It’s practically impossible to avoid uploading files to the cloud these days: even if you avoid cloud sync tools like OneDrive, you’re eventually going to need to share something with someone. Here are some tips to reduce the risk of that data being used for unintended purposes.

Why You Need To Secure Your Cloud Uploads

“The cloud” has become a catch-all term for any online storage—and it’s never been as secure as we’d like to believe.

Online sync tools like OneDrive, Dropbox, and iCloud store your files in far-away data centers and can revoke access at any time. Cloud email hosts store your emails and attachments on servers that are outside your control. Social media platforms change their privacy settings at the drop of a hat, exposing information that was once private. Online file sharing, image hosting, and other services are routinely breached, leaking raw data that can be used to identify you.

Once you’ve uploaded data into the cloud, it’s potentially there forever, even if it looks like you’ve deleted it. It could exist in old backups that haven’t yet been purged by the provider, or simply marked as deleted, but retained for continued use per some buried clause in the company’s privacy policy.

Given the modern necessity to share files and information online, your only real option is to take measures to secure it and reduce the risk it poses if it is leaked.

Use Cloud Storage With Built-In End-To-End Encryption

If you’re using cloud synchronization tools to store files, choose ones with end-to-end encryption. This means that the files are encrypted and decrypted on your devices, using a password that isn’t stored in the cloud, meaning the service provider can’t read it.

The most popular end-to-end encrypted file synchronization tool is Apple’s iCloud, but it’s limited to Apple devices. Proton and NordLocker provide cross-platform solutions that work on most devices. If you rely on cloud storage to store important files, you should make sure you keep your own local copies as well, just in case you lose access, or someone compromises your account and deletes them.

Proton Drive Review: It Could Be So Much More

A secure cloud storage service that misses the mark.

Secure Your Credentials in a Password Database

In addition to helping you remember all the unique, strong passwords you’re using for each website and app (…right?), password managers encrypt all the info they store, so that their database files can be safely synced using cloud tools.

Bitwarden

The best free password manager is also one of the best password managers out there with its minimalist and straightforward interface. It’s also open-source, and even the premium version is a bargain at only $10 per year.

If your password manager database leaks, its contents cannot be read without the encryption key, giving you a head start on changing your passwords and locking everything down. Many password-management apps will also automatically clear your clipboard after you’ve copied and pasted a password from them, preventing the dreaded “pasted my password into chat instead of linking to a cat GIF” situation that has no doubt led to a few compromised online accounts.

Encrypt the Files You Share

If you’re using a cloud file-sharing service to send a file that’s too large for email, compress it into an encrypted ZIP archive, and share the password with the recipient so only they can read it.

This prevents snooping by the sharing services themselves, or by anyone who manages to breach it or gets hold of the download link for the file. This is particularly useful if sharing travel or business documents that contain sensitive information.

Protect Your Cloud-Hosted Backups

If you must use online storage that isn’t end-to-end encrypted to store backups (hey, it’s usually free!), consider storing any sensitive files in an encrypted VeraCrypt container.

You can safely store these containers online, and mount them when you need to add files to them, or recover data. Just remember, if you lose your encryption key, anything you’ve secured with it will be forever unreadable.

Redact and Watermark

Remove EXIF data from photos before sharing them, so that they cannot be used to determine your location. You can also redact data to reduce the harm in a file leaking, or track where the leak came from: for example, if sharing bank statements for a rent application, make sure your account numbers are blacked out.

You can also watermark documents by partially covering any photos, so that they are harder to use to impersonate you.

Cloud file sync and sharing services are super convenient, but like any convenience, it comes at a cost. If you’re concerned about privacy, or just don’t want to hand your info over to big tech, you can still avoid a lot of cloud platforms by hosting your own services and using peer-to-peer sharing services.

Syncthing can replace cloud file sync tools, syncing your files directly between your Windows, MacOS, and Linux devices without relying on an intermediary. NextCloud can be installed on a home server to build your own file sync service that you fully control, and you can also use Docker to host a variety of apps like online office suites and file transfer tools, all while retaining complete control of them.

All of this can be remotely accessed using an easy-to-configure VPN like TailScale. If you need some hardware to host all of this on and don’t have a spare PC around to start your homelab, you should consider picking up a NAS. If this all sounds like a bit of a project—it is, and it’s super rewarding when you get it all up and running.