Client-side encryption is the
cryptographic
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gen ...
technique of
encrypting data on the sender's side, before it is transmitted to a
server
Server may refer to:
Computing
*Server (computing), a computer program or a device that provides requested information for other programs or devices, called clients.
Role
* Waiting staff, those who work at a restaurant or a bar attending custome ...
such as a
cloud storage service
A file-hosting service, also known as cloud-storage service, online file-storage provider, or cyberlocker, is an internet hosting service specifically designed to host user files. These services allow users to upload files that can be accessed o ...
.
Client-side encryption features an encryption key that is not available to the service provider, making it difficult or impossible for service providers to decrypt hosted data.
Client-side encryption allows for the creation of applications whose providers cannot access the data its users have stored, thus offering a high level of privacy.
Applications utilizing client-side encryption are sometimes marketed under the misleading or incorrect term ''"zero-knowledge"'',
but this is a misnomer, as the term
zero-knowledge describes something entirely different in the context of cryptography.
Details
Client-side encryption seeks to eliminate the potential for data to be viewed by service providers (or third parties that compel service providers to deliver access to data), client-side encryption ensures that data and files that are stored in the cloud can only be viewed on the client-side of the exchange. This prevents data loss and the unauthorized disclosure of private or personal files, providing increased peace of mind for its users.
Current recommendations by industry professionals as well as academic scholars offer great vocal support for developers to include client-side encryption to protect the confidentiality and integrity of information.
Examples of services that use client-side encryption by default
*
Tresorit
*
MEGA
*
Cryptee
*
Cryptomator
Examples of services that optionally support client-side encryption
*
Apple iCloud offers optional client-side encryption when "Advanced Data Protection for iCloud" is enabled.
*
Google Drive
Google Drive is a file-hosting service and synchronization service developed by Google. Launched on April 24, 2012, Google Drive allows users to store files in the cloud (on Google servers), synchronize files across devices, and share files ...
,
Google Docs
Google Docs is an online word processor and part of the free, web-based Google Docs Editors suite offered by Google. Google Docs is accessible via a web browser as a web-based application and is also available as a mobile app on Android and iO ...
,
Google Meet
Google Meet is a video communication service developed by Google. It is one of two apps that constitute the replacement for Google Hangouts, the other being Google Chat. It replaced the consumer-facing Google Duo on November 1, 2022, with ...
,
Google Calendar
Google Calendar is a time-management and scheduling calendar service developed by Google. It was created by Mike Samuel as part of his 20% project at Google. It became available in Software release life cycle#Beta, beta release April 13, 2006, ...
,
and
Gmail
Gmail is the email service provided by Google. it had 1.5 billion active user (computing), users worldwide, making it the largest email service in the world. It also provides a webmail interface, accessible through a web browser, and is also ...
— However, as of Jul 2024, optional client-side encryption features are only available to paid users.
Examples of services that do not support client-side encryption
*
Dropbox
Dropbox is a file hosting service operated by the American company Dropbox, Inc., headquartered in San Francisco, California, that offers cloud storage, file synchronization, personal cloud, and Client (computing), client software. Dropbox w ...
Examples of client-side encrypted services that no longer exist
*
SpiderOak Backup
See also
*
End-to-end encryption
End-to-end encryption (E2EE) is a method of implementing a secure communication system where only communicating users can participate. No one else, including the system provider, telecom providers, Internet providers or malicious actors, can ...
– the encryption of data between two different clients that are communicating with each other
*
Homomorphic encryption
Homomorphic encryption is a form of encryption that allows computations to be performed on encrypted data without first having to decrypt it. The resulting computations are left in an encrypted form which, when decrypted, result in an output th ...
References
Cryptography
Clients (computing)
Cloud storage
{{Crypto-stub