Tresorit Review

Tresorit is one of the top-rated cloud storage solutions available, with privacy and security firmly at the forefront.

Based in Switzerland, the service offers near-unparalleled levels of privacy across the board thanks to the country's strict federal laws and regulations. According to the company itself, Tresorit's security is unbeatable, gaining the trust of 10,000 organizations across the world. This is regularly tested by the experts from the most renowned institutions, with each unable to break the encryption.

There's a lot to love about this cloud storage solution, but there were also a few things that had us asking questions. Keep reading to find out what makes Tresorit brilliant, and where we think it can do better.

Our Score
4 / 5
Pricing
$10.42/mo - $24.00/mo
Free option
Available
Country
Switzerland
Visit Tresorit

Pricing

Tresorit has multiple packages suited to personal, professional, and business users. Pricing covers all ends of the market, with features scaling to match the increase. All tiers include 2-factor authentication, built-in end-to-end encryption, Outlook integration, password protected sharing, and a zero-knowledge policy that means Tresorit promises to keep its hands firmly off the encryption keys.

Personal plans

Tresorit pricing on their website

If you want to keep yourself protected, why not try the premium plan for a fantastic 500GB of storage? Alternatively, you could opt for the more expensive option for 5x more storage and additional control over your documents. While I can't fault the pricing in terms of storage, it's surprising to see maximum file sizes on a premium service, especially on its most expensive (individual) plan. On that note, for the same cash, you may as well opt for one of the business plans and get much more for your money...

How each plan differs and what features you get

Businesses plans

Tresorit business plan pricing levels

It's clear to see that this is where Tresorit is focusing its efforts – offering fantastic prices and functionality to reel in big businesses. The jump in maximum file size compared to price between the individual and business cloud backup plans is jaw-dropping, to say the least. Add to that features like Content Shield (which gives users more control over their sharing), and it's hard to say no to such a plan.

The difference for the business plans

The good, the bad, and the rather confusing

There's a lot of excellent choices for businesses to take advantage of with Tresorit, and it's definitely a solution I'd recommend for businesses. However, the features offered on such large scales are not available to the individual and come in at pretty much the same price as a personal plan. For $24/month you can get 2.5TB of storage, a maximum file size of 10GB, and a few nice features on your individual plan. Or, you can get loads of features, controls, a whopping 20GB maximum file size with a business plan, and all for the same cost.

Which raises the question: why aren't these options available for individual users if they're the same price?

On the one hand, this is an affordable option for businesses and offers a lot of functionality. But on the other hand, it's an overpriced and under-featured tool for individual buyers looking to secure the best cloud storage solution. It'd be nice to see Tresorit bring these individual prices down, or improve the feature availability for individual users moving forward. The biggest positive for pricing, however, is that Tresorit offers a free trial for almost all of its plans!

Features

File versioning

There are a number of reasons a user might need to restore their file to a previous version, from multiple users making unwanted changes to malware threatening your system. Tresorit keeps track of each file's version history, allowing users to regain access to previous iterations. It's worth noting that the feature is on a per-file basis and cannot be done with an entire folder, which could be time-consuming in some circumstances.

Please Note

If a file is deleted permanently, then there is absolutely no way to get it back.

 

File sharing support

It's incredibly easy to share files with others when using Tresorit. Members can directly invite others to join a folder or gain access with a link. Joining the folder via email requires the recipient to register to Tresorit, but anyone with access to a linked version can view the folder.

Total control over file sharing

As part of the Tresorit Content Shield, administrators can impose a number of restrictions on these links in the name of security, such as making password protection mandatory, requiring emails to be verified before accessing, setting an expiry date, or limiting the usage on the link itself.

I was happy to hear that Tresorit recently increased the level of control offered to users. If you don't want whoever you're sharing files with to have the option to print or download what you're sending them, simply click Link settings and select Advanced settings to take full control over the file you're sending.

Image sharing feature

Need to edit the link to send it to someone else? Don't worry, just click on Shared links, right-click on the document in question, and select Edit.

Tresorits shared links settings

To test this new functionality, I sent a photo through Tresorit's share through link functionality to our Head of Commercial, Andor over in Hungary. I edited the settings so there would be a watermark, password protection, and so the image could not be downloaded or printed.

While all of this worked as intended, we noticed that Andor was able to screenshot the image (below) regardless of these protections.

Our writer Andreas sharing a watermarked image of him with a sheep

*The circled text at the top says "You don’t have permission to download or print this file."

