Zero-Knowledge Encryption means that no one, except you (not even the service provider) can access your secured data. This is a crucial point, in fact, even with totally encrypted files, if the server has access to the keys, a centralized hacker attack can cause an unrecoverable data breach.

Zero-Knowledge Encryption is a much safer way of securing data than encryption-in-transit, encryption and rest, and end-to-end encryption.

Encryption-in-transit secures a message, while it is being transmitted between two parties. (i.e. between your computer and the cloud provider) The issue with it is that the server can access all messages stored in it, and thus if the server suffers an attack, all its stored data could be leaked.

Encryption-at-rest protects the file or data on the server while not being used. Files are encrypted while stored, but not secure when transferred and unprotected from central attacks on the server. The former is the reason why it’s usually matched together with an encryption-in-transit solution.

The main issue with these two options is that if you rely on a not very secure service, just one central attack could uncover all your data.

And that's where End-To-End Encryption comes into place. Although still less secure than Zero-Knowledge Encryption, End-to-end encryption is a system of communication where only the communicating users who have the key can read the messages. User data is decrypted but only on their personal device, never on the server. Nowadays this is the most used way to protect yourself from data breaches, but, as the name says, it works from “one end to the other”. End-to-end encryption really managed to go beyond the vulnerabilities of Encryption-in-transit and Encryption-at-rest solutions, crafting a fortress for communication services.

Zero-Knowledge Encryption, on the other hand, is a solution that deals with this matter by hiding the encryption key, even to the storage provider, resulting in an authentication request without any password exchange.

Internxt Drive is the only easy-to-use cloud storage service that doesn’t only provide Zero-Knowledge Encryption (like ProtonDrive, Tresorit, and many other traditionally secure cloud storage services), but it goes a step further by offering its service on an infrastructure of data centers spread all over the globe. Internxt, nor any third party can access any of your files. Files uploaded to Internxt Drive are fragmented, client-side encrypted, and distributed all over the globe, so that a server never holds a complete file, but instead an encrypted data shard.

Did this answer your question?