pCloud Review 2019

pCloud is a secure cloud storage service that permits users to store files online using end-to-end encryption. It is a relatively small service that has only been downloaded 1 million times from the Google Playstore. However, those users have rated it with a 4.4 score, demonstrating that it is generally a well-liked storage provider. 

Being based in Switzerland is thought to be good for privacy compared to many other locations, and the fact that this service can be used for free makes it an interesting proposition. So, is this secure storage provider worth your time? And will it keep your data secure?

pCloud logo

Get pCloud

Overview

pCloud is an online storage solution that people can use to ensure that their photos, documents, and other important data is not at risk of being lost if their hard drive goes corrupt or they lose their device to theft, loss, or breakage.

pCloud was first launched in 2013 and it is available for all popular platforms via software that you can download to your laptop, desktop, tablet, or smartphone device. It is even available for Linux distros; which is rarer. In addition to locally installed clients, users can opt to use pCloud via an online web client that runs in their browser. 

Subscribers have the option to use the service for free, or via a monthly, yearly, or lifetime subscription plan. Customers can opt to pay via credit or debit cards, Paypal, or Bitcoin transactions. And all subscribers get a 10-day money-back guarantee to test the service risk-free.

Free users get up to 10 GB of free storage with 50 GB of download link traffic per month. However, free users must verify their account to unlock the file-sharing feature and must follow certain steps in order to gain access to the full 10 GB allowance.

very email account

A one month plan starts at $4.99 for 500 GB of storage - or $9.99 per month for two Terabytes of storage. This is not particularly expensive, however, yearly plans better value for money.

Yearly plans can be purchased for $47.88 per year for 500 GB of storage and $95.88 for two Terabytes. Finally, lifetime subscriptions cost $175 for 500 GB and $350 for two Terabytes of storage. 

Lifetime plans offer extremely good discounts - as long as you trust that the firm will still be around in four years, and there is no absolute guarantee that it will be. Thus, while we have no reason to suspect that it won’t still be around, a lifetime subscription always carries an element of risk. 

On the other hand, as long as pCloud is available for more than three and a half years - you will have saved some money. That possibility does seem likely, to be fair.

No matter which subscription plan you opt for, the amount of storage space that you get is equal to the amount of data you are permitted to share with contacts via links. However, one thing to bear in mind is that users are restricted in the amount they can upload to their account per month. 

So, while you can store either 500 GB or 2 TB of data in total at any one time (depending on which plan you opt for) - you may also only upload 500 GB or 2TB of data during each month-long period. If you exceed this upload limit - you will need to wait until the next month to upload more data to your storage space. (You can download as much as you want).

This is a reasonable limitation, and being able to upload the total sum of allocated space each month is more than enough for most people’s needs. It is also worth noting that the terms of service disallow users from circumventing these upload limits by using a VPN or some other proxy (it tracks uploads from your IP address). 

Finally, the pCloud terms of service stipulate that the service is only available to users who are 18 years and over. This is an unusual restriction that is worth bearing in mind if you decide to opt for its “family” plan (not much use to families due to this restriction). 

Get pCloud

Features

  • Software for all popular platforms
  • End-to-end encryption (with all paid subscriptions using crypto feature)
  • Sync and backup files from popular third-party cloud storage providers (Dropbox, Facebook, Instagram, OneDrive, Google Drive)
  • Preview documents on the cloud drive
  • Built-in video player for previewing videos directly from storage
  • Built-in audio player with playlists for listening to music directly from your storage
  • Unlimited file size for uploads
  • No upload or download connection speed limitations on any plans (including free users)
  • Shared folders for remote access to files
  • Fair share feature (shared folders use storage only from the sharer’s account)
  • Share upload links via a URL so that friends and contacts can upload files to your account
  • 30-day trash history and file versioning for accessing older versions of files that are accidentally updated
  • Customizable links (customize the title, image, headline, and description)

Get pCloud

Setup

Getting a free or paid account for pCloud is extremely easy, and users get a small amount of storage (2 GB) even if they refuse to verify their email address. This allows users to store data without having to hand over any personal information (though the firm does still track your IP address). 

Once you have signed up for a free pCloud account, you will be encouraged to verify your email address, upload a file, and install the pCloud software locally. Each of those activities will give you more storage space up to a total of 10 GB. To get more space, you will be asked to do things like inviting friends and family, installing the software on mobile and desktop machines, and setting up the mobile version to automatically update your photos and videos. 

Installing the software is easy and there are versions for Windows, macOS, iOS, Android, and Linux.  Users must agree to the Terms of Service in order to install those clients. As a result, users must agree not to use the software to store or share any copyrighted or illegal content. In addition, users must agree to only use the service if encrypted storage is legal where they live. 

Get pCloud

Ease of Use

Once the software installs, and you have accepted all the necessary components, you can log in and start using the software to upload data to pCloud drive. The desktop client allows you to avoid any possible vulnerabilities caused by Javascript in the web-based client. As is the case with Dropbox, you can access the files on your cloud drive from a folder within Windows Explorer.

pCloud Drive local storage

To allow contacts or friends to share the contents of folders or individual files, all you need do is right-click on the folder or file from within explorer. Select copy download link and pass that link to your contact. This will allow them to go directly to that file to access it. However, it is worth noting that shared files are never protected with end-to-end encryption. 

share documents from local disk on pCloud

Files protected with end-to-end encryption using the Crypto feature are not sharable, which means that this service is not suitable for securely sharing files with contacts.

It is also worth noting that free users do not get end-to-end encryption, because the Crypto feature is only available with a subscription. Thus, free users’ files are protected server-side, and the firm controls your encryption keys on your behalf. If you want to secure files with end-to-end encryption (for free) you will need to use a different service. And if you want to share files completely securely this service is not suitable at all, you have been warned.

In addition to having pCloud folders that automatically appear in Explorer, users can easily select any other folder on their hard drive to sync with their pCloud account. Doing so means that any changes that occur in that local folder also automatically occur in the cloud.  This setup procedure happens via the pCloud app. 

Sync folder to pCloud

We found sharing files and folders and setting up sync extremely easy, meaning that this software is a good option for beginners. What’s more, the software will prompt you when you create new files in order to automatically back them up if you prefer. For example, if you take a screenshot the software will ask you if you want to save that image to a pCloud folder called screenshots. 

We also liked the ability to preview images and videos directly from the cloud, which means that you do not need to download them in order to view them. 

Because (with free accounts) pCloud retains control of your encryption key; you can recover your account and change your password via an email. Recovering your files will not be possible if you forget the password to your Crypto service; because you control your key yourself and pCloud has zero knowledge of your encryption keys.  

forgot password button

If you do purchase an account, you will need to ensure you set up a unique password that you can remember (by using a password manager, for example). Failure to do so will result in you losing access to all your files (because the firm no longer has the ability to recover access). 

Get pCloud

Privacy

Being based in Switzerland means that users should be able to trust that their data will be kept private. Switzerland does not have mandatory data retention laws, and it is a location where a number of high profile privacy services are based (ProtonMail and VyprVPN, for instance). 

However, it is worth noting that if you use a free account, you do not get end-to-end encryption (e2ee), which means that if pCloud is served a warrant, it could allow the government to access your files. This is also true of any files stored on its servers without the use of the “Crypto” feature. 

What’s more, this becomes much more concerning when you realize that its data center is in Dallas, Texas, USA. This means the server farm could be served a warrant and gag order by the US government, and it could be forced to secretly begin accessing people’s data. 

This is far from ideal and means that you will need to purchase a subscription and start using the “Crypto” feature to gain proper data privacy (e2ee). In addition, remember that if you want to share files via a link, you will need to upload them to pCloud servers without the use of the Crypto e2ee. Thus you cannot share files securely using this service.

We checked the privacy policy and found that the firm does collect quite a lot of information about its subscribers. The firm states that it collects your “IP address, browser type and version, operating system, referral source, and device information”. 

In addition, it uses “tracking services” to “collect information about you such as length of visit, page views, and navigation paths, as well as information about the timing, frequency, and pattern of your usage, operating system, device information, behavior, visited pages, etc.” pCloud claims that this data is “anonymous information can not be identified directly with you.” However, in the case of your IP address, this is untrue. 

It is also worth noting that pCloud states that it will comply with requests made by law enforcement “or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to pCloud.” 

Free users’ accounts are not protected with end-to-end encryption, and files that you upload to the service without using the Crypto feature can be accessed by the firm; thus your data is not completely private when you use this service for free.

Get pCloud

Security

pCloud sends all data to its servers using strong TLS/SSL encryption. We checked the service using Qualys SSL labs and found that it scored an A+, which means that your data should be secure in transit (even if you use a free account with no end-to-end encryption). 

