In this article we will describe what threats your data exposed to in classic cloud storage services and describe the way Librevault guards against them.
Threat 1: Compromised User
Remember: You should never consider any computer system to be invulnerable. Your computer is vulnerable too, for example, it can contain malware or hardware Trojan.
Unfortunately, we can’t protect you from this threat. But we can give you advice:
1) Use hardened Operating System. Linux, for example.
2) Use antivirus software. It will not provide you perfect protection, but it will decrease probability of being infected by malware.
3) Always update your software! Do not disable software auto-update, or the attacker will be able to get your data one day.
Threat 2: Compromised network
Man-in-the-Middle attack is an attack, where the attacker secretly relays and possibly alters the communication between you and other Librevault nodes. Such attack can be performed in classic systems, where SSL is being used, but it is very difficult, so it can be performed only by very huge and powerful organization, such as governmental agency.
Such attack is nearly impossible in Librevault, because we use cryptographic systems where you don’t need to trust any third parties, such as Certificate Authorities (CA) and they can not issue forged SSL certificate.
Threat 3: Librevault backdoor
Every computer system is vulnerable. That’s a law of nature. Do you remember iCloud leak in 2014? And what about Dropbox incident, when any file in any account was available without a password?
It is completely impossible in Librevault! Files on the servers are always encrypted client-side, and the encryption key is located on your computer and only you can decrypt your data. And even if the attacker compromises our servers (and that’s unlikely), it will get only a sequence of random bytes.
Also, we are completely honest to you: Librevault client software is completely open-source! You can study its code, review, and improve it (so, it is really a win-win situation for you and us)!
This is a companion discussion topic for the original entry at https://librevault.com/blog/basic-threat-model/