I currently use Backblaze for online backup. I am thinking of switching to just storing all my documents on my iCloud drive.
With Backblaze, you can set an encryption key. Without this key no one can access your data – not even Backblaze.
I know by default, iCloud does not do this. But is there a 'set-it-and-forget-it` workaround to have files encrypted before they are uploaded?
I don't have anything sensitive in my files. But after all the stories one hears in the media, I would be reluctant to put my files in a place where a rogue Apple employee (or contractor) can just open them up.
Best Answer
If you want set-it-forget-it like BackBlaze, then iCloud is not for you. Your data is safe from a rogue Apple employee, but not safe from a government agency or someone with a legal ability to extract it. When Apple can help you regain access to your iCloud files if you forget your password then they can help a government agency to do that too.
But if you create your own password-encrypted disk image (.sparsebundle file using Disk Utility and encryption in the Finder) then the password is known only to you, and is only stored in RAM on your machine while your disk image is open and mounted; it is destroyed when you unmount and close the encrypted disk image. You can keep copies of that encrypted disk image on your machine or in a cloud service.
If you never store that password in the Keychain iCloud or localitems keychain files, then it will never be uploaded to iCloud. If you store that password in a local-only Keychain file then it is secure but would not necessarily be proof against seizure of your hardware or a malicious remote control.
Regardless of how well you protect the password to your encrypted disk image, you might be forced to decrypt it whilst under arrest. If you 'forget' it, then that may be used against you in court. If you truly forget it, then your data is completely deleted and unrecoverable.