[Trainer-Talk] Keeping your files secure - Switching from VeraCrypt to Cryptomator for Cloud Storage: My Experience and Pros/Cons

[Raul Gallegos - RGA]

Hi everyone,

As trainers, and cautious computer users in this day and age, I feel it's
extremely important to keep your data safe. I do this for my own files as it
is, but since I am a trainer and I am trusted with sensitive and personal
information of others, I am even more vigilant. Plus, I use various thumb
drives and SD cards for portability, and due to the nature of these devices
failing, I keep constant backups. However, those backups are not completely
safe or private, especially if you keep them on a cloud service like Google
Drive, OneDrive, Dropbox, ETC. Therefore, following are my experiences with
what I have used, and with what I am using now, and why I switched from one
method to the other. Please note that this email is a bit technical, and I
will be happy to discuss this further or answer questions as best as I can
in case there is interest.

For many years, I have used VeraCrypt, formally known as Truecrypt. I have
now switched to using Cryptomator, specifically because of how they handle
cloud synchronization. I know many of us on these lists value security,
automation, and accessibility, so I hope this breakdown helps anyone looking
to optimize their backup or file storage routines.

For context, I'm a long-time user of the TrueCrypt and VeraCrypt ecosystem.
For years, VeraCrypt has been my go-to recommendation for rock-solid,
container-based encryption. However, as my workflow shifted toward storing
these containers inside cloud services like Google Drive and Dropbox, I
started running into massive sync bottlenecks.

Here is what prompted my switch, along with the pros and cons I've
discovered so far.

The Problem with VeraCrypt in the Cloud

With VeraCrypt, you create a fixed-size container (for example, a 2 GB file)
that mounts as a virtual drive. It works beautifully locally. But the moment
you modify a single line of text in a spreadsheet inside that container, the
entire 2 GB block changes from the cloud sync client's perspective. Even
with smart delta-sync engines, I found myself dealing with massive upload
delays, heavy bandwidth consumption, and occasional sync conflicts if the
container wasn't handled perfectly. It simply wasn't designed with modern
cloud sync in mind. In more simpler words, if I have a 2GB size container,
think of it like a 2GB thumb drive. Now, I modify one spreadsheet, which is
only a fraction of that size. After I save and close the sheet, and then
save and close the encrypted container, Google Drive or the cloud service
will need to upload the entire 2GB container rather than the single
spreadsheet. This is what causes much longer times for syncing and is a
waste of bandwidth.

Enter Cryptomator

Cryptomator takes a fundamentally different approach called client-side
file-based encryption. Instead of one giant virtual container file, it
encrypts every file and folder individually.

When you unlock a Cryptomator vault, it mounts as a standard virtual drive
letter in Windows. You interact with your files normally, but behind the
scenes, each file is turned into its own distinct, encrypted counterpart
inside your sync folder.

The Pros of Cryptomator (Cloud Use Case)

*	Bandwidth & Sync Efficiency: If you edit a 5 KB text file, only that
specific 5 KB encrypted file updates and uploads to Google Drive. It takes a
fraction of a second, saving massive amounts of time and network bandwidth.
In other words, editing my small spreadsheet will update almost instantly
after I save it and then close my Cryptomator vault.
*	NVDA & Screen Reader Friendly: As an NVDA user on Windows, I'm happy
to report that the interface is highly accessible. Navigating the vault
creation, entering passwords, and managing settings works cleanly with
speech. Once the drive is mounted, it behaves exactly like a standard
physical flash drive in File Explorer.
*	Automation-Friendly: While the desktop app doesn't have an extensive
command-line interface for mounting like VeraCrypt does, you can set vaults
to auto-unlock on launch and assign them a permanent drive letter. This
allowed me to easily pair it with my existing RoboCopy backup scripts. For
instance, I successfully ran a RoboCopy mirror script to sync over 25,000
small files from a physical thumb drive into a Cryptomator vault in just two
minutes using multi-threading (/MT:16).

The Cons & Considerations

*	Metadata Leakage: Because it encrypts files individually, a highly
sophisticated attacker looking at your cloud directory could technically see
the exact number of files you have, their approximate sizes, and your folder
structure depth. VeraCrypt completely hides this because everything is
trapped inside a single opaque block. For standard privacy and data
security, Cryptomator is more than enough, but it is a structural difference
to keep in mind.
*	No Plausible Deniability: VeraCrypt allows for hidden volumes.
Cryptomator does not.
*	Cross-Platform Readiness: So far, I have only thoroughly tested this
setup on Windows (running on a Surface laptop). Cryptomator is fully
cross-platform, and I plan on testing it on macOS next to see how seamlessly
the shared cloud vault handles between Windows and Mac architectures.

Conclusion

I still highly respect VeraCrypt for localized, high-security storage or
full-disk encryption. But for day-to-day document synchronization across
cloud platforms, Cryptomator strikes a much better balance between security,
efficiency, and ease of use. I even have batch files that are located in the
root of my various thumb drives and when they are activated, they will
perform a mirror image copy of everything on that thumb drive into the
backup solution. Formally Veracrypt, and now Cryptomator.

I'd love to hear if others are using something similar, or even using
Cryptomator, and how you manage your cloud encryption routines!

Thanks all.

 

-- 

Raul Gallegos

Access Technology Trainer, RGA Tech Solutions

 <http://www.rgats.com/> www.rgats.com

Phone: (832) 639-4477

Direct Email:  <mailto:Raul.Gallegos at rgats.com> Raul.Gallegos at rgats.com

Team Inbox:  <mailto:training at rgats.com> training at rgats.com

"Learning is experience. Everything else is just information." - Albert
Einstein