Privacy for Everyone: Cryptomator Brings Open-Source, Client-Side Encryption to the Cloud Storage Realm

TL; DR: Skymatic’s Cryptomator empowers cloud storage users to protect themselves against unauthorized access through free, transparent, client-side encryption. In addition to its open-source platform, the company offers a range of support plans including white-label enterprise solutions. With new releases like Cryptomator Server, Skymatic is providing users the control they need to leverage cloud environments with confidence. //

George Orwell issued a warning in “Nineteen Eighty-Four” that Edward Snowden confirmed in 2013: Big Brother is watching. And the internet is making it that much easier. From the tablets in our hands to the smartwatches on our wrists, those looking to tap into our vulnerabilities have more opportunities than ever to do so via the cloud.

That doesn’t mean you should start living off the grid. Today, open-source encryption platforms like Cryptomator allow users to store even the most sensitive data securely. “The main goal of Cryptomator has always been to enable privacy on a technical basis because laws are not fast enough to cover all the emerging security risks,” said Christian Schmickler, Managing Partner at Skymatic.

Cryptomator is the brainchild of Skymatic, a German encryption and IT security solutions company founded by Christian along with Tobias Hagemann, Markus Kreusch, and Sebastian Stenzel. Christian credits Sebastian, who has extensive expertise in cryptography, for the overall architecture of Cryptomator as well as the development of the desktop client.

“He had the idea about four and a half years ago,” Christian said of Sebastian. “He observed the increase in free cloud storage through providers like Dropbox, Google Drive, and iCloud, which he thought was great, except for the fact that they did not provide sufficient privacy for users’ personal data.”

Sebastian wanted the best of both worlds — flexible, free cloud storage coupled with privacy and security. That’s when he came up with the idea to build a client-side encryption service. Today, Cryptomator empowers users to protect their documents from unauthorized access through transparent, client-side encryption for the cloud.

The company offers a range of support plans, customizable white-label solutions for enterprises, and digital self-defense education. Now, with a new Cryptomator Server that protects against ransomware, viruses, data theft, and other online risks, the company is providing businesses maximum control over sensitive data.

The team behind Cryptomator chose to create an open-source solution based on the realization that trust is paramount when it comes to security solutions. Cryptomator is free and licensed under GPLv3, which provides end users the right to run, share, and even modify the software.

“This allows anyone to check our source code, prevents us from introducing backdoors for third parties, and makes it impossible for us to hide vulnerabilities,” Christian said. It also means that vendor lock-ins are impossible. Even if Skymatic stops development on Cryptomator (which it does not plan to do), the source code is publicly accessible and cloned by hundreds of developers.

Cryptomator works by creating “vaults” of encrypted data for secure storage within cloud folders. The company leverages transparent encryption, a technique that allows users to access their files locally by unlocking a virtual hard drive (much in the same way you would use a USB device). And there’s no need to waste time typing in a password because you can unlock the files with just a fingerprint.

Christian told us Cryptomator is available for all major operating systems and accessible from all devices. “Our initial version was created for Windows, Mac, and Linux,” he said. “When Tobias Hagemann, also a Co-Founder, joined the team, he developed the iOS app for the iPhone and iPad.”

To stay true to its mission to provide privacy for everyone, Christian said Skymatic aims to make the platform as easy to use as possible. “Simplicity is key for everyone to be able to use it,” he said.

Though Cryptomator is available for free or through an optional donation, Skymatic also provides white-label enterprise solutions suitable for the business realm. The group’s first foray into this area involved United Internet, a global service provider located in Germany.

“They asked us to white label Cryptomator for three of their cloud storage brands by licensing out the software core,” Christian said. “From there, we began to provide two models so the end user can have the open-source application and businesses can license the technology.”

Skymatic’s crypto libraries are dual-licensed through the GNU Affero General Public License (AGPL) for free and open-source software (FOSS) projects as well as a commercial license derived from the GNU Lesser General Public License for independent software vendors. Applications not licensed under the AGPL may gain access to the libraries for a custom fee.

“We often get asked whether it’s too easy for people to steal open-source software, and honestly, it probably is,” Christian said, adding that it’s a risk the company is willing to take to maintain trust and to accept contributions by an engaged community.

When it comes to support, Skymatic offers three plans. There’s free access to the Cryptomator Community, a public forum featuring a knowledge base, manuals, and a blog. For 6 euros per month, the Pro plan offers email support during business hours with a typical response time of four hours. At the highest level of customer care, the Enterprise plan provides email and phone support with a response time of two hours and includes input into the Cryptomator roadmap.

While the open-source version of Cryptomator comes optimized for consumers who use cloud storage, Skymatic’s new Cryptomator Server is an ideal solution for businesses looking to increase security on their corporate cloud and network drives.

Cryptomator Server secures workspaces by adding anti-malware filters, file encryption, and file versioning, among other features. “We are in the beta phase right now, so we’re implementing one feature after another,” Christian said. “But at the end of the day, this software encrypts every file that goes into it before it gets backed up to any type of cloud storage,” Christian said.

Delivered as a Docker container, the software is easy to install and includes user access management, audit logs, and self-learning security mechanisms for control over company data, thus helping organizations achieve GDPR compliance.

The software makes it easy to set up workspaces — comparable to Cryptomator vaults — in just a few clicks. Each department can store its relevant files in separate workspaces with access rights appointed for authorized employees and external partners. Authorized individuals can easily access workspaces assigned to them by mounting a network drive, through a browser, or the Cryptomator app.

Cryptomator automatically scans all files stored in the server for ransomware and viruses. “Even if a single endpoint — one computer or one iPhone — is exposed, the server will protect it,” Christian said.

The user-friendly dashboard provides companies with a clear overview highlighting unusual activity and potential threats. “We’ve built algorithms that recognize suspicious access patterns because employees do steal data from inside companies,” Christian said. “So if someone tries to download 2GB of data, which he usually does not do, access will be locked.”

While the majority of Skymatic’s focus has been directed toward Cryptomator Server recently, Christian said the company is continually updating the open-source product based on customer need. At the same time, he said it’s becoming increasingly important to provide digital self-defense education.

“We always try to educate people not to voluntarily give their data to huge corporations,” he said. “Privacy must exist; people must be able to act freely without feeling like they’re being watched or controlled.”

This is what Cryptomator provides in terms of cloud storage, but the company also recommends open-source products that fulfill privacy requirements in other ways. “If you use an instant messenger, for example, we would recommend Signal because, like Cryptomator, it’s a free, open-source product that is encrypted end-to-end,” he said.

Overall, it’s a selfless mission. Whether Cryptomator users are storing files on the cloud or texting with a friend, the company just wants to help them protect themselves in an online environment where surveillance is all too common.