PLEASE VOTE: Ability encrypt Home/Photo/Video/Music folders

Discuss with the community any ideas you'd love to see in future DiskStations and DSM updates! We do our best to monitor and forward all of them, but we recommend to also use this form as our team will systematically see your suggestion:
https://www.synology.com/form/inquiry/feature
Forum rules
We do our best to monitor and forward your ideas to our team, but due to the large amount, we may not see every single one and recommend to also use this form as our team will systematically see your suggestion:
https://www.synology.com/form/inquiry/feature

Do you agree that being able to encrypt the Photo/Home folders is an important feature?

Yes
200
94%
No
11
5%
No opinion/Not sure
1
0%
 
Total votes: 212
drabisan
Virtuoso
Virtuoso
Posts: 1384
Joined: Sat Jul 17, 2010 12:04 pm

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby drabisan » Sat May 23, 2015 12:51 pm

I will be the wedding crasher ;)

I will dismiss from the start storing the key for auto-mount an encrypted share. That's just a fake sense of security. If you feel safe that you data is safe in this model...well you shouldn't! IMO this is stupid in so many ways and users shouldn't have this option! Their home porn are not safe at all!

Let's focus on the model where you type a different key per share at boot-up.
Well, that's safe but there's a big BUT: applications that exists and run to access your shares - like photostation, cloud sync, video station etc. What you are asking for is a model where this apps don't start up until the moment you manually typed all passwords for all your shares. This isn't impossible, but it contradict partially the Linux model. You can't mount a volume unless you have the user-key and you can't complete the boot process unless all system applications that are suppose to start are started.
I think this may not be that impossible, but it will definitely be confusing!
My DS had started but no application is running! Well...wait, you need to login into your DSM, type your passwords and your application will start! It will be so annoying to have Cloud Station acting like this! Consider a scenario where you don't open your DSM to the internet but you do want your cloud station client to sync!
Or, my DS had started but I can't see any pictures in my photostation! Right! Because your photostation can't access your encrypted share! You need to login into your DSM, type your passwords and your photostation eventually will see the share and show you the pictures.
Those 2 are only examples how things will get way more complicated, while maintaining a fairly good security model.

I can understand the reason Synology make the choice not to allow encryption on shares with pre-defined names. It would be easier to encrypt it and later to install a package that isn't compatible with encryption model and "Huston, we have a problem!"

Workaround is fairly simple: your own to-be-encrypted share names with no packages linked to those shares. This way is easier for everybody.
But it applies to advanced users! What's bad is that most of the users will see the marketing stuff with "encryption engine" and, guess what?, will start cursing!

My vote goes to "no". Although I know Synology is not actively monitoring this forum and this poll means nothing to them ;)
SonicSpeed
I'm New!
I'm New!
Posts: 3
Joined: Tue Jun 02, 2015 4:51 pm

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby SonicSpeed » Tue Jun 02, 2015 5:15 pm

WORKAROUND FOR HOMES ENCRYPTION

Create an encrypted folder next to /homes, e.g. /homes_enc. Set read/write permissions for all users for /homes_enc.

ssh/telnet into Diskstation, e.g. ssh admin@111.111.111.111, all files are under /volume1

For each user (UserName) do:
cd /volume1/homes; mv UserName /volume1/homes_enc/; ln -s /volume1/homes_enc/UserName UserName

This moves the user folder into the encrypted folder and puts a symlink into homes. You may need to fix file/folder ownership via chown and chmod later, if needed. Voila!
rowox
Knowledgeable
Knowledgeable
Posts: 335
Joined: Sat Sep 03, 2011 6:15 am

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby rowox » Wed Jun 03, 2015 5:22 am

drabisan wrote:What you are asking for is a model where this apps don't start up until the moment you manually typed all passwords for all your shares. This isn't impossible, but it contradict partially the Linux model. You can't mount a volume unless you have the user-key and you can't complete the boot process unless all system applications that are suppose to start are started.


