Encryption at rest vs zero-knowledge: who can actually read your cloud files

"Encrypted cloud storage" is one of the most abused phrases in tech marketing. Almost every provider claims it — but the word that decides whether they can read your files is zero-knowledge, and most consumer clouds quietly don't offer it. Here's the technical distinction, because it changes who holds the keys.

Encryption-at-rest vs zero-knowledge

Encryption at rest means the provider encrypts your files on their disks — with keys they control. It protects against a stolen hard drive in their data center. It does not protect against the provider itself, a rogue employee, a subpoena, or a server-side breach that also grabs the keys. Most mainstream clouds stop here.

Zero-knowledge (client-side) encryption means your data is encrypted on your device, with a key derived from your passphrase, before it ever leaves. The server stores ciphertext it cannot decrypt. The provider has "zero knowledge" of your contents. The trade-off is real: if you lose the passphrase, nobody — not even support — can recover your files. That's not a bug; it's the entire point.

How it actually works

A typical zero-knowledge flow:

1. Your passphrase runs through a slow KDF (Argon2id or PBKDF2 with a high iteration count) to derive a master key. Slow on purpose — it makes brute-forcing the stored ciphertext impractical.
2. A random per-file (or per-account) key encrypts the data with an authenticated cipher like AES-256-GCM or XChaCha20-Poly1305.
3. That file key is itself wrapped with your master key. The server only ever sees wrapped keys + ciphertext.
4. Decryption happens entirely client-side after you authenticate.

The security property that matters: the plaintext and the master key never reach the server. If you can't point to where in a provider's flow that's true, assume it isn't.

What this means in practice

• A breach of a zero-knowledge provider leaks ciphertext, not your files. A breach of an encryption-at-rest provider can leak both data and keys.
• Metadata usually isn't encrypted even under zero-knowledge — filenames, sizes, folder structure, timestamps often leak. Check each provider's specifics; "zero-knowledge" rarely means "zero metadata."
• You become the single point of failure for key recovery. Use a strong, unique passphrase and store a recovery code somewhere safe.

This isn't an argument that everyone needs zero-knowledge for cat photos. It's that you should know which model you're on, because "encrypted" on a pricing page tells you almost nothing about whether the company can read your files.

I wrote a deeper, plain-English explainer — including how to verify a provider's claims and where metadata leaks — here: What is zero-knowledge encryption?