As a (previous) customer of Proton from many years and a user of their drive product, you should be aware that earlier this year the drive API endpoints began to block their own VPN egress quite often for rate limiting. They also block many cloud provider’s egress. They also don’t officially support rclone, and their changing API spec often breaks the compatibility.
I saw the writing on the wall and migrated rapidly earlier this year ahead of crypto product launches ahead of the email fiasco. It was hard to get data back out, even then.
Proton still stands for privacy. But the dark patterns for lock-in I can do without.
Hetzner Storage boxes with rclone and the “crypt” option are a drop-in replacement, at ~$40 for 20TB. That’s where I went instead.
I wonder if it would ever be possible to reach that value-per-dollar in the current economy.
Hetzner works because it was built a long time ago when talent was cheap, which it was because the property Ponzi wasn't at the stage where an average post-tax middle-class salary barely covers rent. Since then they've managed to stay afloat because it's only maintenance and small incremental changes from that point on.
Building such a new operation (and offering competitive prices) from scratch today would be impossible based on labor costs alone. This is presumably the same reason they don't offer their very-good-value dedicated servers in the US either, only "cloud" VPSes which are orders of magnitude more expensive.
I think the situation may not reflect cost of hands and housing. But the sunk cost of Hetzner to be in Germany, compared with the break-ground cost to construct their existing model in the rest of the world: I think that part is true. Selling off services in German hosted racks is at this point, massive profit on low price because the sunk cost has already been covered. They are sweating an asset into people like us, who want cheap disk but not the 100% reliable coverage of a contract which gives us replication, offsite, 3-2-1 class services. If they took that into the US the sunk cost component would not be covered, their sell price would be significantly less profitable.
The cost of hands and housing for hands, yea thats marginal in this.
A non technical person would probably Google “Hetzner Storage Box”, click the first link, and read the page that answers all of those questions.
There is many free software suites that Hetzner Storage box supports, up to and including official support for rclone (the free tool used in the post we’re replying to).
Support for proton drive on rclone is still on beta [1], Proton, AFAIK, doesn't provide documented official APIs for accessing their Drive. Much of the work on the rclone plugin was made via reverse engineering and reading Proton's open source projects code
My rclone for proton stopped working this week and I just cannot get it working. It's looking likely the support will be dropped as the dev is no longer working on it and it's not finished.
Hopefully proton will hurry up with their SDK. Through the rclone GUI I can access and mount the folders and files but I cannot get any auto rclone commands to actually transfer any files.
I work on a project Blobcache, a content addressed store for exposing and consuming storage over the network.
It supports full end to end encryption, and offers a minimal API to prevent applications from leaking data.
You can persist arbitrary hash-linked data structures in Blobcache volumes.
One such data structure is the Git-Like Filesystem, which supports the usual files and trees.
My suggestion, if you can, would be to host the data on your own hardware. The Internet was initially conceived with this kind of decentralization in mind -- most people/organizations hosting their own websites/email/files/etc. And this is what we must go back to if we want to retake control from "cloud" providers.
Technically, this could be as simple as a Samba server behind Wireguard, but you could also, or in addition, look into other projects like Nextcloud especially if you are interested in sharing files with people.
You might be interested in Peergos [0][1] which is E2EE, fully open source (including the server), and self hostable. We've been audited by Cure53 and Radically Open Security.
Of course, and I didnt intend to downplay the efforts of those projects. Just pointing out that they don't meet the requirements of most threat models.
Proton’s product changes over the last couple years are the exact opposite of that. I think they’re the only credible game in town for an email/drive service in the cloud that doesn’t have AI data mining risks.
Joking of course, but I am playing around with a similar setup, I should try it over the actual internet and see how much it sucks.
Now I am arguing with myself if you would want to run it over an encrypted tunnel. Theoretically no, but drive encryption is not really designed to protect data in transit who knows what sidechannel data would leak, so maybe... and the tunnel probably has better authentication than iscsi
Why do you need cloud, if you don’t need public sharing?
You can connect to a 2-bay NAS with 20 TB of storage at home with a VPN. Fast, private, secure, practically unlimited storage, under your control. That much storage will be very expensive in the cloud. Proton is like 120$/year for 500GB.
