Feedback by UserVoice

How can we improve OneDrive's security, policy and administration experiences??

Encrypt from local device files to OneDrive, Would like zero knowledge cloud storage

264 votes
Sign in
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
tell us more  ·  Casey Penk responded  · 

Can you please tell us more about what you are looking for? What do you mean by “zero knowledge cloud storage”? Thank you.


Sign in
Sign in with: facebook google
Signed in as (Sign out)
  • Mehmet KIZILASLAN commented  ·   ·  Flag as inappropriate

    Can you please tell us more about what you are looking for? What do you mean by “zero knowledge cloud storage”? Thank you.

  • anonymous commented  ·   ·  Flag as inappropriate

    Want to add my voice (and votes) to this. There's really two levels to this and OneDrive does neither. First is data at rest encryption. This means that if a hacker were to break into Microsoft and get OneDrive data, that data is stored "in the clear" and they could read everything. That's not good. This data as it sits on disk (at rest) should be encrypted.

    Now the second level of this is who has the keys to decrypt that data? Some providers hold the keys themselves, others allow the customers to own their own keys. I believe everyone here wants the second option. To be honest, I'm okay with either option but before I can take OneDrive seriously as a storage medium I need to feel comfortable that the files on disk are encrypted.

  • Peter K. Baumgarten commented  ·   ·  Flag as inappropriate

    Came here from reddit discussion about OneDrive encryption, pretty sad to see you have to use third party sync clients for onedrive to be encrypted. Most ppl in the world dont live in countrys with good privacy laws, and for many professionals save storage is crucial, not only journalists, companys, but also citizens with repressive govs. Plus the new internet privacy laws in US and EU will only make ppl more suspicous towards big companys who are allowed to sell ones data. I dont want MS or Apple or Google to sell my data, but compared to google, i payed for OneDrive, and dont want you to access my data anyway. Some ppl may not care, but the most professional and business users DO CARE.

  • Frank commented  ·   ·  Flag as inappropriate

    I dont get it, with true zero knowledge enryption you could ease all the critique of privacy advocats, and make OneDrive truely fit for business usage. A cloud storage without zero knowledge encryption is not secure in any way, and even less for professional use.

    Here some infos on the concept:

  • Steven commented  ·   ·  Flag as inappropriate

    To clarify: Zero Knowledge Enryption means, that ONLY the user has the ability to encrypt and decrypt, with the service provider having no own access.
    This is actually one of the biggest trends in web storage today, with many third party devs offering additional software to provide this feature for OneDrive, Google Drive and other major services.
    Like Boxcryptor, Cloudevo, cryptsync, etc.
    Expecially for a business/professional focusing company like MS this should be a no brainer and major selling point in todays privacy consious world. Here in EU it is one if the biggest point holding companys back from the cloud.

  • Steven commented  ·   ·  Flag as inappropriate

    To me and many others especially in Europe and outside of US, zero knowlegde encryption is a MUST HAVE FEATURE not only for businesses, but also for most IT-Enthusiasts.
    With the NSA-Leaks, huge hacks, and Goverments even in the "western world" becoming more and more repressive towards free journalism and social activism, this will only become more and more important.
    Just look at the success of third party apps for onedrive which provide this features, i cant understand, why MS doesnt see this huge demand.
    As MS tries to aim their products more and more towards Professionals and semi-Professional and business users, it is even more crazy not to provide a true private cloud service.

    And as you dont seem to know the "zero knowledge" term, which is a quite popular buzzword and hype today (and justified IMHO), it just show how far off you still are as a company from your userbase, despite all efforts to close the gap between you and your customers.

    I hope you can the still catch up to this important development, while my hopes arent that high.

  • zer0 commented  ·   ·  Flag as inappropriate

    Hi @casey penk:

    "Zero Knowledge means we know nothing about the encrypted data you store on our servers. This unique design means nothing leaves your computer until after it is encrypted and is never decrypted until it is unlocked with your password on your computer. It's not just "end to end encryption;" it's a Zero Knowledge System.


  • UNMES commented  ·   ·  Flag as inappropriate

    @Casey Penk,
    I think what he means is something like LastPass. = Encrypt and Decrypt locally. All uploads are encrypted. But then that service is sort of strange. Because your "master encryption password" is stored online.

    So a credit card databank download might be scrambled. But an informed person or cracker would only need to match details of how the directory for log in is matched to the user storage, and then download both directories, etc. Long story short. Robokey and others are safer than last pass. You want zero knowledge? Don't upload to a Departmental ARPAnet. Among those cubicles are people selling out privacy.