I use CloudStation on folders that are encrypted, and I use the backup service on encrypted shares and it works just fine. When the folders are not mounted, my CloudStation gives me an error that it cannot sync, and I simply log in DSM and mount that drive. That is exactly what I would expect. For my photo and video and music folders, I would expect that I am unable to access my files if the share isn't mounted... I want security for my files... I shouldn't have to compromise for that. Having to manually mount my drive each time I reboot the system is part of the normal process that I expect and accept.

drabisan wrote:Workaround is fairly simple: your own to-be-encrypted share names with no packages linked to those shares. This way is easier for everybody.


Clearly you haven't tried it, but that doesn't work. DS Photo and DS Audio and DS Video expect the files to be in pre-defined shares, and storing those files in other encrypted shares will not work.

SonicSpeed wrote:WORKAROUND FOR HOMES ENCRYPTION

Create an encrypted folder next to /homes, e.g. /homes_enc. Set read/write permissions for all users for /homes_enc.

ssh/telnet into Diskstation, e.g. ssh admin@111.111.111.111, all files are under /volume1

For each user (UserName) do:
cd /volume1/homes; mv UserName /volume1/homes_enc/; ln -s /volume1/homes_enc/UserName UserName

This moves the user folder into the encrypted folder and puts a symlink into homes. You may need to fix file/folder ownership via chown and chmod later, if needed. Voila!


That approach will only work for home folders (not music, photo or video), and it doesn't scale. You have to manually do it for each new new user that you create, and manually delete the folders when you delete users. Plus, as you correctly pointed out, it will mess up the file owners. I did use this solution for now... but if I have more users (or were running this NAS in an office), that type of manual procedure wouldn't fly.

Again, I hope someone at Synology (although I know they don't monitor these threads) will lighten up and offer the security.... that their marketing department keeps claiming they offer....
Do you agree that you should be able to encrypt your important folders, such as Photo, Home (and Video and Music)? PLEASE VOTE and comment at the following thread and make your voice heard (you'll need to cut and paste the URL):
http://forum.synology.com/enu/viewtopic.php?f=3&t=93366

DS415+, 4 x 6TB Red
SonicSpeed
I'm New!
I'm New!
Posts: 3
Joined: Tue Jun 02, 2015 4:51 pm

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby SonicSpeed » Fri Jun 05, 2015 2:41 pm

UPDATE! WORKAROUND FOR HOMES ENCRYPTION

This is an update to my previous post. For this to be tested, I had to get access to an unused Diskstation, as I did not want to brick my production system - so we ordered one solely for this purpose ;-). You are welcome! This method places the complete home folder into an encrypted folder

Create an encrypted folder next to /homes, e.g. /fortknox. Set read/write permissions for all users for /enc.
I prefer auto-mount on startup, but you may want to enter you key manually after each startup.

ssh/telnet into Diskstation, e.g. ssh admin@111.111.111.111, all files are under /volume1

Code: Select all

cd /volume1; mv /homes /volume1/fortknox/; ln -s /volume1/fortknox/homes homes


This moves the /homes folder into the encrypted folder (as /fortknox/homes) and puts a symlink into volume1. You may need to fix file/folder ownership via chown and chmod later, if needed. Better, you delete all users (e.g. one-by-one) and create new users. This will give the user folders correct attributes. Adjust read/write permissions for all users where needed.

