[Bglug] Proton Drive

ted leslie ted.leslie at gmail.com
Fri Feb 19 14:21:12 EST 2021

Just to be clear, not sure it was a rhetorical question, but for everyones
info if they don't know.
ZK means the supplier doesn't keep or have any way of getting the key to
decrypt. To them,
all your data can ever be is just "same what" random bits (assuming quantum
comp. doesn't
change that soon).
If the vender has access to your key, then your data is only as safe as
their key storage, and also
they can be asked, depending on circumstances, and country, to turn over

Of course other issues are.Vender says (even with audit) they don't read
your key, but you still have to
trust their local app on your machine, What gets a bit scary is if you
choose to use web access.
Then you have to trust that the web page does local java script key input
and decryption  (local run
java code for decrypt/crypt algos) and that this is safe, audited, etc.

One , probably, good solution is a ZK with a open source compiled local run
app, and you trust the community
is vetting the source so as to see the key is not used other than in local
If they use major trusted auditors, then there is some warm feeling on
their code base (i guess).

The bulletproof ZK is to get a storage and small compute account, and use
things (linux) like remote block device
level protocol and iScsi emulation, with this you are the single person in
control, and the server has your
encrypted bytes, and a block level/iScsi setup to deliver those encrytped
bytes back to you, but even the
the decision of block level placement etc is done on your host. This
however is brutal for performance access,
as your local host is delivering basically block access r/w directions over
the internet (it assumes this is local network).
I have set up the above and it worked, but any break in network
communications causes the disk to have to
rebuild/check. So I had to use checkpoints (frequently) and rebuild, etc.
Optimal solution but at a cost to
having to have the knowledge and the time (and pain of admin).
I think tesorit is basically doing the above, but it is built with fault
tolerance on the block level, and its
a constantly versioning file system, so they are usually only writing and
not erasing (i.e. zfs like i did), often,
with some clean up running as needed.
Tesorit is fantastic, back when I used it, Apple used it for their Health
Record project (giving it a brand name
trust level), but the cost is just crazy.

Agin, if someone finds a good ZK solution provider that is reasonably
priced, do a follow up post, i only R&D
3 years ago, so not up-to-date on pricing.


On Fri, Feb 19, 2021 at 8:50 AM Anthony Morassutti <moralater9 at gmail.com>

> yeah, I saw that complaint a lot about tresorit, and decided with once
> I need one probably sync.com unless something changes
> and yeah, what's the point of paying for a non-zero-knowledge cloud
> storage ?
> On 18/02/2021, ted leslie <ted.leslie at gmail.com> wrote:
> > Doesn't seem to say its zero-knowledge (like tresorit),
> > not to sure how useful a non zero-knowledge cloud store is.
> > If it is indeed ZK,  post here (give) update, i used tresorit, but too
> > expensive.
> >
> > -tl
> >
> > On Thu, Feb 18, 2021 at 8:13 AM Brad Rodriguez <brad at bradrodriguez.com>
> > wrote:
> >
> >> I know we have some ProtonMail users on this list, so I thought I'd pass
> >> this on.  They're now introducing Proton Drive for encrypted cloud
> >> storage.  The beta is available to some (paid) customers:
> >>
> >> https://protonmail.com/blog/proton-drive-early-access/
> >>
> >> And yes, I know this news is three months old.  Such news travels slowly
> >> to these parts.
> >>
> >> - Brad
> >> --
> >> brad at bradrodriguez.com
> >>
> >> _______________________________________________
> >> Group mailing list
> >> Group at bglug.ca
> >> http://bglug.ca/mailman/listinfo/group_bglug.ca
> >>
> >
> --
> Elive is a fast, beautiful, and powerful operating system that revives
> computers up to 15 years old. It's the OS of the future that revives
> the past. Elivecd.org
> --
> From TheTechRobo
> Sent from the desk of a future tech artist using Gmail (mail.google.com)
> _______________________________________________
> Group mailing list
> Group at bglug.ca
> http://bglug.ca/mailman/listinfo/group_bglug.ca
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bglug.ca/pipermail/group_bglug.ca/attachments/20210219/5a3c682f/attachment.html>

More information about the Group mailing list