You can also run unlimited applications for free on the same nas: photo management, streaming with apps like plex etc. Each of those apps is an additional cost in the cloud.
I keep a home server for exactly that reason but I still use cloud for some things to have an off site copy as well. There are some things I don't want to risk losing over burst pipes, a fire, burglary, power surges, etc.
Sure, but you don’t need to pay a premium for end to end encryption like with proton.
You would encrypt (all or part of) your NAS client side with your software of choice (I use restic) and ship it anywhere off site: could be cheapest cloud, or another location you have access to.
Is it possible to "just sync some files" to Proton Drive in user space without root access? As a paying Proton Mail customer I am annoyed about situation with Proton Drive and non-existing official support for Linux. On the other hand, they will probably drop some kind of electron wrapper of few hundred megabytes, and that won't be useful either.
What about alternatives? Should I just use Filen instead?
You might be interested in Peergos [0][1] (creator here) which has official Linux apps, is E2EE, fully open source (including the server), and self-hostable. It's also recommended by privacy guides: https://www.privacyguides.org/en/cloud/#peergos
As a (previous) customer of Proton from many years and a user of their drive product, you should be aware that earlier this year the drive API endpoints began to block their own VPN egress quite often for rate limiting. They also block many cloud provider’s egress. They also don’t officially support rclone, and their changing API spec often breaks the compatibility.
I saw the writing on the wall and migrated rapidly earlier this year ahead of crypto product launches ahead of the email fiasco. It was hard to get data back out, even then.
Proton still stands for privacy. But the dark patterns for lock-in I can do without.
Hetzner Storage boxes with rclone and the “crypt” option are a drop-in replacement, at ~$40 for 20TB. That’s where I went instead.
I wish Hetzner made storage boxes available in their US regions.
I wonder if it would ever be possible to reach that value-per-dollar in the current economy.
Hetzner works because it was built a long time ago when talent was cheap, which it was because the property Ponzi wasn't at the stage where an average post-tax middle-class salary barely covers rent. Since then they've managed to stay afloat because it's only maintenance and small incremental changes from that point on.
Building such a new operation (and offering competitive prices) from scratch today would be impossible based on labor costs alone. This is presumably the same reason they don't offer their very-good-value dedicated servers in the US either, only "cloud" VPSes which are orders of magnitude more expensive.
What you describe does not reflect the situation where Hetzner is located.
I think the situation may not reflect cost of hands and housing. But the sunk cost of Hetzner to be in Germany, compared with the break-ground cost to construct their existing model in the rest of the world: I think that part is true. Selling off services in German hosted racks is at this point, massive profit on low price because the sunk cost has already been covered. They are sweating an asset into people like us, who want cheap disk but not the 100% reliable coverage of a contract which gives us replication, offsite, 3-2-1 class services. If they took that into the US the sunk cost component would not be covered, their sell price would be significantly less profitable.
The cost of hands and housing for hands, yea thats marginal in this.
As a current (avid) user of Proton VPN and Drive, I have never seen issues with interactions between proton drive and their vpn.
How can someone not familiar with the technical details use the alternative you suggest? Is there software (even if paid) that can sync to it?
A non technical person would probably Google “Hetzner Storage Box”, click the first link, and read the page that answers all of those questions.
There is many free software suites that Hetzner Storage box supports, up to and including official support for rclone (the free tool used in the post we’re replying to).
https://docs.hetzner.com/storage/storage-box
How would you handle end to end encryption?
Probably using rclone (the free tool used in the post we’re replying to).
Support for proton drive on rclone is still on beta [1], Proton, AFAIK, doesn't provide documented official APIs for accessing their Drive. Much of the work on the rclone plugin was made via reverse engineering and reading Proton's open source projects code
[1]: https://rclone.org/protondrive/
They are working on an SDK, which they will use for their own Linux client: https://proton.me/blog/proton-drive-sdk-preview
Good to know! Last time I checked on this was last year, so they took a long time to announce anything
My rclone for proton stopped working this week and I just cannot get it working. It's looking likely the support will be dropped as the dev is no longer working on it and it's not finished.
