
Ask HN: Encrypted Storage with File Requests? - klohto
We are struggling with sharing small but confidential files (SPII) between us and customers.
When we discuss PoC with customer, we usually exchange smaller batch of data, like Excel sheets, encrypted through email.
We have S3 set-up for processing any bigger load of data after that.<p>As you can guess email is not ideal and I really don&#x27;t like it from a security standpoint. If we try to go directly with S3, the business user is usually not too tech-savvy to get the CLI going.<p>Giving him a GUI, like Cloudberry, requires involvement of IT department, which as you can guess, takes quite a big of time in any reasonable bigger company and slows the process down.<p>I looked at Dropbox, Box, SpiderOak, Syncplicity, and Sookasa, but none of them fit the need.
Basically I&#x27;m looking for a SaaS (preferably) offering that has the following features:
* Browser client or support for Windows and macOS  
* File requests with password support
* 2FA to access the files
* File residency options or located in Europe
* SOC2, HIPAA, ISO or any equivalent security certificate
* Access logs and auditable at least on IP level
* User-friendly and accessible for non-technical people<p>Nice to have:
* File upload (through file requests) without an account
* Zero knowledge encryption and open-sourced<p>I might just want too much though...
Do you have your own solution? Is there something that I can host myself (rather not)?
======
LinuxBender
For open source you might look at NextCloud [1]. They have both a cloud and
self hosted solution. Each users files are encrypted with their keys.
Disclaimer, I do not use it. We were going to use it for an internal project
but the AGPL license is not compatible for our company.

[1] - [https://nextcloud.com/](https://nextcloud.com/)

~~~
klohto
That looks like a powerful service. From a quick check, it seems to have all
the things I need. Thanks a lot, it’s a step in right direction for me!

~~~
LinuxBender
No problem. It looks like Linode [1] even have a way to deploy this as a pre-
packaged app on a VM. I bet some other VPS providers probably do this too.

[1] -
[https://www.linode.com/marketplace/apps/](https://www.linode.com/marketplace/apps/)

------
schakko
Long-time lurker here. My colleague and I are currently building our own
distribution platform, primarily to share access to our software product
artifacts (Docker images, ZIP files, MSI packages) to Gumroad subscribers. We
are using S3 as a backend, so atleast some of your requirements would be
fulfilled. 2FA is on our TBD list.

Totally of topic: I primarily replied because I found your LinkedIn profile,
saw "Beaker" as product name for your previous work and laughed hard: We also
chose a Muppet name for the platform described above: "Gonzo" ;-)

~~~
klohto
Looks like we might need to roll our own :( Ha, Gonzo is great! Frankly, the
name was the only exciting thing about the product. But I would definitely
choose a similar name again, it makes my presentations funnier if I can insert
a relevant picture with a muppet.

------
davidro
Sync.com is a Canadian solution that does what you are asking.

Maybe add them to your search keyword list!? :-)