So, if you're sending sensitive files and/or images, and don't want to risk them being leaked through a screenshot, I'd recommend considering other sharing options. We tested this on both mobile and desktop and found that I could screenshot both linked files.

Cross-platform

Tresorit has an incredibly wide selection of support, each able to synchronize folders and add something to the mix. Desktop applications are available for Windows, macOS, and Linux. Mobile applications include Android and iOS, but Tresorit no longer supports Windows phones. Of course, users can always access the dashboard via web browsers. As expected, notifications are always sent out to the master email address when a new log-in is made, allowing administrators to keep track of accepted devices and users.

OS integration

Tresorit integrates with Windows via right-clicking and Android in its Share menu. The 'Convert to Tresor' option does what it says on the tin, uploading the file or folder straight to Tresorit. 'Share (Create link)' automatically uploads it to the platform as its own Tresor, generating a link for other people to view the folder with. You can set all the different parameters to keep the folder private and secure before finalizing it.

tressor feature generating a link to a folder to share with other people

Privacy and security

Jurisdiction

Jurisdiction isn't hugely important to a zero-knowledge company that washes its hands of any compromising data, but it can provide reassurance should anything mess up.

Although Tresorit has a number of secure Microsoft Azure data centers across Ireland, UK, Germany, Switzerland, France, the US, Canada, the Netherlands, Singapore, and Dubai, the company is Swiss and therefore primarily within the jurisdiction of Switzerland. This is deliberate, as the Hungarian founders praise Switzerland's stance on neutrality, privacy, and the protection of customers.

 

Want to know where you can store your documents?

Tresorit offers data residency options in:

Zero-knowledge

The company promises zero-knowledge across the board and was even certified by EY, meaning that even Tresorit can't see the content of your files. For security reasons, Tresorit does not even store passwords. This means that there is no recovery system in place for the master password but, in turn, it provides yet another layer of security.

Business and Enterprise users gain access to Advanced Control, which does allow admins to restore user passwords.

Technical security

Tresorit claims it would "take much more than a human lifetime to crack even one Tresor thanks to its use of industry-standard security algorithms".

The transaction starts by encrypting data with an AES-256-CFB cipher on the client-side, which is then authenticated with RSA-2048 signatures and hashed with HMAC-SHA-512 for integrity.

A TLS tunnel is then established between the client machine and the cloud to ensure complete security when uploading and downloading. Finally, this is authenticated with the user's digital signature, which mimics the remote directory structure on the client-side to prevent remote attacks.

Of course, all of this is further protected when enabling 2-factor authentication on any device with access to Tresorit.

Issues

Browser Cryptography

Correcting a previous version of this review, Tresorit does not use outdated JavaScript cryptography in its browser version but a WebCrypto API instead. The company told us that key generation is handled by platform-native CSPRNG, which is more secure than its predecessor. The client itself verifies resources with Subresource Integrity and mitigates data injection attacks through a measure known as Content-Security Policies.

While this does help to enforce the zero-knowledge policy that Tresorit swears by and makes the browser version similarly secure to its desktop and mobile counterparts, there is one big 'but'.   

Although Tresorit has emphasized its legal obligation to uphold encryption standards across all platforms, the web is still not the most secure application delivery platform and requires the user to implicitly trust those in control of a server. The company's willingness for communication is admirable and I am in no way accusing Tresorit of pushing intrusive or malicious code, but without any means of verification and past incidents with other companies colluding with government officials regardless of the law, I prefer applications over browser-based interaction.

Closed-source

Due to the nature of closed-source applications, it's impossible to take a peek under the hood in order to confirm Tresorit's lofty claims. Despite this, the company is often welcoming when it comes to putting its security and privacy to the test, orchestrating numerous competitions that challenge world-renowned experts to crack their data encryption methods.

Ease of use

Using Tresorit is as simple as logging into the web browser version or downloading and signing into one of the supported applications. The user interface is incredibly clean and I especially appreciate that the tutorial checklist is optional and extremely intuitive.

The tresorit browser app

Desktop (Windows 7+, macOS, and Linux)

The first thing that Tresorit recommends is to download the application to the desktop. Regardless of the version, the next step is to create a new "Tresor". This is a cloud-based folder that can be synchronized across connected devices if the user chooses. 

Sharing a folder is particularly easy with options showcased to the right-hand side. Alternatively, users can right-click the file or folder within Tresorit and select 'Share'. The layout is identical across all desktop-based operating systems, including the Admin Center tab redirecting users to their default browser.

the sharing folder

Mobile (Android and iOS)

The mobile version of Tresorit is similar to its desktop counterpart, albeit slightly simplified. It enables access to all Tresors to upload and download any folder chosen.

