Alternatives to Degoo for all platforms with any license




Show 20 less popular platforms

Degoo Comments

Beware the privacy/security implications

Comment by JohnFastman
about Degoo and Tresorit,, BackBlaze · Jan 2017 · Helpful Not helpful 5 Helpful Report as spam

Degoo make a lot of noise about how secure they are because they use AES-256 encryption, TSL connections, etc. But the fact is that for the data to be genuinely private and secure, Degoo shouldn't store the keys that decrypt the data, otherwise they or hackers (if any broke into their server) could look at what you've got. There are all too many services that don't take this into account, don't care to or actively make use of the fact they can access your data, for example for marketing or even for collaborating by helping intelligence services profile you for mass surveillance.

The only truly safe model is for you to keep your keys and Degoo to store only encrypted version of your files. That is, your files get encrypted on your machine before upload to Degoo. Is that what they do? I can't tell from what they've written, so my guess is no.

There are services that are very clear about offering this. They are:

Look for services that use "zero-knowledge" (they can't tell what you're storing) or "end-to-end" encryption (same thing, essentially).
Without that, you can be sure that the service has access to your data. With it, they don't.

Dropbox and Evernote, who've been hacked a few times (see here for Dropbox and here for Evernote), and who can be forced to give your data away without even telling you, have therefore made people's data available to third parties beyond what their users agreed to. They are only examples. There are many others. Only the end-to-end encryption model can prevent this. Privacy policies won't. Be sure to store your data with an end-to-end encrypted model before it's too late.