Hopefully proton will hurry up with their SDK. Through the rclone GUI I can access and mount the folders and files but I cannot get any auto rclone commands to actually transfer any files.
Surely there's better technological solutions for encrypting block data in the cloud with lower risks of service ensh*tification?
I work on a project Blobcache, a content addressed store for exposing and consuming storage over the network. It supports full end to end encryption, and offers a minimal API to prevent applications from leaking data.
https://github.com/blobcache/blobcache/blob/master/doc/0.2_W...
You can persist arbitrary hash-linked data structures in Blobcache volumes. One such data structure is the Git-Like Filesystem, which supports the usual files and trees.
https://github.com/blobcache/blobcache/blob/master/doc/8.5_G...
My suggestion, if you can, would be to host the data on your own hardware. The Internet was initially conceived with this kind of decentralization in mind -- most people/organizations hosting their own websites/email/files/etc. And this is what we must go back to if we want to retake control from "cloud" providers.
Technically, this could be as simple as a Samba server behind Wireguard, but you could also, or in addition, look into other projects like Nextcloud especially if you are interested in sharing files with people.
You might be interested in Peergos [0][1] which is E2EE, fully open source (including the server), and self hostable. We've been audited by Cure53 and Radically Open Security.
[0] https://peergos.org
[1] https://github.com/peergos/peergos
The state of things isn't great IMHO. Im not sure I trust any of EncFS, CryFS, and gocryptfs.
Many leak metadata and/or have serious security concerns.
Metadata leakage is a fundamental issue when you go from block to object. I can think of some schemes that would help but they’re all kinda nasty lol
Of course, and I didnt intend to downplay the efforts of those projects. Just pointing out that they don't meet the requirements of most threat models.
Can you detail the current metadata and security problems with CryFS? Do they also extend/apply to securefs?
Proton’s product changes over the last couple years are the exact opposite of that. I think they’re the only credible game in town for an email/drive service in the cloud that doesn’t have AI data mining risks.
luks on an iscsi drive
Joking of course, but I am playing around with a similar setup, I should try it over the actual internet and see how much it sucks.
Now I am arguing with myself if you would want to run it over an encrypted tunnel. Theoretically no, but drive encryption is not really designed to protect data in transit who knows what sidechannel data would leak, so maybe... and the tunnel probably has better authentication than iscsi
Why do you need cloud, if you don’t need public sharing?
You can connect to a 2-bay NAS with 20 TB of storage at home with a VPN. Fast, private, secure, practically unlimited storage, under your control. That much storage will be very expensive in the cloud. Proton is like 120$/year for 500GB.
You can also run unlimited applications for free on the same nas: photo management, streaming with apps like plex etc. Each of those apps is an additional cost in the cloud.
I keep a home server for exactly that reason but I still use cloud for some things to have an off site copy as well. There are some things I don't want to risk losing over burst pipes, a fire, burglary, power surges, etc.
Because of 3-2-1 Backup Rule, it's great to have a cloud backup for things that you don't want to lose.
It's also great if you move frequently, or travel a lot.
Sure, but you don’t need to pay a premium for end to end encryption like with proton.
You would encrypt (all or part of) your NAS client side with your software of choice (I use restic) and ship it anywhere off site: could be cheapest cloud, or another location you have access to.
True, I use proton for their mail and VPN, but use hetzner for bulk backups
Because your house might be destroyed with the drives?
Is it possible to "just sync some files" to Proton Drive in user space without root access? As a paying Proton Mail customer I am annoyed about situation with Proton Drive and non-existing official support for Linux. On the other hand, they will probably drop some kind of electron wrapper of few hundred megabytes, and that won't be useful either. What about alternatives? Should I just use Filen instead?
You might be interested in Peergos [0][1] (creator here) which has official Linux apps, is E2EE, fully open source (including the server), and self-hostable. It's also recommended by privacy guides: https://www.privacyguides.org/en/cloud/#peergos
[0] https://peergos.org
[1] https://github.com/peergos/peergos
Neat. I did just buy one of their packages so this will be useful
The project appears to be AI-generated to my eyes