I’ve done a bit of research about cryptomator and I like it. However I question it’s usefulness for my particular case.
I rely on VeraCrypt as my first line of defense with encryption. Even if I use cryptomator, I will first encrypt using VC. That may seem redundant to some but that’s just how I want to do it.
I will probably use either Dropbox or Google as my cloud provider. I’m thinking Google because it has stronger security, and privacy issues are not a problem considering I won’t be uploading anything that isn’t double-encrypted with VC and Cryptomator.
Assuming I encrypt files with VC first, and use Cryptomator to encrypt again and upload to Google…I’m thinking Cryptomator might be unnecessary. I could just upload directly to Google after encrypting with VC. What purpose does Cryptomator serve here? VC is unarguably better for local encryption than Cryptomator, but Cryptomator has cloud integration - or in other words, it automates the backup process and handles syncing - which is not what I need. I want to automate backups and syncing between devices isn’t a useful feature for me.
It absolutely is.
You don’t gain any more security when encrypting your files twice. If you are using a strong password, one encryption is sufficient.
Also, Cryptomator is file based. Veracrypt is container based. The main benefit of Cryptomator is, that you do not have to upload the complete vault when you just changed one file in it. By encrypting your files with veracrypt, this benefit is gone.
That’s not right. Cryptomator desktop does not connect to any cloud storage and does not sync.
This is done by the cloud provider sync app.
Cryptomator creates a local vault that can be synced with your online storage.
There’s a few issues I have with this.
Cryptomator leaks metadata, while VeraCrypt does not.
VeraCrypt has protections such as plausible deniability.
I trust VeraCrypt more than Cryptomator.
I can understand the benefit of file-based backup, however my only concern here is that I’d be putting my trust in the hands of Cryptomator, which is an online encryption service, while VeraCrypt is offline and that’s why I trust it more. And as I said earlier, it leaks metadata, leading to less plausible deniability. Anyone with access to the cloud provider’s files (and since I’d be using either Google or Dropbox, I’d assume it’s completely out in the open) would have access to metadata and know what files have been changed and how often they’re changed, thus knowing which files are probably more important than others. The decision I have to make here is, whether or not that’s important to me. And it’s not so obvious to me.
Also, there are advantages to using multiple encryption services. Metadata aside, VeraCrypt uses XTS which has its flaws.
After some thinking (I need to stop editing posts so frequently), I think I will do both. I’ll upload some of the larger and less sensitive data directly to Cryptomator’s vault, for the more sensitive files I will encrypt with VC first. That sounds reasonable to me. Thanks, me.
Just to avoid misunderstandings.
No it’s not. Cryptomators encryption is done local and thus offline. It’s purpose is to use it with cloud storages, but of course you can use it offline as well
2 Likes