Hi @rnc
Users can apply encryption selectively to only the top-level folders under My Drive. Encrypting sub-folders and individual files independently is not supported yet. We are using the standard AES-256 GCM encryption.
On comparing with Cryptomator, Gocryptfs etc.: the primary difference is that those tools encrypt the data on the local filesystem. They rely on other clouds’ syncing clients to upload/sync the encrypted data to the cloud. To access the unencrypted data locally, you need to go to the virtual FS folder created by those apps.
On the other hand, Insync seamlessly integrates encryption with syncing: we encrypt/decrypt the data on the fly while syncing to/from the cloud. So when there is a local edit, Insync encrypts the data in memory and uploads the encrypted data to the cloud. On the local file system, the data remains as plaintext so it doesn’t require any change in your workflow locally.
While syncing down, Insync decrypts the data in-memory after obtaining the encrypted data chunks from the cloud and downloads the file in plaintext. Insync seamlessly allows syncing of the encrypted data with multi-machine setups as well. As it is a zero-knowledge encryption service, you would be required to enter the correct password on Insync setups on all your machines to sync the encrypted folders.
Happy to answer any other questions!