Our zero-trust principle is an extension of our zero-knowledge policy which states that we never store or transmit files, user passwords, or encryption keys in an unencrypted or unhashed form.

We’ve extended that commitment into our zero-trust philosophy that we adhere to across all our products and in all of our company-wide decisions. It boils down to our users not having to put their trust in us completely because we don’t keep their information on hand.

In general, zero-knowledge encryption means that no one, except you, can access your secured data. This is a crucial point, since even with totally encrypted files, if the server has access to the keys, a centralized hacker attack can cause an unrecoverable data breach. This is a much safer way of securing data than encryption-in-transit, encryption and rest, and end-to-end encryption.

Here at Internxt, we make use of zero-knowledge encryption.

We’re 100% open-source and transparent. Internxt's code is made public on GitHub, allowing you to be confident in your choice to store your information with our service. Look into updates and patches at your leisure, leave no stone unturned. We have nothing to hide but your files.

Encryption-in-transit secures a message, while it is being transmitted between two parties. (i.e. between your computer and the cloud provider). But the problem is that the server can access all messages stored in it, and thus if the server suffers an attack, all its stored data could be leaked.

Encryption-at-rest protects the file or data on the server while not being used. Files are encrypted while stored, but not secure when transferred and unprotected from central attacks on the server. The former is the reason why it’s usually matched together with an encryption-in-transit solution.

The main issue with these two options is that if you rely on a not very secure service, just one central attack could uncover all your data.

And that's where end-to-end encryption comes into place. Although still less secure than zero-knowledge encryption, end-to-end encryption is a system of communication where only the communicating users who have the key can read the messages. User data is decrypted but only on their personal device, never on the server.

Nowadays this is the most used way to protect yourself from data breaches, but it works from “one end to the other”. End-to-end encryption really managed to go beyond the vulnerabilities of encryption-in-transit and encryption-at-rest solutions, crafting a fortress for communication services.

Zero encryption, on the other hand, is a solution that deals with this matter by hiding the encryption key, even from the storage provider, resulting in an authentication request without any password exchange.

Internxt Drive is the only easy-to-use cloud storage service that doesn’t only provide Zero-knowledge encryption, but goes a step further by offering its service on an infrastructure of data centers spread all over the globe.

Internxt, nor any third party can access any of your files. Files uploaded to Internxt Drive are fragmented, client-side encrypted, and distributed all over the globe, so that a server never holds a complete file, but instead an encrypted data shard.

You can also check our blog post about encryption to get more information.