Support local encryption at rest
Support storing Windows (and Mac when the time comes) files downloaded from Drive encrypted on the local disk. Then, support a virtual drive that presents the files as decrypted. Two examples with good user experiences are:
- Boxcryptor, which optionally supports folder and file name obfuscation.
- Cryptomator, which always forces folder and file name obfuscation.
I personally prefer the former, but either one will be helpful.
-
Brick Wall commented
This might be too much of an ask, but an option to unlock a local encrypted container for local data storage at rest like VeraCrypt, until it’s unlocked PD won’t sync. Building on this as additional option, the single file download/sync option [cloud and arrow icon next to every file] would ask for a password for every file that’s downloaded or opened [assuming local download is necessary] so you don’t have ALL the data locally and once synced you can just "remove download” when done working on whatever file[s]. Or have a “Purge All” switch to perform a secure wipe [3/5/7 passes 1’s, 0’s, or random jibberish] on shutdown, logout, app close, and a manual purge button, like duckduckgo has.
Obviously this would be a huge pain ********** so an on/off switch obviously. But still have the option to keep selected folders and files locally and always synced, in an encrypted container.If this isn’t clear please let me know because I don’t think I explained that well at all.
-
Matt commented
I would love this feature (I am a mac user).
I've just moved my obsidian vault in proton drive, I feel more secure that my notes are stored and synced with proton.
But I feel unsure about using the drive app on my work laptop (also a mac), the proton drive directory seems like any other directory on my system. I presume any system administrator could look at the directory if they wanted. I don't really want my personal diary exposed just because I want the convenience of accessing files in my proton drive, or if I want to journal on my work laptop.
If proton drive could unlock a bit like 1password, with a fingerprint prompt, then remain unlocked for X time, that would be a great step in this direction!