Remove Crypt.ee from "Cloud Storage"

Crypt.ee is a great product, but I believe that it should not be the top recommendation under Cloud Storage. Now that ProtonDrive clients are out on Android & iOS, we should revisit that section soon.

For a cloud storage provider, Crypt.ee has few limitations compared to other options like Filen, Tresorit, etc.

  1. It doesn’t support all file types.
  2. File size is limited to just 500 MB, which is not the case with other providers.
  3. For photos, they store the EXIF creation time in plain text. This is mentioned in their policy.
  4. On iOS, due to it being a PWA, uploading any photos on iOS removes all EXIF data. A new user of the service might not discover this issue before it’s too late.
  5. They are not audited yet (at least no public disclosure about any kind of audit).
  6. No easy way to export all data. Edit: You can download one folder at a time.
  7. No support to enable 2FA. You have to sign in via a Google account if you need 2FA.
  8. No Sharing or Collaboration. Can’t drag and drop nested folders :|.

Just pointing out. If you are on iOS; Page, Keynote and Numbers is E2EE in iCloud(with new apple’s advance data protection). From my experience, the compatibility between MS Office files is great (even better than LibreOffice). You can access these files via icloud.com if you are not on a iDevice (like Google Docs)

1 Like

Inclined to agree with this post, curious to know what other’s thoughts are.

5 Likes

First of all, I agree with most of what is talked as arguments. Just a note on the 500 MB limit. When a service is E2EE and uses websites, the decryption of the content is done by the browser itself. So, if the file is too big, your browser will collapse before decrypt everything. Although ProtonDrive says that there’s no limit, if you place a big file and download on the browser, it will fail. Techlore experienced that, as he says on the last Surveillance Report. With native apps, maybe you can get around this limitation of browsers.

I am not sure about the technical limitations in Cryptee or Proton web. For reference, Filen allowed me to download large media files (2GB+) from the browser.

I also used to use Filen, but here my 4GB folder can’t be downloaded, it just stops.

Regarding the 2FA, you could argue that they currently support 2FA in a way since the account username and password aren’t enough to get access to your data, you also need the encryption key to decrypt it. Also, I have recently heard from the Cryptee’s creator John that the release of 2FA with security key support is happening soon.

#3 and #6 pointed out by OP are huge red flags for a privacy respecting service, how is PG recommending them?

Also I saw on Matrix that Filen’s inclusion is blocked on a security audit. Why is Cryptee not being held to the same standards? This looks fishy

1 Like

It’s not fair to make any allegations in this particular matter.

Any new entry or suggestion is objectively reviewed by PrivacyGuide , without any biases.
IIRC, Cryptee was recommended on the old site. May be the team didn’t get a opportunity to review the Cloud storage section, including many other existing entries.

Point 6 if true would violate EU regulations on data portability so that’s quite interesting.

1 Like

I’m definitely on board with moving them from cloud storage to productivity tools :+1:

We’ll have to look into those other points a bit further, particularly #6.

2 Likes

Why would PG endorse a tool that stores the time each of our photos were clicked in plaintext?

We don’t need to over-index on the 6th point. I believe 4th point is more critical than 6th.

The goal of this post is to evaluate if Cryptee is good enough to be considered as a Cloud storage provider, considering there are other cloud storage services that are arguably better.

They are not breaking any regulations. I didn’t say that you can’t download your data. Cryptee has decent export functionality if your library is small. But it’s not good enough for a “Cloud storage provider” where users can migrate all of their files.

Due to the lack of native apps and custom doc format, there’s no single-click export. Other cloud storage services can provide this option.

This in fact is one of the very few legacy recommendations that wasn’t tested again. We should certainly do so before we move it to the other page, and mark it as okay.

Cryptpad also doesn’t seem to have 2FA? Is this a limitation of web apps?

That’s true

I am not sure if 2FA is important for productivity tools according to PG.
A criteria page for each category would make it clear to the user why the x tool was selected.
This is something already exists on email services recommendation

You can do it with filen as it downloads as several 1MB chunks and merge them. So, It doesn’t crash.

Hey Jonah,
I understand that evaluating all the points will take time.
But, in the meantime, we should at least add a warning (similar to NextCloud E2EE) about the service not supporting all file types, file limit(500 MB), and storing EXIF time as plain text. IMO, they are a deal breaker for many for using them as cloud storage.

With everyone talking about Filen, why isn’t there an active request to add it as a listed tool?