I've used countless encryption "schemes" over the years, from True/Vera-Crypt to encrypted sparse bundles/images, and none have ever really felt right.
These days i tend to use Cryptomator[0] instead. It accomplishes what none of the others could do, which is transparent encryption across devices.
With Cryptomator, i simply create a vault somewhere in the cloud, stuff data in it, and i can access it from my laptop, phone or tablet, and not think much about it. It integrates into the normal file browsing APIs, and doesn't get in the way.
Because it does "per file" encryption, it also doesn't need to download a 20-100MB chunk from the cloud before decrypting, so it's rather fast (depending on file size of course).
Cryptomator is also open source[1], and free on the desktop, though the mobile apps costs a one time fee.
I used to use similar per-file cloud solutions, but SyncThing has been better in every way, especially if you already have a server you want to sync to or can use as an encrypted endpoint.
A few years ago I was in a Arma3 Milsim group that hosted their own server.
Back then there was no automated way to sync plugins so we installed syncthing and told all users to install it too.
We put like 50gigabytes worth of addons on syncthing and the users were so much happier because since 50+ people were using this syncthing connection, everyone could download with full speed from the others as in contrast to the 100mbit/sec bandwith of the HTTP server we formerly used.
And nobody had to care about checking versions anymore, the syncthing folder was directly synced into the Arma3 plugin directory
That is not a bad model if you completely trust the server owners. I feel there are more secure ways, but I suspect if a Arma3 server wanted to infect a machine with a bad mod they could. so the threat vectors are the same really.
I’ve used syncthing sporadically over the years, but it has had very bad iOS support whenever I’ve tried it.
Mobeus exists, but doesn’t integrate into the files app, and uses a lot of battery.
I also used Resilio Sync for years, but it appears to have more or less died out.
So when it came to finding a replacement I settled on using cloud native for synchronization, and simply put encryption on top, and for that, Cryptomator is great.
I've not used it myself, but there's also CryFS [1]. It's file-level like EncFS or eCryptFS, but uses fixed-size and padded cypherfiles to avoid leaking details about your file structure. I'm not sure about Cryptomator, but with EncFS it would be relatively easy to infer that someone has, say, the Tor browser stored in it, by the size and shape of the encrypted files
I'm a fan of gocryptfs [1]/cppcryptfs (Windows implementation) [2], they also have a fairly unbiased comparison [3] with other solutions, including CryFS.
I have used rclone with crypt in the past, and it works well, but doesn't easily lend itself to being used from mobile devices, which is what led me to Cryptomator in the first place.
I don't want to rely on having a server running at home, which i can then connect to via VPN, in order to download encrypted stuff from the cloud. With Cryptomator i can simply download from the cloud and decrypt locally.
> I have used rclone with crypt in the past, and it works well, but doesn't easily lend itself to being used from mobile devices, which is what led me to Cryptomator in the first place.
Round-Sync for Android [0] is an app wrapper for rclone. I use that to upload my photos via plain SSH.
RCX on android[0] gives a reasonable experience for pecking at files (Also handles media streaming reasonably well and supports the Crypt remote mentioned in the parent)
Gocryptfs is another alternative in the same vein. I've switched to it from Cryptomator as it has better Android support and is more ergonomic on the command line.
What I haven't found a solution for, is being able to synchronise and open a gocryptfs with cloud sync on Android. Dropbox/Drive/pCloud folders aren't directly accessible or mounted in Android. One work-around could be to export a zip of the folder from Dropbox/whatever, then extract and open that, but that's one-way.
Yep I use Cryptomator for when I want to sync a bunch of small individual files, and Veracrypt for big local archives. I forget whether I have cryptomator hooked up to Dropbox or google drive, but I’ve never had an issue with it.
These days i tend to use Cryptomator[0] instead. It accomplishes what none of the others could do, which is transparent encryption across devices.
With Cryptomator, i simply create a vault somewhere in the cloud, stuff data in it, and i can access it from my laptop, phone or tablet, and not think much about it. It integrates into the normal file browsing APIs, and doesn't get in the way.
Because it does "per file" encryption, it also doesn't need to download a 20-100MB chunk from the cloud before decrypting, so it's rather fast (depending on file size of course).
Cryptomator is also open source[1], and free on the desktop, though the mobile apps costs a one time fee.
[0]: https://cryptomator.org/
[1]: https://github.com/cryptomator