Overview
pCloud is an online storage solution that can be used by just about anyone to ensure that their photos, documents, and other important data isn't at risk of being lost if their hard drive is corrupted. pCloud also protects against device theft, loss, or breakage.
The backup service arrived on the scene in 2013 and is available for all popular platforms via software that can be downloaded to your laptop, desktop, tablet, or smartphone device. pCloud is even available for Linux distros – a rare, but welcome, surprise! In addition to locally installed clients, you can opt to use pCloud via an online web client that runs in your browser.
Subscribers have the option to check out the service for free if they wish, or purchase a monthly, yearly, or lifetime subscription plan. It's possible to pay for these plans via credit or debit card, PayPal, iTunes, or Google Pay. pCloud even supports Bitcoin transactions. Additionally, all subscribers get a 10-day money-back guarantee to test the service risk-free.
If you're a free user, you'll get up to 10 GB of storage and 50 GB of download link traffic per month, and all without paying a penny. However, free users will first need to verify their account to unlock the file-sharing feature, and follow certain steps in order to unlock the full 10 GB storage allowance.
A one month plan starts at $4.99 for 500 GB of storage – or $9.99 per month for two Terabytes of storage. This is not particularly expensive, however, the yearly plans offer better value for money.
Yearly plans can be purchased for $47.88 per year for 500 GB of storage and $95.88 for two Terabytes. Finally, lifetime subscriptions cost $175 for 500 GB and $350 for two Terabytes of storage.
Extremely good discounts can be found with the Lifetime plans – provided you trust the platform to be around for at least another three and a half years to get your money's worth. We have no reason to believe it won't be around, but with a lack of guarantee, we must emphasize the element of risk involved.
No matter which subscription plan you opt for, the amount of storage space that you get is equal to the amount of data you are permitted to share with contacts via links. However, one thing to bear in mind is that users are restricted in the amount they can upload to their account per month.
So, while you can store either 500 GB or 2 TB of data in total at any one time (depending on the plan you opt for), you are only permitted to upload 500 GB or 2TB of data during each month-long period. If you exceed this upload limit, you'll need to wait until the next month to upload more data to your storage space. However, you can download as much as you'd like!
This is a reasonable limitation and being able to upload the total sum of allocated space each month is more than enough for most people's needs. It is also worth noting that the terms of service disallow users from circumventing these upload limits by using a VPN or some other proxy (it tracks uploads from your IP address).
Finally, pCloud has a rather odd inclusion in its terms of service that states its platform is only available for those over the age of 18. This damages the value of the "family" plan in particular, as this restriction reduces who can use it. We have yet to see the reasoning behind this, but we think it is unusual and potentially unnecessary.
Features
- Software for all popular platforms, including PC and Mac
- End-to-end encryption (with all paid subscriptions using crypto feature)
- AES 256 encryption at rest and in transit (even on the free plan)
- Sync and backup files from popular third-party cloud storage providers (Dropbox, Facebook, Instagram, OneDrive, Google Drive)
- Preview documents on the cloud drive
- Built-in video player for previewing videos directly from storage
- Built-in audio player that allows users to create, and listen to, their own playlists directly from storage
- Unlimited file size for uploads
- No upload or download connection speed limitations on any plans (including free users)
- Shared folders for remote access to files
- Fair share feature (shared folders use storage only from the sharer's account)
- Share upload links via a URL so that friends and contacts can upload files to your account
- 30-day trash history and file versioning for accessing older versions of files that are accidentally updated
- Extended 365-day trash history and file versioning is available as a paid extra
- Customizable links (customize the title, image, headline, and description)
- Newly registered subscribers can choose either European or US data centers
Setup
It's incredibly easy to get a free or paid pCloud account, and you'll even get a small amount of storage (2 GB) if you refuse to verify your email address. This is good to know, as it allows users to store data without handing over any personal information – though you should be aware that the firm still tracks your IP address.
Once you have signed up for a free pCloud account, you will be encouraged to verify your email address, upload a file, and install the pCloud software locally. Each of those activities will give you more storage space up to a total of 10 GB. If you want even more space, you'll need to invite friends and family to use the service, install the software on mobile and desktop devices, and set up the mobile app to update your photos and videos automatically.
Installation the software is a breeze, and there are versions of the secure backup for Windows and Mac, as well as iOS, Android, and Linux. Users must agree to the Terms of Service in order to install those clients. As a result, users must agree not to use the software to store or share any copyrighted or illegal content. In addition, users must agree to only use the service if encrypted storage is legal where they live.
Ease of Use
You can log in and begin using the software to upload data to the pCloud drive as soon as you've installed the software and accepted all the necessary components. If you're using the desktop client, it'll allow you to avoid any possible vulnerabilities caused by Javascript in the web-based client. You'll be able to access files on your cloud drive from a folder within Windows Explorer – a process that'll be familiar to anyone who has used Dropbox.
