Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-04-25 09:39:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

style: Rewording and reshuffling for consistency

Browse Source 
Signed-off-by: redoomed1 <redoomed1@privacyguides.org>
This commit is contained in:
redoomed1 2025-03-21 11:55:05 -07:00 committed by GitHub
parent f3161c913d
commit bb5ac65653
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
docs/cloud.md
View File

@ -10,7 +10,7 @@ cover: cloud.webp
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange } - [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
- [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal } - [:material-server-network: Service Providers](basics/common-threats.md#privacy-from-service-providers){ .pg-teal }
Many **cloud storage providers** require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure E2EE. Many **cloud storage providers** require your full trust that they will not look at your files. The alternatives listed below eliminate the need for trust by implementing secure end-to-end encryption.
If these alternatives do not fit your needs, we suggest you look into using encryption software like [Cryptomator](encryption.md#cryptomator-cloud) with another cloud provider. Using Cryptomator in conjunction with **any** cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients. If these alternatives do not fit your needs, we suggest you look into using encryption software like [Cryptomator](encryption.md#cryptomator-cloud) with another cloud provider. Using Cryptomator in conjunction with **any** cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients.
@ -27,7 +27,9 @@ For more technical readers, Nextcloud is [still a recommended tool](self-hosted.
![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right } ![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
**Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail). The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB. **Proton Drive** is an encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail).
The initial free storage is limited to 2 GB, but with the completion of [certain steps](https://proton.me/support/more-free-storage-existing-users), additional storage can be obtained up to 5 GB.
[:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary } [:octicons-home-16: Homepage](https://proton.me/drive){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" } [:octicons-eye-16:](https://proton.me/drive/privacy-policy){ .card-link title="Privacy Policy" }
@ -46,9 +48,7 @@ For more technical readers, Nextcloud is [still a recommended tool](self-hosted.
</div> </div>
The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/community/open-source). The Proton Drive web application has been independently audited by Securitum in [2021](https://proton.me/community/open-source), but the brand new mobile clients have not yet been publicly audited by a third party.
Proton Drive's brand new mobile clients have not yet been publicly audited by a third party.
## Tresorit ## Tresorit
@ -83,7 +83,9 @@ Tresorit has received a number of independent security audits:
- Computest discovered two vulnerabilities which have been resolved. - Computest discovered two vulnerabilities which have been resolved.
- [2019](https://tresorit.com/blog/ernst-young-review-verifies-tresorits-security-architecture): Penetration Testing by Ernst & Young. - [2019](https://tresorit.com/blog/ernst-young-review-verifies-tresorits-security-architecture): Penetration Testing by Ernst & Young.
- This review analyzed the full source code of Tresorit and validated that the implementation matches the concepts described in Tresorit's [white paper](https://prodfrontendcdn.azureedge.net/202208011608/tresorit-encryption-whitepaper.pdf). - This review analyzed the full source code of Tresorit and validated that the implementation matches the concepts described in Tresorit's [white paper](https://prodfrontendcdn.azureedge.net/202208011608/tresorit-encryption-whitepaper.pdf).
- Ernst & Young additionally tested the web, mobile, and desktop clients: "Test results found no deviation from Tresorits data confidentiality claims." - Ernst & Young additionally tested the web, mobile, and desktop clients. They concluded:
> Test results found no deviation from Tresorits data confidentiality claims.
[^1]: [ISO/IEC 27001](https://en.wikipedia.org/wiki/ISO/IEC_27001):2013 compliance relates to the company's [information security management system](https://en.wikipedia.org/wiki/Information_security_management) and covers the sales, development, maintenance and support of their cloud services. [^1]: [ISO/IEC 27001](https://en.wikipedia.org/wiki/ISO/IEC_27001):2013 compliance relates to the company's [information security management system](https://en.wikipedia.org/wiki/Information_security_management) and covers the sales, development, maintenance and support of their cloud services.
@ -125,7 +127,7 @@ Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November
### Minimum Requirements ### Minimum Requirements
- Must enforce end-to-end encryption. - Must enforce E2EE.
- Must offer a free plan or trial period for testing. - Must offer a free plan or trial period for testing.
- Must support TOTP or FIDO2 multifactor authentication, or passkey logins. - Must support TOTP or FIDO2 multifactor authentication, or passkey logins.
- Must offer a web interface which supports basic file management functionality. - Must offer a web interface which supports basic file management functionality.