I just discovered a huge issue between the Cryptomator WIN 10 App (vault on local C:) and the SYNC future of PCLOUD. Apparently the files are SYNCED to PCLOUD not encrypted. So, the virtual hard-drive of cryptomator can be read (or better say PCLOUD SYNC functionality) upload the files UN-encrypted to the Pcloud storage account. (FREE PCLOUD account).
This security breach happen because PCLOUD is reading and syncing the file from the Cryptomator folder in C: when the files are obviously visible to me on my desktop.
Is this normal? I don’t think so!
So why I use a SYNC an encrypted Cryptomator folder if then the files are uploaded unencrypted?
Please address this asap. Extreme security issue and data breach.
Thanks
Hi multilabel. I’m also a Pcloud user and have had no such issue.
The important thing is to ensure your two way sync folder is NOT backing up directories with sensitive unencrypted files.
Its perfectly safe to have it backing up your Vault folder. As you save sensitive files to the Cryptomator virtual drive (Not the P: pcloud one, or the Pcloud Sync folder!) cryptomator will encrypt the files, disguise the file names and drop them in the vault folder ready for synchronisation.
Alternatively you can bypass the sync folder entirely. Create your vault directly on the pcloud virtual drive P: and unlock from there.
Personally i disable sync as ive had issues in the past with file versioning and just mount my vaults directly from the pcloud drive.
1 Like
I got you! i love pcloud as well.
I just made the mistake to sync a folder inside the vault instead of the folders generated by Cryptomator.
Sorry guys! 