Edit: I was facing many issues, Finder freezing all the time, suddenly not able anymore to access the vault - a reboot solved it - so those problems led me to creating this post. The discussion in here is mostly about troubleshooting the issues to get back a reliable functional system.
How high are the chances that I will loose everything inside Cryptomator because of some mounting / unmounting / encryption error?
I got into a scary moment recently. Cryptomator could not lock the vault, it all crashed, later on I was not able to access it anymore at all. Reboot of MacBook solved it.
Below you can see the error that I got again and again when trying to unlock the drive located in Dropbox.
While a reboot fixed it, it got me thinking. Can some simple issue in Cryptomator lead to something that messes with the encryption and structure so I won’t be able anymore to access the files at all (loosing it all)?
In the end, I try to understand if I rather want to keep some files and folders outside of Cryptomator to avoid loosing them.
Error Code 09TB:8LNC:8MQR
org.cryptomator.integrations.mount.MountFailedException: org.cryptomator.jfuse.api.FuseMountFailedException: fuse_loop() returned prematurely with non-zero exit code -1
at org.cryptomator.frontend.fuse@5.1.0/org.cryptomator.frontend.fuse.mount.FuseTMountProvider$FuseTMountBuilder.mount(FuseTMountProvider.java:133)
at org.cryptomator.desktop@1.18.0/org.cryptomator.common.mount.Mounter.mount(Mounter.java:172)
at org.cryptomator.desktop@1.18.0/org.cryptomator.common.vaults.Vault.unlock(Vault.java:179)
at org.cryptomator.desktop@1.18.0/org.cryptomator.ui.keyloading.KeyLoadingStrategy.use(KeyLoadingStrategy.java:109)
at org.cryptomator.desktop@1.18.0/org.cryptomator.ui.unlock.UnlockWorkflow.call(UnlockWorkflow.java:82)
at org.cryptomator.desktop@1.18.0/org.cryptomator.ui.unlock.UnlockWorkflow.call(UnlockWorkflow.java:37)
at javafx.graphics@25/javafx.concurrent.Task$TaskCallable.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at java.base/java.util.concurrent.CompletableFuture$UniAccept.tryFire(Unknown Source)
at java.base/java.util.concurrent.CompletableFuture$Completion.run(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.cryptomator.jfuse.api.FuseMountFailedException: fuse_loop() returned prematurely with non-zero exit code -1
at org.cryptomator.jfuse.api@0.7.3/org.cryptomator.jfuse.api.Fuse.mount(Fuse.java:130)
at org.cryptomator.frontend.fuse@5.1.0/org.cryptomator.frontend.fuse.mount.FuseTMountProvider$FuseTMountBuilder.mount(FuseTMountProvider.java:130)
... 12 more
```
Then it means I need to have an unencrypted backup, I assume. For instance, I am doing a backup of the entire Dropbox to my Synology NAS, but that does not mean that I’ll be able to access it if things become really difficult. If I want to keep an unencrypted backup, then I would need to do it manually and store it somewhere on-site instead of in the cloud → things become more complicated.
My data is encrypted stored in the cloud but my local backup is unencrypted on an external SSD.
My other backup is my encrypted Vault synchronized to another cloud service.
I’ve been in IT for too many decades to not do complete backups.
If you would rather not have an unencrypted location of data for personal reasons then a backup of the encrypted vault is better than no backup at all and if for example you lose access to the Vault because one of the key vault files is corrupted you’ll still be able to access your backup encrypted vault and replace the data you can’t access.
If you have a primary encrypted Vault and a backup encrypted Vault you should be okay.
From my needs I’m primarily concerned about not exposing my files to the cloud provider rather than keeping all of my files secretive locally.
It’s all based on personal preference and requirements.
Probably, it’s best that I start taking at least one unencrypted backup now, so I have a first updated local copy. But it’ll be outdated soon.
I thought about this as well, but now as the system “crashed” so many times in the last days just because I was actively working in Finder within the vault I am more carful. It happened only one time yet that I could not access myself anymore (and a simple reboot fixed it).
But I definitely feel less comfortable now, even when the encrypted version exists twice. Backup to the NAS runs two times per week, but sometimes the NAS is off as it’s simply crazy loud, so it sometimes skips backups. If I want to keep an unencrypted version as a backup it’s probably a manual job.
Same. I want it primarily in the cloud. At home it could be unencrypted, no issues with that. The backup disk of my NAS is placed next to the NAS, hence I kind of trust the cloud provider more in that regard, because if the place burns down, both are down (not perfect I know)
Thanks, I know that such tools exist, but I think this would not work to take a backup from the vault to an unencrypted storage.
e.g. automatically sync only changed files from encrypted vault into external SSD where the data is not encrypted
It’s good to know that it works for you, because as of now I would not touch and manually sync any of the files in the /d folder in Dropbox. I also have my experiences with syncs messing up things so I am a bit hesitant in that regard.
I’ll take a step back to think about it again - until now everything was fine. I just fear losing data because of my latest experience. Today was horrible in that regard because Cryptomator killed Finder pretty much all the time today. I cannot do much inside the vault (moving stuff around), only uploading works as it seems.
I tried it successfully - meanwhile I also opened a support ticket. Because every single thing I do is killing my machine. And I try not to force quit and force lock Cryptomator, so on average I have to wait around 1 hour until I can access Finder again and start with the next attempt.
I remember back then there was some limit: 1 vault per cloud storage provider or 1 cloud storage provider. Seems that is gone, or maybe because I paid once for Android.
