data encryption (client-side as well as server-side)

Reported by Jonathan Ernst on 2009-05-12
434
This bug affects 82 people
Affects Status Importance Assigned to Milestone
Ubuntu One Client
Wishlist
Unassigned
Ubuntu One Servers
Wishlist
Unassigned

Bug Description

By reading the terms of use, I have the feeling that data stored on Ubuntu One servers is not encrypted with a user cryptographic key. This concerns me as my data would be at the mercy of an attacker if the servers security is breached (or a Canonical operative gone mad for that matter ;-))

Niels Egberts (nielsegberts) wrote :

I'm also in favor of encrypting the files on the server.

Paulo J. S. Silva (pjssilva) wrote :

Note that, even though drop box does not encrypt the data on the server, there are other services that do it. See for example spideroak.

Rick McBride (rmcbride) wrote :

Thanks for the feedback. Interesting points have been made. I'm tagging this for followop by the appopriate team

tags: added: foundations+
Changed in ubuntuone-client:
importance: Undecided → Medium
milestone: none → later
status: New → Triaged
Jens Askengren (jens-askengren) wrote :

If Ubuntu One is planning to implement simple web gallery like Dropbox, then files can't be encrypted on the server.

Encryption could may be toggled per-directory? The drawback is that all files in the directory would need to be retransmitted to the server when turning on/off encryption.

At UDS some ideas were discussed for encryption that provided a nice
intermediate solution - more protection than we have now, but not
crippling sharing, web ui, etc. I font know all the details, but maybe
someone else can describe the idea here.

--
Elliot Murphy

On Jun 10, 2009, at 5:22 PM, Jens Askengren <email address hidden>
wrote:

> If Ubuntu One is planning to implement simple web gallery like
> Dropbox,
> then files can't be encrypted on the server.
>
> Encryption could may be toggled per-directory? The drawback is that
> all
> files in the directory would need to be retransmitted to the server
> when
> turning on/off encryption.
>
> --
> Data should be encrypted on the server
> https://bugs.launchpad.net/bugs/375289
> You received this bug notification because you are a member of Ubuntu
> One hackers, which is subscribed to Ubuntu One Client.
>
> Status in Ubuntu One Client: Triaged
>
> Bug description:
> By reading the terms of use, I have the feeling that data stored on
> Ubuntu One servers is not encrypted with a user cryptographic key.
> This concerns me as my data would be at the mercy of an attacker if
> the servers security is breached (or a Canonical operative gone mad
> for that matter ;-))
>

But you can Encrypt and Sign your files with your Key,
Right click--->Encrypt...
I do that and works perfectly.

Steve Alexander (stevea) wrote :

That's right Elliot.

Eventually, we'll be using encryption in two places.

1. The Ubuntu One servers will encrypt each user's data with a key unique to that user, before storing it in Amazon's S3 service or any other scalable storage services we use. The point of this is that if there's a break-in to S3, there is no exposure of private data; and if one of the Ubuntu One storage API servers is compromised, there is a small exposure of private data, based on the users who were using that particular storage server at the time. It still means we need to keep the database of these encryption keys very very safe. We have facilities and procedures do that in the Canonical data centre, and this gives us one database that we need to keep secure and monitor very carefully.
We'll be making this change right away.

2. We'll integrate the Ubuntu One file storage that runs on desktops with the ecryptfs facilities in Ubuntu, so a user can choose whether a particular directory should be sent to the Ubuntu One servers in the clear (and be easily used for photo galleries and in a web-based file manager), or that it should be sent encrypted, so the Ubuntu One servers cannot read the contents of the files, but so that other Desktop machines that share ecryptfs keys can receive the files and read them. There will be some secure way of sharing keys among computers.
We've talked with people at UDS about this, but it's more complicated, so we won't be working on this for a while.

Rolf Leggewie (r0lf) on 2009-06-25
summary: - Data should be encrypted on the server
+ data encryption (client-side as well as server-side)
Steve Alexander (stevea) wrote :

The server-side encryption part of this bug is described in bug 409355.

Changed in ubunet:
status: New → Triaged
importance: Undecided → Wishlist
Changed in ubuntuone-client:
importance: Medium → Wishlist
Stephan (resol) wrote :

I think this is an absolute essential feature! Especially the client side one.

Josef Andersson (northar) wrote :

This is a must have. I would like to use Ubuntu One for some company stuff, but not before encryption is default

themuddler (mike-udall) wrote :

I suspect that many are aware of this already, but thought it worth mentioning for northa and others in a similar position. Encfs can layer encryption on top of Ubuntu One manually, and the setup is very straightforward. See this post by 'manosx' for further info:

http://ubuntuforums.org/showthread.php?t=1357188

Hope that helps some people bridge the gap while awaiting the official feature.

I will be glad to have this option too. An option like
Store this folder through encfs with this password.

Currently I only use ubuntu one for small configuration files.
Before I use it for my pictures other such other folders, and therefore before I need a paying account, I need the possibility to encrypt.

Carlos

ptah (brett-h-l) wrote :

I think this discussion is inane. If you have data that is truly worth of encryption, then encrypt your own partition or folder before sending it to the cloud. You're a fool to outsource encryption.

papukaija (papukaija) wrote :

Don't forget that the user's files may have already been encrypted by ecrytfs (auto enecrypt mode is available in Ubuntu's installer since Karmic).

I'd like the encryption to work like with Jungledisk. The user defines a key that is not stored on Ubuntu One's servers and that is used to encrypt everything before it's transmitted to S3.

David Ayers (ayers) wrote :

For most files I store on ubuntu one, file sharing and web access are irrelevant.