Android and iPhone Apps

Image note:

I tried to screenshot Tresorit's interface on my mobile (Android) to include it in the review update, but was blocked by the app and received the following message:

Can't take screenshot due to security policy

Fortunately, the app still looks the same as it did when we last got a screenshot of it, but this means I can't show any of the new features of the mobile app from our tests (nor can I show the mobile app's rather lovely dark mode).

Unfortunately, the mobile application isn't currently able to synchronize with folders created on smartphones and tablets, meaning there's a lot of manual work to keep on top of back-ups. It does, however, back-allow uploads from the device's camera automatically. 

Browser

Tresorit offers a mostly complete version of its services on browsers, although Sync and Direct File Open are not available at this time. Users can directly access the Admin Center, allowing administrators to see what devices and users are connected, add 2-step verification, customize branding from logos to color schemes and change various settings. As mentioned in the Browser Cryptography section, this isn't as secure as the applications.

accessing tresorit though the browser

Final thoughts

Tresorit is one of the most feature-rich cloud services available, with privacy enthusiasts sure to celebrate its neutral Swiss base of operations. Although the company does manage to cater to most ends of the market, it is undeniably a pricey offering compared to the competition, with some features confined to higher business packages. This is a real shame, and I definitely think it will put off a lot of personal users. However, if you're looking for a cloud storage solution for your business, then Tresorit is definitely a worthy investment.

There is a wide range of support for current and obsolete operating systems, all of which are equally sleek in aesthetic and performance. The lack of mobile synchronization is forgivable when comparing it to the rest of the market, which similarly omits such a feature, but I can't help but hope this changes in the future.

All in all, you certainly get what you pay for – which is a highly secure, highly private alternative to Dropbox and Google Drive. This is backed by a reliable customer support team that endeavors to answer queries in a timely manner. In particular, I recommend pairing Tresorit with a reliable password manager to make the most of securing your files.

Likes

Dislikes

  • Not open-source
  • Some features are locked behind a large price tag
  • Link sharing does not prevent screen-shots
  • Not as many features for individual users
  • An expensive option for personal use.

Written by: Andreas Theodorou

Andreas is Content Editor at ProPrivacy.com. Having graduated with a first-class BA (Hons) in English, he completed a Master of Research degree at Liverpool John Moores University and has continued to pursue research at every opportunity. Andreas started as a Tech Writer/Expert Reviewer at ProPrivacy before stepping up as Content Editor. A devout researcher, wordsmith, and foodie, he can usually be found at his computer, in the kitchen, or tinkering with (what used to be) a car.

7 Comments

M
on September 5, 2020
Reply
I just checked the Tresorit webpage, and the premium plan for individual is now 12.50/mo, which is a steep price hike...
JP
on February 22, 2020
Reply
I have a question. The "service" I currently use creates a temporary file of each file that gets uploaded. Even though I have 178GB of free space on the drive where temp files are created, for some bizarre reason, the app won't upload any more files -- none, regardless of size! Do you know if this occurs with Tresorit?
https://cdn.proprivacy.com/storage/images/proprivacy/2019/05/member-damienjpg-avatar_image-small.png
Damien Mason replied to JP
on February 24, 2020
Reply
Hi JP. I am not sure what you mean, but I have not encountered any problems when using Tresorit. What I can suggest is trying out the service and making a decision within the 14-day money-back guarantee. Tresorit's customer service has also been relatively reliable, and should be able to help you if you do come across any issues.
Harry
on January 1, 2020
Reply
In the section on jurisdiction, it’s worth adding the service uses a .com domain name which is not in a Swiss or Hungarian jurisdiction.
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to Harry
on January 2, 2020
Reply
Hi Harry, Um... not really. The use of .com domains by international companies is so common that it has no real meaning when it comes to jurisdiction.
Andy replied to Douglas Crawford
on March 13, 2020
Reply
Hi Damien, I am choosing between Sync.com and Tresorit. If you compared these services that would be just great!
https://cdn.proprivacy.com/storage/images/proprivacy/02/member-dougjpg-avatar-image-default-1png-avatar-image-default-minpng-avatar_image-small.png
Douglas Crawford replied to Andy
on March 16, 2020
Reply
Hi Andy. If it helps, we also have a Sync.com Review.
Show More Got Something to Say?

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: