PrivateStorage is an open-source, privacy-centered storage service that allows you to upload your folders to a secure cloud such that your folders are only accessible to you. We have built privacy into our platform in a way that makes it infeasible for us to read your files. With the PrivateStorage app on your computer you can drag and drop folders from your desktop and sync them to the cloud. Files you store on PrivateStorage are encrypted locally on your device, which means that only you can open them.
Least Authority, the team behind PrivateStorage, is committed to building and supporting the development of usable technology solutions and ethical business practices to advance digital security and preserve privacy as a fundamental human right. We are a small team working on making Internet technologies more privacy-respecting.
PrivateStorage is for individuals interested in a storage solution that provides additional security and privacy features in comparison to other solutions on the market. From our unique payments system (which never connects your payment information and personally identifiable information to your storage usage and activity) to the way data is stored on the cloud itself (we never have access to your data, by design), we provide a product for heightened security with a simple, straightforward design.
However, the primary way PrivateStorage protects your privacy is by design:
Client-side encryption for your files: The PrivateStorage desktop application encrypts all files before uploading them to our servers. Only the desktop application can decrypt those files (but see Recovery Keys). Even if we wanted to -- which we don’t -- we could not access your data or files.
PrivateStorage uses Tahoe-LAFS for this encryption. Tahoe-LAFS is Free and Open Source software and was the subject of a security audit by Cure53 in 2021.
Zero-knowledge proof of payment: When you pay for the service the PrivateStorage desktop application is issued a number of Zero-Knowledge Access Passes (ZKAPs). When the desktop application uploads files it "spends" a certain number of these ZKAPs so our servers can authorize the storage. By the design of ZKAPs our servers cannot link the ZKAPs your desktop application spends back to the payment which resulted in those ZKAPs being issued. Our servers cannot even link ZKAPs from two different uploads made by your desktop application. This means we cannot track individual usage patterns based on spending activity - even anonymously.
PrivateStorage uses Ristretto-flavored PrivacyPass for this privacy-preserving authorization. The "challenge-bypass-ristretto" library is Free and Open Source software developed by Brave Software International, Inc. for the privacy-preserving Brave browser.
Yes. You can access the PrivateStorage source code on our Github page.
Additionally, PrivateStorage makes use of many other open source projects including: Tahoe-LAFS Least Authority File System (first released 2007) for decentralized and private storage; Magic Folder for file syncing, Gridsync for the user interface; and ZKAPs Zero Knowledge Access Passes for secure payments.
You control access to all data you store in PrivateStorage.
At a technical level, the only way to read the encrypted data stored in PrivateStorage is to have a Tahoe “read-capability” (a short string of data). These are stored by PrivateStorage on your computer. Your computer uses this “read-capability” to fetch, decrypt, and read the data you have stored on our servers. So long as your computer remains secure, it is the only device which can do this.
With PrivateStorage, you only pay for the storage that you actually use and there is no subscription plan managed on our end. The cost depends on your storage needs and usage.
You can buy storage-time in increments of $6.50, which buys you approximately 30 GB-months of storage. We define storage-time as the amount of storage you are using at any given time, and how many months you can store it for based on what storage space you use.
For example, if you purchase 30 GB-months of storage-time and you store 1 GB of data on PrivateStorage, then it will take approximately 30 months to use up your storage-time. In case you need more storage-time, you can simply top up your balance with another increment of storage-time (30 GB-months).
PrivateStorage payments are supported by Stripe. In the future we plan to expand to accept more currencies, including cryptocurrencies.
We hope to offer a sharing feature in the future, but it is not currently available.
This feature is not currently available, but we plan to offer it in the future. At this time, PrivateStorage is only available as a desktop app. In the event that you lose access to the device you have PrivateStorage on and need to restore PrivateStorage on a second device using your Recovery Key, please only use PrivateStorage on your second device going forward. Attempting to use PrivateStorage on more than one device could result in data loss.
PrivateStorage is currently available as a desktop application on MacOS, Windows, and Linux. In order to download PrivateStorage onto your computer:
When you have connected to PrivateStorage choose “Buy storage-time in browser” in the application. This will open up a browser window with a payment page where you can buy storage-time.
Our payment form has been tested with the latest versions of Chrome, Safari, Edge, Firefox, Opera and Brave.
Next, the most important step is to back up your instance of PrivateStorage, so that if your device is lost or damaged, you have a way to access your files again.
Please note: PrivateStorage, the company, has no way of recovering or accessing lost files - this is due to the security and privacy built into the application. If your device is lost or damaged, you will only be able to get your files back with a Recovery Key.
Make sure to store the Recovery Key file and passphrase somewhere you can access them even if your device is lost or stolen, such as a password manager, USB or secondary device. Keep in mind that if your device gets damaged or lost, that you will not be able to restore your files without your Recovery Key and passphrase.
Once a folder is synced, you can navigate to the “Folders” screen on the top right menu in PrivateStorage. Double click on the folder you wish to view and the folder will open in your file explorer, and you can view the files inside of it.
You can right click on the folder in the “Folders” screen and choose “Stop Syncing” and choose to not save a backup of this folder. If you delete the folder from your device, because PrivateStorage mirrors your device, the folder will be removed from the PrivateStorage application as well.
PrivateStorage is designed to sync folders from your computer with the PrivateStorage cloud. This means that when you add a folder to PrivateStorage, any changes you make to this folder on your computer will be reflected in the same folder on PrivateStorage. Syncing occurs when the PrivateStorage application is open. Alternatively, if you delete a folder from your computer, it will no longer be displayed in PrivateStorage.
At the moment it is only possible to add folders, and not individual files to PrivateStorage. Of course you can put any individual files you want to add to PrivateStorage into a folder and then add that folder.
Yes, you can synchronize folders across multiple devices.
