Cloud Storage Outside The US? This is What We Recommend

obrBy Joseph Gildred — Last Updated: 30 Nov'16 2016-11-30T11:58:19+00:00

Are you scouring the Internet for a quality cloud storage service based outside of the United States? Wondering why it matters? I’ve got you covered on both counts in this roundup of popular cloud storage providers — located beyond Uncle Sam’s purview.

Finding and vetting a cloud storage solution that meets this criterion can be a tall order:

Dropbox

Google Drive

OneDrive

Are all off the table. Even pCloud and SpiderOak, with their excellent zero-knowledge security options, base their data centers in the U.S.

But that doesn’t mean the cupboard is empty, with my personal favorites, Sync.com and MEGA, leading the way. However, before we get to the good stuff, let’s take a step back and look at why U.S. law gives privacy advocates the chills.

Keep Your Cloud Private

Chances are, if you’re among a number users with jitters about using a U.S. cloud storage service, you’re most likely familiar with the story of Edward Snowden, who made the bombshell revelations about America’s secret PRISM program.

Edward.Snowden.wall
Edward.Snowden.wall

But just in case you need a quick reminder, the gist of the revelations was that the U.S. National Security Agency could, with permission from a secret court and under the auspices of the 1978 Foreign Intelligence Surveillance Act (FISA), compel various Internet services to monitor user data.

While much of the program was used to monitor phone records gleaned primarily from Verizon, both Google, and Facebook, also allowed the NSA to access user data, despite denials to the contrary.

Of course, we now know that the NSA even paid these internet services, hundreds of millions of dollars, to facilitate the “arrangement.” All actions which make it a bit hard to accept these services at their word; when they attest to being committed to user privacy.   

Here’s a list of  a few other bedfellows implicated in the PRISM program:

Apple

Microsoft

Yahoo

YouTube

Skype

AOL

PalTalk

Though much of the fallout’s focus has been on the United States spying on its citizens, it bears pointing out that the program can spy on citizens from other countries too.  

Finally, in Google’s case at least, their relationship with the NSA goes much deeper than the Snowden-revelations. The two are working to develop a mysterious intelligence-gathering technology, in response to Chinese cyber attacks on several prominent U.S. corporations (including Google).

The nuts and bolts of the issue are that U.S. law, even after all of the hubbub, makes it far too easy for government agencies to get user data, and hide it from the public’s knowledge.

Meanwhile, other regions of the world (led by the EU) are actively introducing mandates to protect privacy. There’s even been the talk of enacting protections around an individual’s “right to be forgotten.”

Canada also has a host of federal and provincial laws protecting data privacy over the Internet, if you’re interested in Canadian cloud storage laws, check out Mauricio’s dive into Canadian cloud privacy.

Avoid Copyright Claim Abuse

The Digital Millennium Copyright Act of 1998 (DMCA), was the United States’ response to the 50-country World Intellectual Property Organization Copyright Treaty — signed in 1996. Its intent was to extend copyright laws into the digital domain.

Copyright Locked

While most vocally championed (naturally) by the music and film industries, the DMCA got written by a collective that included scientists and civil right groups as well.   

The result was a system, in which companies could submit notices of copyright infringement, called “Takedown Notices.” Those named in a takedown notice have to respond to it or open themselves up to a lawsuit.

Instead of being sent to the entity who posted the allegedly infringing content, filers could also send the notice to ISP or platform that hosted the content, such as YouTube … Or a cloud service provider.

However, while protecting intellectual property, the DMCA also permits “fair use.”  

Under U.S. law, fair use allows individuals to use aspects of another person’s work (such as a clip from a film or quote for a book), so long as they are interpreting that material, rather than re-posting it verbatim.

Needless to say, the fair use proviso has been instrumental to the internet’s growth, as it allows individuals to conduct reviews, reinterpret material (such as remix audio), and build the dynamic online world that we know and love today.

The problem with the system, is that very  few Internet services spend  time evaluating Takedown Notices and actually looking at the content to see if it is protected by fair use — essentially undermining the whole process.

Instead, they just remove the content and let the poster know, that if they want to fight it, they’ll need to create a petition first.

This option typically opens up a path towards the court and legal fees,  making the battle too much of a financial burden for most people.