I would assume, you could do this trick with photo and video folders, too. I have little interest in these folders.
rowox
Knowledgeable
Knowledgeable
Posts: 335
Joined: Sat Sep 03, 2011 6:15 am

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby rowox » Tue Jun 09, 2015 4:09 pm

Hi,

The issue here at hand is not the ability to sync encrypted folders with CloudStation, but the ability to encrypt the Photo and Music and Video folders, as well as the Home folder (some work around have been suggested, but they do not address 100% of the problem).
Do you agree that you should be able to encrypt your important folders, such as Photo, Home (and Video and Music)? PLEASE VOTE and comment at the following thread and make your voice heard (you'll need to cut and paste the URL):
http://forum.synology.com/enu/viewtopic.php?f=3&t=93366

DS415+, 4 x 6TB Red
carolusmagnus
I'm New!
I'm New!
Posts: 3
Joined: Mon Jan 27, 2014 2:40 pm

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby carolusmagnus » Wed Jun 10, 2015 10:12 am

roger that, i'll move my post to a better location and leave a link for those who are still interested. it was one of my top prio feature requests. ;)
user055
I'm New!
I'm New!
Posts: 1
Joined: Mon Jun 22, 2015 7:39 am

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby user055 » Mon Jun 22, 2015 9:09 pm

+1
phillyman
Apprentice
Apprentice
Posts: 82
Joined: Sun Nov 20, 2011 10:34 pm

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby phillyman » Wed Sep 02, 2015 4:16 pm

Hi,

Stumbled across this when I saw it in your signature. I completely agree. There were two reasons for me to get the Synology. First and foremost was security (my files that I control from A to Z), the VPN function and second the centralized location for all files for my family.

It took me about a day to figure out that I could not encrypt my folders. For different reasons I haven't tried cloudstation but plan on using that more and more as well. In general I mount whatever folder/file I need. I have not used nor tried photo/video/music stations. I have stored both music and photo libraries to the synology and point iTunes and Photos to the NAS. I have run into difficulties and this is generally not recommended. For my light use it works fine but it is disappointing that I've stored them in encrypted folders and cannot encrypt the default folders.

I'm surprised that Synology has not offered the option (turned off by default) and let users that are willing to bear the inconvenience (having to manually mount etc/reentering passwords) to turn it on.

I'll add my support and we can only hope that the powers might listen.
rlefferts
I'm New!
I'm New!
Posts: 3
Joined: Mon Sep 07, 2015 1:09 am

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby rlefferts » Mon Sep 07, 2015 6:08 pm

Wow. Brand new purchaser of a DiskStation 1815+ and I'm really disappointed by this gotcha, and the fact that it seems unable to encrypt external hard drives.

So, despite all the hoopla in the Synology marketing materials made about security and encryption, it's basically less effective (in practical terms) than the baseline Bitlocker stuff that is included with Windows.

It is too bad. Now that I've settled into the box, I found a ton to love about it, and I will be keeping it. But working around these issues is a pain. I'm not yet sure if I'll go with the soft link workaround described above, or go with some 3rd party backup software than can just use a standard fileshare.

Ugh.
Disconn3ct
I'm New!
I'm New!
Posts: 4
Joined: Wed Nov 11, 2015 6:44 am

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby Disconn3ct » Wed Nov 11, 2015 6:50 am

I bought the ds415+ from Newegg specifically to replace a fully-encrypted ReadyNAS. Supposedly it is "optimized for encryption"..

Just encrypting home directories would be a start, but I really need encrypted nfs. The entire thing exists to share volumes (or folders, or whatever you like) over NFS, with a couple of small AFP (OSX) shares thrown in. I'll probably be returning it with an appropriate review within the next couple of days.

The ReadyNAS doesn't do encryption in a perfect user-friendly way, but at least it does something. (Entire volumes only, and you plug in a FAT32 usb disk with the encryption key on it within 10 minutes of booting or it gives up and you have to reboot.)
rowox
Knowledgeable
Knowledgeable
Posts: 335
Joined: Sat Sep 03, 2011 6:15 am

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby rowox » Wed Nov 11, 2015 7:48 pm

Disconn3ct wrote:I bought the ds415+ from Newegg specifically to replace a fully-encrypted ReadyNAS. Supposedly it is "optimized for encryption"..

Just encrypting home directories would be a start, but I really need encrypted nfs. The entire thing exists to share volumes (or folders, or whatever you like) over NFS, with a couple of small AFP (OSX) shares thrown in. I'll probably be returning it with an appropriate review within the next couple of days.

