Alternatives to Degoo for all platforms with any license

Platforms

Desktop

Mobile

Show 20 less popular platforms
1 out of 5 with 6 ratings

Degoo Comments

Beware the privacy/security implications

Comment by JohnFastman
about Degoo and Tresorit, Sync.com, BackBlaze · Jan 2017 · Helpful Not helpful 9 Helpful Report as spam

Degoo make a lot of noise about how secure they are because they use AES-256 encryption, TSL connections, etc. But the fact is that for the data to be genuinely private and secure, Degoo shouldn't store the keys that decrypt the data, otherwise they or hackers (if any broke into their server) could look at what you've got. There are all too many services that don't take this into account, don't care to or actively make use of the fact they can access your data, for example for marketing or even for collaborating by helping intelligence services profile you for mass surveillance.

The only truly safe model is for you to keep your keys and Degoo to store only encrypted version of your files. That is, your files get encrypted on your machine before upload to Degoo. Is that what they do? I can't tell from what they've written, so my guess is no.

There are services that are very clear about offering this. They are:

Look for services that use "zero-knowledge" (they can't tell what you're storing) or "end-to-end" encryption (same thing, essentially).
Without that, you can be sure that the service has access to your data. With it, they don't.

Dropbox and Evernote, who've been hacked a few times (see here for Dropbox and here for Evernote), and who can be forced to give your data away without even telling you, have therefore made people's data available to third parties beyond what their users agreed to. They are only examples. There are many others. Only the end-to-end encryption model can prevent this. Privacy policies won't. Be sure to store your data with an end-to-end encrypted model before it's too late.

reply

Comment by xvhpqg
about Degoo · May 2020 · Helpful Not helpful Report as spam

The article is not correct / up-to-date. Degoo explicitely says "End-to-end encryption - Your files are uploaded with transport layer security and are encrypted with AES-256", in all their plans, event the free one.

reply

I don't exactly in what point it's outdated. But something is correct, Degoo is not too secure related to the free plans. Despite it is has E2EE, according to its own website, on the free 100 GB plan there is no zero knowledge encryption, i.e. the user don't keep its private keys. With paid plans you'll do.