P2P encryption ownership in secure online storage products (Mega.nz, OneDrive)

Briefly: Secure storage services such as Mega.nz , OneDrive Vault, offers P2P encrypted cloud storage, where the data are being encrypted/ decrypted in your web browser or computer. This provides highest privacy level since data delivered to the cloud storage in encrypted form. Does it really means, the information cannot be accessed by the Vendor? Here we show, how vendor completely owns encryption protocol and data flows, even in your web-browser. We also demonstrate why total ownership gives vendor the tools for user targeting that may be used to de-private your data. An example with Rohos Disk cloud folder encryption demonstrate the difference.

P2P Encryption for cloud storage

When you are using such cloud storage as DropBox, OneDrive or Google Drive all of your documents maybe accessed by storage vendor for good things such as text search, online image processing, online document editing, etc. Also it has been noticed that Vendors start developing Machine Learning features that needs a huge amount of data to train, so they may take information from your online Files (the Data) and then feed it to the code to derive digital models from your behavior or online habits. These models later may be used to design new features that you may actually need in near future, but cant say now about it. So now we definitely can say that Cloud Providers may use your data by an automated way by using a machines. To regulate this issue General Data Protection Rules (GDPR) where developed to allow us (users of cloud storage) to know how our data is being processed and how many 3rd parties are involved.
To address this issue Mega.nz one of the first, offered a new approach called P2P Encrypted cloud storage (Pont-to-Point). Vendor (mega.nz) doesnt have access to the information stored in your files, since before upload, files being encrypted on your computer (in a Web Browser on-the-fly) by using secret key that known only to the user. So your Browser is the only Point where decryption and encryption happens.

The following picture demonstrate how Vendor see your Files uploaded on the server :

How different storage providers sees your files.

P2P Encryption ownership

From the following picture you may see how Storage and Access Point organized with Point-2-Point encryption. Mega.nz provides all parts of service at any given moment of it’s usage: Storage, Access Point and Encryption Code. Parts 1, 2 represent Java-Script/HTML code loaded from Mega.nz each time you open mega.nz in a web browser. Parts 3 and 4 represents the most critical part : your data in decrypted form, these parts are being created, accessed and maintained by parts 1,2 (i.e. Vendor) but they never leave your computer/browser according to Vendor statement (and source code). Dashed line on the picture below, shows the actual ownership area of Mega.nz , as you see items 3,4 are accessed by the Mega.nz at any moment.

Mega.nz is able to retrieve parts 3,4 from your web browser just with a single update in part 1. when you login next time. For SaaS vendors (Software as a Service like OneDrive, Mega.nz) it is a built-in feature to be able to target a group of customers by using some of the criteria (like country, IP, name, email or other properties derived from complex aggregation algorithms such as behavior, political status, KYC or AML policies) and then deliver them a special software release (encryption code 1) in such a way so that nobody else would know about it. Such a targeting is almost impossible to identify. As a result you as a user start using a “bit different” copy of product, specially customized and delivered for you, for special purpose. The same applies to any other product offered by Security as a Service principle LastPass, DUO, etc.

When you use Mega.nz or OneDrive applications on a computer, the ownership area looks the same except that parts 1,2 cannot be quickly changed in a dynamic way as a result of vendor targeting, which is good at some point.

Compare Rohos Disk with Mega.nz

When you use regular cloud storage (as Google Drive) with 3rd party encryption tools like BoxCryptor, VeraCrypt or Rohos Disk Encryption, the ownership areas looks different. Opposite to Mega.nz/OneDrive, with a single ownership area of P2P Encryption process, Rohos provides Encryption Code and an opportunity to have a physical access key with encryption key on it. When you are using Rohos Disk app or it’s alternatives the entire process does not belongs to a single Vendor and thus cannot be targeted by any vendor, with the purpose of identification, de-anonymization or privacy violation. The following picture illustrate the process when you are using online file storage and offline encryption tools installed on computer:

Such tools like Rohos Disk or VeraCrypt are completely on-premise, offline and classical apps, once downloaded and installed it doesn’t create an online account for your identity, therefore customer tracking and targeting is not possible technically. Learn more how Rohos Disk encrypt the local copy of your Cloud Storage before it will be uploaded to the Internet.

About Rohos Disk Encryption

Rohos Disk program allows you to encrypt your Computer, USB flash drive or Cloud storage folders. It is designed for those who have megabytes of sensitive files and who is really concerned with privacy and information security. To protect access to encrypted data you can use electronic keys like USB tokens or RFID smart-cards.

Download Rohos Disk 15-day trial>

Get your copy of Rohos Disk>

View complete list of Rohos Disk features>