Co-authored-by: Crowdin Bot <support+bot@crowdin.com>
7.0 KiB
title | icon | description |
---|---|---|
路由器固件 | material/file-cloud | Many cloud storage providers require your trust that they will not look at your files. These are private alternatives! |
许多云存储供应商需要你完全信任他们不会查看你的文件。 The alternatives listed below eliminate the need for trust by implementing secure E2EE.
If these alternatives do not fit your needs, we suggest you look into using encryption software like Cryptomator with another cloud provider. Using Cryptomator in conjunction with any cloud provider (including these) may be a good idea to reduce the risk of encryption flaws in a provider's native clients.
??? 问题 "寻找Nextcloud?"
Nextcloud is [still a recommended tool](productivity.md) for self-hosting a file management suite, however we do not recommend third-party Nextcloud storage providers at the moment, because we do [not recommend](https://discuss.privacyguides.net/t/dont-recommend-nextcloud-e2ee/10352/29) Nextcloud's built-in E2EE functionality for home users.
Proton Drive(Proton 云盘)
!!! recommendation
![Proton Drive logo](assets/img/cloud/protondrive.svg){ align=right }
**Proton Drive** is a Swiss encrypted cloud storage provider from the popular encrypted email provider [Proton Mail](email.md#proton-mail).
[:octicons-home-16: 主页](https://grapheneos.org/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://proton.me/support/drive#privacy-policy){ .card-link title="隐私政策" }
[:octicons-info-16:](https://grapheneos.org/faq){ .card-link title=文档}
[:octicons-code-16:](https://github.com/ProtonMail/WebClients){ .card-link title="源代码" }
[](){ .card-link title="贡献" } 下载
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=me.proton.android.drive)
- [:simple-appstore: Web](https://apps.apple.com/app/id1509667851)
The Proton Drive web application has been independently audited by Securitum in 2021, full details were not made available, but Securitum's letter of attestation states:
Auditors identified two low-severity vulnerabilities. Additionally, five general recommendations were reported. At the same time, we confirm that no important security issues were identified during the pentest.
Proton Drive's brand new mobile clients have not yet been publicly audited by a third-party.
Tresorit
!!! recommendation
![Tresorit logo](assets/img/cloud/tresorit.svg){ align=right }
**Tresorit** is a Hungarian encrypted cloud storage provider founded in 2011. Tresorit is owned by the Swiss Post, the national postal service of Switzerland.
[:octicons-home-16: Homepage](https://tresorit.com/){ .md-button .md-button--primary }
[:octicons-eye-16:](https://tresorit.com/legal/privacy-policy){ .card-link title="Privacy Policy" }
[:octicons-info-16:](https://support.tresorit.com/hc/en-us){ .card-link title=Documentation}
??? downloads
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=com.tresorit.mobile)
- [:simple-appstore: App Store](https://apps.apple.com/app/apple-store/id722163232)
- [:simple-windows11: Windows](https://tresorit.com/download)
- [:simple-apple: macOS](https://tresorit.com/download)
- [:simple-linux: Linux](https://tresorit.com/download)
Tresorit has received a number of independent security audits:
- 2022: ISO/IEC 27001:20131 Compliance Certification by TÜV Rheinland InterCert Kft
- 2021: Penetration Testing by Computest
- This review assessed the security of the Tresorit web client, Android app, Windows app, and associated infrastructure.
- Computest discovered two vulnerabilities which have been resolved.
- 2019: Penetration Testing by Ernst & Young.
- This review analyzed the full source code of Tresorit and validated that the implementation matches the concepts described in Tresorit's white paper.
- Ernst & Young additionally tested the web, mobile, and desktop clients: "Test results found no deviation from Tresorit’s data confidentiality claims."
They have also received the Digital Trust Label, a certification from the Swiss Digital Initiative which requires passing 35 criteria related to security, privacy, and reliability.
Criteria
Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. We suggest you familiarize yourself with this list before choosing to use a project, and conduct your own research to ensure it's the right choice for you.
!!! example "This section is new"
We are working on establishing defined criteria for every section of our site, and this may be subject to change. If you have any questions about our criteria, please [ask on our forum](https://discuss.privacyguides.net/latest) and don't assume we didn't consider something when making our recommendations if it is not listed here. There are many factors considered and discussed when we recommend a project, and documenting every single one is a work-in-progress.
Minimum Requirements
- 使用端到端加密
- 必须提供免费计划或试用期进行测试。
- 必须支持TOTP或FIDO2多因素认证,或Passkey登录。
- 必须提供一个支持基本文件管理功能的网络界面。
- 必须允许所有文件/文档的轻松导出。
- 必须使用标准的、经过审计的加密技术。
Best-Case
Our best-case criteria represents what we would like to see from the perfect project in this category. Our recommendations may not include any or all of this functionality, but those which do may rank higher than others on this page.
- 客户端应是开源的。
- 客户端应由独立的第三方对其进行全面的审计。
- 应提供Linux、Android、Windows、macOS和iOS的本地客户端。
- 这些客户端应该与云存储供应商的本地操作系统工具集成,如iOS上的Files应用集成,或Android上的DocumentsProvider功能。
- 应支持与其他用户轻松分享文件。
- 应在网络界面上至少提供基本的文件预览和编辑功能。
-
ISO/IEC 27001:2013 compliance relates to the company's information security management system and covers the sales, development, maintenance and support of their cloud services. ↩︎