    By the way: The internet is tax paid for, please don't ever let a corporation have control of it, it belongs to the people, not to militaries with 10 year expiration date on all information special interests do not want known to the world.

  • Daniel commented  ·   ·  Flag as inappropriate

    I agree. There needs to be a way to secure our data. Minimal option is to require login to get access, even if using a OneDrive app locally on a device. Best is that my files are only visible to me and not by Microsoft or anyone else.

  • Clint commented  ·   ·  Flag as inappropriate

    In response to Casey - files on OneDrive should be encrypted so that only the person who uploaded them or person(s) they share it to can read them. MS should not have any capability of knowing what is up there, nor should anyone else. Private/Public Key encryption would be great. Even better is if it could somehow extend NTFS style from my machine to OneDrive (so if I did local NTFS encryption the file would remain encrypted when sync'd to OneDrive and have all the same type of abilities of sharing files that we have today).

    Responding to KB's comment - if you don't want your OneNote notebook in OneDrive, then don't put it there. They can be local just to your computer which is how it sounds like you currently have it.

    Adding to KB's comment - this is a prime example of why OneDrive should be encrypted by default and ONLY accessible to the owner and those the owner shared to. Many users aren't going to realize they have other choices to place things and give up entirely because the service isn't protecting them to the fullest extent by default.

    Zero Knowledge means that ONLY the person who placed the files there and any others the person explicitly shared them to must be the only way to read those files. No automated processes, no workers accessing from the backend, etc should ever know what the file is. A big encrypted container would be best - no knowledge of what's in the container at all.

  • KB commented  ·   ·  Flag as inappropriate

    Without privacy, OneDrive is totally useless for me. And completely destroys all my OneNote Notebooks. I have no nude photos, or anything to "hide". I just don't believe in putting ANY of my personal information in a place that is not totally private. I am very security conscious and VERY careful about what I post in social media. I want "zero knowledge" AND it should be an OPTION whether or not to store files on OneDrive. For some things OneDrive is great, but I do not appreciate having my CHOICES dictated. Now I have to go through every Notebook and look for any personal information that needs to be removed from My NoteBooks before I can move them to my new computer with Office 365. I don't have time for this. I may just move all the data and stop using OneNote and I have LOVED OneNote for years. OneNote is one big reason why I keep choosing MS Office instead of trying the other Office suites available. But with the subscription, it is so easy to switch now. I'll be looking into it if this is not changed. I am NOT happy!!!!

  • Jeff commented  ·   ·  Flag as inappropriate

    I would also like to see this, or something like it.

    My specific concern is taking a private, intimate photo on my phone, having it automatically back up to OneDrive, having Microsoft's algorithm flag it, and then having Microsoft personnel huddled around a monitor looking at naked pictures of my girlfriend, trying to decide whether or not to lock me out of my account.

    It's my understanding that Microsoft routinely scans OneDrive accounts in search of nude photos. There have been documented cases of users being locked out of their accounts. Even in cases of professional photographers whose work involves partial nudity.

    "Zero knowledge" is a buzzword that describes a cloud storage solution in which the cloud storage provider has no way of accessing its users' data. The common way of achieving this is to encrypt the data locally before it is uploaded, and to ensure that the user is the only one with the power to decrypt the data.

    It seems to me that Microsoft employees should be forbidden from looking at a user's private photos for any reason. Barring that, zero knowledge (locally encrypted) cloud storage would be a solution.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I am the owner of this account and he is STEALING all my stuff he is a CRAZY STALKER

  • Rudi B. commented  ·   ·  Flag as inappropriate

    I think he/she means that all files hould be encrypted by the client with a key you wouldnt know before reaching your servers and that the encrypted file is sent to the client and then decrypted again. However, i'm not sure if this would be feasible in the web-version, in other words in html/javascript.

  • Marc commented  ·   ·  Flag as inappropriate

    In a time, in there everybody wants your data, it is highly recommended to have such features.
    Zero knowledge encryption means for me, only the user is able to access his data. No one else.

    For all they are looking for such functionality, check

  • Sheila commented  ·   ·  Flag as inappropriate

    I like to store applications databases encrypted on OneDrive so that I can access my data on more than one devices. Ex: Accessing my Quicken data from any device with the Quicken app.

    On a side note, love to have a Quicken universal app.

  • Luka commented  ·   ·  Flag as inappropriate

    +1 to this.

    For a file/folder of our choosing, encryption should be done on device and only we should have keys to this content. This is important for the sensitive data like financial reports, credit card information, contact information, etc.

    On Windows you can use BitLocker probably in some way. Other devices have their built in encryption/decryption tools as well that can be used.

    Btw, more suggestions like this one:



← Previous 1

Feedback and Knowledge Base