Table of contents
Let's say you have a bunch of photos in your mobile phone, and you want to backup them to a cloud drive. You want to make sure that these photos are not accessible even if your cloud provider gets hacked.
This means that your photos need to be encrypted before you upload them. They also should be decrypted only after you've downloaded them again, maybe on some other device. This is called end-to-end encryption (E2EE), or sometimes client-side encryption.
Your data can be encrypted with private key only known to you or with the cloud provider's key. If your cloud provider has the encryption key, they can use it to decrypt and view the content. Also the key and your data could get stolen if the provider is hacked.
This is why the most private option is that you're the only one with the encryption key. All your data is encrypted with a key only known by you. This is called zero-trust or zero-knowledge.
Zero-trust encryption is the most private option, but possibly not the most secure. If you lose your encryption key, it is impossible to restore the data.
With zero-trust encryption, the service provider cannot see the contents of your files. However they see some meta-data, such as how much data you uploaded, when it was uploaded and from which device. Depending on the service, they might also see file creation and modification dates etc.
A sync/cloud drive is different from a pure backup system. Cloud drive is like a storage drive inside computer. It's designed for on-going work, but versioning makes it helpful as a backup.
Encryption on popular cloud drives
Popular cloud drives, such as Dropbox and iCloud Drive are not zero-trust encrypted. They encrypt the data when it is being transferred over internet and when it is stored on their servers. However, they have the keys to decrypt and view the content.
Many cloud drives such as Google One and OneDrive automatically scan all uploaded content for illegal material, duplicates etc. From end-user's point of view, an artifical intelligence scanning their content might feel uncomfortable.
The automatic scanning of uploaded content has also some benefits. It enables features such as find duplicate files, search inside files, automatically tag people on photos and generate photo galleries based on locations.
For average user, the less private services often provide higher performance, better usability and more features. However, not everyone needs AI-powered tricks, and many are willing to trade some functionality for improved privacy.
The beauty of zero-trust is that the user doesn't need to trust the storage provider, apart from their client software. The encryption and decryption is done automatically by the client application. Like any software, it could have bugs or even backdoors. This is why 3rd party security audits and open source strengthen the trust.
In practice, using zero-trust cloud drive is as simple as using the mainstream ones. There are no extra keys, passwords or codes. All that is handled automatically by the app.
Difference of security and privacy
Security protects from data loss or theft
- Provider has robust backup system on their side
- Provider’s staff is well-trained on security
- Provider has verbose testing to prevent bugs on their behalf
- Bugs are fixed quickly
- All interfaces have strong multi-factor authentication
- The server and client apps are robust and proven
- Security audits are done on regular basis
- Security incidents are informed to customers
All interfaces have great usability to prevent human errors
regarding handling data
- Usage flows follow good practices
- User is well informed on consequences of potentially dangerous actions
- Usage is effortless so that the user don’t fallback for shortcuts (for example: forcing password changing every month pushes users to use weak passwords)
Privacy protects from user profiling
Provider has minimal/no access to your data
- Doesn’t build an advertisement profile on you based on your data
- Doesn’t sell your information to third parties
- Doesn’t let third parties access your data
Client apps are configurable
- No collectiong of information unless it’s mandatory for the features user chose
Did I get something wrong?
Email me at