I would like to share an experience from when I was new to IceDrive.
I chose IceDrive because of the promise that (1) the encryption would be very strong (using Twofish) and (2) the encryption would always take place on my own computer (zero knowledge). Reassured that nothing would ever leave my computer unencrypted, I purchased a plan and started using IceDrive.
However, I didn’t immediately realize that zero knowledge encryption only occurs if you select the “Encrypted” folder on the remote server. (This is at least my understanding.) Unfortunately, the “Encrypted” folder is not the default location for your files. So if you are a little careless, thinking “hey, nothing can go wrong, because with IceDrive everything is super-strong-zero-knowledge-client-side-encrypted”, and you rush into backing up your files, you might in fact end up sending your files to IceDrive’s servers without all the extraordinary protection.
Long story short: I think there should be a notification every time the user sets up a sync pair, telling them clearly whether their action results in the highest level of encryption, or not.
Hey @Guido there are two areas where you can upload the files: encrypted and normal.
Data you upload to a normal area is encrypted in-transit (TLS/SSL) and at rest (disk partition encryption). Our system can read this data to create thumbnails / previews. Our employees do not have access to it.
Data you upload to Encrypted area is encrypted on your device (zero-knowledge encryption), then is transferred to the cloud in encrypted form (we use SSL/TLS so its double encrypted in-transit) and stored on an encrypted disk partition.
The reason why we have the two separate sections is that some features are not possible via zero-knowledge encryption such as share links and file searches as the files are encrypted locally on your device before uploading to the cloud. The extra layer of encryption afforded by our zero-knowledge encryption is also a premium feature and so only available via paid plans.
We will however consider your suggestion regarding a notification when setting up a sync pair in future.
Hi @Chris, thanks for the explanation. Just to be clear: I didn’t mean to question the usefulness of the ‘normal’ area. I just wanted to convey my own experience that a mistake is easily made, especially for someone new to Icedrive. Hence my suggestion for extra warnings in the desktop app.
Thanks, I had overlooked that setting. However, that only changes the contents of the mounted drive (which I don’t use). In the cloud there remain two ‘areas’ (normal and encrypted), and when I set up a new sync pair, the desktop app still suggests a remote folder in the normal area.
Anyway, I am now well aware that I should always select the encrypted folder when setting up a sync pair, so it is not really a problem for me.
