Using free "cloud" backup storage without compromising privacy

Posted by Stephen Schrauger on Sunday, 4 August 2013

There are plenty of great online backup services that give you a limited amount of free storage. The most well-known is Dropbox, which gives you 5 GB of storage for free. Google Drive gives you another 5 GB, and Microsoft's SkyDrive gives you 7 GB. Other less known places may give you more, such as ADrive with 50 GB or Shared with a whopping 100 GB.

All of these services of course have paid upgrades that give you more space, better interfaces, or remove restrictions on filetypes or file sizes. They generally prohibit multiple accounts in order to prevent people from opening a dozen or more to get unlimited free space.

Privacy Concerns

However, almost all of these services must comply with the government in which they are hosted (generally the U.S.), meaning the government may snoop on your files with a court order (or other legal mumbo-jumbo). Other than the government, the hosting companies themselves have access to your files. Even if they have service agreements that say they won't look at the files themselves, there is always the possibility of a rogue employee or a security breach that could leave your files visible to undesired third parties.

Encryption

The solution to this is to encrypt your files before ever uploading them to your backup service. Some services claim to encrypt the files for you, but if they can encrypt them, they can generally decrypt them if they need to. You are better off encrypting your backups locally so that you are the only one who can access the files.

The downside to encryption is that you increase the hassle of backing up files. And since you are the only one who can recover the files, you absolutely cannot forget the password used to encrypt them. If you do, there is no way to get them back. This, however, is kind of the point; After all, if someone else could recover the files for you, they could also recover the files for themselves.

Bcrypt

I use bcrypt to encrypt my files. It is a standard encryption algorithm, and it is available on Linux in the standard repositories. Just sudo apt-get install bcrypt and you're ready to go.

Uploading files the right way

Step 1: Combine all files into a single tar/zip

You should first tar or zip up all your files into a single file. There are several reasons this is a good idea:

  1. The first reason is to increase privacy. If you simply upload a folder of files, the filenames and folder structure will give away meta-data. For example, if you have a folder with all your photos, you likely have subfolders inside for each event or date. Since only the files get encrypted, the names of the files and folders will still be visible, which means the would-be hacker can see that you went to "2013.08.04 Secret Bad Guy's Convention". While they wouldn't be able to see any actual photos, the fact that the photos exist could prove detrimental to your privacy.
  2. Another reason is to bypass filetype restrictions. Many cloud storage sites prohibit apps/programs, as they could contain viruses or pirated software. By combining files into one blob (and later encrypting it), the only filetype the storage provider sees is .bcrypt.
  3. Finally, by creating one large file, it makes it easy to break into small chunks that can be used to bypass file-size restrictions. Most storage companies do not let you upload a file larger than 100 MB or some other arbitrary size, even if your allowed space is much larger. Once you know the limits, you can simply break your large blob into chunks that fit within the limitation of your respective cloud provider.

TAR stands for Tape ARchive, and it was originally used for tape backups. It is literally just one file right after the other, all squished into a single file. As there is no compression, this is very fast process and only takes as long as it takes to copy the files. If you are primarily backing up photos or music, this is probably a good option; Music and photos have already been compressed and don't get substantially smaller when compressed another time.

To tar your files in Linux on the command line, issue the tar command. Make sure your tar file is stored outside of the to-be-backed-up folder, as you don't want to tar the tar file.

tar -cvf /other/folder/backups.tar /folder/to/back/up

Step 2: Split the large file into smaller chunks

In order to get around file size limitations, break up your large file into smaller chunks. Make sure the chunk size is smaller than the maximum file size allowed by your storage provider.

split -b 500MB backups.tar backups.tar_

Step 3: Encrypt each chunk

Now we encrypt the resulting files. This will take some time, depending on the total size of the files. Be sure to use a very strong password. I like to go with a phrase of five random words, as explained in this xkcd comic and explained in more detail at Diceware. Since the words are randomly chosen (as opposed to a phrase from a book or song), the password is strong enough that it would be unlikely anyone could brute-force it. As always, you are still vunlerable to other attack avenues, such as keyloggers. Make sure to encrypt and decrypt on a computer you know to be free of viruses.

bcrypt backups.tar_*

Step 4: Upload the encrypted files

Your files are now encrypted, so upload them to the storage providor(s) of your choice. You'll want a fast connection if you are uploading very large files; most high speed home connections actually have a much slower upload speed. Try a library, university, or (if allowed) work connection to make things faster. More likely, though, you'll just keep your computer running for the hours/days it will take to upload everything.

Step 5: Document

Optionally, you will want to keep track of where you stored your backups. I have a Google Drive document that lists which online services I used for specific backups. For important things, I tend to back them up to multiple hosts. That way, if one of them goes out of business or otherwise renders your backups innaccessable, you still have another backup to fall back on.

Recovering your files

Now that your files are backed up, here are the instructions on how to recover them, should you ever need to.

Step 1: Download each encrypted file

Go to your hosting provider and download every encrypted file. Save them in a single folder.

Step 2: Decryption

In a Linux Terminal, navigate to the folder with all the encrypted files. Use bcrypt to decrypt them all. You do remember your encryption password, right?

bcrypt *.crypt

Step 3: Join the file chunks

Once all the files are decrypted, join them back into a single file using cat (concatonate). If you store the joined file in the same folder, make sure to use a different naming pattern from the file chunks, since you don't want cat to try reading the joined file as well.

cat backups.tar* > joined_backups.tar

Step 4: Extract files from the tar file

Now you simply un-tar the tar, which extract all of your files stored within it.

tar -xvf joined_backups.tar

Step 5: Pride

Be glad that you were smart enough to back up your important files. Even though your hard drive was destroyed when you spilled coffee into your computer, you can rest assured that those honeymoon photos can be recovered. Your marriage is saved!