To allow contacts or friends to share the contents of folders or individual files, all you need to do is right-click on the folder or file from within explorer. Select copy download link and pass that link to your contact. This will allow them to go directly to that file to access it. However, it is worth noting that shared files are never protected with end-to-end encryption.
Files protected with end-to-end encryption using the Crypto feature are not sharable, which means that this service is not suitable for securely sharing files with contacts.
It is also worth noting that free users do not get end-to-end encryption, because the Crypto feature is only available with a subscription. Thus, free users' files are protected server-side, and the firm controls your encryption keys on your behalf. If you want to secure files with end-to-end encryption (for free) you will need to use a different service. And if you want to share files completely securely, this service is not suitable at all, you have been warned.
In addition to having pCloud folders that automatically appear in Explorer, users can easily select any other folder on their hard drive to sync with their pCloud account. Doing so means that any changes that occur in that local folder also automatically occur in the cloud. This setup procedure happens via the pCloud app.
We found sharing files and folders and setting up sync extremely easy, meaning that this software is a good option for beginners. What's more, the software will prompt you when you create new files in order to back them up automatically, if you prefer. For example, if you take a screenshot, the software will ask you if you want to save that image to a pCloud folder called screenshots.
We also liked the ability to preview images and videos directly from the cloud, so you do not need to download them in order to view them.
Because (with free accounts) pCloud retains control of your encryption key; you can recover your account and change your password via an email. Recovering your files will not be possible if you forget the password to a paid account that makes use of the Crypto feature. This is because key control is given to the user, and pCloud has zero-knowledge of your encryption keys.
If you do purchase an account, you will need to ensure you set up a unique password that you can remember (by using a password manager, for example). Failure to do so will result in you losing access to all your files (because the firm no longer has the ability to recover access).
Privacy
Being based in Switzerland means that users should be able to trust that their data will be kept private. Switzerland does not have mandatory data retention laws, and it is a location where a number of high-profile privacy services are based (ProtonMail and VyprVPN, for instance).
However it is worth noting that, if you use a free account, you do not get end-to-end encryption (E2EE), so if pCloud is served a warrant, it could allow the government to access your files. This is also true of any files stored on its servers without the use of the "Crypto" feature.
Newcomers will notice the option to choose where their data is stored.
Selecting Europe brings all the benefits of the Luxembourg data center, which is SSAE 16 SOC 2, Type II certified, and transfers files via TLS/SSL. Choosing the US places your data in Dallas, Texas, USA, which is pCloud's original, and somewhat worrisome location because of the potential for warrants and gag orders granting the US government access to people's data. The US is, unfortunately, the default for existing customers, as pCloud continues to develop a solution for current subscribers to change their data center.
This is far from ideal and means that you will need to use the "Crypto" feature to gain proper data privacy (E2EE) if you are using the US data centers. In addition, remember that if you want to share files via a link, you will need to upload them to pCloud servers without the use of the Crypto E2EE. Thus you cannot share files securely using this service.
We combed through the pCloud privacy policy and found that the firm does collect quite a lot of information about its subscribers. The firm states that it collects your "IP address, browser type and version, operating system, referral source, and device information".
In addition, it uses "tracking services" to "collect information about you such as length of visit, page views, and navigation paths, as well as information about the timing, frequency, and pattern of your usage, operating system, device information, behavior, visited pages, etc". pCloud claims that this data is "anonymous information [and] can not be identified directly with you". However, in the case of your IP address, this is untrue.
It is also worth noting that pCloud states that it will comply with requests made by law enforcement "or other third parties pursuant to a subpoena, a court order or other legal process or requirement applicable to pCloud".
Free users' accounts are not protected with end-to-end encryption, and files that you upload to the service without using the Crypto feature can be accessed by the firm; thus your data is not completely private when you use this service for free (or without engaging the Crypto feature).
This is underscored by the company's Terms of Service, which states that:
"You give pCloud permission to use your User Content as follows: you grant to pCloud and its affiliates a worldwide license to use, copy, perform or display your User Content in connection with providing you access to the Site and/or Services only".
As a result of these terms, it is possible that the firm could access your data in order to leverage it to engage in targeted marketing or to better its services, for example.
That said, pCloud maintains that "the terms mentioned are standard terms with which you are granting pCloud access in order to allow us to send links and display your content to those with whom you decide to share your files with".
Despite this claim, the policy does appear to allow for some level of access to user data for marketing, which could result in an invasion of privacy. That is why we recommend always sticking to using the end-to-end encryption that is available with a premium subscription.
Security
pCloud sends all data to its servers using strong TLS/SSL encryption. We checked the service using Qualys SSL labs and found that it scored an A+, which means that your data should be secure in transit (even if you use a free account with no end-to-end encryption).
