Closed cxplay closed 2 months ago
hardcore-sushi
commented
2 months ago DroidFS was created to make desktop encrypted file systems available on Android. Cryptomator already provides an Android app. What's the point to integrate it to DroidFS? Moreover, what are its real benefits over gocryptfs?
Also, some people have already requested securefs support: #4. Why Cryptomator would be a better choice than that?
cxplay
commented
2 months ago DroidFS was created to make desktop encrypted file systems available on Android. Cryptomator already provides an Android app. What's the point to integrate it to DroidFS? Moreover, what are its real benefits over gocryptfs?
Also, some people have already requested securefs support: #4. Why Cryptomator would be a better choice than that?
Yes, Cryptomator already has an Android client, but as I said, it's pretty much at a standstill, and the core functionality hasn't been updated in years. As one of its users, we've been waiting for the Document Provider feature of the Android client for almost eight years.
Cryptomator also supports directory structure obfuscation, file size obfuscation and has a very mature and easy to use first-party desktop GUI client (Windows & macOS & Linux) that is not only compatible with both local and cloud, but also supports team collaboration via the Cryptomator Hub (also open source).
CryFS also supports file size obfuscation, but forcing it to be sliced and diced into 16KiB chunks is too aggressive(100MiB = 6400 blocks), and actually leaves HDD users, as well as users of some cloud providers. e.g., WebDAV's paging feature isn't widely available, and there are limits on the number of files that can be stored in a directory from some cloud provider[^1], Microsoft SharePoint Online limits a library to a maximum of 30 million files, which seems like a lot, but with 3600 blocks/100MiB processing, users will reach the "30 million files" limit after encrypting 814 GB of storage[^2]. It's make user with no control over the compatibility of the final encrypted copy across storage media. In contrast, Cryptomator is better suited to most situations by only adding 4KiB chunks to the original file.
However, you've reminded me that securefs may be closer to Cryptomator, but as far as I know it only has a desktop command line client. In terms of popularity, Cryptomator > gocryptfs > securefs, because Cryptomator's GUI client is more suitable for most people. Also, I'm not sure if gocryptfs is really suitable for purely network filesystems (e.g., reading encrypted libraries directly from WebDAV), because I read in the cppcryptfs manual that.
It (encrypted file system) is strongly recommended that this directory reside on an NTFS filesystem. ^3
So I ended up choosing Cryptomator for desktop and CryFS for mobile, and will switch to Cryptomator as soon as the Android client for Cryptomator is fully functional (But now it seems a long way off). My experience with cppcryptfs on Windows is not very good, and it's still a bit far from Cryptomator.
[^1]: Problem with limits in number of files per folder in WebDAV server - Zotero Forums [^2]: SharePoint limits - Service Descriptions - Items in lists and libraries | Microsoft Learn
hardcore-sushi
commented
2 months ago If you really want to use cryptomator, it's probably less work to add the features you want to their official app than integrate it into DroidFS.
Gocryptfs and CryFS both have very great desktop GUI such as KDE plasma vaults, Vaults, or SiriKali (also supports securefs).
CryFS also supports file size obfuscation, but forcing it to be sliced and diced into 16KiB chunks is too aggressive
That's false, CryFS block size can be configured by the user at runtime, and there's already a feature request to bring support for this option in DroidFS: https://forge.chapril.org/hardcoresushi/DroidFS/issues/14
Also, I'm not sure if gocryptfs is really suitable for purely network filesystems (e.g., reading encrypted libraries directly from WebDAV), because I read in the cppcryptfs manual that.
cppcryptfs is not the official gocryptfs. I used gocryptfs on many filesystems and it always worked perfectly fine (sshfs, webdav, nfs, ext4, f2fs...)
My experience with cppcryptfs on Windows is not very good, and it's still a bit far from Cryptomator.
If you're using privacy tools on Windows in order to protect your privacy, then you've probably misunderstood what Windows is.
That said, if you still want to see DroidFS adding support for cryptomator, just fund the development. I'd be very happy to be able to pay my rent by working on it.
cxplay
commented
2 months ago Thank you for your answer. I think I'll have to switch to Linux to protect my privacy.
hardcore-sushi
commented
2 months ago Yes, that's preferable. Feel free to ask me for help if you need it: https://arkensys.dedyn.io/consulting.html
Cryptomator is a very mature file system encryption program similar to CryFS, and it's open source (Java also).
I noticed they've been refactoring the Android client since 2017, but it's still not finished and the functionality is way behind DroidFS.
I really like the fact that DroidFS is able to make the vault accessible to other apps via SAF, which greatly enhances the utility.