Not to pick on Google, but here’s a look at their DMCA policy for Google Drive:

“It is Google’s policy to respond to notices of alleged copyright infringement that comply with applicable international intellectual property law (including, in the United States, the Digital Millennium Copyright Act, the text of which can be found at the U.S. Copyright Office website: http://lcWeb.loc.gov/copyright/).

That means that if we receive such a notice for content hosted in Google Cloud Storage, we will remove or disable access to that content subject to applicable laws and make a good faith effort to give notice of the claimed infringement to the account holder.”

Because very few online services consider fair use before removing or blocking content, it opens the door to frivolous takedown notices. These could be filed by competitor sites, or by content creators who just didn’t like what you have to say.

As with privacy protection, if this is a concern for you, the obvious solution is to enlist a cloud service not beholden to U.S. law. (i.e., one that doesn’t have servers on U.S. soil).

Naturally, you’ll still be beholden to the copyright laws of a country where your cloud service is based, but these often aren’t as poorly constructed as American law, and therefore aren’t as susceptible to abuse.   

Best Cloud Storage Services Based Outside the U.S.

Finding a cloud storage service not based in the U.S. isn’t a particularly hard feat.

In fact, misgivings regarding privacy and DMCA abuse have fueled an entire market of such providers, who trumpet their commitment to protecting content and ignoring copyright infringement notices.

For starters, here is a list of popular cloud storage services headquartered outside of the U.S., and don’t have data centers on U.S. soil. 

Service:
Server Locations:
Headquarters:
Sync.com:
Canada
Canada
Jottacloud:Norway
Norway
Livedrive:
The United Kingdom
The United Kingdom
Tresorit:Ireland, The Netherlands
Hungary
MEGA:Luxembourg, Germany, France, The Netherlands, Canada, New ZealandNew Zealand
PowerFolder:GermanyGermany

The real difficulty lies in finding one that provides a rich user experience. To give you a quick rundown of how these services stack up against one another, let’s take a closer look at what they have to offer.

1. Zero-Knowledge Architecture

I’ve been in contact with nearly all of the cloud service providers listed above to verify their server locations.

One interesting reply was as follows:

“Dear Joseph,

Thank you for your support and thank you for using MEGA!

What makes our cloud storage offering special is the fact that your data is encrypted end-to-end.

This means that even if your files fall into the hands of an attacker, no matter where he or she is located, they would not be decryptable.

Therefore, the location of our servers (which are in Luxembourg, Germany, France, The Netherlands, Canada and New Zealand) does not matter as far as the confidentiality of your data is concerned.

The location and security of your account password and all computers that use the account is the only thing that matters.”

Of course, data center location does matter since location can expose a company to the laws of a country, even if the enterprise gets headquartered elsewhere.

But the support representative from MEGA does bring up a good point, when it comes to privacy, how your data is encrypted is also important. Much more important, actually.

Any good cloud storage company will at least offer in-transit encryption, if they didn’t, your data would be at serious risk of interception.

Most, but not all, cloud storage services encrypt your data “at rest” on their servers. This action prevents hackers from breaching the service, or nosy employees of that service, from reading your content.

The point is, that if you want to take privacy to the highest level, find a “zero-knowledge” provider. With zero-knowledge architecture, the keys to encrypted data aren’t kept by the cloud storage service at all.

Only you, via your password, have access to that key. Consequently, all of the encryption and decryption that takes place is done locally, on your computer or mobile device.

Let’s take a look to find out which included services are also zero-knowledge ones.

Service:
Zero-Knowledge:
Sync.com:
Yes
Jottacloud:No
Livedrive: No
Tresorit:Yes
MEGA:Yes
PowerFolder:No

Not bad. Only Jottacloud, Livedrive, and PowerFolder fail to offer local encryption.

2. Upload and Download Speed

Forgive me for pointing out the obvious, but humans aren’t a particularly patient species.

While there are some obvious benefits to choosing a cloud service provider outside the U.S., one of my concerns, as someone prone to fits of fidgeting, was how that choice would impact upload and download speeds.

To figure out the answer, I conducted speed tests on each service featured in this article, in addition to two U.S.-based providers, Google Drive and OneDrive, as a point of comparison.

To make these tests as fair as possible:

 

Naturally, if you are living in Norway or Thailand or wherever I’m not, you’re going to get different results. So take these tests for what what they’re worth. 

