[Bglug] Proton Drive

LP LPCC at pm.me
Fri Feb 19 16:38:52 EST 2021


Proton does not have keys on server.
I will send links to info when I get home later


Sent from ProtonMail mobile



\-------- Original Message --------
On Feb. 19, 2021, 2:21 p.m., ted leslie < ted.leslie at gmail.com> wrote:

>
>
>
> Just to be clear, not sure it was a rhetorical question, but for everyones info if they don't know.
>
> ZK means the supplier doesn't keep or have any way of getting the key to decrypt. To them,
>
> all your data can ever be is just "same what" random bits (assuming quantum comp. doesn't
>
> change that soon).
>
> If the vender has access to your key, then your data is only as safe as their key storage, and also
>
> they can be asked, depending on circumstances, and country, to turn over key.
>
>
>
>
> Of course other issues are.Vender says (even with audit) they don't read your key, but you still have to
>
> trust their local app on your machine, What gets a bit scary is if you choose to use web access.
>
> Then you have to trust that the web page does local java script key input and decryption (local run
>
> java code for decrypt/crypt algos) and that this is safe, audited, etc.
>
>
>
>
> One , probably, good solution is a ZK with a open source compiled local run app, and you trust the community
>
> is vetting the source so as to see the key is not used other than in local decrypt/encrypt.
>
> If they use major trusted auditors, then there is some warm feeling on their code base (i guess).
>
>
>
>
> The bulletproof ZK is to get a storage and small compute account, and use things (linux) like remote block device
>
> level protocol and iScsi emulation, with this you are the single person in control, and the server has your
>
> encrypted bytes, and a block level/iScsi setup to deliver those encrytped bytes back to you, but even the
>
> the decision of block level placement etc is done on your host. This however is brutal for performance access,
>
> as your local host is delivering basically block access r/w directions over the internet (it assumes this is local network).
>
> I have set up the above and it worked, but any break in network communications causes the disk to have to
>
> rebuild/check. So I had to use checkpoints (frequently) and rebuild, etc. Optimal solution but at a cost to
>
> having to have the knowledge and the time (and pain of admin).
>
> I think tesorit is basically doing the above, but it is built with fault tolerance on the block level, and its
>
> a constantly versioning file system, so they are usually only writing and not erasing (i.e. zfs like i did), often,
>
> with some clean up running as needed.
>
> Tesorit is fantastic, back when I used it, Apple used it for their Health Record project (giving it a brand name
>
> trust level), but the cost is just crazy.
>
>
>
>
> Agin, if someone finds a good ZK solution provider that is reasonably priced, do a follow up post, i only R&D
>
> 3 years ago, so not up-to-date on pricing.
>
>
>
>
> \-tl
>
>
>
>
> On Fri, Feb 19, 2021 at 8:50 AM Anthony Morassutti <[moralater9 at gmail.com][moralater9_gmail.com]> wrote:
>
>
> > yeah, I saw that complaint a lot about tresorit, and decided with once
> > I need one probably [sync.com][] unless something changes
> >
> > and yeah, what's the point of paying for a non-zero-knowledge cloud storage ?
> >
> > On 18/02/2021, ted leslie <[ted.leslie at gmail.com][ted.leslie_gmail.com]> wrote:
> > > Doesn't seem to say its zero-knowledge (like tresorit),
> > > not to sure how useful a non zero-knowledge cloud store is.
> > > If it is indeed ZK, post here (give) update, i used tresorit, but too
> > > expensive.
> > >
> > > -tl
> > >
> > > On Thu, Feb 18, 2021 at 8:13 AM Brad Rodriguez <[brad at bradrodriguez.com][brad_bradrodriguez.com]>
> > > wrote:
> > >
> > >> I know we have some ProtonMail users on this list, so I thought I'd pass
> > >> this on. They're now introducing Proton Drive for encrypted cloud
> > >> storage. The beta is available to some (paid) customers:
> > >>
> > >> https://protonmail.com/blog/proton-drive-early-access/
> > >>
> > >> And yes, I know this news is three months old. Such news travels slowly
> > >> to these parts.
> > >>
> > >> - Brad
> > >> --
> > >> [brad at bradrodriguez.com][brad_bradrodriguez.com]
> > >>
> > >> \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
> > >> Group mailing list
> > >> [Group at bglug.ca][Group_bglug.ca]
> > >> [http://bglug.ca/mailman/listinfo/group\_bglug.ca][http_bglug.ca_mailman_listinfo_group_bglug.ca]
> > >>
> > >
> >
> >
> > \--
> > Elive is a fast, beautiful, and powerful operating system that revives
> > computers up to 15 years old. It's the OS of the future that revives
> > the past. Elivecd.org
> > \--
> >
> > From TheTechRobo
> >
> >
> > Sent from the desk of a future tech artist using Gmail ([mail.google.com][])
> >
> > \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
> > Group mailing list
> > [Group at bglug.ca][Group_bglug.ca]
> > [http://bglug.ca/mailman/listinfo/group\_bglug.ca][http_bglug.ca_mailman_listinfo_group_bglug.ca]
> >


[moralater9_gmail.com]: mailto:moralater9 at gmail.com
[sync.com]: http://sync.com
[ted.leslie_gmail.com]: mailto:ted.leslie at gmail.com
[brad_bradrodriguez.com]: mailto:brad at bradrodriguez.com
[Group_bglug.ca]: mailto:Group at bglug.ca
[http_bglug.ca_mailman_listinfo_group_bglug.ca]: http://bglug.ca/mailman/listinfo/group_bglug.ca
[mail.google.com]: http://mail.google.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bglug.ca/pipermail/group_bglug.ca/attachments/20210219/123fd745/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://bglug.ca/pipermail/group_bglug.ca/attachments/20210219/123fd745/attachment.sig>


More information about the Group mailing list