and (small) provider had some data breach, but told us no data was compromised. And they couldn’t restore encrypted libraries. But I know after that, they were more cautious about security. Similar like with Riot (Element) last year.

There are several providers who have been on market for years, and you could say they are reliable. And again, if you use E2EE for important files, no need to worry (that much) about provider’s security policies. Also, OwnCloud has its own hosting service, so it might be another option