 However, it is worth noting that if you use the browser-based client to upload files you could fall victim to a man-in-the-middle attack caused by a vulnerability in the way browsers handle JavaScript code. To avoid this possible exploit (in which an attacker injects keys on the victim) you should stick to using the stand-alone clients that you can download from its website or app stores (available for all popular platforms). 

pCloud provides AES 256 encryption for all files that are stored at rest. However, it describes its encryption as “unique” which we presume means it is some form of proprietary encryption. Admittedly, the firm claims that the server-side encryption has been tested and verified by the independent third-party cybersecurity firm Mnemonic. However, we have not seen that audit and can’t attest to its veracity.

In addition, pCloud previously offered a $100,000 reward to any ethical hacker that could find an exploit in its server-side encryption. During that bounty hunt, 2860 participant attempted to hack the server-side encryption for six months, and none succeeded. This is certainly encouraging. For added clarity, we asked the firm whether its proprietary encryption had been audited and it told us that:

“We underwent the required procedures to prove the quality of our Quality Management and Data Management Systems - ISO 9001 and ISO 27001.”

However, it is worth noting that because pCloud is not open source, it is impossible for any independent auditors to verify the source code or its “unique” encryption methods. This is far from ideal because it means it is impossible to know with any certainty what the firm is doing with your data. 

Where roll-your-own encryption is concerned we would definitely prefer that it was completely open-source. On the other hand, AES 256 encryption sounds secure to us, and it did withstand hacking attempts from a large number of white-hat bounty hunters. Thus, it really is down to your own personal threat model as to whether you decide to trust pCloud’s at-rest encryption.

To gain true data security using end-to-end encryption users must subscribe to the service and use the “Crypto” feature. This means that on the free plan pCloud employees could theoretically access your files and folders (because the firm retains control over your keys). This is problematic, because it also means that all free accounts are vulnerable to hackers who manage to access those encryption keys. The same is true of any files uploaded without using the “Crypto” feature (e2ee) on a paid account.

Anybody who decides to pay for a subscription plan - and who opts to set up a “Crypto Pass” for their account using the Crypto feature - will be able to access their securely stored private keys. This enables them to start encrypting their data with e2ee. If that password is lost they will lose access to their e2ee files. 

Data encrypted with the Crypto feature is encrypted using AES 256 and is transmitted to its servers using 4096-bit RSA. This is secure. However, because of the closed source nature of the platform - it is impossible to verify whether this end-to-end encryption is actually secure. 

This is always the case with any closed source secure storage providers; which you must trust to do as they say they are. 

Get pCloud

Customer service

We contacted pCloud using its ticket-based customer support system and found its agents to be knowledgeable. They always tried hard to clear up points about the service and were able to answer a lot of questions that we had. 

Responses to requests usually came within a day, but it is worth noting that they appear only to come during business hours. However, we did get responses even at the weekend.

The website has an FAQ section that can be found in the footer of any page on its website. The FAQ has answers to lots of important questions about many different aspects of the service including questions relating to the encryption provided by the service. However, the answers are a bit low on actual technical details, which would be useful for judging the efficacy of the security provided by the platform. 

pCloud also provides a Blog which has articles about using pCloud features. This article are well written and are a good resource for learning to get more out of the service.

Get pCloud

Conclusion

pCloud is easy to use and its availability for multiple platforms is sure to make it a worthy storage provider for many people. However, for the more paranoid among you, its US-based server center and proprietary encryption may be enough to turn you off.

The fact that the service is closed source is problematic, because it means you can’t be 100% certain about what it is doing with your data. As is always the case, whether pCloud is for you will largely depend on your own personal threat model.

The lack of end-to-end encryption for all uploads means that you aren’t getting complete security 100% of the time. And, because you can’t use the e2ee Crypto feature for files that you intend to share with fellow contacts; this service is not suitable for secure file sharing. 

To be fair on the service, the availability of end-to-end encryption does make it better than some of its mainstream competitors. However, if you are looking for a completely zero-knowledge service with secure sharing; we recommend looking elsewhere. 

On the other hand, if you just want to store files, and aren’t particularly worried about securing everything with e2ee, this service is pretty cool. And it makes sharing files via a link very easy indeed. 

Get pCloud

Written by: Ray Walsh

Digital privacy expert with 4+ years experience testing and reviewing VPNs. He's been quoted in The Express, Barrons, the Scottish Herald, ThreatPost, CNET & many more. Ray is currently rated number 1 VPN authority by Agilience.com.

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.