July 22, 2015
Using client-side encryption and keeping the encryption key to yourself is the only way to guarantee that your data remains private regardless of any external circumstances. Client-side encryption has a precise definition but companies distort it and then claim that they use it in order to confuse users.
Client-side encryption has a precise meaning and purpose. It means that the user data is encrypted on the client machine1 using an encryption key2 which is not available to the server3 in any way. The purpose of client-side encryption is to ensure that nobody except the user is able to decrypt the data. In particular, the server is not able to decrypt the data, unless it breaks the encryption scheme.
As Internet privacy becomes a daily topic and encryption becomes a buzz word, many companies start to falsely claim that their services use client-side encryption. Some force all website traffic to use HTTPS4 (which is a good thing) and then claim they use client-side encryption. This is a smoke screen because HTTPS is used to encrypt communication as opposed to data. While the client machine does perform encryption, the purpose of HTTPS is to ensure the client and server can communicate freely without worrying that eavesdroppers are listening in. HTTPS does not prevent the server from reading the user data. Client-side encryption is done specifically to ensure that the server can not read the data.
Other companies which claim to use client-side encryption implement a process where the server provides a key to the client. Encryption is then performed on the client machine using the server provided key. This is also a false claim because the definition of client-side encryption explicitly requires that the server does not have access to the key because it allows reading the data.
Having access to their user’s data is very profitable for many companies. Users are starting to demand data privacy causing companies to convolute the definition of client-side encryption in order to claim that they provide it. The intention is almost always to confuse people to prevent them moving to a service provider which really does provide data privacy.
client: The computer of the web site visitor (you). ↩
key: The secret required to encrypt and decrypt data. ↩
server: The computer providing the web service. ↩
HTTPS: The communication protocol used when visiting web sites over an encrypted channel. Everything, including user data, transmitted between the client and server is encrypted but both the client and server can read all of it. ↩
Strongroom Secure Photo Backup is an online backup service for your photographs featuring client-side encryption. Your privacy is the most important consideration in every design decision. Every file is encrypted on your machine using your personal encryption key before going onto the Internet. Even the file names are replaced with meaningless text.
Strongroom Secure Photo Backup is built on Selective Share host-proof technology.