Comment by omnicognate

https://cryptomator.org/

The closest I've found is VeraCrypt, which is near the edge of what I'd call layperson-friendly. But if you store a VeraCrypt drive on the cloud, you'll need to re-upload the entire encrypted file--usually quite large--every time you change anything at all. That's a _lot_ of bandwidth, and likely to be quite slow to sync.

https://github.com/restic/restic

not exactly for a "layperson", to be honest, but easy enough for someone familiar with a command line

Sparsebundles

In the extremely unlikely event that I'm compelled to by a judge, yes. Or if someone chooses to beat me with five dollar wrench, of course. And even then A) it can't happen without my knowledge and B) I have the option of refusing and bearing the consequences.

I didn't say it solves every problem, just that it's the only way to have proper end-to-end encryption.

This seems like a job for a truecrypt style system. Either you do it at a file-level, or you have it split into (say) 10MB file chunks, and if you want to access a certain file you have an encrypted local db that acts as a magic decoder ring ("file test.csv is spread across CLOUD1.DB CLOUD3443.DB CLOUD132.DB").

Combine that with steganography (Enter real_password, and test.csv is a list of bank accounts, enter fake_password, and test.csv is a list of apple store locations, enter random_password, and it decodes junk). Maybe combine that with multiple layers of passwords (one ring to rule them all, except certain files).

Obviously, you'd want to steganographize the decoder ring as well.