Are you scouring the Internet for a quality cloud storage service based outside of the United States? Wondering why it matters? I’ve got you covered on both counts in this roundup of popular cloud storage providers — located beyond Uncle Sam’s purview.
Finding and vetting a cloud storage solution that meets this criterion can be a tall order:
But that doesn’t mean the cupboard is empty, with my personal favorites, Sync.com and MEGA, leading the way. However, before we get to the good stuff, let’s take a step back and look at why U.S. law gives privacy advocates the chills.
Keep Your Cloud Private
Chances are, if you’re among a number users with jitters about using a U.S. cloud storage service, you’re most likely familiar with the story of Edward Snowden, who made the bombshell revelations about America’s secret PRISM program.
But just in case you need a quick reminder, the gist of the revelations was that the U.S. National Security Agency could, with permission from a secret court and under the auspices of the 1978 Foreign Intelligence Surveillance Act (FISA), compel various Internet services to monitor user data.
While much of the program was used to monitor phone records gleaned primarily from Verizon, both Google, and Facebook, also allowed the NSA to access user data, despite denials to the contrary.
Of course, we now know that the NSA even paid these internet services, hundreds of millions of dollars, to facilitate the “arrangement.” All actions which make it a bit hard to accept these services at their word; when they attest to being committed to user privacy.
Here’s a list of a few other bedfellows implicated in the PRISM program:
Though much of the fallout’s focus has been on the United States spying on its citizens, it bears pointing out that the program can spy on citizens from other countries too.
Finally, in Google’s case at least, their relationship with the NSA goes much deeper than the Snowden-revelations. The two are working to develop a mysterious intelligence-gathering technology, in response to Chinese cyber attacks on several prominent U.S. corporations (including Google).
The nuts and bolts of the issue are that U.S. law, even after all of the hubbub, makes it far too easy for government agencies to get user data, and hide it from the public’s knowledge.
Meanwhile, other regions of the world (led by the EU) are actively introducing mandates to protect privacy. There’s even been the talk of enacting protections around an individual’s “right to be forgotten.”
Canada also has a host of federal and provincial laws protecting data privacy over the Internet, if you’re interested in Canadian cloud storage laws, check out Mauricio’s dive into Canadian cloud privacy.
Avoid Copyright Claim Abuse
The Digital Millennium Copyright Act of 1998 (DMCA), was the United States’ response to the 50-country World Intellectual Property Organization Copyright Treaty — signed in 1996. Its intent was to extend copyright laws into the digital domain.
While most vocally championed (naturally) by the music and film industries, the DMCA got written by a collective that included scientists and civil right groups as well.
The result was a system, in which companies could submit notices of copyright infringement, called “Takedown Notices.” Those named in a takedown notice have to respond to it or open themselves up to a lawsuit.
Instead of being sent to the entity who posted the allegedly infringing content, filers could also send the notice to ISP or platform that hosted the content, such as YouTube … Or a cloud service provider.
However, while protecting intellectual property, the DMCA also permits “fair use.”
Under U.S. law, fair use allows individuals to use aspects of another person’s work (such as a clip from a film or quote for a book), so long as they are interpreting that material, rather than re-posting it verbatim.
Needless to say, the fair use proviso has been instrumental to the internet’s growth, as it allows individuals to conduct reviews, reinterpret material (such as remix audio), and build the dynamic online world that we know and love today.
The problem with the system, is that very few Internet services spend time evaluating Takedown Notices and actually looking at the content to see if it is protected by fair use — essentially undermining the whole process.
Instead, they just remove the content and let the poster know, that if they want to fight it, they’ll need to create a petition first.
This option typically opens up a path towards the court and legal fees, making the battle too much of a financial burden for most people.
Not to pick on Google, but here’s a look at their DMCA policy for Google Drive:
“It is Google’s policy to respond to notices of alleged copyright infringement that comply with applicable international intellectual property law (including, in the United States, the Digital Millennium Copyright Act, the text of which can be found at the U.S. Copyright Office website: http://lcWeb.loc.gov/copyright/).
That means that if we receive such a notice for content hosted in Google Cloud Storage, we will remove or disable access to that content subject to applicable laws and make a good faith effort to give notice of the claimed infringement to the account holder.”
Because very few online services consider fair use before removing or blocking content, it opens the door to frivolous takedown notices. These could be filed by competitor sites, or by content creators who just didn’t like what you have to say.
As with privacy protection, if this is a concern for you, the obvious solution is to enlist a cloud service not beholden to U.S. law. (i.e., one that doesn’t have servers on U.S. soil).
Naturally, you’ll still be beholden to the copyright laws of a country where your cloud service is based, but these often aren’t as poorly constructed as American law, and therefore aren’t as susceptible to abuse.
Best Cloud Storage Services Based Outside the U.S.
Finding a cloud storage service not based in the U.S. isn’t a particularly hard feat.
In fact, misgivings regarding privacy and DMCA abuse have fueled an entire market of such providers, who trumpet their commitment to protecting content and ignoring copyright infringement notices.
