This post is the second in a series of three posts about some changes I have been making in my personal life with respect to how I interact with online social media platforms, and how that affects this blog. When I published the first post in this series, I had completely deleted the Facebook and Twitter pages associated with this blog, and I mentioned that I was on the lookout for a secure cloud storage site that respects data privacy (which meant options like Google Drive, Dropbox, or Flickr were not going to satisfy my desires). Since then, I have conducted almost all of my frequent conversations on platforms not owned by Facebook, and I have been in the process of conducting all other infrequent conversations away from Facebook platforms too. However, I have still been on the lookout for such a secure cloud storage site that would also allow me to securely share files, especially pictures, with others, without compromising the privacy of my data. This post goes over some information that I have compiled over different potential candidate services. This is not a review, because I have not actually tested any of these services yet. Follow the jump to see more about each candidate and where I lean.
Candidates
The three candidates I have come up with are Sync.com, Tresorit, and pCloud. Each of them offers a web client, end-to-end encryption in transit, and data privacy guarantees. Each of them offers a way to securely share files with others, restrict downloads of shared files, protect links to shared files with passwords, and enforce more granular permissions upon sharing files, though the details of security with respect to file sharing vary by service. Each of them offers zero-knowledge encryption for data at rest as an option at least, though the details vary by service. Each of them offers connectivity to at least 5 devices, though the exact number varies by service. Each of them complies with the GDPR. Finally, each of them offers free trials and the option to upgrade to a paid plan while preserving data, though the details vary by service.
Sync.com
Sync.com offers zero-knowledge encryption for data at rest by default, and likewise allows sharing files without breaking zero-knowledge encryption for data at rest. Its data privacy guarantee appears to be unconditional. It offers connectivity for up to 5 devices. It allows for file sizes that are not limited beyond the size of the storage plan selected, though it recommends uploading files less than 40 GB through the desktop client or less than 0.5 GB (500 MB) through the web client. It uses multithreading for uploads & downloads through the desktop & mobile clients, but not through the web client. It offers a free version with 5 GB of storage and all of these features, and makes upgrading possible though optional. Its servers are located in Canada, though it should be noted that Canada is part of the Five Eyes surveillance alliance that includes the US. Its smallest paid storage plan is currently $60 per year for 0.2 TB (200 GB), while its largest paid storage plan is currently $180 per year for 4 TB. It offers HIPAA compliance at all tiers except the free tier and the lowest paid tier. It offers 24/7 support only by email. Finally, it allows files to be recovered up to 180 days in the past, with longer times allowed for higher tiers of service.
I like the fact that Sync.com doesn't compromise on its security & privacy features even for its lowest tiers. Furthermore, the preview of files in the web client is a neat feature.
However, the biggest dealbreaker for me is the lack of a Linux desktop client. Ordinarily, this wouldn't be a problem, as I wouldn't otherwise mind using the web client. The problem is that the web client is severely hampered in important features, like recommended file sizes & upload/download capabilities, compared to the desktop client. Given this, I can no longer consider Sync.com for my needs.
Tresorit
Tresorit offers zero-knowledge encryption for data at rest by default, and likewise allows sharing files without breaking zero-knowledge encryption for data at rest. Its data privacy guarantee appears to be conditional, though the conditions seem a little vague and perhaps ultimately benign. It offers connectivity for up to 10 devices. It requires files to be less than 5 GB. It uses multithreading for uploads & downloads through all clients. It does not offer a free version, so anyone who wants to continue using the service after the 14-day free trial expires must pay. Its servers are located in the EU & Switzerland, which are not party to the Five Eyes surveillance alliance that includes the US. Its smallest paid storage plan is currently $125 per year for 0.5 TB (500 GB), while its largest paid storage plan is currently $288 per year for 2.5 TB. It offers HIPAA compliance at all tiers. It offers 24/7 support through multiple modes. Finally, it allows files to be recovered up to 10 versions in the past.
I like the fact that Tresorit offers a Linux desktop client that is just as fully featured as those for Microsoft Windows or macOS. Furthermore, it really takes privacy seriously with HIPAA compliance and the location of its servers in countries outside of the Five Eyes network. The weirdness of the data privacy guarantee or the small file size limit may concern some people, but I'm willing to deal with those issues. For me, the biggest concern is the price: of the three candidates, it is by far the most expensive per unit of storage space.
pCloud
The biggest differentiator between pCloud and its two competitors in this set regards encryption of data at rest. In particular, pCloud makes zero-knowledge encryption optional for data at rest, and one must pay extra for having zero-knowledge encryption; otherwise, pCloud will encrypt data at rest but keep the encryption keys on its own servers. This also affects other features of the service. In particular, pCloud does not allow ordinary users to share files without breaking zero-knowledge encryption; only users subscribed to the business plans are allowed this privilege. Instead, ordinary users must save some data with regular encryption and other data with zero-knowledge encryption, and only the former may be shared with others. It offers a free tier with 10 GB of storage, but that does not allow for the possibility of zero-knowledge encryption at all, and if one wants to upgrade that account to a paid tier, one must be careful about migrating that data into a folder in the service that has zero-knowledge encryption.
Beyond this, its data privacy guarantee appears to be unconditional.. It offers connectivity for up to 5 devices. It does not limit file sizes beyond the storage plan. It does not use multithreading for uploads & downloads. Its servers are located in the US & Switzerland. Perhaps its most competitive aspect is its price: its smallest paid storage plan is currently $95.76 per year for 0.5 TB (500 GB), while its largest paid storage plan is currently $143.76 per year for 2 TB. It does not offer HIPAA compliance. It does not offer 24/7 support. Finally, it allows files to be recovered up to 30 days in the past, with longer times allowed for higher tiers of service.
Concluding remarks
Tresorit's greater default security and greater level of user support seem enticing, but I think it isn't quite worth the high price. I'm leaning toward being willing to forgo those things when using the cheaper pCloud service. In particular, I feel that if I'm sharing files with others, they could potentially share those files further without my knowledge (even under the best of intentions), in which case zero-knowledge encryption won't really save me from the breach of privacy. Given this, I'm willing to use pCloud such that I store all of my data with zero-knowledge encryption but then make copies of data that I want to share with regular encryption. In any case, I will consider writing a follow-up post when I do subscribe to either Tresorit or pCloud, and if one doesn't work, I can feel a little better knowing that there are other options out there.