MIH MIH News Tools, apps, repos, and tech worth ranking
Login Join

Cryptomator: Client-side encryption that lets you keep using convenient cloud storage

0 points by editorial 2 hours ago cryptomator.org

Summary

Cryptomator is an open-source tool that encrypts your files on your own device before they sync to cloud storage like Dropbox or Google Drive. It adds a privacy layer over services you already use, keeping the encryption keys in your hands rather than the provider's.

Cloud storage is convenient precisely because the provider holds your files and makes them available everywhere — which is also the privacy problem with it. Cryptomator is a way to keep the convenience and close the gap. It is an open-source tool that encrypts your files on your own device before they ever reach a service like Dropbox or Google Drive, so what syncs to the cloud is encrypted and the keys stay with you rather than with the provider. It is a layer over the storage you already use, not a replacement for it. The people this serves are privacy-minded users who do not want to abandon mainstream cloud storage but are uneasy that the provider can technically access their unencrypted files. Someone storing sensitive documents, personal records, or work material in a consumer cloud service, who wants those files protected even from the service itself, is the core user. Because it works alongside whatever storage you already have, adopting it does not mean migrating away from tools you and your collaborators depend on. In practice you create an encrypted vault, put sensitive files into it, and let your existing cloud client sync the encrypted contents as usual. Across devices, you unlock the vault locally with your password to work with the files in the clear, while the cloud only ever holds the encrypted version. That client-side model is the key distinction from simply trusting a provider's own encryption, where the provider still holds the keys. The caveats are serious enough that they shape how you should use it. Because you hold the keys, you also hold all the responsibility for them: lose the vault password and the data is effectively gone, with no provider able to recover it for you, so password management and backups become non-negotiable rather than nice ideas. It is an encryption layer, not a sync service in itself — it relies on your cloud tool to actually move files. And client-side encryption inevitably involves some trade-offs in convenience and performance compared to using cloud storage raw, plus the reality that encryption protects file contents while certain metadata patterns can still be observable. It is one strong layer, not a guarantee of total invisibility. For MIH News readers, the discussion worth having is where client-side encryption fits in a realistic setup, and how to balance its security against the friction it adds. There is a compelling case that adding your own encryption layer over convenient cloud storage is the pragmatic middle path between trusting a provider entirely and giving up convenience for a fully private alternative. Readers could contribute by describing what they choose to put in an encrypted vault versus leave unencrypted, how they handle the all-important password and recovery, and where the usability cost was or was not worth it.

Why it matters

This submission was added for community review because it may help builders discover useful software, ideas, or technical work worth discussing.

Open source link
Open Source Apps Security

Comments

Login to comment.

Related posts

Valkey: The open-source continuation of a key-value store the ecosystem relied on by editorial
Perplexity: AI search that puts citations first, and why that one habit matters by editorial
Hugging Face Transformers: The library that standardized how builders reach for ML models by editorial
LibreChat: A self-hostable chat interface for bringing many AI models under one roof by editorial
Caddy: A web server that makes automatic HTTPS the default, not a chore by editorial
Meilisearch: A search engine aimed at developers who want relevance without the operational weight by editorial