However, it is worth noting that if you use the browser-based client to upload files you could fall victim to a man-in-the-middle attack caused by a vulnerability in the way browsers handle JavaScript code. To avoid this possible exploit (in which an attacker injects keys on the victim) you should stick to using the stand-alone clients that you can download from its website or app stores (available for all popular platforms).
pCloud provides AES 256 encryption to secure all files in transit and at rest. However, it describes that encryption as "unique" (which we presume means it is some form of proprietary encryption that leverages an AES 256 cipher). The firm claims that the server-side encryption has been tested and verified by the independent third-party cybersecurity firm Mnemonic. Admittedly, we have not seen the results of that audit, and we can't attest to its veracity. However, it should mean that the service is secure, and it is always good when a closed source platform has been through an independent third party audit).
In addition, pCloud previously offered a $100,000 reward to any ethical hacker that could find an exploit in its server-side encryption. During that bounty hunt, 2860 participants attempted to hack the server-side encryption for six months, and none succeeded. This is highly encouraging. For added clarity, we asked the firm whether its proprietary encryption had been audited and it told us that:
We underwent the required procedures to prove the quality of our Quality Management and Data Management Systems – ISO 9001 and ISO 27001.
This is good, and goes a long way in making up for the fact that pCloud is closed-source, and cannot be verified by any independent auditors to ascertain the security of its source code or "unique" encryption methods.
Where roll-your-own encryption is concerned we would prefer that it was completely open-source. On the other hand, AES 256 encryption sounds secure to us, and it did withstand hacking attempts from numerous white-hat bounty hunters. Thus, it really is down to your own personal threat model as to whether you decide to trust pCloud's at-rest encryption.
To gain true data security with end-to-end encryption users must subscribe to the service and use the "Crypto" feature. As a result, anybody using the free plan could theoretically have their data accessed by pCloud employees (because the firm retains control over your keys server-side). This is problematic, because it means that all free accounts are vulnerable to hackers (if they manage to hack into and steal those server-side encryption keys). The same is true of any files uploaded without using the "Crypto" feature (E2EE) on a paid account.
Anybody who decides to pay for a subscription plan – and who opts to set up a "Crypto Pass" for their account using the Crypto feature – will be able to access and use private keys to start encrypting their data with E2EE. However, if that password is lost, they will lose access to their E2EE files for good.
Data encrypted with the Crypto feature is encrypted using AES 256 and is transmitted to its servers using 4096-bit RSA. This is secure. However, as previously mentioned because of the closed source nature of the platform – it is impossible for us to verify whether this end-to-end encryption is secure.
This is always the case with any closed source secure storage providers; which you must trust to do as they say they are.
Customer service
We contacted pCloud through its ticket-based customer support system and were not disappointed. The agents were helpful and knowledgeable about the service, and worked hard to explain certain aspects to us. They were also able to answer a lot of the questions that we had for them.
In general, responses to requests arrived within a day, but it is worth noting that these responses only appear to come during business hours. However, we did get some answers over the weekend.
If you'd rather troubleshoot your own issues, you can find the pCloud FAQ section in the footer of any page on its website. The FAQ is pretty thorough, and contains answers to lots of the most pertinent questions a customer might have, as well as details about different areas of the service. These included answers relating to the encryption provided by the service. Unfortunately, we found that these answers were a bit lacking when it came to technical details, which would be useful for judging the efficacy of the security provided by the platform.
pCloud also maintains its very own blog, containing articles about all sorts of features and how to use them. We found these articles to be well-written and dependable, especially if you're looking to learn how to get the most out of the service.
Conclusion
pCloud is easy to use and its availability for multiple platforms is sure to make it a worthy storage provider for many people. However, for the more paranoid among you, its US-based server center and proprietary encryption may be enough to turn you off.
The fact that the service is closed-source is problematic because it means you can't be 100% certain about what it is doing with your data. As is always the case, whether pCloud is for you will largely depend on your own personal threat model.
The lack of end-to-end encryption for all uploads means that you aren't getting complete security 100% of the time. And, because you can't use the E2EE Crypto feature for files that you intend to share with fellow contacts; this service is not suitable for secure file sharing.
To be fair on the service, the availability of end-to-end encryption makes it better than some of its mainstream competitors. However, if you are looking for a completely zero-knowledge service with secure sharing; we recommend looking elsewhere.
On the other hand, if you just want to store files online securely and aren't particularly worried about E2EE – then this service is definitely worth considering (and seems suitable for 99% of people's needs). Plus, it makes sharing files via a link extremely easy!
0 User Reviews
Leave a Review
Thanks for your review!
8 Comments
Write Your Own Comment
Your comment has been sent to the queue. It will appear shortly.
de Vries
Web Me Tools
Adrian
stefanon