I would like that directories could be marked as encrypted and have the contents of those directories encrypted on the client. Those directories could not be shared of course.

The key exchange to the registered hosts should ideally be done via something akin to a PGP-encrypted channel that ensures that the keys are never decrypted in the Ubuntu One infrastructure. In fact I might be better to use the infrastructure to merely establish a connection between key-ring applications that then negotiate exchanging private keys generated for these directories via a channel that is itself encrypted (either via PGP and existing keys or TLS).

For the web access I could only imagine browser plugins that allow client side de/encryption via the key ring management.

Rodney Dawes (dobey) on 2011-06-23
Changed in ubuntuone-client:
milestone: later → none
Tim Kuijsten (kuijsten) wrote :

I think the idea of not having to trust the cloud by doing client-side encryption is essential. It would be awesome if this is integrated into Ubuntu One, a must-have for every cloud in my opinion.

I really like how Mozilla is doing this with Firefox Sync. You don't have to trust Mozilla since even they can not access your data. Also they give you the opportunity to run your own server [1] (would be nice if Ubuntu One Server was open sourced). See a great explanation on the importance of user data from one of the Mozilla devs at http://andreasgal.com/2011/05/02/user-data/

So must-have:
* Complete client side encryption without any possibilities for Canonical (or any intruder in Canonicals or Amazons network) to access your data

Nice-to-have:
* Choose/Run your own Ubuntu One server

[1] http://docs.services.mozilla.com/howtos/run-sync.html

Tim Kuijsten (kuijsten) wrote :

@ptah (brett-h-l):

I totally agree with you, serverside encryption is really not that interesting in this case. I think we should focus on client-side encryption here.

Danillo (danillo) wrote :

The best solution would be to have it on the client, e.g. in the list of folders/files synched a check box for encryption so the user could still be able to access over the Internet whatever files she needs and to encrypt the more important ones. If not on the client, it could be done on Nautilus, like the aforementioned script by manosx.

David Ayers (ayers) wrote :

As an interim solution, I have been using encfs to mount my important directories on to .encrypted sub folders which I then select to be synchronized to Ubuntu One. In general this works rather well. Of course neither "locate" nor what ever indexing service "Dash" uses can find any of these files which makes those tools useless for the important files, but hopefully the real solution that is hopefully (again) being worked on, can solve this issue. (i.e. by placing and retrieving the index data for encrypted file systems on exactly those file systems.)

Unfortunately this seems to have fallen of the radar as I don't see any Ubuntu One related session in the Cloud track:
http://summit.ubuntu.com/uds-q/track/servercloud/
or any encryption related session on the Desktop track:
http://summit.ubuntu.com/uds-q/track/desktop/

Maybe Steve Alexander could give us an update on what has happened so far and what still may need to be done.

papukaija (papukaija) wrote :

@david: This bug is set to triaged which means that no one is working on it.

On Wed, 02 May 2012 09:09:14 -0000
David Ayers <email address hidden> wrote:

> As an interim solution, I have been using encfs to mount my important
> directories on to .encrypted sub folders which I then select to be
> synchronized to Ubuntu One. In general this works rather well. Of
> course neither "locate" nor what ever indexing service "Dash" uses can
> find any of these files which makes those tools useless for the
> important files, but hopefully the real solution that is hopefully
> (again) being worked on, can solve this issue. (i.e. by placing and
> retrieving the index data for encrypted file systems on exactly those
> file systems.)
>
> Unfortunately this seems to have fallen of the radar as I don't see
> any Ubuntu One related session in the Cloud track:
> http://summit.ubuntu.com/uds-q/track/servercloud/ or any encryption
> related session on the Desktop track:
> http://summit.ubuntu.com/uds-q/track/desktop/
>
> Maybe Steve Alexander could give us an update on what has happened so
> far and what still may need to be done.

Well I've been using encfs as well, and I'm quite happy with this
solution.

A pity the idea of somehow integrating this and making it more readily
available to people not able to configure and get the encfs option
working themselves has been shelved though.

Cheers,
Paul.

Danillo (danillo) wrote :

For now, a easy way to fix this would be integrate the client with the CryptFolder indicator: http://www.webupd8.org/2011/06/cryptfolder-indicator-ubuntu.html

Marek Stasiak (marecki) wrote :

This is highly-needed. Also I'm sure it will bring many new customers to U1.

Paul Greindl (paul-greindl) wrote :

Complete encryption a la Firefox Sync would be much appreciated.

Josef Andersson (northar) wrote :

This should be even more relevant in these NSA-times. I for myself will switch to a another provider thats has encryption, and I'll come back to Ubuntu One when this is fixed.

jlord87 (moro-87) wrote :

I have personally fixed this problem by implementing client side encryption through encfs.
I suggest everybody to do the same, syncing online just encrypted documents, and uploading to a non encrypted folder the documents you want to share or you need to access from a web interface.

That's a bit annoying (especially when it comes to decrypt documents from your android phone) but it will make you sleep again :)

Just "My" 2 cents

Paul Waite (paul-waite) wrote :

I use Ubuntu One as cloud, but my local systems use encfs to make sure everything in that cloud is encrypted/decrypted client-side.

This works well, but is 'fiddly' for non-tech users to set up so it would be nice to wrap this up better as a part of Ubuntu One.

Josef Andersson <email address hidden> wrote:
>This should be even more relevant in these NSA-times. I for myself will
>switch to a another provider thats has encryption, and I'll come back
>to
>Ubuntu One when this is fixed.

Cheers,
Paul

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Related questions