Tresorit has been brought up in multiple previous discussions, but has never actually been looked at. We should probably consider it, because our current cloud storage providers are very lacking: Nextcloud is mostly only good as a self-hosted solution, and neither Proton Drive nor Cryptee have desktop sync clients.
Probably worth noting itās closed source and owned by the Swiss government.
Itās late so Iāll look at this again later, but at a quick read through their encryption methods appear sound.
This is not necessarily a blocker, but after a brief looking at their pricing, it seems that they only allow you to upload files up to 10GB per file on the Personal plan.
It doesnāt seem to be a technical limitation, because the Professional plan bumps that limit up to 15GB per file.
It feels weird that they would do that unless thereās a specific reason Iām missing. Thereās already a limit on overall storage you can use (as there should be), so an individual file limit is a bit jarring.
I use it and Iām pretty happy about it.
Upload and download speed are very fast.
The only bad point for me is 2FA.
No 2UF/FIDO2 support for the moment, but itās planned (no public ETA)
However, it is mandatory to have two methods, in my case, email and OTP. No recovery code. I think itās a little pity.
Small precision: Itās legally based in Switzerland, but itās Hungarian.
Servers for individuals are in Ireland, not Switzerland. (I donāt care personally, but itās better to know)
This is a good discussion to have.
Tresorit seems to be the most mature end-to-end encrypted cloud storage provider available. In terms of quality on both a personal and business/enterprise level, it is on par with and a serious alternative to Google Drive, Dropbox and OneDrive who do not offer E2EE, as a secure and private file storage and collaboration platform. They offer clients for all platforms and also have email addons/plugins.
They have strong regulatory compliance when it comes to GDPR, CCPA, HIPAA etc. Security seems very good and certified after having undergone an independent third-party audit.
They also offer Tresorit Send as an E2EE file sharing service, which is available as a browser extension as well.
As for its closed source model, needless to say, itās not an accurate indicator of privacy and security. A great example of this is MEGA which claims to be E2EE and has fully open source clients, yet its encryption was found out to be so weak, broken and full of holes that user data could be easily accessed and it might as well have been stored unencrypted. For those with high risk threat models that are unwilling to trust the provider, using additional client-side encryption tools is always a recommended option before uploading.
Usually we have no reason to recommend a closed source product when a much better, more secure and more practical open source alternative exists, but the cloud storage options are lacking, and while Proton Drive is great and has extremely promising potential to be the best-in-class, it still needs years to fully mature, so this seems worth examining and considering.
They might operate out of Hungary, but the company is owned by the Swiss post office, is the point I was making.
Should be noted though Tresorit has had numerous third party audits unlike MEGA iirc.
One of the specific points here was:
Perform review with specific attention to Tresoritās claim regarding end-to-end encryption and identify security deficiencies, vulnerabilities, architectural deficiencies or any other deficiency that may potentially undermine this claim.
The latter one covered:
I have been using Tresorit for the past two years and have found the software, ease of use, reliability, and customer service to all be stellar. As far as I know itās the best middle ground between privacy and functionality out there.
When I signed up I got in touch with them about this. Upon request they increased my accountās file size limit to 20GB but said they werenāt able to go further than that due to technical limitations of the encryption method they use.
This was a couple of years ago now so things may have changed since then, but itās worth reaching out to their customer service to see if they can provide more details.
In the meantime I had to set up BackBlaze (with my own encryption key) for the extremely large >20GB media files on my NAS.
If you ever get in touch with them about adding them to the recommendations: I think itās important to ask them when they plan to change the second factor.
Even if on the rest, Tresorit is a reliable solution (in my opinion, the most interesting), it would be the only recommendation that forces to use (as a backup method) sms or email.
Carrying a security key support can take time. Just removing this requirement is quick.
They are more business oriented, but they follow you on twitter, maybe they would be interested and open to recommandations, at least for individual subscriptions.
the closed source nature is a miss imo. swiss gov is irrelevant. one of tresoritās staff did provide a reason for this via reddit (3 years ago) but ultimately the question is do we take their word that itās safe despite being closed source?
IMO the audits are probably a better indication of security than it being open/closed source.
Agreed. And until thereās an open source option that matches Tresoritās reliability, stability, and feature set (maybe Proton Drive in a few years?) ā¦ itās a valuable option.
Iām actually kind of hoping Skiff drive will get there some point, but as its neither open source nor are there any public audits we canāt add it right yet. They do seem to be things that the authors are interested in though.
Filen doesnāt have any audits yet either mentioned on their site.
2 posts were merged into an existing topic: Peergos - Private storage, sharing, social media and application platform
Status: In Progress ā Done