Overkill

Level 31
Verified
Trusted
Hi guys. My family wants to upload alot of family pics online to shutterfly and I don't know anything about that site, so I told them it's best to encrypt everything first then upload (cause I don't trust cloud storage in the first place) but I am not sure what sites support this?
 

Spawn

Administrator
Verified
Staff member
You can encrypt files and photos for storage only - but for viewing, sharing and downloading there's not much point. They could use Facebook otherwise, set to Private or limited certain groups.

Shutterfly - Photo Books, Holiday Cards, Photo Cards, Birth Announcements, Photo Printing | Shutterfly

Easy photo gifts. Easy photo upload. Easy photo share. Anytime, anywhere.
  • Create and order Prints, Decor, and Gifts with Shutterfly photos
  • Safe and secure checkout
  • Upload your smartphone photos to Shutterfly - quickly and easily
  • Enjoy your Shutterfly pictures anywhere, anytime, from your device
  • Share photos in your Shutterfly albums with your friends and family
  • Access your Share Sites albums and post new photos to your Share Sites accounts.
You can order prints, photo books, and photo gifts with your iPhone, iPad, Android Smartphone or Tablet, Facebook, Instagram and Shutterfly photos.

Source: Shutterfly Alternatives and Similar Software - AlternativeTo.net
 

Overkill

Level 31
Verified
Trusted
Uhm i would never use facebook for this! theoretical facebook have the right to post anything u post public, to get every photo u post there. facebook should be the last place for saftly have something.


How about something like this?

Home Page

End-to-End Encrypted Cloud Storage for Businesses | Tresorit

MEGA
I prefer MEGA but they want to be able to view the files that they upload, so I will probably have to make a backup copy to upload to MEGA and one to store offline
 

Dirk41

Level 17
Verified
What about Google photo ?
Google photo reduce the quality too, but for me it's enough, I don't shoot with a reflex . And you have unlimited space.
If you want to save original photo , just 15GB ( then you have to pay).
Two step verification , safe. I mean I never heard something like yahoo happened to google .

But I save also on external HDs.



MEGA: in Italy for example some time ago police made Mega unreachable
 
  • Like
Reactions: LASER_oneXM

DardiM

Level 26
Verified
Trusted
Malware Hunter
Hi guys. My family wants to upload alot of family pics online to shutterfly and I don't know anything about that site, so I told them it's best to encrypt everything first then upload (cause I don't trust cloud storage in the first place) but I am not sure what sites support this?
Why ? If they want to share pics with other family members, it is safer to encrypt the data before uploading it.
If they want to let the pics in clear online ... I think it is not a safe behavior (from private / security point of view)
 
Last edited:
W

Wave

Encrypt the files you want to upload with AES-256 or RSA-2048 and make sure you keep the private key stored somewhere as you'll require it for the decryption of the encrypted files. You can keep backups of the private keys in a text file stored on external removable disk devices (such as USB/external HDD), on your phone, or even write it down on paper if you have the time and patience (but make sure you wrote it down correctly if you do this, the key can be long sometimes and tricky to follow).

After encryption of the target documents (e.g. pictures) you want to make an archive (e.g. via 7-Zip) for all the documents and then you want to add the documents into the archive. Make sure the archive is password protected with at least AES-256 (7-Zip supports this).

Then you want to upload the password-protected archive to a cloud host such as Google Drive, Mediafire, Dropbox (maybe all of them if you want multiple backups hosted online). You won't need to necessarily worry about it being "safe" so much, but more so "reliable" for the hosting of the archive. The last thing you want is for them to revoke the upload/download unexpectedly, thus making it inaccessible... Of course, the host being secure is still important, however since the documents are all protected to a reasonable extent due to the previous steps, you won't need to worry about that as much.

If the cloud host becomes compromised by an attacker and a hacker obtains your archive containing your personal documents (or if the cloud hosts happen to access the files for whatever reason based on the privacy policy) they won't actually be able to use the documents. Firstly, the archive would be password protected (with at least AES-256 encryption) and the files within the archive would be protected, too. It would take them too much time to attempt to access the files (e.g. via brute-force of the password), thus making it a waste of time, especially since they may not be able to gain access after spending all the time on trying... And secondly, if anyone wanted some documents to use (e.g. someone else's photos) they can go online and get someone else's or find someone else's documents... it wouldn't be worth anyone's time spending the time and effort to brute-force the archive AND the encryption for the documents themselves afterwards.

