Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 22700 ideas, 138270 comments, 2629576 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas
Idea #23633: ubuntu one encrypted

Written by bereshit the 10 Feb 10 at 16:27. Category: Internet & Networking. Related project: Nothing/Others. Status: New
Rationale
the weak point of cloud computing is the security and privacy.

when you synchronize data with server ubuntu one, I think it would be a good thing to give the possibility to encrypt them before synching.

it would be optional, and a free choice of the user, and in case the encryption would be on his PC, then there wouldn't be heavier on the server of ubuntu one.

if you could then manage the process of encryption by giving it a lower priority so as not to lock the computer.
Tags: one ubuntu

49
votes
up equal down
Solution #1: integrate encryption program with one client ubuntu
Written by bereshit the 10 Feb 10 at 16:27.
as title, any program for integrating encryption with Ubuntu one.

so that if the user selects the encryption option in the client ubuntu one, the folder itself is automatically encrypted and thus its remote counterpart.

Propose your solution

Attachments
No attachments.


Duplicates


Comments
tntricker wrote on the 11 Feb 10 at 18:36
how are you going to manage the encryption keys? each machine set to sync needs a public key to decrypt those files(and putting it in the cloud would defeat the purpose).

Also isn't this the reason the Ubuntu one has machine registration and SSH file transfers?

bereshit wrote on the 12 Feb 10 at 13:45
use symmetric encryption based only on a password

ubuntu one is a single user, it is not necessary to use an asymmetrical system.

bereshit wrote on the 12 Feb 10 at 13:48
for the second point you made is not a question of security for transfer, but the fact that the data is stored unencrypted on the server

thanks for the comments

tntricker wrote on the 12 Feb 10 at 15:52
Having some server side data unencrypted for some admins is part of Canonical's privacy policy, they collect usage data on the files. I'm not saying that I agree with the fact admins have access to your files but right now I don't see Canonical changing that policy until Ubuntu One matures.

https://one.ubuntu.com/privacy/

"Canonical is very concerned about protecting the confidentiality of your personally identifiable information. We have security measures, including administrative, physical and electronic measures, to protect against the loss, misuse or alteration of information that we have collected from you in the use of the Ubuntu One service. These measures include SSL data encryption to transmit your data securely to Ubuntu One as well as technical architectures and systems to prevent unauthorised internal employees, contractors and affiliated organizations from accessing your data."

then again they may already have it encrypted.. to prevent "internal employees"

bereshit wrote on the 22 Feb 10 at 15:48
All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password.


To prevent "internal employees, but also for greater security in general, encryption should be better used in many contexts.

However I agree with you, maybe in the future will be implemented by the same canonical (ubuntu one is still in beta), or someone will write code to add this functionality to the client.

doldraug wrote on the 6 Mar 10 at 22:28
use symmetric encryption based only on 4096 bits or more.

captain wrote on the 2 Aug 10 at 15:33
This is a necessary feature for me. Right now, I use SpiderOak for this. I would use Ubuntu One if I knew that my files were encrypted with my password and only I knew my password.

elias123 wrote on the 27 Sep 10 at 01:34
Excellent idea what is missing in Ubuntu One Now!



If Canonical will provide great!

Vinas wrote on the 18 Oct 10 at 20:56
That's really crazy that Ubuntu One does _not_ use encryption on the server!!! Man was I stupid to sync a bunch of personal files. I'll be pulling those off shortly...

It's my fault for not checking but I though surely a linux based host would have bullet proof security on the server. Now I feel like a sucker for paying the $30 for more space...

Guess I'll have to encrypt my own files until this year is up. Man does that suck. What a huge let down!

polzin wrote on the 17 Nov 10 at 00:15
There is an easy workaround: Use encFS

A lot of descriptions exist, how to do this, e.g.

http://www.moritzmolch.de/2010/04/28/using-encfs-with-cryptkeeper-on-top-of-dro pbox-or-ubuntu-one/

Disadvantages:
* does not work on windows
* requires a minimal initialisation on each host

ayers wrote on the 14 Mar 11 at 15:50
I am using Ubuntu One together with encfs and even though this workaround currently makes the service more useful than without there are some inconveniences that make this solution suboptimal.

1) encfs versions supplied between releases are incompatible.
I've got 2 10.4 LTS Desktops and 3 10.10 Desktops I'm syncing with.
2) Integration of cryptkeeper is nice but not sufficient. cryptkeeper should be integrated with dbus key ring management and the mappings between crypted directories and mount points should be configurable.
3) the distribution of a common key via encfs xml file is suboptimal. Each connected system should have it's own private key used for local decryption and each system should encrypt for all connected systems public key.
4) the local files mounted via encfs are (by default) ignored by updatedb/locate. This is fine for many uses of encfs but when all you want is to encrypt the data for cloud storage providers, it's actually inconvenient.

So what it needed is an encryption infrastructure that allows host specific encryption during replication. I'm not sure, but I suppose encfs could still be used behind the scenes but it's not something the user should be confronted with.

avl555 wrote on the 6 Oct 11 at 17:05
Maybe look at how Firefox Sync works? It has already strong encryption and is (in my opinion) a good balance between user experience and strong encryption.


Post your comment