Is there any ways for Cloud Storage Provider or ISP see my encrypted files I upload?

Hi. I just read this and some topics on forum and as I understood "My files are 100 per cent private with rclone crypt"
I just want to be sure so I'm asking is there any ways ISP, Cloud Storage Provider or someone else see or guess what files I upload. Is there any way for them to know what file I upload and see it while monitoring traffic or if Google( Google Drive as example) is forced by a court order to identify what files I upload?

hello and welcome to the forum,

rclone encrypts the files locally before upload
rclone downloads the files locally and then decrypts it.

to know what file
rclone can crypt the folder names and file names, make sure to do that

it is possible to use heuristics to determine the file names of what you upload. rclone doesn't salt filename encryption, therefore if you upload "known" directory structures. As an example, lots of DVDs or BluRays stored as file system has the same directory structure. they can deduce what is a bluray and what is a DVD as they will all have the exact same directory naming/structure. so while they wont know what dvd or bluray it is, they will know, with a high degree of certainty, that it is one.


the question was, could a cloud provider know what encypted files I'm uploading. my answer is yes, they can know to an extent what you are uploading if not the actual contents.

I've brought up the salt issue before. it's never gotten any traction (and would prevent you from ever moving files around outside of rclone, today, one can move files and directories between compatible (same keys) crypt remotes as the same names will always encrypt the same.

I wasn't requesting a new feature here. I was answering his question. yes, its possible for the cloud provider to figure out what type of files you are uploading in specific cases.

1 Like

sorry about that, i got confused who was posting, my fault
monday morning, long weekend, need coffee....

No, they can't, because the files are encrypted.

ok. i have had lots of coffee and now i think i understand about the lack of salt for filenames.
i re-read the docs and read this
"identical files names will have identical uploaded names"

is that what you mean?

Just use on config encrypt filenames.

thanks but i was responding to @spotter comment about no salt for filename encryption and perhaps folder names. do you know about it?

sure, i have used crypted remotes for years, always, crypt filenames and folders.

Yes that is the problem that @spotter is referring to.

It is a design tradeoff. Having file names which map 1:1 like that means rclone can find a file without having to list directories first . There are various ways around that like having a directory salt which rclone has to read (but that is another transaction) or by hashing the directory structure to make the salt (but this means you can't move things around).

In future rclone make have a directory encryption mode which doesn't do this, but we haven't come up with a satisfactory design yet.

Then best way to avoid heuristic attack is to place your files in a archive with password or veracrypt volume.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.