"Canonical is very concerned about protecting the confidentiality of your personally identifiable information. We have security measures, including administrative, physical and electronic measures, to protect against the loss, misuse or alteration of information that we have collected from you in the use of the Ubuntu One service. These measures include SSL data encryption to transmit your data securely to Ubuntu One as well as technical architectures and systems to prevent unauthorised internal employees, contractors and affiliated organizations from accessing your data."
then again they may already have it encrypted.. to prevent "internal employees"
I am using Ubuntu One together with encfs and even though this workaround currently makes the service more useful than without there are some inconveniences that make this solution suboptimal.
1) encfs versions supplied between releases are incompatible.
I've got 2 10.4 LTS Desktops and 3 10.10 Desktops I'm syncing with.
2) Integration of cryptkeeper is nice but not sufficient. cryptkeeper should be integrated with dbus key ring management and the mappings between crypted directories and mount points should be configurable.
3) the distribution of a common key via encfs xml file is suboptimal. Each connected system should have it's own private key used for local decryption and each system should encrypt for all connected systems public key.
4) the local files mounted via encfs are (by default) ignored by updatedb/locate. This is fine for many uses of encfs but when all you want is to encrypt the data for cloud storage providers, it's actually inconvenient.
So what it needed is an encryption infrastructure that allows host specific encryption during replication. I'm not sure, but I suppose encfs could still be used behind the scenes but it's not something the user should be confronted with.