Is it recommended to use cryptomator in addition to a E2EE cloud service?
In my current case, the cloud service I am testing is Filen.io. They have open source clients.
My feeling is I would be adding very little additional security but increasing the complexity of my setup.
Over engineering my cloud sync might bring human mistakes from my side and loose data.
In another words, should we trust more the encryption and implementation of cryptomator than Filen.io client ones?
Defence in depth shouldn’t be something overlooked. If there is a flaw in one application the likelihood of it appearing in another is lessened. It can be another potential layer of protection. Such complexity depends on your threat model, of course.
Reading their whitepaper would lead me to believe the benefits outweighs the potential negatives. Their free 10GB accounts are a compelling reason to test before considering a subscription. I also appreciate they publish a warrant canary.
Where is Skymatic UG’s warrant canary for Cryptomator? Here is VeraCrypt’s.