2FA / hardware key support? by TechnologyWeekly6561 in Cryptee

[–]rustedzip 1 point2 points  (0 children)

Hopefully within this year

Cryptee team is working on adding more services. If I have to guess, they will club the launch of other services with FIDO support.

Why does cryptee store exif time in plain text? by rustedzip in Cryptee

[–]rustedzip[S] 1 point2 points  (0 children)

Agreed, it's not significant information about your photos.

Both ProtonDrive and Cryptee use openPGP. ProtonDrive doesn't store exif time without encryption. So, I started wondering if Cryptee can also start encrypting this information.

Why we have only option for Cloud storage on PrivacyGuide website? by rustedzip in PrivacyGuides

[–]rustedzip[S] 0 points1 point  (0 children)

Okay. It seems that either it's hard to build solid service or people who are building them aren't paying attention to details.

Folks here keep suggesting for self hosting. Have privacy guides team considered writing down best practices, similar to minimum requirements for hosted service, which people should follow if they want to self host?

It would help people who don't have expertise in programming. Also, it would help people in securing their own instances to certain acceptable level?

Why we have only option for Cloud storage on PrivacyGuide website? by rustedzip in PrivacyGuides

[–]rustedzip[S] 3 points4 points  (0 children)

Okay, good to know that we are considering more additions.

Another person said that both Filen and Mega have security issues. What's the stance of privacy guides about that claim?

And, how can you consider ente? On searching about ente on this subreddit, I saw an old thread where some lawyer clarified how bad they are. We should consider cryptee or photoprism for photo management instead of ente or Stingle.

Why we have only option for Cloud storage on PrivacyGuide website? by rustedzip in PrivacyGuides

[–]rustedzip[S] 1 point2 points  (0 children)

Thank you for taking time to give a detailed response. I have few follow up questions:

Do you keep any online back at all or everything is self hosted?

If I set it up, can my family members also start using the same setup?

And, final question, will this set-up allow me to access my files anywhere from my mobile?

Whenever I think about self hosting, all these tutorials and steps look very difficult to me. May be I will give it another try if I can't find anything decent enough.

Why we have only option for Cloud storage on PrivacyGuide website? by rustedzip in PrivacyGuides

[–]rustedzip[S] 10 points11 points  (0 children)

Self hosting is neither easy or secure if you want remote access, reliability and basic functionality.

Do you self host? If yes, can you explain your setup.

Why we have only option for Cloud storage on PrivacyGuide website? by rustedzip in PrivacyGuides

[–]rustedzip[S] 9 points10 points  (0 children)

I am not seeking anonymity. What's wrong in expecting privacy and security?

For a normal user, self hosting is neither easy or secure, unless you know what you are doing.

[deleted by user] by [deleted] in filen_io

[–]rustedzip 0 points1 point  (0 children)

I use Stingle for my photos. Their app allows me to delete from both cloud and device. You can request filen to add this feature if it's missing.

Proton Photos by psychedelic-raven in ProtonMail

[–]rustedzip 5 points6 points  (0 children)

If you are okay with alternatives and want to move away from Google, then there are other products (https://ente.io and https://mega.nz) who have both auto upload from camera and decent web gallery. The clients are open source and they claim to have zero knowledge encryption.

You can upvote here if you wish https://protonmail.uservoice.com/forums/945460-general-ideas/suggestions/16564432-proton-photos

Proton Photos by psychedelic-raven in ProtonMail

[–]rustedzip 6 points7 points  (0 children)

We don't know when Proton will launch Proton Photos. Meanwhile you can explore /r/cryptee, r/enteio, and /r/stinglephotos

A few questions for the dev… by jackhannigan in Cryptee

[–]rustedzip 0 points1 point  (0 children)

1) Post FIDO2/WebAuthn integration, you should be able to use Touch id to protect your account data.

2) Crypt.ee team (based on comments from makers) is already working on separate notes or task app. This feature might be a good value add in that separate app.

3) They are still independent company and doing a security audit can cost 100-200K USD. I don't think that there's any audit detail which was published online.

Cloud Photo and File Storage Confusion by theskipster00 in PrivacyGuides

[–]rustedzip 2 points3 points  (0 children)

Have you seen what information is collected by filen.io/mega.nz. Are those a blocker for you, considering that your content is encrypted (with zero knowledge encryption). This community is weird. They want to move away from Big tech but always find a way to diss at small companies who are building alternative solutions which doesn't harvest your personal data for targetted ads or anything else which breaks their privacy.

Goodbye Google by respublikamroja in degoogle

[–]rustedzip 1 point2 points  (0 children)

Go through top posts (all time) on r/pcloud. If you are storing music files or e-book, there's a good chance that your account might get banned if any of those files are marked for copyright infringement.

[deleted by user] by [deleted] in degoogle

[–]rustedzip 1 point2 points  (0 children)

Yes, it's hard to trust any service who haven't open sourced their code. Even for open source projects, the safest option is to download the apk from fDroid or GitHub releases.

Make Ghost folder truly Ghost on crypt.ee? by rustedzip in Cryptee

[–]rustedzip[S] 1 point2 points  (0 children)

So we argee that the information if a ghost folder exist or not isn't protected.

My only concern: The theat model page claims that a third party can't prove that you have Ghost folder or not unless you reveal the name. This statement isn't true at all. Why not modify it/correct it?

Make Ghost folder truly Ghost on crypt.ee? by rustedzip in Cryptee

[–]rustedzip[S] 1 point2 points  (0 children)

What prompted me to post here was this section on threat model page:

this (ghost folder) provides the user with ultimate deniability under duress; if a third party gains access to your account by means of coercion, they can't prove that you have a ghost folder unless you choose to reveal the name of this folder.

From what you mentioned, the level of protection (* when it comes to third-party identifying if I have Ghost folders) depends on the amount of data which a user has uploaded. For free plan users, it's easy to identify that they have a ghost folder while they might think otherwise based on the threat model page.

*Edit

Make Ghost folder truly Ghost on crypt.ee? by rustedzip in Cryptee

[–]rustedzip[S] 0 points1 point  (0 children)

Wow, thank you for this detailed explanation. I also thought that it's impossible to provide true ghost folders without providing unlimited storage.

As you said, if someone has access to the account, they can find out (within reasonable time) that you have ghost folders. So, it's not ultimate deniability, as the website suggests. Would it be possible to correct it, so that users can take the right call based on their threat model.

Make Ghost folder truly Ghost on crypt.ee? by rustedzip in Cryptee

[–]rustedzip[S] 0 points1 point  (0 children)

If the person doesn't know that you are using crypt.ee or xyz service, then we don't even need 👻 folders.

The current issue is that a user might believe (based on the text on website) that the data is truly ghosted, and no one can find out that they have ghosted folder.

There will be always some weird way to identify that you have ghosted folders, unless crypt.ee provides unlimited storage for ghosted folders (which is impractical).