I only did a very quick test, creating a new vault, adding maybe 20 PDF and CSV files, created new folders, moved files around, created more folders. Working so far. It was maybe a two minute test only, but all the last hours one single minute was enough to crash it all.
Not sure what it tells me, it’s too soon to tell. I also can’t say if the size of the vault impacts this all. I chose again Dropbox for the new vault and not Google Drive, so at least that is similar.
Who knows what the additional Cloud Sync between Dropbox and Synology NAS is doing or did in the past to my old vault. Many question marks. Maybe I should consider transferring everything into the new vault and see if that solves the issue for good. Then I could also think of a reliable backup strategy, once the basics are working again
Is it possible that whenever you have your Synology scheduled to do a backup you are on a computer with an open vault somewhere? You would then be backing up an open vault rather than a closed vault which is safer. If you are PC has a file open when Synology launches its backup that could be the cause of your problem.
About the open vault during sync. Thanks for yet another hint. It’s not impossible. Usually my Synology is only on twice per week in the middle of the night. However, in the last months it was mostly off (it’s just so loud I can hear it in the next room), so there was no sync in a long time. Last Dropbox<>NAS Sync was in October.
However, few thoughts come into mind:
maybe it happened in the past that Dropbox/Synology was syncing and I was awake and vault was open, and maybe even doing something in the vault
maybe Synology sync is no issue at all, but Dropbox sync is (but then the entire tool is built for that so I would expect it to work)
there is a possibility that I not manually locked the vault all the time, e.g. MacBook just goes to sleep and vault is still unlocked
It’s very unlikely that I kept a file open that I opened from the vault
I switched from MacBook Air M2 to M4 in November (both Apple chip) and I still own both and occasionally still use the M2, I cannot guarantee whether I perhaps accessed Cryptomator from both devices, I don’t think I ever unlocked the vault on both devices simultaneously
In the M2 I see MacFUSE in the settings, in the M4 I do not see that, so I’ll read about that again as it’s long time since I was dealing with this
It turns out it’s quite a complicated scenario over all
Thanks for the discussion so far, I am now only very carefully using it as I can’t afford those long waiting times, but I have a lot of points now to target it to eventually get it stable again, with that trust should also increase again
You can also check to see if there is some problem related to how things are set up in your user account. Sometimes it can be beneficial to create a new user account login is that user set everything up and see what happens.
It seems on the M2 MacBook I have FUSE installed, on the new M4 MacBook I don’t. So the conclusion would be it’s using Webdav there. I checked other threads, and what I read is that all options MacFUSE, FUSE-T, WebDav can be problematic.
Yesterday approx. 8 hours long I was facing issues. When I was facing an issue, it often took me around 1 hour to get it to work again. Then later in the evening, suddenly it seemed to work more reliable again - I moved around quite a few files and moved them into new folders.
I have no idea what the difference could be compared to all the hours before that. It’s the very same vault. So I’ll need to observe that. I also found that there is a vault “Health Check” but that showed everything working just fine.
MacBook Air with M/Apple chips usually stay cold. Yesterday, I kept the vault open for a long time and the MacBook heated up a lot. Processes jumping up/down a lot when checking the Activity Monitor (Task Manager), but it tells me that there could be something fundamentally wrong.
Maybe it works all as designed, or maybe encryption costs more resources as I initially was aware of + adding some known difficulties with MacFUSE, FUSE-T, and WebDAV.
If someone else is following, the initial post is about another topic, but all the issues I am facing led me to that question of how reliable this setup is and therefore about the possibility of losing all data
I don’t have a Mac platform so there’s no way for me to experiment and learn.
My understanding is that if you want to mount the vault as a drive you must manually install fuse on the Mac.
Cryptomator on Windows does not require a separate fuse installation.
On Linux fuse is typically installed by default in the operating system if it’s not you can load it.
It seems at the Mac is the only environment where you must manually install fuse.
If you have it on one box and that box is working you obviously need to put it on the other one.
From chat gpt so there could be errors here but it seems right.
In macOS you do need to install FUSE separately for Cryptomator to work as a mounted drive.
macOS specifics (important)
Cryptomator on macOS relies on macFUSE (formerly called osxfuse).
Apple does not provide a native user-space filesystem layer like Windows does, so this part cannot be bundled invisibly.
macOS: macFUSE is required and must be installed separately.
My research tells me this is where you get it. I can’t test myself because I don’t have a Mac.
I am actually not sure about this. From my understanding it’s how it is mounted and I can imagine that it can be different per device as long as the vault is not opened simultaneously from several devices. E.g. I am very rarely accessing it also from Android and there I would not need FUSE at all. So I think it can be differently per client.
I think it’s not that different to accessing a USB stick. When a Cryptomator vault is mounted on macOS, it is not using APFS, HFS+, FAT, or NTFS. It is exposed to macOS as a virtual filesystem, implemented via FUSE or WebDAV, depending on your setup.
I always thought this to be true but I think maybe not anymore. I did a manual clean install on the new MacBook M4 two months ago (no migration/transfer from M2). It seems I never installed FUSE-T or macFUSE but it does work - so it probably automatically uses Webdav. It seems there are several pros and cons depending on the “mounting file system”-technology
I am seeing “fuse-t” in Finder now. I literally searched for ways to identify whether fuse is installed in any way and those checks were all negative.
So without my own prior knowledge, obviously I did install “fuse-t” but compared to macFUSE it’s not shown anywhere in the macOS settings
All I wanted to do is sort some files, so that all got a bit out of control
macFUSE is required and must be installed separately.