As a (previous) customer of Proton from many years and a user of their drive product, you should be aware that earlier this year the drive API endpoints began to block their own VPN egress quite often for rate limiting. They also block many cloud provider’s egress. They also don’t officially support rclone, and their changing API spec often breaks the compatibility.
I saw the writing on the wall and migrated rapidly earlier this year ahead of crypto product launches ahead of the email fiasco. It was hard to get data back out, even then.
Proton still stands for privacy. But the dark patterns for lock-in I can do without.
Hetzner Storage boxes with rclone and the “crypt” option are a drop-in replacement, at ~$40 for 20TB. That’s where I went instead.
I wish Hetzner made storage boxes available in their US regions.
How can someone not familiar with the technical details use the alternative you suggest? Is there software (even if paid) that can sync to it?
A non technical person would probably Google “Hetzner Storage Box”, click the first link, and read the page that answers all of those questions.
There is many free software suites that Hetzner Storage box supports, up to and including official support for rclone (the free tool used in the post we’re replying to).
How would you handle end to end encryption?
Is it possible to "just sync some files" to Proton Drive in user space without root access? As a paying Proton Mail customer I am annoyed about situation with Proton Drive and non-existing official support for Linux. On the other hand, they will probably drop some kind of electron wrapper of few hundred megabytes, and that won't be useful either. What about alternatives? Should I just use Filen instead?
Surely there's better technological solutions for encrypting block data in the cloud with lower risks of service ensh*tification?
I work on a project Blobcache, a content addressed store for exposing and consuming storage over the network. It supports full end to end encryption, and offers a minimal API to prevent applications from leaking data.
https://github.com/blobcache/blobcache/blob/master/doc/0.2_W...
You can persist arbitrary hash-linked data structures in Blobcache volumes. One such data structure is the Git-Like Filesystem, which supports the usual files and trees.
https://github.com/blobcache/blobcache/blob/master/doc/8.5_G...
luks on an iscsi drive
Joking of course, but I am playing around with a similar setup, I should try it over the actual internet and see how much it sucks.
Now I am arguing with myself if you would want to run it over an encrypted tunnel. Theoretically no, but drive encryption is not really designed to protect data in transit who knows what sidechannel data would leak, so maybe... and the tunnel probably has better authentication than iscsi
The state of things isn't great IMHO. Im not sure I trust any of EncFS, CryFS, and gocryptfs.
Many leak metadata and/or have serious security concerns.
Can you detail the current metadata and security problems with CryFS? Do they also extend/apply to securefs?
Metadata leakage is a fundamental issue when you go from block to object. I can think of some schemes that would help but they’re all kinda nasty lol
Of course, and I didnt intend to downplay the efforts of those projects. Just pointing out that they don't meet the requirements of most threat models.
Support for proton drive on rclone is still on beta [1], Proton, AFAIK, doesn't provide documented official APIs for accessing their Drive. Much of the work on the rclone plugin was made via reverse engineering and reading Proton's open source projects code
They are working on an SDK, which they will use for their own Linux client: https://proton.me/blog/proton-drive-sdk-preview
My rclone for proton stopped working this week and I just cannot get it working. It's looking likely the support will be dropped as the dev is no longer working on it and it's not finished.
Hopefully proton will hurry up with their SDK. Through the rclone GUI I can access and mount the folders and files but I cannot get any auto rclone commands to actually transfer any files.
Neat. I did just buy one of their packages so this will be useful