Encrypt Your Google Drive Files And Hide Them From Google

It seems, this year, people are more interested in protecting their privacy. With the moves made by Apple (Hilliard, 2021), privacy is being discussed in the news with more regularity. Unfortunately, the moves Apple has made does not make it easier for everyone to protect their privacy — unless you use their platform. Although Apple is pushing for privacy protections on their platform, that leaves many others unprotected (Cohen, 2020). This is because Apple does not provide most of their services on other platforms. Yes, there’s Apple Music and Apple TV; however, there is more Apple could do. Providing these privacy focused apps and services on other platforms would go a long way.

In this article I will be talking about the protection of your personal files, with a focus on Google Drive. Yes, there’s OneDrive, and these same protections can be done there. However, Google Drive is what I see more often from others. This is anecdotal; however, I would be willing to bet that because most people use Gmail (Elias, 2019), they are more than likely also use Google Drive.

It is not entirely clear what all Google does with your data in Google Drive. I have read online that the only thing they do is scan the files for malicious signatures. However, I am not certain what happens with files at rest, so I cannot reference anything for you.

Can You Use Google Drive Privately?

Yes… but you lose out on the niceties of Google Drive. However, for your more personal documents, this is acceptable. For example, I do not care if Google scans documents for class or something I am going to post online anyways — these articles. I do care if they scan my tax documents. Not to mention, if anything were to happen with my account. SolarWinds is an example of that, although Google said they were not impacted (Tung, 2021). This should remind people that these cloud providers are not full proof. They can be attacked by external hackers, or malicious insiders.

Virtual Disks

Virtual disks allow you to mimic physical disks; however, these are specially formatted files. These files can be accessed by software that understand the encoding to create partitions, format with a file system, and store/access/modify files. Applications running on these virtual disks, they would not notice a difference. If you have an application that you would like to run from a network drive, but the application does not allow you to install or run from a network location, you can use this technology. You would create the virtual disk file, store it on a network drive, and mount it as if it were a physical disk in your system.

What About Privacy

Because we can create virtual disks, we can encrypt the files and partitions on the disk, just like physical disks. On Linux systems, I can store files in Google Drive that have a full file system encrypted with LUKS. On Windows, I can use BitLocker. When the cloud provider gets the file, they are unable to read the contents, even if they are reading these virtual disk images.

Why Use Encrypted Virtual Disks

You may be wondering why you would use these encrypted virtual disks when you can probably just store your files in an encrypted archive file like ZIP/7zip. Well, you would have to continue to decompress/compress any changes you make. With virtual disks, you have the convince of accessing the files as if they are on a USB drive. Since the encryption key is in memory on your system, it will always look to be encrypted at rest to your cloud provider.

Technical (Linux)

Unfortunate there is no Google Backup and Sync client for Linux. There are some paid solutions out there; however, I have not tried these. The GNOME built-in support for Google Drive does not allow you to store or access disk images. These same steps can be done on Linux… you will just need to pick from the dozens of tools out there and trust them with access to your files.

Technical (Windows)

This same functionality can be done on Windows too. Windows gives you the ability to create virtual disks and encrypt them. We will be using Windows 10 to perform these steps. I’m going to assume you already have Google Backup and Sync installed… even though I much prefer the OneDrive desktop client over Google’s. The placeholder functionality is still missing from Google’s client.

You need to open Disk Management on your system, you can access that by right-clicking on your Start Menu

Click on the Action menu item and click Create VHD.

Save the disk in your Google Drive folder.

Initialize your new disk

You should use GPT. Once that’s done, you can now format the disk.

Once your disk has been formatted, you should head back to This PC. There you should see your new disk. Right now, if you store data on this disk it’s not very likely Google has put in the work to read files off it. Right now, all Google can see is a VHD disk, the data inside would require more compute resources to read it. However, lets assume they can, or that you would like to ensure some malicious actor can’t read it.

Right-click your disk in This PC and select Turn on Bitlocker

We will use a password to encrypt the data.

You can store the recovery in a file and store it on a USB drive. For the rest of the setup, you can use the default options.

References

Hilliard, W. (2021, February 04). Google still hasn’t updated its iOS apps, while pondering Android privacy controls. Apple Insider. Retrieved February 13, 2021, from https://appleinsider.com/articles/21/02/04/google-still-hasnt-updated-its-ios-apps-while-pondering-android-privacy-controls

Cohen, J. (2020, September, 4). iOS More Popular in Japan and US, Android Dominates in China and India. PCMag. Retrieved February 13, 2021, from https://www.pcmag.com/news/ios-more-popular-in-japan-and-us-android-dominates-in-china-and-india

Elias, J. (2019, October 27). Google’s rocky path to email domination. CNBC. Retrieved February 13, 2021, from https://www.cnbc.com/2019/10/26/gmail-dominates-consumer-email-with-1point5-billion-users.html

Tung, L. (2021, January 18). Google Cloud: We do use some SolarWinds, but we weren’t affected by mega hack. ZDNet. Retrieved February 13, 2021, from https://www.zdnet.com/article/google-cloud-we-do-use-some-solarwinds-but-we-werent-affected-by-mega-hack/