Alternatively, you can just password-protect the archive or just encrypt the documents within the archive, but for increased security you should use both methods.

Make sure you use long passwords (at least 12 characters) which are more complicated (e.g. the archive password) - therefore make sure to include random usage of numbers and special characters. The longer and the more complex the password will increase the difficulty for brute-forcing of the password.

It seems MEGA isn't even active anymore, I think it ended up being shutdown. I was unable to find the website online anymore... According to recent tweets from the owner of MEGA, MegaUpload will be returning: Kim Dotcom on Twitter

Regardless though, MEGA stopped being secure throughout the past year. Source: Kim Dotcom: 'I don't think your data is safe on Mega anymore'

Just some suggestions!

Hope this helped, stay safe,
Wave. ;)
 
Last edited by a moderator:
H

hjlbx

Hi guys. My family wants to upload alot of family pics online to shutterfly and I don't know anything about that site, so I told them it's best to encrypt everything first then upload (cause I don't trust cloud storage in the first place) but I am not sure what sites support this?
There is no way to definitively measure cloud security without extensive pen-testing.

Most of the marketing materials are hyperbole.

Fretting about cloud storage security is pointless; your family just wants to be able to use it reliably and easily.
 

Atlas147

Level 30
Verified
Content Creator
The only way for your data to be kept truly safe is for it to be encrypted before you even upload it to the cloud. Have to agree with @Wave on using 7zip to encrypt archives before you put them in the cloud. However there are certainly other things you have to think about like when you want to view those photos again you'll have to first download the entire archive back and then start decrypting them before you'll even be able to see a preview of it. As such I wouldn't recommend doing an encryption before uploading it.

My rule of thumb is if you think something is too important to upload without encryption then it should just stay in your computer. But to me photos are okay, I have a tons of family photos and such uploaded in the various drives, in the event that the cloud services are hacked the files do not pose a threat to me.

Also set 2 factor authentications if you're that scared of other people gaining access to your accounts!
 
W

Wave

If you're worried about an attacker gaining access to your files in the event of a cloud network becoming compromised then stick with Google Drive... How often do you hear about Google becoming compromised? That's right, you don't, because it's more rare. Of course they do get hacked (e.g. people win the bug bounties sometimes), but nothing major really happens because they have excellent and top-notch security - the employees watching everything over really know what they are doing.

As for Google itself (the search engine), I cannot remember the last time someone successfully managed to carry out a DDoS attack which didn't become mitigated... Google is always online for me, for as long as I can remember, and the only time websites like YouTube go down for me is when they are undergoing manual maintenance, as opposed to it being a result of an attack.

If you do not wish to have your documents decrypted via the private key once you've re-downloaded the archive then just password-protect the archive and be done with it - your files will still be safe as long as you had used at least AES-256 encryption for the password and chose a long and complex password (which will fight against brute-force attempts as it'll take longer for it to become successful).
 

BoraMurdar

Community Manager
Verified
Staff member
It seems MEGA isn't even active anymore, I think it ended up being shutdown. I was unable to find the website online anymore... According to recent tweets from the owner of MEGA, MegaUpload will be returning: Kim Dotcom on Twitter
MEGA is running with full speed :p MEGA, using their services for quite some time now and no problems. Yeah, Kim said all kinds of stuff on his Twitter account but MEGA admins refuted almost everything he said, calling him a drama queen :) 1 year passed from then, and nothing happened actually.
Spideroak and Tresorit, besides MEGA, are probably the safest but although not free.
 

jamescv7

Level 61
Verified
Trusted
Actually if you are going to choose which safest cloud storage then expect not on Google Drive or even Dropbox.

Since they implement basic/standard security measures for convenience and majority came from not so use by audience.

Try Wuala

Wuala encrypts your files locally, and then uploads them to the cloud for safe keeping. You start with 5GB for free, and after that it's $4/mo for 20GB, $7/mo for 50GB, or $12/mo for 100GB. Like SpiderOak, Wuala handles encryption and decryption locally using a password you set, so no one can access your files.
Wuala uses AES- 256 for encryption, RSA 2048 for signatures and for key exchange when sharing folders, and SHA-256 for integrity checks.
Source
 

Dirk41

Level 17
Verified
Google drive or Google photo isn't the same for security ?! Same Google account . You can easily watch them all together . And they are not shared with anyone unless you do .