Robert's blog
Robert Važan

Zero-knowledge file sharing

Times of shared folders in Windows are long gone, fortunately. DropBox was easy and Internet-wide, but then NSA spoiled the fun. A rainfall of zero-knowledge services ensued and today the problem is choosing the best one for the job at hand.

TL;DR

Use Tresorit for maximum security, SpiderOak ONE for budget security, Syncthing for peer-to-peer sync, and my FolderNet for peer-to-peer virtual drive.

One-off file transfers

Just about every email and chat app lets you send files. Some are encrypted, notably ProtonMail and wire chat. You can transfer only a few files at a time, sometimes limited in size. There are also specialized apps just for transfering files, for example AnySend.

USB stick might be old-fashioned, but it is often the simplest, fastest solution.

Cloud storage

You don't want to have your vacation photos deleted, so go for zero-knowledge cloud that encrypts data on the client, rendering it unreadable for the cloud. To use it as a last resort backup, set it up with the same password you use to login to your computer every morning and you will never forget the password.

After Wuala's demise, the Hungarian-Swiss Tresorit rised to the top of the security ladder. They know they are the best and they charge accordingly. SpiderOak ONE is much lighter on family budget. You can enable client-side encryption for a folder in pCloud too, but personally, I just want to encrypt everything.

You can bolt client-side encryption on top with something like BoxCryptor, but it is fiddly, error-prone, and completely unnecessary now that several clouds are natively encrypted.

Self-hosted software like ownCloud is secure at the hardware level, which makes client-side encryption unnecessary. Running servers properly is difficult though. Every mistake can cost you all your data. And if you do it properly, it's likely too expensive.

Peer-to-peer sync

Cloud storage offers backup, versioning, and 24/7 availability on top of sync, but if sync is all you need, you can have it for free. Opensource Syncthing is the gold standard, but Resilio Sync might have some extra features, especially if you pay. Librevault might be an alternative to Syncthing in the future.

Network filesystems

The distinguishing feature of network filesystem (or virtual disk, network drive, shared folder) is that the shared files you see on your computer are not really there. They are downloaded on demand by the network filesystem. Network filesystems are optimal for large folders with infrequent access, for example family video or music collection, but their performance depends heavily on the underlying network.

Some cloud storage services come with virtual disk, for example pCloud, Seafile, and centrestack. Many other clouds are supported by NetDrive, plus FTP and WebDAV servers.

If your files are already stored on one of your computers, you can avoid paying for cloud storage by using peer-to-peer network filesystem. Shared folders in Windows are a classic, but they are behind the times in usability, security, and performance. I am developing FolderNet, a state-of-the-art network filesystem. Opensource Bazil seems similar, but its development has stalled.

Security notes

While client-side encryption is technically unbreakable, you are still trusting the vendor to do a few things right.

And of course, you are responsible for keeping your computer secure and free of malware.