Many users are interested in cloud storage, but are wary of leaving their stuff with a provider. What guarantee do they have that their information will not be leaked all over the internet? The answer lies in using a zero-knowledge cloud storage and backup provider.
To understand this type of provider better, this guide will explain:
- What is a zero-knowledge provider
- Who has zero-knowledge services
- How zero-knowledge works
What is Zero-knowledge?
Zero-knowledge security is essentially an instance where one party can prove to another party that a statement is true. The first party does not have to show how they came by the answer.
The statement must be something that requires their knowledge of something private or secret. The verified cannot have access to this private information in order for the proof to work.
With cloud providers, this means a couple of different things. For starters, it means that information kept within the vault is encoded in such a way that they cannot open it. In addition, the personal key is not stored within servers or zero-knowledge would be compromised.
Zero-knowledge requires the user do all the work. They must enter all information correctly in order to access their data. The provider may offer to encrypt everything; however, they do not keep the pass keys to undo the code. There has to be no way for the storage service to record the login interaction.
If there was a way for them to do so, then they could replay the key strokes, tricking the system into thinking that the intruder was the owner. If there was a way for the keys strokes to be recorded, they would not be considered a zero-knowledge provider.There are providers out there which offer encryption of files while they are on their servers.
However, the encryption alone does not allow them to make the claim they have no knowledge of a user’s files.
If they keep the login information in cache so that the user can select “remember me” and avoid entering their credentials each time they login, then the provider does not fall into the zero-knowledge category.
Who Has It?
Unlike popular belief, not all cloud storage providers provide zero-knowledge services. Most actually do not because they store login information so the user doesn’t have to continually enter their username and password information. Other cloud providers do not offer encryption of files, making it possible for anyone with sufficient hacking skills to gain access and see files.
The question then becomes, who has zero-knowledge security and who does not. The list maybe short, but it is a good starting point for those looking for cloud services.
SpiderOak offers zero-knowledge service. As with its competitors, login information is not stored anywhere on their servers. The company encrypts files so that no one will be able to read them.
|SpiderOak ONE 100GB|
$ 5 Monthly
$59.00 1 Year
|SpiderOak ONE 250GB|
$ 9 Monthly
$ 99.00 (-8%)
|SpiderOak ONE 1TB|
$ 12 Monthly
$ 129.00 (-10%)
|SpiderOak ONE 5TB|
$ 25 Monthly
$ 279.00 (-7%)
The company also offers protection to enterprise level consumers, while still allowing them to share and collaborate on files.
Sync never stores login credentials (to help keep user information safe). This service also encrypts files before they leave the user’s computer while files are being transmitted, and during storage on their servers. No one can access the files and even if there is a break in, the information is still protected.
One of the most well known zero-knowledge companies is Mega. This service does not only offer complete encryption and personal keys (created by and kept exclusively by the user); they also offer encrypted sharing of documents.
$ 4.99 Monthly
$ 49.99 (-17%)
$ 9.99 Monthly
$ 99.99 (-17%)
$ 19.99 Monthly
$ 199.99 (-17%)
$ 29.99 Monthly
$ 299.99 (-17%)
Other than offering zero-knowledge and encryption, one of Mega’s biggest draws is their 50GB of free storage.
Finally, Tresorit is one of the most unique storage providers. Users do not have to go on their site to upload files, nor do they have to sync folders. Instead, users simply have to right click on the file or folders they wish to include in the next sync and select “Tresor it.”
This simplistic way to save data makes backup easy.
How Does It Work?
Traditional providers retain information and place that info on their servers. The information is what allows users to re-enter their account without retyping a username and password combination each time.
Non zero-knowledge providers also place a sync folder on users’ hard drives, which is seldom encrypted and most often keeps the pathway open.
A Meta tag or cookie is also placed on the consumer’s hard drive in order to simplify subsequent logins .
Traditional providers also offer a way for consumers to recover their password information; usually a secret passcode in the form of a question/answer set up. This allows a user to reset their credentials in the event they forget their original code.
Because there is a passkey saved to their server, anyone can reset the information and access the files stored within.
Zero-knowledge is based not just on the encryption of files, but also handing over complete control of them to users, and putting in place infrastructures which allow complete secrecy for the user. The general scenario is initially accomplished by keeping no traces of:
- Meta tags
All of which (if present) could potentially point towards the files’ owner.
Any passwords created with a zero-knowledge service will not be saved on their system. That means if a user forgets his or her credentials, including any secondary passcodes they set up to protect the account, there is no way to recover them.
It is the only way to ensure all data stored inside the server is completely in the control of the owner and cannot be tampered with by the provider.
At the moment, zero-knowledge providers offer the best protection against internal hacking. These companies are (like all cloud providers), targeted by hackers. However, because the information remains encoded while stored, anything that may be taken cannot be read or used.
Do your privacy needs justify using a zero-knowledge cloud service? Let us know in the comments below.