[Trainer-Talk] Keeping your files secure - Switching from VeraCrypt to Cryptomator for Cloud Storage: My Experience and Pros/Cons

[Mosen, Jonathan]

Hi Raul, this was a fascinating message, thanks.
I'm using a Synology NAS with two 8TB drives set up in a RAID configuration for redundancy. It can also back up to many commercial backup services for additional redundancy.
With tailscale, which I reviewed in last week's Access On, as long as I have an Internet connection, I can get at the Synology NAS which is mapped as a drive in File Explorer and is encrypted using Wireguard.
I love having any data of mine that I could possibly want anywhere, including on my phone, and it's totally under my control.
Not saying this is a superior solution, it's just a different approach to the problem.
Take care and looking forward to seeing everyone soon at national convention.
Jonathan Mosen
Executive Director for Accessibility Excellence
National Federation of the Blind 
410-659-9314 ex 2233   
jmosen at nfb.org

Reminder: Attend National Convention, July 3-8, 2026, in Austin, Texas.
“It’s the time of year where blind people are the majority.”


-----Original Message-----
From: Trainer-Talk <trainer-talk-bounces at nfbnet.org> On Behalf Of Raul Gallegos - RGA via Trainer-Talk
Sent: Thursday, May 28, 2026 12:15 PM
To: Trainer Talk List <trainer-talk at nfbnet.org>
Cc: Raul Gallegos - RGA <raul.gallegos at rgats.com>
Subject: [Trainer-Talk] Keeping your files secure - Switching from VeraCrypt to Cryptomator for Cloud Storage: My Experience and Pros/Cons

Hi everyone,

As trainers, and cautious computer users in this day and age, I feel it's extremely important to keep your data safe. I do this for my own files as it is, but since I am a trainer and I am trusted with sensitive and personal information of others, I am even more vigilant. Plus, I use various thumb drives and SD cards for portability, and due to the nature of these devices failing, I keep constant backups. However, those backups are not completely safe or private, especially if you keep them on a cloud service like Google Drive, OneDrive, Dropbox, ETC. Therefore, following are my experiences with what I have used, and with what I am using now, and why I switched from one method to the other. Please note that this email is a bit technical, and I will be happy to discuss this further or answer questions as best as I can in case there is interest.

For many years, I have used VeraCrypt, formally known as Truecrypt. I have now switched to using Cryptomator, specifically because of how they handle cloud synchronization. I know many of us on these lists value security, automation, and accessibility, so I hope this breakdown helps anyone looking to optimize their backup or file storage routines.

For context, I'm a long-time user of the TrueCrypt and VeraCrypt ecosystem.
For years, VeraCrypt has been my go-to recommendation for rock-solid, container-based encryption. However, as my workflow shifted toward storing these containers inside cloud services like Google Drive and Dropbox, I started running into massive sync bottlenecks.

Here is what prompted my switch, along with the pros and cons I've discovered so far.

The Problem with VeraCrypt in the Cloud

With VeraCrypt, you create a fixed-size container (for example, a 2 GB file) that mounts as a virtual drive. It works beautifully locally. But the moment you modify a single line of text in a spreadsheet inside that container, the entire 2 GB block changes from the cloud sync client's perspective. Even with smart delta-sync engines, I found myself dealing with massive upload delays, heavy bandwidth consumption, and occasional sync conflicts if the container wasn't handled perfectly. It simply wasn't designed with modern cloud sync in mind. In more simpler words, if I have a 2GB size container, think of it like a 2GB thumb drive. Now, I modify one spreadsheet, which is only a fraction of that size. After I save and close the sheet, and then save and close the encrypted container, Google Drive or the cloud service will need to upload the entire 2GB container rather than the single spreadsheet. This is what causes much longer times for syncing and is a waste of bandwidth.

Enter Cryptomator

Cryptomator takes a fundamentally different approach called client-side file-based encryption. Instead of one giant virtual container file, it encrypts every file and folder individually.

When you unlock a Cryptomator vault, it mounts as a standard virtual drive letter in Windows. You interact with your files normally, but behind the scenes, each file is turned into its own distinct, encrypted counterpart inside your sync folder.

The Pros of Cryptomator (Cloud Use Case)

*	Bandwidth & Sync Efficiency: If you edit a 5 KB text file, only that
specific 5 KB encrypted file updates and uploads to Google Drive. It takes a fraction of a second, saving massive amounts of time and network bandwidth.
In other words, editing my small spreadsheet will update almost instantly after I save it and then close my Cryptomator vault.
*	NVDA & Screen Reader Friendly: As an NVDA user on Windows, I'm happy
to report that the interface is highly accessible. Navigating the vault creation, entering passwords, and managing settings works cleanly with speech. Once the drive is mounted, it behaves exactly like a standard physical flash drive in File Explorer.
*	Automation-Friendly: While the desktop app doesn't have an extensive
command-line interface for mounting like VeraCrypt does, you can set vaults to auto-unlock on launch and assign them a permanent drive letter. This allowed me to easily pair it with my existing RoboCopy backup scripts. For instance, I successfully ran a RoboCopy mirror script to sync over 25,000 small files from a physical thumb drive into a Cryptomator vault in just two minutes using multi-threading (/MT:16).

The Cons & Considerations

*	Metadata Leakage: Because it encrypts files individually, a highly
sophisticated attacker looking at your cloud directory could technically see the exact number of files you have, their approximate sizes, and your folder structure depth. VeraCrypt completely hides this because everything is trapped inside a single opaque block. For standard privacy and data security, Cryptomator is more than enough, but it is a structural difference to keep in mind.
*	No Plausible Deniability: VeraCrypt allows for hidden volumes.
Cryptomator does not.
*	Cross-Platform Readiness: So far, I have only thoroughly tested this
setup on Windows (running on a Surface laptop). Cryptomator is fully cross-platform, and I plan on testing it on macOS next to see how seamlessly the shared cloud vault handles between Windows and Mac architectures.

Conclusion

I still highly respect VeraCrypt for localized, high-security storage or full-disk encryption. But for day-to-day document synchronization across cloud platforms, Cryptomator strikes a much better balance between security, efficiency, and ease of use. I even have batch files that are located in the root of my various thumb drives and when they are activated, they will perform a mirror image copy of everything on that thumb drive into the backup solution. Formally Veracrypt, and now Cryptomator.

I'd love to hear if others are using something similar, or even using Cryptomator, and how you manage your cloud encryption routines!

Thanks all.

 

-- 

Raul Gallegos

Access Technology Trainer, RGA Tech Solutions

 <http://www.rgats.com> http://www.rgats.com

Phone: (832) 639-4477

Direct Email:  <mailto:Raul.Gallegos at rgats.com> Raul.Gallegos at rgats.com

Team Inbox:  <mailto:training at rgats.com> training at rgats.com

"Learning is experience. Everything else is just information." - Albert Einstein

 

_______________________________________________
Trainer-Talk mailing list
Trainer-Talk at nfbnet.org
http://nfbnet.org/mailman/listinfo/trainer-talk_nfbnet.org
To unsubscribe, change your list options or get your account info for Trainer-Talk:
http://nfbnet.org/mailman/options/trainer-talk_nfbnet.org/jmosen%40nfb.org

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.