You upload files to Google Drive, Dropbox or OneDrive and assume they are private. The files are "encrypted" on the server. Only you can see them. Right?
Not exactly. There is a critical difference between encryption you control and encryption the service provider controls. Understanding this difference determines whether your files are actually private or just hidden behind a login page.
How Cloud Storage "Encryption" Actually Works
Most cloud storage services encrypt your files in two ways:
- In transit (HTTPS/TLS) - your files are encrypted while traveling between your device and the server. This prevents network eavesdropping.
- At rest (server-side) - your files are encrypted on the storage disk. This prevents someone who physically steals the hard drive from reading your files.
Both of these sound good. But there is a catch: the service provider holds the encryption keys. Google can decrypt your Google Drive files. Dropbox can decrypt your Dropbox files. Microsoft can decrypt your OneDrive files. They need these keys for features like search, preview, virus scanning and content indexing.
Who Can Access Your Files
When the service provider holds your encryption keys, several parties can potentially access your files:
- Employees - support staff may have tools to access file contents for troubleshooting and policy enforcement. Google's transparency reports show that employees can access user data.
- Automated systems - AI and machine learning systems scan files for policy violations, malware detection and content categorization. These systems need access to unencrypted files.
- Government requests - law enforcement with a valid subpoena or court order can compel the service to hand over your files. The provider can comply because they hold the keys.
- Hackers - if the service is breached, attackers who access the server infrastructure also access the encryption keys. Your files are exposed in a breach even though they were "encrypted."
The Alternative: Zero-Knowledge Encryption
Zero-knowledge encryption means the service provider literally cannot access your files. The encryption key exists only on your device and the recipient's device. The server stores only encrypted ciphertext that it cannot decrypt.
Here is how it works on EasySend:
- You set a password when uploading
- Your browser derives an encryption key from the password using PBKDF2
- Files are encrypted with AES-256-GCM in your browser
- Only encrypted data is uploaded to the server
- The password and key never leave your device
If the server is breached, hackers get encrypted data they cannot read. If law enforcement requests your files, the service cannot hand over readable content. If an employee looks at the server, they see only random bytes.
What About Metadata?
Even with encryption, cloud services collect metadata: file names, sizes, upload times, access patterns, IP addresses and device information. This metadata can reveal sensitive information about you even if the file contents are encrypted.
EasySend minimizes metadata collection. No accounts mean no user profiles. No advertising trackers mean no behavioral data. File names are stored for display but the service collects no personal information beyond basic analytics (Google Analytics for traffic patterns, Microsoft Clarity for UX analysis).
Practical Steps for Private File Sharing
- Use end-to-end encryption for anything sensitive - enable it on EasySend before uploading
- Choose services with zero-knowledge architecture - the provider should not hold your encryption keys
- Set file expiry - files that auto-delete reduce the window of exposure. EasySend free tier auto-deletes after 3 days
- Send passwords separately - share the link through one channel and the password through another
- Avoid services that scan your files - content scanning requires access to unencrypted data
True file privacy requires that nobody except you and your intended recipient can access the file contents. Server-side encryption does not provide this. Only end-to-end encryption with zero-knowledge architecture does.
Share Files Privately