diff --git a/docs/cloud.md b/docs/cloud.md index 982d110c..66642a25 100644 --- a/docs/cloud.md +++ b/docs/cloud.md @@ -10,7 +10,7 @@ cover: cloud.webp - [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } -Many **cloud storage providers** require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure E2EE. +Many **cloud storage providers** require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure end-to-end encryption. If these alternatives do not fit your needs, we suggest you look into using encryption software like [Cryptomator](encryption.md#cryptomator-cloud) with another cloud provider. Using Cryptomator in conjunction with **any** cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients. @@ -27,7 +27,9 @@ For more technical readers, Nextcloud is [still a recommended tool](self-hosted. ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } -**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB. +**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). + +The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB. [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary } [:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" } @@ -46,9 +48,7 @@ For more technical readers, Nextcloud is [still a recommended tool](self-hosted. -The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/community/open-source). - -Proton Drive's brand new mobile clients have not yet been publicly audited by a third party. +The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/community/open-source), but the brand new mobile clients have not yet been publicly audited by a third party. ## Tresorit @@ -83,7 +83,9 @@ Tresorit has received a number of independent security audits: - Computest discovered two vulnerabilities which have been resolved. - [2019](https://tresorit.com/blog/ernst-young-review-verifies-tresorits-security-architecture): Penetration Testing by Ernst & Young. - This review analyzed the full source code of Tresorit and validated that the implementation matches the concepts described in Tresorit's [white paper](https://prodfrontendcdn.azureedge.net/202208011608/tresorit-encryption-whitepaper.pdf). - - Ernst & Young additionally tested the web, mobile, and desktop clients: "Test results found no deviation from Tresorit’s data confidentiality claims." + - Ernst & Young additionally tested the web, mobile, and desktop clients. They concluded: + + > Test results found no deviation from Tresorit’s data confidentiality claims. [^1]: [ISO/IEC 27001](https://en.wikipedia.org/wiki/ISO/IEC_27001):2013 compliance relates to the company's [information security management system](https://en.wikipedia.org/wiki/Information_security_management) and covers the sales, development, maintenance and support of their cloud services. @@ -125,7 +127,7 @@ Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November ### Minimum Requirements -- Must enforce end-to-end encryption. +- Must enforce E2EE. - Must offer a free plan or trial period for testing. - Must support TOTP or FIDO2 multifactor authentication, or passkey logins. - Must offer a web interface which supports basic file management functionality.