When a file sharing service says your files are "encrypted," what does that actually mean for your security? The answer depends entirely on who holds the encryption keys. Zero-knowledge encryption is the only approach where nobody except you and your intended recipient can access the files.
The Key Question: Who Holds the Keys?
There are three levels of encryption in file sharing, and understanding the difference is critical:
Level 1: Transport Encryption (HTTPS)
Your file is encrypted while traveling between your device and the server. Once it arrives, the server has the file in its original form. This is the minimum standard. Every service uses it. It protects against WiFi eavesdropping but nothing else.
Level 2: Server-Side Encryption
The server encrypts your file on its storage disks using a key that the server controls. Google Drive, Dropbox and OneDrive all do this. But since the server holds the key, the server can decrypt your files at any time. Their employees can access them. Law enforcement with a subpoena can compel access. A breach that compromises the server also compromises the keys.
Level 3: Zero-Knowledge (E2E) Encryption
Your file is encrypted on your device using a key derived from your password. The server receives only encrypted data. The key never touches the server. Nobody except you and the recipient (who also derives the key from the password) can read the file. This is zero-knowledge: the service has zero knowledge of your file contents.
How EasySend Implements Zero-Knowledge
- You set a password when uploading with encryption enabled
- Your browser derives an encryption key using PBKDF2 with 100,000 iterations and a random salt
- Each file is encrypted with AES-256-GCM using the Web Crypto API
- Only encrypted ciphertext is uploaded to the server
- The password and key never leave your browser
What Zero-Knowledge Protects Against
- Server breaches - attackers who compromise the server get only encrypted data they cannot read
- Insider threats - employees of the file sharing service cannot access your files
- Legal subpoenas - the service cannot hand over readable files because it does not have the key
- Mass surveillance - even government-level access to server infrastructure reveals nothing useful
When You Need Zero-Knowledge
- Sharing confidential client documents (legal, financial, medical)
- Medical records between providers (HIPAA alignment)
- Intellectual property and trade secrets
- Personal documents containing Social Security numbers or financial data
- Any file where unauthorized access could cause real harm
The Trade-Off
Zero-knowledge encryption means the service cannot help you if you forget the password. There is no "reset password" option. The key exists only in your memory. For most file sharing scenarios (sharing photos with family, sending project files to a colleague), standard HTTPS is sufficient. Reserve zero-knowledge for files where security genuinely matters.
Learn more: how encryption works on EasySend, what is zero-knowledge encryption, why cloud storage is not private.
Share Files with Zero-Knowledge Encryption