Cloud services worth the time - verifiable and functional

rocky-planet

I've just decided I've had enough of Proton. Too many problems, too much work to troubleshoot with Help.
I was about to sign up* with Filen, but then I noticed that they do not have gpg signatures for their clients.

This is all too common in the major cloud services:

Proton Linux client has no gpg signatures
Filen has no gpg signatures
Mega has out-of-date instructions for its signatures, now that apt-key has been deprecated. I can't get it to work.

Why isn't the market - i.e. users - communicating back to these companies that its just not good enough not to have signed and verifiable packages?

End-to-end encryption is really important. But if you can't trust the client - what happens pre- and post- encryption - its useless.

In fact, its worse than useless. You are permitting unvetted software on your system - it has access to EVERYTHING. That's crazy! And if that's you, why are you even bothering with Graphene? (Although, in fairness, its not a corporate surveillance issue probably).

And no, SHAsums are not adequate.

So, what options do GrapheneOS users recommend that:

have verifiable clients (with clear instructions?) - no, no builds please.
support Linux and Android/GrapheneOS (integration with reputable packages e.g. RClone (I think) also okay, as long as making it work is not technically demanding).
functional: a solid cloud based drive that can integrate into both platforms. Calendar, email, etc are superfluous.
credible - looks like a real company that isn't 'doing the dodg'. EU hosting a plus.

Is it the impossible idea?

Actually, I did sign up to Filen (based on positive recommendations here), discovered the gpg problem and then requested a refund. They were brilliant: they acknowledged the issue and refunded me with minutes. Kudos.

Elgoog

rocky-planet https://www.privacyguides.org/en/cloud/ suggests 2 cloud providers aside from Proton: Tresorit and Peergos, though I believe neither is compatible with rclone at present.

I'm just starting to look into cloud storage and backup (for GOS and Linux) and am very interested to hear others' suggestions.

secrec

GPG on email is a function of the client software, not the service provider.
Also, email client software is independent of the service provider.

Sigismund

secrec OP is not talking about PGP encryption for emails. They mentioned signatures for the INSTALLATION package. That's totally different and I can understand why OP may want to ditch a service not allowing one to verify the authenticity of the install package.

ianopolous

Elgoog Peergos (founder here) is compatible with rclone via the webdav bridge.
Webdav command is here: https://github.com/peergos/peergos?tab=readme-ov-file#webdav
One limitation at the moment is the webdav bridge is desktop only, we haven't enabled it on android yet. For rclone compatibility you need one additional arg: -webdav.authorization.scheme basic (rclone doesn't support digest based auth).

SovereignCopper

I guess Koofr might be worth looking at then?

Their open-source end-to-end encryption IS rclone crypt, their Vault Android app specific for E2EE is open source. But AFAIK there is no auto-upload/sync in that app, only in the "normal" Koofr app. Everything else just supports WebDAV, but rclone also has a specific Koofr API included. That said, I think you should be able to use Round Sync on Android for E2EE syncing and on desktop either rclone (or the Kooft Vault web interface on the road or something). Just try with a free account, I suppose.

From what I read about it, speeds can vary quite a bit depending on your location.