Tresorit Review

For most cloud services, the biggest security flaw lies in their own servers, where encryption keys are stored in the same place as your data. Those that offer privacy from prying eyes end up sacrificing the very capabilities that the cloud was built on: sharing and collaboration. Tresorit was designed for those who want to have their cake and eat it too, promising a secure and private collaboration service.

But is Tresorit as revolutionary as they claim? We dug deep into the technology and tested it thoroughly. Find out how it fares below.

Tresorit logo

Editor's Rating:
VN:F [1.9.22_1171]
Rate It Now
User Rating:
Rating: 3.3/5 (44 votes cast)

Pros

  • Servers based out of privacy-focused Switzerland
  • Solid security and no-knowledge privacy
  • Robust sharing and collaboration options
  • No account needed on single file links
  • Easy to use software
  • Secure software and apps for nearly every platform
  • Team management options on business accounts

Cons

  • Mandatory expiration and download limits on links
  • Password-protected links only on business accounts
  • Folder links require account to access
  • Deleted local files also removed from cloud
  • Inconsistent performance
  • Expensive pricing model and worthless free option
  • File size limits on all tiers

Bottom Line

Tresorit has some of the best security and privacy in the business and an impressive set of sharing and collaboration features. But it’s still a bit of a one-trick pony with a lot of caveats, best combined with backup solutions like SpiderOak or Backblaze. Tresorit’s high price makes that a difficult proposition, but for those who want a deep cloud collaboration service with the best in security and privacy, it may be worth it.

A Deep Dive into Tresorit’s Security

Tresorit is based out of Switzerland, whose data privacy laws prevent third parties from accessing your data without your explicit permission. They also secure data transfers with TLS encryption and offer two-factor authentication. But where many EU-based services will stop there, Tresorit follows it up with an interesting and innovative end-to-end encryption implementation.

Most cloud services like Dropbox, OneDrive, and iCloud use an Access Control List (ACL) on the server to keep your user credentials, encryption and SSL certificates, and access rights for shared files. The ACL then updates when you share or upload new files. This so-called authentication-based security does not protect data against the prying eyes of data admins or government queries.

On the other hand, encryption-based services like SpiderOak turn your computer into the ACL. All encryption keys are kept on your machine, keeping your data safe server-side access. However, these services cannot protect your files anywhere outside the desktop, since a shared file, a web login, or an app all require your password to be given to the server to decrypt the files, which defeats the purpose. And forget about collaborating on files. Even if the password is deleted after the session ends, it was stored at some point.

Tresorit employs a hybrid of these two methods. Like an authentication-based service, an ACL (“roaming profile”) is stored on the server that manages file encryption keys and sharing permissions. Like encryption-based services, a 256-bit “master key” is generated that never leaves your machine. But with Tresorit, your roaming profile is encrypted with this master key before being uploaded to the server, and updated with changes after. This method keeps data private on the server, while still allowing for outside access options, collaboration, and sharing links to be changed on the fly.

Web, shared links, and app sessions are also authenticated through a complex non-optional two-factor authentication, which assigns a temporary device certificate for the session. The encrypted files come into your local session, the master key is generated from your password which is stored only on your device or browser, and is used to decrypt the files. Your password still never leaves your browser or device.

This is a relatively simplified explanation of what’s going on, but further technical details can be found at this link about sharing, another about roaming profiles, this one about passwords, or their whitepaper. Regardless, this hybrid method not only keeps your data secure and private, but also allows for sharing and access options previously not available with encryption-based services.

Start with the Desktop

Desktop Software

The desktop software is the primary interface for the service. It will set up your account password and a sync folder that they call a “Tresor” (German for safe or vault). Any files you drag in the folder or into the interface will automatically upload to the server.

Desktop New Tresor

Any folder on your computer can be set up as a Tresor through right-click menus or a software upload.

Network Shares

Technically, you can assign a network share to a Tresor, and they did upload to the cloud for me, but a manual sync was necessary to check for changes.

Desktop Settings

The software offers an array of configurations, including bandwidth limits and even DRM deployment for the Business version.

However, I want to stress that Tresorit mirrors your local files and is not a backup service. Deleted local files are deleted in the cloud too. There is no recycle bin or deleted files to restore. That said, Tresorit shows Tresor history and can restore multiple file versions on the paid subscriptions.

Sharing Controls

Basic Share

Tresorit offers a wealth of sharing and collaboration options, primarily for paid subscriptions. Links to individual files can be generated in the desktop and will be automatically copied to your clipboard. Paid accounts can set expiration dates and download limits.

File links can be accessed whether your recipient has an account or not.