The internet service provider used was Comcast Xfinity. According to Speedtest.net, my download speed is approximately 177 Mbps, and my upload speed is 12 Mbps.

Finally, I conducted these tests using a web browser (more on that in a second).

Service:Upload Time:
Download Time:
Sync.com:9m 15s
4m 2s
Jottacloud:
9m 36s
8m 6s
MEGA:5m 7s
1m 18s
Google Drive:
3m 11s0m 21s
OneDrive:4m 8s
0m 43s
pCloud:3m 38s
1m 11s

As you can see, Google Drive and OneDrive came in impressively ahead of the non-U.S. based options.

A big reason for that, however, is likely that neither of those services incorporates zero-knowledge architecture, so files don’t get encrypted before being uploaded to the cloud.

pCloud also put up times in league with both services.

pCloud does include zero-knowledge architecture as an add-on service, but I didn’t have it activated for this test. Now, here’s a pro tip (pay attention if you don’t like waiting):

That’s because, zero-knowledge architecture, as noted above, requires files to be encrypted before getting sent to the cloud.

When this process is performed on a web application, all encryption takes place via the browser. When uploading via a desktop app, the encryption process has access to system resources.

The difference is staggering.

In the Sync.com trial, it took over 9 minutes to upload my test file via the web browser. When I did it on the desktop app, however, it took six seconds.


Final Thoughts

On the one hand, traditional services like Google Drive and OneDrive offer a fantastic user experience, which includes powerful integrated apps. But on the contrary, using them also means putting your privacy in the hands of two monolithic corporations, and the U.S. National Security Agency.

Is that something you really want to do?

I think if Google or Microsoft offered consumers local encryption so that the NSA couldn’t read user content even if they demanded it from either service; I’d be more at ease with using any one of them for all of my cloud needs.

But until they do, I’ll probably stick with using Google Drive for ongoing work, and Sync.com for my personal and long-term storage needs.

Of course, we’d love to hear your thoughts on cloud privacy and options about services based outside of the U.S. So please share them in the comments below!

5 thoughts on “Cloud Storage Outside The US? This is What We Recommend”

  1. Hello Joseph,

    I’m planning to create a movie streaming website. Now I’m still trying to find out where to put all the movie content. I’m searching for a outside U.S cloud storage. I’m going to stream the content directly from that server into my website for the viewer to watch. Can you give me some advice about this. Thanks, Allan

    1. Hi Allan, sorry for the delayed response. If you’re looking outside the U.S., I gather you’re concerned with DMCA notices. I would never advise anyone to break the law … But I don’t mind informing you of it. Be aware that not only your cloud host but your web host can be targetted if they’re based in the U.S. And, of course, you could be served directly. The other thing to know is that services like Mega, even if though they’re offshore, may still adhere to DMCA takedowns. As far as options, for streaming, you might be better off going with someone like Private Layer as web and video host. They have cloud servers based in Switzerland and are set up to make your life easy for that kind of project.

  2. Hi Joseph,
    Very informative article. Thank you. I hope you can help me a little. My company is currently based in US I plan on moving it offshore. Can you suggest off shore alternatives for Hostgator (where our pages are hosted) and Amazon S3 (where are digital files are stored. Our customers are able to download from As3 links)

    Appreciate your suggestions.

  3. Hi Sid. There are many good offshore web hosts. Privacy Layer (Switzerland), mentioned in the above comment. OrangeWebsite (Iceland) is another. Both offer offshore server space in addition to web hosting but the server space isn’t cheap. If you just need an offshore location and aren’t looking to get around DMCA notices, I’d just switch the Amazon S3 datacenter you use to an offshore location near whatever web host you go with. If you do go with an option that claims to be “DMCA free,” from what I understand, many don’t honor that — its just a thin marketing ploy. I don’t have any experience working with content considered outside the bounds of fair use, though, so I can’t speak to that for sure. Best of luck!

    1. Excellent! Thank you for your help. No I am not looking to get around DMCA notices so your suggestion to just switch the AS3 datacenter near the webhost sounds like the best option. I didn’t know that was possible. I looked into EuroVPS and it seems quite good. Exploring further. Thanks again!

Leave a Reply

Your email address will not be published. Required fields are marked *

More about

Most Visited News