The ReadyNAS doesn't do encryption in a perfect user-friendly way, but at least it does something. (Entire volumes only, and you plug in a FAT32 usb disk with the encryption key on it within 10 minutes of booting or it gives up and you have to reboot.)


Welcome to the forum Disconn3ct.

Unfortunately, it seems that despite the fact that each and every marketing communication from Synology touts its encryption prowess, including hardware encryption acceleration, this message hasn't been communicated with the engineering team. One year after my original post in this thread (and many years after this should have already been implemented), nobody at Synology has acknowledge in the slightest way that they currently DO NOT offer a viable reasonably-secure solution.

It seems marketing has taken over product design, and they are more concerned with pushing new features with each release but not fixing something that is inherently important and very basic. :oops:
Do you agree that you should be able to encrypt your important folders, such as Photo, Home (and Video and Music)? PLEASE VOTE and comment at the following thread and make your voice heard (you'll need to cut and paste the URL):
http://forum.synology.com/enu/viewtopic.php?f=3&t=93366

DS415+, 4 x 6TB Red
Disconn3ct
I'm New!
I'm New!
Posts: 4
Joined: Wed Nov 11, 2015 6:44 am

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby Disconn3ct » Thu Nov 12, 2015 4:25 pm

That's too bad. Good news is I have a 30 day return policy (with no restocking fee) so I can swap it for a competitor. (I'm still trying to avoid another ReadyNAS, but there are certainly lots of other options out there. At least the ReadyNAS encryption worked exactly as advertised..)

Glad I caught it early - when I started looking for a new NAS, some of my semi-pro photographer and graphic designer friends asked what to get. Probably going to refer them to drobo or (sigh) readynas, depending on how many systems they have and whether they need encryption support or not.

The product page is still TITLED
Quad-core 4-bay NAS optimized for intensive tasks and encryption


Not even buried somewhere, but flat out titled that. I wonder if any EU types can get them on false advertising..
AxtonR
I'm New!
I'm New!
Posts: 4
Joined: Wed Oct 14, 2015 7:54 am

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby AxtonR » Sun Nov 15, 2015 1:31 pm

+ 1
Photo or Home are sensitive folders !
Encryption is available to secure data if NAS is stolen !
Photo and Home and music.... should be secured too !

with a 415+ there is no impact on performances!

Please Sinology !
afawaz
Beginner
Beginner
Posts: 29
Joined: Sun Nov 29, 2015 2:57 pm

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby afawaz » Wed Dec 09, 2015 12:44 am

cleary need encryption on my photo folder on my DS415+ !!
so nobody has a workarround to do that?
rowox
Knowledgeable
Knowledgeable
Posts: 335
Joined: Sat Sep 03, 2011 6:15 am

Re: PLEASE VOTE: Ability encrypt Home/Photo/Video/Music fold

Postby rowox » Wed Dec 09, 2015 2:17 am

afawaz wrote:cleary need encryption on my photo folder on my DS415+ !!
so nobody has a workarround to do that?


No. Write to Synology customer support and tell them it is an important feature (and don't forget to vote un the poll at the top of this thread). I still can't believe they are not working on this after all these years.

PS: Don't forget, this forum is not monitored by Synology. If you wish to voice your opinion, write to them! I put the poll hoping to get thousands of votes, which I would have used to contact Synology... but at the current rate it is now gaining votes fast enough, so write directly to them if you want to be heard.
Do you agree that you should be able to encrypt your important folders, such as Photo, Home (and Video and Music)? PLEASE VOTE and comment at the following thread and make your voice heard (you'll need to cut and paste the URL):
http://forum.synology.com/enu/viewtopic.php?f=3&t=93366

DS415+, 4 x 6TB Red

Return to “Feature Requests & Product Improvement Suggestions”

Who is online

Users browsing this forum: No registered users and 3 guests