What Zero-Knowledge Encryption Actually Means
Zero-knowledge encryption means the cloud storage provider cannot read your files — not if they want to, not with a court order, not if their servers are breached.
Your files are encrypted on your device before upload. The encryption key is derived from your password and stays on your device. The provider receives only ciphertext — encrypted data they have no mathematical ability to decrypt.
The "zero-knowledge" refers to the provider having zero knowledge of your file contents. This is distinct from regular cloud encryption, where the provider uses their own keys and therefore can decrypt your data.
Standard Encryption vs. Zero-Knowledge: What's Actually Different
Standard cloud encryption (Google Drive, Dropbox, OneDrive, iCloud by default):
- You upload a file
- The provider encrypts it using their key
- The encrypted file is stored on their servers
- The provider can decrypt your file at any time — to serve it to you, to scan it, or to comply with a law enforcement request
Zero-knowledge encryption (Sync.com, Internxt, Filen, Proton Drive, pCloud Crypto):
- Your software generates an encryption key derived from your password
- Your file is encrypted on your device before it leaves your computer
- The encrypted blob is uploaded — the provider only ever receives ciphertext
- When you download, your device decrypts the file using your local key
- The provider cannot decrypt your file under any circumstances
The key difference is where encryption happens and who controls the keys.
How It Actually Works Technically
Understanding the mechanics helps you evaluate provider claims. Most zero-knowledge storage uses this pattern:
Key derivation: Your password is run through a key derivation function (typically PBKDF2 or Argon2) with a random salt. This produces a strong encryption key without storing your password anywhere. Changing your password is computationally expensive because the key must be re-derived and all your encrypted files must be re-wrapped with the new key.
File encryption: Each file (or each version of each file) is encrypted with AES-256 in a stream or block mode. AES-256 with a properly random key and IV has no known practical attacks.
Key wrapping: Your file encryption keys are themselves encrypted with your account key and stored on the provider's servers. When you log in, you decrypt the key bundle and can then decrypt your files. The provider stores encrypted keys but cannot use them without your master password.
The failure point: Zero-knowledge protection is only as strong as your password. A weak password can be brute-forced. If your account key is derived from "password123," your zero-knowledge encryption provides essentially no protection. Use a strong, unique password and a password manager.
What Encryption Algorithm?
Most providers use AES-256. One exception:
Icedrive uses Twofish-256 — a cipher that was a NIST AES finalist but lost to Rijndael (which became AES). Twofish is cryptographically sound, but has no hardware acceleration on modern processors (unlike AES, which has dedicated AES-NI CPU instructions). This means Icedrive's encryption has more CPU overhead. More importantly, Twofish has less real-world deployment history, fewer public cryptanalysis papers, and no published independent audit of Icedrive's specific implementation.
Internxt uses AES-256 plus post-quantum key encapsulation using Kyber-512 (ML-KEM), standardized by NIST in 2024. Post-quantum encryption protects against future attacks from quantum computers that could theoretically break current asymmetric cryptography. No other mainstream cloud storage provider has deployed post-quantum encryption. It's future-proofing — quantum computers capable of breaking RSA don't currently exist — but Internxt's implementation represents genuine technical advancement.
Which Providers Genuinely Offer Zero-Knowledge
| Provider | Zero-Knowledge | Default? | Algorithm | Audit |
|---|---|---|---|---|
| Sync.com | Yes | Yes | AES-256 | No public audit |
| Internxt | Yes | Yes | AES-256 + Kyber-512 | Securitum 2024 |
| Filen | Yes | Yes | AES-256 | No public audit |
| Proton Drive | Yes | Yes | AES-256 + RSA-4096 | Cure53 (multiple) |
| Tresorit | Yes | Yes | AES-256 | Published third-party |
| Icedrive | Paid plans only | No | Twofish-256 | No public audit |
| pCloud | Add-on (Crypto) | No | AES-256 | No public audit |
| iCloud | Optional (ADP) | No | AES-256 | Apple security papers |
| Google Drive | No | — | AES-256 (provider keys) | — |
| Dropbox | No | — | AES-256 (provider keys) | — |
| OneDrive | No | — | AES-256 (provider keys) | — |
| Backblaze | No | — | AES-128 (provider keys) | — |
What "default" means: Some providers offer zero-knowledge but require configuration. pCloud Crypto requires placing files in a specific Crypto folder — files stored outside the Crypto folder are encrypted with provider-managed keys, not zero-knowledge. iCloud's Advanced Data Protection must be enabled manually and is unavailable for UK users.
