Recommend Tresorit (#2100)

This commit is contained in:
Jonah Aragon 2023-03-22 11:46:10 -05:00
parent 8fc748109d
commit aefa3e75c4
No known key found for this signature in database
3 changed files with 45 additions and 4 deletions

View File

@ -3,13 +3,13 @@ title: "Cloud Storage"
icon: material/file-cloud
description: Many cloud storage providers require your trust that they will not look at your files. These are private alternatives!
---
Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by either putting you in control of your data or by implementing E2EE.
Many cloud storage providers require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure E2EE.
If these alternatives do not fit your needs, we suggest you look into [Encryption Software](encryption.md).
If these alternatives do not fit your needs, we suggest you look into using encryption software like [Cryptomator](encryption.md#cryptomator-cloud) with another cloud provider. Using Cryptomator in conjunction with **any** cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients.
??? question "Looking for Nextcloud?"
Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do not recommend Nextcloud's built-in E2EE functionality for home users.
Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
## Proton Drive
@ -17,7 +17,7 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio
![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
**Proton Drive** is an E2EE general file storage service by the popular encrypted email provider [Proton Mail](https://proton.me/mail).
**Proton Drive** is a Swiss encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail).
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/legal/privacy){ .card-link title="Privacy Policy" }
@ -29,6 +29,45 @@ If these alternatives do not fit your needs, we suggest you look into [Encryptio
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
- [:simple-appstore: App Store](https://apps.apple.com/app/id1509667851)
The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/blog/security-audit-all-proton-apps), full details were not made available, but Securitum's letter of attestation states:
> Auditors identified two low-severity vulnerabilities. Additionally, five general recommendations were reported. At the same time, we confirm that no important security issues were identified during the pentest.
Proton Drive's brand new mobile clients have not yet been publicly audited by a third-party.
## Tresorit
!!! recommendation
![Tresorit logo](assets/img/cloud/tresorit.svg){ align=right }
**Tresorit** is a Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland.
[:octicons-home-16: Homepage](https://tresorit.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tresorit.com/legal/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.tresorit.com/hc/en-us){ .card-link title=Documentation}
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.tresorit.mobile)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id722163232)
- [:simple-windows11: Windows](https://tresorit.com/download)
- [:simple-apple: macOS](https://tresorit.com/download)
- [:simple-linux: Linux](https://tresorit.com/download)
Tresorit has received a number of independent security audits:
- [2022](https://tresorit.com/blog/tresorit-receives-iso-27001-certification/): ISO/IEC 27001:2013[^1] Compliance [Certification](https://www.certipedia.com/quality_marks/9108644476) by TÜV Rheinland InterCert Kft
- [2021](https://tresorit.com/blog/fresh-penetration-testing-confirms-tresorit-security/): Penetration Testing by Computest
- This review assessed the security of the Tresorit web client, Android app, Windows app, and associated infrastructure.
- Computest discovered two vulnerabilities which have been resolved.
- [2019](https://tresorit.com/blog/ernst-young-review-verifies-tresorits-security-architecture/): Penetration Testing by Ernst & Young.
- This review analyzed the full source code of Tresorit and validated that the implementation matches the concepts described in Tresorit's [white paper](https://prodfrontendcdn.azureedge.net/202208011608/tresorit-encryption-whitepaper.pdf).
- Ernst & Young additionally tested the web, mobile, and desktop clients: "Test results found no deviation from Tresorits data confidentiality claims."
[^1]: [ISO/IEC 27001](https://en.wikipedia.org/wiki/ISO/IEC_27001):2013 compliance relates to the company's [information security management system](https://en.wikipedia.org/wiki/Information_security_management) and covers the sales, development, maintenance and support of their cloud services.
They have also received the Digital Trust Label, a certification from the [Swiss Digital Initiative](https://www.swiss-digital-initiative.org/digital-trust-label/) which requires passing [35 criteria](https://digitaltrust-label.swiss/criteria/) related to security, privacy, and reliability.
## Criteria

View File

@ -130,6 +130,7 @@ For more details about each project, why they were chosen, and additional tips o
<div class="grid cards" markdown>
- ![Proton Drive logo](assets/img/cloud/protondrive.svg){ .twemoji } [Proton Drive](cloud.md#proton-drive)
- ![Tresorit logo](assets/img/cloud/tresorit.svg){ .twemoji } [Tresorit](cloud.md#tresorit)
</div>

View File

@ -0,0 +1 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%" height="100%" viewBox="0 0 608 704" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2;"><path id="symbol" d="M304,0l-304,176l0,352l304,176l304,-176l0,-352l-304,-176Zm-240,212.9l240,-138.94l104.84,60.68l-344.84,198.1l0,-119.84Zm480,278.198l-240,138.94l-240,-138.94l0,-84.54l408.84,-234.86l71.16,41.2l-0,278.2Z" style="fill:url(#_Linear1);fill-rule:nonzero;"/><g id="border" opacity="0.15"><path d="M304,0l304,176l0,352l-304,176l-304,-176l0,-352l304,-176m-240,332.74l344.84,-198.1l-104.84,-60.68l-240,138.94l0,119.84m240,297.298l240,-138.94l0,-278.2l-71.16,-41.2l-408.84,234.86l0,84.54l240,138.94m0,-627.728l-302,174.842l0,349.694l302,174.842l302,-174.842l0,-349.694l-302,-174.842Zm-242,333.884l0,-124.45l0.998,-0.578l240,-138.94l1.002,-0.578l1.002,0.58l104.84,60.68l3.002,1.738l-3.008,1.728l-344.84,198.1l-2.996,1.72Zm242,296.154l-1.002,-0.58l-240,-138.94l-0.998,-0.576l0,-86.85l1.004,-0.578l408.84,-234.86l1,-0.574l0.998,0.578l71.16,41.2l0.998,0.578l-0,280.506l-0.998,0.578l-240,138.94l-1.002,0.578Z" style="fill-rule:nonzero;"/></g><defs><linearGradient id="_Linear1" x1="0" y1="0" x2="1" y2="0" gradientUnits="userSpaceOnUse" gradientTransform="matrix(608,0,0,608,0,351.999)"><stop offset="0" style="stop-color:#00c4d5;stop-opacity:1"/><stop offset="1" style="stop-color:#2b6df1;stop-opacity:1"/></linearGradient></defs></svg>

After

Width:  |  Height:  |  Size: 1.6 KiB