For starters, here is a list of popular cloud storage services headquartered outside of the U.S., and don’t have data centers on U.S. soil.
|Livedrive: ||The United Kingdom||The United Kingdom
|Tresorit:||Ireland, The Netherlands||Hungary|
|MEGA:||Luxembourg, Germany, France, The Netherlands, Canada, New Zealand||New Zealand
The real difficulty lies in finding one that provides a rich user experience. To give you a quick rundown of how these services stack up against one another, let’s take a closer look at what they have to offer.
1. Zero-Knowledge Architecture
I’ve been in contact with nearly all of the cloud service providers listed above to verify their server locations.
One interesting reply was as follows:
Thank you for your support and thank you for using MEGA!
What makes our cloud storage offering special is the fact that your data is encrypted end-to-end.
This means that even if your files fall into the hands of an attacker, no matter where he or she is located, they would not be decryptable.
Therefore, the location of our servers (which are in Luxembourg, Germany, France, The Netherlands, Canada and New Zealand) does not matter as far as the confidentiality of your data is concerned.
The location and security of your account password and all computers that use the account is the only thing that matters.”
Of course, data center location does matter since location can expose a company to the laws of a country, even if the enterprise gets headquartered elsewhere.
But the support representative from MEGA does bring up a good point, when it comes to privacy, how your data is encrypted is also important. Much more important, actually.
Any good cloud storage company will at least offer in-transit encryption, if they didn’t, your data would be at serious risk of interception.
Most, but not all, cloud storage services encrypt your data “at rest” on their servers. This action prevents hackers from breaching the service, or nosy employees of that service, from reading your content.
The point is, that if you want to take privacy to the highest level, find a “zero-knowledge” provider. With zero-knowledge architecture, the keys to encrypted data aren’t kept by the cloud storage service at all.
Only you, via your password, have access to that key. Consequently, all of the encryption and decryption that takes place is done locally, on your computer or mobile device.
Let’s take a look to find out which included services are also zero-knowledge ones.
2. Upload and Download Speed
Forgive me for pointing out the obvious, but humans aren’t a particularly patient species.
While there are some obvious benefits to choosing a cloud service provider outside the U.S., one of my concerns, as someone prone to fits of fidgeting, was how that choice would impact upload and download speeds.
To figure out the answer, I conducted speed tests on each service featured in this article, in addition to two U.S.-based providers, Google Drive and OneDrive, as a point of comparison.
To make these tests as fair as possible:
I did three tests for each service over the course of three consecutive days; the results were then averaged
Each test was conducted with WiFi turned off, to mitigate bandwidth fluctuations; I plugged in the modem directly
The same 256MB zipped folder was used for each test; the folder has a variety of different file types
Naturally, if you are living in Norway or Thailand or wherever I’m not, you’re going to get different results. So take these tests for what what they’re worth.
The internet service provider used was Comcast Xfinity. According to Speedtest.net, my download speed is approximately 177 Mbps, and my upload speed is 12 Mbps.
Finally, I conducted these tests using a web browser (more on that in a second).
|Service:||Upload Time:||Download Time:|
|Sync.com:||9m 15s||4m 2s|
|Jottacloud:||9m 36s||8m 6s|
|MEGA:||5m 7s||1m 18s
|Google Drive:||3m 11s||0m 21s|
|OneDrive:||4m 8s||0m 43s
|pCloud:||3m 38s||1m 11s
As you can see, Google Drive and OneDrive came in impressively ahead of the non-U.S. based options.
A big reason for that, however, is likely that neither of those services incorporates zero-knowledge architecture, so files don’t get encrypted before being uploaded to the cloud.
pCloud also put up times in league with both services.
pCloud does include zero-knowledge architecture as an add-on service, but I didn’t have it activated for this test. Now, here’s a pro tip (pay attention if you don’t like waiting):
Tip: If you are uploading these files via a web application, and using a zero-knowledge architecture solution, you might be waiting quite a bit, in some cases, longer than if uploading via the desktop app.
That’s because, zero-knowledge architecture, as noted above, requires files to be encrypted before getting sent to the cloud.
When this process is performed on a web application, all encryption takes place via the browser. When uploading via a desktop app, the encryption process has access to system resources.
The difference is staggering.
In the Sync.com trial, it took over 9 minutes to upload my test file via the web browser. When I did it on the desktop app, however, it took six seconds.
On the one hand, traditional services like Google Drive and OneDrive offer a fantastic user experience, which includes powerful integrated apps. But on the contrary, using them also means putting your privacy in the hands of two monolithic corporations, and the U.S. National Security Agency.
Is that something you really want to do?
I think if Google or Microsoft offered consumers local encryption so that the NSA couldn’t read user content even if they demanded it from either service; I’d be more at ease with using any one of them for all of my cloud needs.
But until they do, I’ll probably stick with using Google Drive for ongoing work, and Sync.com for my personal and long-term storage needs.
Of course, we’d love to hear your thoughts on cloud privacy and options about services based outside of the U.S. So please share them in the comments below!