Yes. Each device will need to be synchronized with the same steps as described above.
A Recovery Key is a small file that serves as a backup of PrivateStorage’s "capabilities" – the cryptographic keys needed to access your stored data. By saving a Recovery Key in the PrivateStorage application, you can restore access to your files on the PrivateStorage cloud in the event that your device is damaged or lost.
In the event that you lose access to your computer, your Recovery Key is the only way you’ll be able to regain access to folders you have synced with PrivateStorage. Reminder: we cannot read or access your data, so we cannot recover your files if your device is lost or damaged.
Anyone with your Recovery Key can gain access to your files and personal information. To keep your folders protected from accidental data loss, we recommend encrypting your Recovery Key with a strong passphrase and storing it securely in a password manager and on another device.
You can create a Recovery Key by navigating to the “Recovery” button in the top left hand corner of the PrivateStorage application and choosing “Create Recovery Key” or by following the prompts that appear after purchasing your first batch of Storage-time. During this process, you can set a passphrase and save the Recovery Key file to a location of your choosing. You can create a Recovery Key at any time, but it is recommended to do so before any folders have been added.
If you have lost access to your computer, you can use your Recovery Key to regain access to your folders stored in PrivateStorage on a new desktop device.
Unfortunately if your Recovery Key is lost and you cannot access your device, your folders cannot be recovered.
Unfortunately, if you have lost access to the device that you installed PrivateStorage on, and you do not have access to your Recovery Key, there is no way to recover your data.
Because of this, we strongly recommend exporting your Recovery Key as soon as possible and storing it in a secure location separate from the device you are using for PrivateStorage.
Settings and Login
PrivateStorage utilizes accountless authorization, so we do not collect or store your email address or use login credentials like usernames and passwords. When you download PrivateStorage, it is installed on your computer as a desktop app and you can sync folders with it when needed. Opening the desktop app does not require a password, so please make sure your device itself is adequately protected.
Please make sure to back up your access to the PrivateStorage cloud by exporting your Recovery Key and storing it in a secure location on another device. Because PrivateStorage does not have traditional login credentials, we have no way to reset or restore your account if your device is lost or damaged. In this case, the only way to access your files is through your Recovery Key.
At this time, each PrivateStorage application can only be used on one computer. You can download the application itself on more than one computer, but each application would only store local folders from the device that it is on. There is no shared storage between devices.
We hope to introduce a feature that facilitates folder sharing between devices in the future.
Payments and Storage-Time
With storage-time we can verify your payment without linking your payment to what you store. You only spend storage-time for what you keep stored on PrivateStorage over time. In other words, storage-time is measured based on the amount of storage used over time. For $6.50 you can store approximately 30 GB-months of data. For example, with this you could store about 30 GB for one month, 10 GB for three months, or 3 GB for ten months and so on. The smallest unit of storage is 1 MB-month.
Storage-time is made up of tokens spent automatically by the PrivateStorage application as payment for the ongoing storage of your data.
Storage-time tokens are used to decouple the payment event (that is, when you bought the storage-time) from its redemption. We cannot tell if a given chunk of encrypted data on our servers is yours or someone else’s.
This has some consequences for the way the software has to operate: it spends storage-time tokens while interacting with our servers. This can be used to store brand-new data or to “renew” existing data.
When the software stores or renews data, it does so for 31 days. So, if you store a file for a single day and then delete it, that data is still kept on our servers for at least a month because your software has already spent the tokens for that. For this reason, it is also important to run your software at least once a month so it has a chance to “renew” already-stored data.
Overall, we encourage you to use the software as you like and then see how that impacts your balance. If you find your balance is dropping faster than you hoped, there are some steps you may take to reduce your usage.
You can reduce how much storage-time the software needs to spend by storing less data in the system or by storing it for a shorter amount of time (i.e. deleting it at some point).
Since the software automatically uploads changed files while it is active, one way to use less data is to change files in the synced folder less frequently. For example, if you will be making many edits to files in a synced folder it may be better to close the application, switch the software off, make your edits, and only then open it again to turn it back on. This means the application software only uploads one new version of the edits and thereby spends less storage-time.
If you run any other software that saves data to the synced folders, it may be worth examining whether that software is producing lots of versions of files. For example auto-save files or log-files or other frequently-updated files that don’t necessarily need to be saved into the service.
You can use the “History” tab in the software to gain insight into when new data has been uploaded.
Available storage-time is constantly updated in the storage-time screen in the bottom right corner of your PrivateStorage application.
In addition, the bottom right of the PrivateStorage screen shows how much data you have stored and by when, on the basis of your available storage-time and amount of data stored, you would be expected to run out of storage-time.
You can store as many folders as you would like. When the size of your uploaded data is approaching the limit of your storage-time, you can purchase more storage-time to add the larger volume of data.
If you do run out of storage-time, you will no longer be able to store new data or sync updates to existing folders until you top up your storage-time on the PrivateStorage website (not the device).
Removing Data from PrivateStorage
When the PrivateStorage application is not running, no storage-time will be consumed and no files will be synced.
One consequence of the fact that we cannot associate one customer's data from another is that all "deletion" of data is your responsibility. On a technical level, anyone with the appropriate access and decryption keys (called Capabilities) inside the configuration area of the PrivateStorage application can read the corresponding data. This means that sharing a voucher code, ZKAPs, the Recovery Key, the capabilities and/or any other configuration with anyone else is done at your own risk.
If you want to render all of your data inaccessible (also known as "deletion"):
The configuration data is in a platform-specific location:
~/.config/privatestorage/ but please note this will depend on the
XDG_CONFIG_HOME environment variable, if present.
C:\Documents and Settings\username\Application Data\PrivateStorage but please note this can depend on the
CSIDL_APPDATA environment settings