Zero knowledge means that the cloud storage provider cannot read the data its users have stored, even if they wanted to or were required to do so by law. It is also known as private key encryption, or personal encryption.

It is an optional setting with some cloud storage services. In rare cases it can be a requirement, if the entire service is built around zero-knowledge privacy with no option for a provider-managed key.

Zero-knowledge encryption works by encrypting your files with a randomly generated key. This key may be stored on the cloud provider’s servers, which is encrypted with a passphrase known only to you. This passphrase becomes the key to accessing your files.

If you forget your passphrase in a zero-knowledge scenario, you will not be able to decrypt your private key, and thus you will be unable to decrypt your files. You data will be useless – so don’t forget your passphrase!

Not everyone should use a zero-knowledge service. If you think you may forget or lose your passphrase (and you’re not using a password manager), enabling private key encryption would be a bad idea. Stick with the default option to let the cloud storage service manage the encryption key, to allow for password recovery.

However, if you want the absolute best privacy for your cloud files, a zero-knowledge encrypted service is the only solution.