When I use the seafile client on any Windows machine I like to encrypt seafile-data with the standard NTFS encryption methods to avoid any surprises in the future. It’s quite a simple thing to do, I think this should be enabled by default on all windows installations.
Why? What about those that don’t want filesystem-level encryption?
Just add a checkbox for that. Why would you not want to encrypt login tokens and other sensitive information?
Encryption should be folder based not application based (encrypt all user folders, not just seafile).
Even better, use Bitlocker if you want real protection on Windows.
This is mutually exclusive. Protection on windows is impossible, especially on Windows 10.
Since Snowden we all know that Bitlocker recovery keys are stored in the onedrive cloud. Bitlocker is closed-source, so nobody knows what’s behind the scenes.
If you want a bit security on Windows: Use VeraCrypt - it’s open source. But what if Windows sends your decrypted data from RAM into the cloud?
Only solution: Use an open-source OS (e.g. Debian) with dm-crypt.
This is antiNSA encryption you are talking about, what i am talking about is “normal” encryption which is enough to protect business secrets and home files - that BitLocker is.
EFS (sometimes called NTFS encryption) is neither, just too many vectors if it is not a systemwide thing.
I think you are missing the point, I am talking about someone getting a hold of access tokens delegated to a specific client, not necesarily the NSA or the illuminati trying to target you. EFS is easy to setup (it’s totally transparent) and it uses secure cyphers, that is a world of a difference between having transparent encryption for access keys and having them in plain text. irrc Google Chrome uses EFS to encrypt API keys, as well as the Lastpass Chrome extension.