I am using EncFs over syncthing and it works great… works on all major operaring systems, encryption is on file level (unlike truecrypt)… on untrusted server there is no key it only synchronizes encrypted files an on trusted computers i decrypt files into virtual folder…
I am using Syncthing across a few computers and have setup an offsite node in another physical location (my parent’s house…), it’s a raspberry pi with an encrypted LUKS volume (external USB drive) that hosts my data. The machine boots up from SD, dials home to my network using OpenVPN (client-side certificate, which I can revoke if compromised), then emails me asking me to unlock the encrypted volume (which is done using a simple node.js app), mounts the data volume, and reloads syncthing which will begin syncing from that point on.
If this device gets stolen it’ll be disconnected from power and my data remains safe. I still run a risk of a local network exploit while the machine is online, but that risk is low and I’ve got no open ports (except over the VPN interface) and I run automatic updates daily.
I’d obviously much prefer a syncthing node which doesn’t ever see data in the clear, that would enable proper cloud hosted safe storage, but just wanted to propose this approach to people who are seeking a temporary solution.
I like the idea in theory (same size blocks everywhere so we dont give away metadata). But how well does it work in practice ESPECIALLY on Windows? Most of these dime-a-dozen encryption schemes work flawlessly on Linux (or some FUSE FS), and fall flat on their face in Windows. Maybe they’re trying to many things in background?
EncFSMP and EncFS4win are 2 of the recent things I’ve tried that just create tons of “weeping and gnashing of teeth” for me on Windows. Oh sure they START out working just fine… until that day comes when they suddenly lose half your files due to some wierd bug. Fortunately I keep offsite backups… but it’s hardly a ringing endorsement for trust in them. Or they are just extremely inconvenient to use for some reason. Also it makes me leery of ANY of these encryption schemes for Windows that ISN’T Bitlocker (or something made by Microsoft directly).
If I may ask, with over 30 backers and over a 1,000 dollar bounty, isn’t that enough to put some more effort into this (mind you, I didn’t say “implement it”)?
If I see correctly, the latest changes are about 2 years old. Are there so many other features or are you running into trouble that this can’t be finished?
I am kindly asking, and genuinly interested to know the reasons behind this not getting more attention.
I think it’s at the back of many people’s minds. There was a pull request the other day that didn’t really cut it but refreshed some ideas. I have a branch with some work in it. Doing it right is not trivial.
Hi
I came across Syncthing and would give it a shot - however, the missing “encrypt files on untrusted server” feature is a blocker for me. I don’t want to expose my private files to admins of my web hoster…
Any update on when this feature will be available?
Thumbs down for cryptomator from me as well. I had looked at it for a long time, it looked nice, but when I downloaded it to my Linux box and tried it it turned out to be a humongous bloated Java application with its own ideas about how it should be installed, which incidentally makes it useless with just a window manager - it needs one of the ‘desktop’ systems. Huge, heavy stuff. I could almost hear the sigh of relief from my server when I purged the junk from my system.
Fortunately there are alternative options out there.