What Exactly is Zero-Knowledge in The Cloud and How Does it Work in 2023?
For the security conscious, zero-knowledge encryption is the way to go. But what does zero-knowledge mean? How will it affect the way you store your files? Cloudwards.net explains.
For many people, the biggest risk when using any of our best cloud storage and backup services is security: how do you know that your files will be safe? What happens when the authorities show up to your service’s offices with a warrant? Though these questions may not be a priority for everyone, Cloudwards.net does have a simple answer: use a zero-knowledge cloud service.
Zero-knowledge in this case means that no one besides you has the keys to your data, not even the service you’re storing your files with. Also known as private encryption, it is the ultimate way in which you can keep your data private, though it does come with a few downsides: most important of these is that if you lose your password, it is gone forever.
Though private encryption may not be for the faint of heart, if you do decide to opt for a zero-knowledge provider you can rest assured that no one will be able to ever access your data; just remember that you will belong to that group if you don’t remember your credentials. With that in mind, let’s take a look at some of the benefits of zero-knowledge encryption.
Updated this article to include information about zero-knowledge encryption with web clients.
Zero-Knowledge Encryption: the Upside
Though many people don’t realize it, usually if you sign up for a service, any service, they keep a copy of your password somewhere. Though usually it is kept fairly safe, in theory someone can get to it. Though that kind of access is usually reserved for people too high up in the food chain to care about your holiday pics, it does present a risk if the company in question falls victim to cybercriminals or is presented with a warrant by law enforcement officials.
Providers that use private encryption solve this problem by not storing a copy of your password anywhere. Though the tech behind this can get complicated, what it boils down to is that rather than hand over the password, which is then verified by the service, you hand over the proof that you know the password. Again, the math gets tricky, but in practice it works just like any other provider: you type in your password and you get access.
The upshot of this is that even if a government agent shows up with a warrant, all they will get are encrypted files. While non-private encryption providers have to hand over files and their passwords, zero-knowledge services can’t give away customers’ password because they, well, have zero -knowledge.
Do note, however, that if a cloud storage service offers zero-knowledge encryption, this does not automatically make them a secure cloud storage provider. There’s more to cloud security than simply hiding a password and if, say, their servers are badly encrypted, a cybercriminal or snooping NSA agent can just force their way in.
However, when done right, private encryption is the cherry atop the security cake that not only protects you from criminals, but also from government interference. Any of the Cloudwards.net selection of best zero-knowledge cloud services, for example, uses this tech in conjunction with all manner of encryption and other protocols to keep your data as safe as the bank.
Zero-Knowledge Encryption: The Downside
As nothing is perfect, private encryption brings with it a few downsides, the most important of which is that if you lose your password, it is gone. There is no retrieval possible, as the zero-knowledge service you’ve chosen only keeps the proof that you have the key, not the key itself. This means that if you’re even slightly scatterbrained, you need to avoid these services as you’ll only end up hating yourself when your data is stuck behind a digital wall with no way to get it back.
Besides the chaotic, the impatient may also want to avoid using zero-knowledge cloud services as they are usually quite a bit slower than less secure providers. This is actually not due to the private encryption itself, but rather because of all the other security measures used. SpiderOak, for instance, encrypts all your data on its servers as well as in transit, slowing down your upload and download considerably (for more information on this otherwise great service, check out our SpiderOak review).
Another downside is that using these super secure services means your user experience may sometimes suffer: though it is a particular favorite of ours, honesty compels us to admit that Sync.com is less pleasant to use than other providers. Previewing pictures and documents, for instance, isn’t possible since its strong encryption prevents anything being loaded while in the cloud (for more information, make sure to check out our Sync.com review).
Zero-Knowledge Encryption and Web Clients
Zero-knowledge encryption doesn’t really play nice with web interfaces, either. For it to work as intended, you need to use a desktop or mobile application. The app acts as a client that encrypts and decrypts files on your device, making sure only encrypted data is sent to a cloud service’s servers.
However, when you use a cloud service’s website, you have to send your encryption key to another party. Some services, like Backblaze, will handle your encryption key themselves, allowing them to access your encryption key in the brief time that it’s used on their servers.
Other services, like IDrive, have a trusted third party (most likely an automated machine) handle your encryption key, acting as the client in lieu of an app. The third party then does what the app would do: it encrypts your files using the key and sends the encrypted files to the cloud service, or vice versa.
As you can see, the massive upside of using a zero-knowledge cloud service comes with some downsides that may deter certain users. Though here at Cloudwards.net we feel that security and privacy should be paramount concerns for everyone, we also understand that others are less worried about whether or not a hacker can check out their amateur poetry or holiday snapshots stored in the cloud.
That said, if these downsides are the only reason standing in the way of you making the plunge, you should just go ahead: a password can be written on a well-hidden piece of paper, good planning means you’ll always have a few extra minutes to spare and previews are handy but not necessary if you name files in a smart way.
If you worry about the security of your files, going with any of our top providers, such as Sync.com, SpiderOak or Icedrive (we have a Icedrive review if you want to know more), is the best way to go. Not only will you sleep easier, but, since most of them offer free plans, you’ll save on insurance, too (see our cloud services price comparison).
Hopefully this article has persuaded you to join the ranks of the security-conscious (in which case, maybe add one of our best VPN providers to the mix for that extra bit of anonymity); feel free to ask us any questions you may have in the comments below. Thank you for reading and stay safe.