For most cloud services, the biggest security flaw lies in their own servers, where encryption keys are stored in the same place as your data. Those that offer privacy from prying eyes end up sacrificing the very capabilities that the cloud was built on: sharing and collaboration. Tresorit was designed for those who want to have their cake and eat it too, promising a secure and private collaboration service.
But is Tresorit as revolutionary as they claim? We dug deep into the technology and tested it thoroughly. Find out how it fares below.
- Servers based out of privacy-focused Switzerland
- Solid security and no-knowledge privacy
- Robust sharing and collaboration options
- No account needed on single file links
- Easy to use software
- Secure software and apps for nearly every platform
- Team management options on business accounts
- Mandatory expiration and download limits on links
- Password-protected links only on business accounts
- Folder links require account to access
- Deleted local files also removed from cloud
- Inconsistent performance
- Expensive pricing model and worthless free option
- File size limits on all tiers
Tresorit has some of the best security and privacy in the business and an impressive set of sharing and collaboration features. But it’s still a bit of a one-trick pony with a lot of caveats, best combined with backup solutions like SpiderOak or Backblaze. Tresorit’s high price makes that a difficult proposition, but for those who want a deep cloud collaboration service with the best in security and privacy, it may be worth it.
A Deep Dive into Tresorit’s Security
Tresorit is based out of Switzerland, whose data privacy laws prevent third parties from accessing your data without your explicit permission. They also secure data transfers with TLS encryption and offer two-factor authentication. But where many EU-based services will stop there, Tresorit follows it up with an interesting and innovative end-to-end encryption implementation.
Most cloud services like Dropbox, OneDrive, and iCloud use an Access Control List (ACL) on the server to keep your user credentials, encryption and SSL certificates, and access rights for shared files. The ACL then updates when you share or upload new files. This so-called authentication-based security does not protect data against the prying eyes of data admins or government queries.
On the other hand, encryption-based services like SpiderOak turn your computer into the ACL. All encryption keys are kept on your machine, keeping your data safe server-side access. However, these services cannot protect your files anywhere outside the desktop, since a shared file, a web login, or an app all require your password to be given to the server to decrypt the files, which defeats the purpose. And forget about collaborating on files. Even if the password is deleted after the session ends, it was stored at some point.
Tresorit employs a hybrid of these two methods. Like an authentication-based service, an ACL (“roaming profile”) is stored on the server that manages file encryption keys and sharing permissions. Like encryption-based services, a 256-bit “master key” is generated that never leaves your machine. But with Tresorit, your roaming profile is encrypted with this master key before being uploaded to the server, and updated with changes after. This method keeps data private on the server, while still allowing for outside access options, collaboration, and sharing links to be changed on the fly.
Web, shared links, and app sessions are also authenticated through a complex non-optional two-factor authentication, which assigns a temporary device certificate for the session. The encrypted files come into your local session, the master key is generated from your password which is stored only on your device or browser, and is used to decrypt the files. Your password still never leaves your browser or device.
This is a relatively simplified explanation of what’s going on, but further technical details can be found at this link about sharing, another about roaming profiles, this one about passwords, or their whitepaper. Regardless, this hybrid method not only keeps your data secure and private, but also allows for sharing and access options previously not available with encryption-based services.
Start with the Desktop
The desktop software is the primary interface for the service. It will set up your account password and a sync folder that they call a “Tresor” (German for safe or vault). Any files you drag in the folder or into the interface will automatically upload to the server.
Any folder on your computer can be set up as a Tresor through right-click menus or a software upload.
Technically, you can assign a network share to a Tresor, and they did upload to the cloud for me, but a manual sync was necessary to check for changes.
The software offers an array of configurations, including bandwidth limits and even DRM deployment for the Business version.
However, I want to stress that Tresorit mirrors your local files and is not a backup service. Deleted local files are deleted in the cloud too. There is no recycle bin or deleted files to restore. That said, Tresorit shows Tresor history and can restore multiple file versions on the paid subscriptions.
Tresorit offers a wealth of sharing and collaboration options, primarily for paid subscriptions. Links to individual files can be generated in the desktop and will be automatically copied to your clipboard. Paid accounts can set expiration dates and download limits.
File links can be accessed whether your recipient has an account or not.
Links to entire Tresors/folders can be sent via e-mail or copied to your clipboard. Paid users can designate access rights and even allow or prevent collaborators from inviting additional members. The Owner of the link can then add, change, or revoke permission or terminate links at any time. Tresorit members will see shared Tresors show up in their software and apps.
A link to an entire Tresor unfortunately requires an account to access.
Tresorit for Business accounts get a few more useful options, including link passwords and domain access restrictions.
They also get access to the useful Admin Center that offers set device restrictions, an IP filter, session length, and sharing controls for your collaborators. Users can be separated into groups with specific policies defined.
Desktop software is available on Windows, MacOS, and Linux.
Tresorit’s web portal is pretty basic. You can upload and download files, create folders, and share invite links to your Tresors, but not to individual files. There is also a basic photo and PDF viewer.
It’s annoying that downloads are restricted to 150 MB on 32-bit browsers. 64-bit browsers like Chrome or Waterfox will supersede this limit.
The mobile apps work as expected. You can download files, create new Tresors, upload files to existing Tresors, sync up your camera roll, and share files as normal. You will be notified of changes to favorited items.
I appreciated the ability to designate files for offline use, giving the mobile app a desktop software touch.
Mobile apps are available on iOS, Android, Windows Phone, and Blackberry. Note that the Android app automatically has DRM set up, preventing me from taking screenshots.
Tresorit was fast enough to hit general maximums (50 Mbps down / 5 Mbps up), but has a hard time processing large files and compressed archives, and speeds throttled down closer to half of what they should have been when uploading/downloading files.
For that reason, average speeds suffered, but speeds may be perfectly fine depending on whether you use excessively large or compressed files.
|Average Download Speed
|Maximum Download Speed
|Average Upload Speed
|Maximum Upload Speed
Technically, there is a hidden free version of Tresorit, but it’s fairly useless outside of temporary collaboration.
Once you get to the Premium tier, the service gets useful, but they charge you a whopping $134 / year for a mere 100 GB. The 1 TB Business tier costs a minimum of $537 / year. At that price, it’s disappointing to see that all tiers have file size and device limits.
Tresorit has updated their pricing, and now offers a slightly more reasonable pricing of $360 / year for 1 TB with the Premium plan. The Business plan is $600 / year for 1 TB with support for 2 users.
|$30 / month
|$25 / user / month
|2 to unlimited
|File Size Limit
|Encrypted Link Limit
|10 / month
|50 / month
|Encrypted Link Size Limit
|Set Expiration Limits
|Set at 31 days
|Up to 30 days
|Up to 90 days
|Set Download Limits
|Set at 20
|Up to 50
|Up to 1000
|Set Link Passwords
For the majority of users (premium), you can submit support tickets by e-mail and use the knowledge base. Business accounts get 24/7 phone support and deployment support.
|Average Upload Speed
|5.07 Mbps (5 Mbps connection)
|Average Download Speed
|32.6 Mbps (50 Mbps connection)
|Free Online Storage
|Android, Blackberry, iOS, Windows Phone
|Keep Deleted Files
|Back Up to Local Drive
Sync and Share Features
|Public File Sharing
|Data Center Location(s)
|Holland and Ireland