Tresor Share

Links to entire Tresors/folders can be sent via e-mail or copied to your clipboard. Paid users can designate access rights and even allow or prevent collaborators from inviting additional members. The Owner of the link can then add, change, or revoke permission or terminate links at any time. Tresorit members will see shared Tresors show up in their software and apps.

A link to an entire Tresor unfortunately requires an account to access.

Tresorit for Business accounts get a few more useful options, including link passwords and domain access restrictions.

Business Share

They also get access to the useful Admin Center that offers set device restrictions, an IP filter, session length, and sharing controls for your collaborators. Users can be separated into groups with specific policies defined.

Desktop software is available on Windows, MacOS, and Linux.

Web Access

Web Portal

Tresorit’s web portal is pretty basic. You can upload and download files, create folders, and share invite links to your Tresors, but not to individual files. There is also a basic photo and PDF viewer.

It’s annoying that downloads are restricted to 150 MB on 32-bit browsers. 64-bit browsers like Chrome or Waterfox will supersede this limit.

Mobile Apps

iOS App Windows Phone

The mobile apps work as expected. You can download files, create new Tresors, upload files to existing Tresors, sync up your camera roll, and share files as normal. You will be notified of changes to favorited items.

I appreciated the ability to designate files for offline use, giving the mobile app a desktop software touch.

Mobile apps are available on iOS, Android, Windows Phone, and Blackberry. Note that the Android app automatically has DRM set up, preventing me from taking screenshots.

Performance

Tresorit was fast enough to hit general maximums (50 Mbps down / 5 Mbps up), but has a hard time processing large files and compressed archives, and speeds throttled down closer to half of what they should have been when uploading/downloading files.

For that reason, average speeds suffered, but speeds may be perfectly fine depending on whether you use excessively large or compressed files.

Tresorit Performance
Average Download Speed 32.6 Mbps
Maximum Download Speed 52.5 Mbps
Average Upload Speed 5.07 Mbps
Maximum Upload Speed 6.58 Mbps

Pricing

Technically, there is a hidden free version of Tresorit, but it’s fairly useless outside of temporary collaboration.

Once you get to the Premium tier, the service gets useful, but they charge you a whopping $134 / year for a mere 100 GB. The 1 TB Business tier costs a minimum of $537 / year. At that price, it’s disappointing to see that all tiers have file size and device limits.

Tresorit has updated their pricing, and now offers a slightly more reasonable pricing of $360 / year for 1 TB with the Premium plan. The Business plan is $600 / year for 1 TB with support for 2 users.

Basic Premium Business
Price Free $30 / month $25 / user / month
Users 1 1 2 to unlimited
Storage 1 GB 1000 GB 1000 GB
File Size Limit 500 MB 5 GB 10 GB
Tresor Limit 3 Unlimited Unlimited
Device Limit 3 5 10
File Versions N/A 10 versions Unlimited
Activity History 7 days 90 days Unlimited
Encrypted Link Limit 10 / month 50 / month Unlimited
Encrypted Link Size Limit 100 MB 500 MB 1 GB
Set Expiration Limits Set at 31 days Up to 30 days Up to 90 days
Set Download Limits Set at 20 Up to 50 Up to 1000
Set Link Passwords No No Yes

Support

For the majority of users (premium), you can submit support tickets by e-mail and use the knowledge base. Business accounts get 24/7 phone support and deployment support.

More Screenshots

Specifications

Product Name Tresorit
Version 2.1.562.374
Operating Systems WindowMacLinux
Storage 1 TB
Monthly Price $12.50
Average Upload Speed 5.07 Mbps (5 Mbps connection)
Average Download Speed 32.6 Mbps (50 Mbps connection)

General Features

Free Trial yes
Free Online Storage no
Mobile Apps Android, Blackberry, iOS, Windows Phone
Bandwidth Controls yes
NAS Support no

Backup Features

File Versioning yes
Keep Deleted Files no
Back Up to Local Drive no

Sync and Share Features

File Sync yes
Selective Sync yes
Public File Sharing yes
Collaborative Invites yes

Security

Encrypted Storage yes
Encrypted Transfer yes
Personal Encryption yes
Zero-knowledge Encryption yes
Two-factor Authentication yes

Support

Phone Support yes
Email Support yes
24/7 Support yes
Live Chat no

Infrastructure

Data Center Location(s) Holland and Ireland

Mike Lohnash

Mike Lohnash

Mike has nurtured a passion for all things tech for over ten years as a hobbyist, retailer, tech supporter, and spreadsheet jockey. He’s been an optimistic evangelist for the power of the cloud since the days of server-aided file sharing. In his spare time he loves reading and writing about faraway lands, playing games within them, and has a slightly unhealthy obsession for Star Wars.

Mike Lohnash

Mike Lohnash

Latest posts by Mike Lohnash (see all)