The "Partial Zero-Knowledge" Problem
Not all zero-knowledge implementations cover your entire account.
pCloud Crypto applies zero-knowledge only to files in the designated Crypto folder. Files outside that folder use standard provider-managed encryption. Most pCloud users don't use Crypto because it requires an additional purchase and deliberate folder management. A pCloud user who buys the Crypto add-on but keeps their files in the regular sync folder has standard encryption, not zero-knowledge.
iCloud Advanced Data Protection covers iCloud Drive, Photos, Notes, Backup, Reminders, and other categories. But it explicitly excludes iCloud Mail, Contacts, and Calendar — those remain with Apple-managed keys because iCloud Mail interoperates with non-Apple email systems and requires server-side access.
Sync.com, Internxt, and Filen have no partial-coverage problem — everything is zero-knowledge by default.
What Zero-Knowledge Cannot Protect
Zero-knowledge encryption protects file contents. It does not protect everything.
Metadata is not protected. The provider knows:
- That you have an account
- When you log in and from which IP address
- Which files you access and when
- Who you share files with
- File sizes and names (in some implementations)
- How often you use the service
The 2021 case that clarified this: French authorities obtained a climate activist's IP address from Proton via Swiss legal channels. Proton Drive uses zero-knowledge encryption — the French authorities couldn't read the activist's files. But they got the IP address through metadata, not content. Proton has since added anonymous account creation via Tor for users who need metadata protection as well.
For most users, metadata exposure is acceptable. For journalists, activists, or lawyers with sensitive client matters, metadata is a real attack surface. Use a VPN, create accounts without identifying information, and understand that zero-knowledge content protection is not comprehensive anonymity.
Sharing creates keys on both sides. When you share a file with another user, the provider typically needs some mechanism to re-encrypt or transfer the decryption key. Different providers handle this differently. Some implementations temporarily expose decrypted content on the provider's infrastructure during sharing operations. Evaluate the sharing architecture separately from the baseline encryption claim.
Web browser access can be weaker. If you access your files via a web browser, the JavaScript encryption code is served by the provider. A compromised or malicious provider could serve modified JavaScript that extracts your keys during a web session. Desktop and mobile clients with locally compiled code are more resistant to this attack. For maximum security, use desktop clients.
How to Verify Zero-Knowledge Claims
Providers make zero-knowledge claims in marketing. Not all claims are equal. Here's how to evaluate them:
1. Open-source client code. If the client software is open source, the encryption implementation can be independently verified. Internxt, Filen, and Proton Drive all have open-source clients on GitHub. Sync.com does not.
2. Independent security audits. Look for published audit reports from recognized security firms. Proton Drive has Cure53 audits. Tresorit has published third-party cryptographic audits. Internxt has a Securitum 2024 audit. Icedrive and Sync.com have no published audits.
3. Transparency reports. Does the provider publish data about law enforcement requests? Proton publishes detailed transparency reports. Providers without transparency reports give you no visibility into what they share with governments.
4. Key architecture documentation. Does the provider explain, in technical terms, how keys are generated, stored, and used? Detailed technical documentation suggests the team understands the implementation. Vague marketing language ("military-grade encryption") is a red flag.
5. Password reset mechanism. If a provider can reset your password without losing your files, they have access to your encryption keys — meaning they're not zero-knowledge. True zero-knowledge providers cannot recover your files if you lose your password. If you forget your password and the service offers to email you a recovery link that restores your files, that's not zero-knowledge.
The Collaboration Trade-Off
Zero-knowledge encryption creates a real limitation for collaboration: the provider can't decrypt your files, so it can't do server-side operations on them.
This means:
- No real-time collaborative editing (Google Docs-style). All file editing must happen on a device that has the decryption key.
- No server-side full-text search on file contents (only names)
- No AI features that process file contents on the provider's servers
- No web preview for many file types (the server can't render what it can't read)
- Limited thumbnail generation for images
For users who primarily store backup files, archives, photos, and documents they don't need to collaborate on in real-time, zero-knowledge is straightforwardly better. For teams doing active document collaboration, it's a meaningful restriction.
Which Zero-Knowledge Provider Should You Choose?
Best default for privacy-first users: Sync.com — zero-knowledge included at every tier with no configuration, HIPAA-capable BAA available, established 14-year track record.
Best for zero-knowledge on a budget: Filen — $0.99/month for 100GB with zero-knowledge included, German/EU jurisdiction, open-source clients.
Best for the full privacy ecosystem: Proton Drive — integrates with ProtonMail, ProtonVPN, and Proton Pass. Cure53-audited. Swiss jurisdiction.
Best zero-knowledge with lifetime plan: Internxt — post-quantum encryption, Securitum-audited, open-source, $299 one-time for 2TB lifetime.
Best zero-knowledge with highest upload speeds: pCloud with Crypto add-on — 210-240 Mbps upload speeds, Swiss jurisdiction, lifetime plan option.