- Zero-knowledge encryption
- Based in Switzerland
- Client-side integrity protection
- GDPR compliance guides for businesses
- 2-factor authentication
- Good cross-platform support
- File versioning
- Not open-source
- Some features are locked behind a large price tag
Tresorit has multiple packages suited to personal, professional and business users. Pricing covers all ends of the market, with features scaling to match the increase. Fortunately, all tiers include zero-knowledge, 2-factor authentication, built-in end-to-end encryption, and Outlook integration. Tresorit promises to keep its hands firmly off the encryption keys.
The premium personal tier is the cheapest, granting access 200GB of storage space for up to 5 separate devices, version recovery up to 10 versions and activity history spanning 90 days. The Solo package, aimed at freelancers and professional users removes the caps for version recovery and activity history while increasing encrypted storage to 2,000GB across 10 devices. This tier also allows the user to control permissions, share files with password-protected links and access logs for tracking.
Teams of users will want to turn their attention to the various business and enterprise offerings, which include most features outlined above. Whether you're looking for the ability to integrate the active directory, add digital rights management, wipe the system remotely, add admin APIs or play about with custom features, it's worth checking out the packages for yourself as there is a great disparity between them.
Tresorit offers a free package called Basic and also a free 14-day trial with a 7-day money-back guarantee on its Premium, Solo and Small Business packages. Those wanting to go all-out for the Enterprise tier will have to contact the company directly. Sadly, Tresorit doesn’t accept crypto currencies, payment methods include credit cards (Visa, MasterCard, and Amex) or PayPal.
- End-to-end encryption
- Completely cross-platform with folder synchronization
- Compliant with the latest ISO Standards
- File versioning
- File sharing support
- OS integration(Windows only)
There are a number of reasons a user might need to restore their file to a previous version, from multiple users making unwanted changes to malware threatening your system. Tresorit keeps track of each file’s version history, allowing users to regain access to previous iterations. It’s worth noting that the feature is on a per-file basis and cannot be done with an entire folder which could be time-consuming in some circumstances.
The company retains files even after they are deleted, which might concern privacy enthusiasts out there, but it does mean that you can restore deleted files should you change your mind.
File sharing support
It’s incredibly easy to share files with others when using Tresorit. Members can be directly invited to join a folder or gain access with a link. Joining the folder via email requires the recipient to register to Tresorit, but anyone with access to a linked version can view the folder. Administrators can impose a number of restrictions on these links in the name of security, such as making password protection mandatory, requiring emails to be verified before accessing, setting an expiry date or limiting the usage on the link itself.
Tresorit has an incredibly wide selection of support, each able to synchronize folders and add something to the mix. Desktop applications are available for Windows 7, 8, 8.1 and 10, macOS and Linux. Mobile applications include Android and iOS, with Windows Phone support ending in March 2018. Of course, users can always access the dashboard via web browsers. As expected, notifications are always sent out to the master email address when a new log-in is made, allowing administrators to keep track of accepted devices and users.
Tresorit integrates with Windows via right-clicking and Android in its Share menu. The ‘Convert to Tresor’ option does what it says on the tin, uploading the file or folder straight to Tresorit. ‘Share (Create link)’ automatically uploads it to the platform as its own Tresor, generating a link for other people to view the folder with. You can set all the different parameters to keep the folder private and secure before finalizing it.
Privacy and security
Jurisdiction isn’t hugely important to a zero-knowledge company that washes its hands of any compromising data, but it can provide reassurance should anything mess up.
Although Tresorit has a number of secure Microsoft Azure data centers across Ireland, UK, Germany, Switzerland, France, the US, and Canada, the company is Swiss and therefore primarily within the jurisdiction of Switzerland. This is deliberate, as the Hungarian founders praise Switzerland’s stance on neutrality, privacy and the protection of customers
The company promises zero-knowledge across the board and was even certified by EY, meaning that even Tresorit can’t see the content of your files. For security reasons, Tresorit does not even store passwords. This means that there is no recovery system in place for the master password but, in turn, it provides yet another layer of security.
Business and Enterprise users gain access to Advanced Control, which does allow admins to restore user passwords.
Tresorit claims that it would, "take much more than a human lifetime to crack even one Tresor thanks to its use of industry-standard security algorithms".
The transaction starts by encrypting data with an AES-256-CFB cipher on the client-side, which is then authenticated with RSA-2048 signatures and hashed with HMAC-SHA-512 for integrity.
ATLS tunnel is then established between the client machine and the cloud to ensure complete security when uploading and downloading. Finally, this is authenticated with the user’s digital signature, which mimics the remote directory structure on the client-side to prevent remote attacks.
Of course, all of this is further protected when enabling 2-factor authentication on any device with access to Tresorit.
While this does help to enforce the zero-knowledge policy that Tresorit swears by and makes the browser version similarly secure to its desktop and mobile counterparts, there is one big ‘but’.
Although Tresorit has emphasized its legal obligation to uphold encryption standards across all platforms, the web is still not the most secure application delivery platform and requires the user implicitly trust those in control of a server. The company's willingness for communication is admirable and we are not accusing Tresorit of pushing intrusive or malicious code, but without any means of verification and past incidents with other companies colluding with government officials regardless of the law, we prefer applications over browser-based interaction.
Due to the nature of closed-source applications, it’s impossible to take a peek under-the-hood in order to confirm Tresorit’s lofty claims. Despite this, the company is often welcoming when it comes to putting its security and privacy to the test, orchestrating numerous competitions that challenge world-renowned experts to crack their data encryption methods.
Ease of use
Using Tresorit is as simple as logging into the web browser version or downloading and signing into one of the supported applications. The user interface is incredibly clean and I especially appreciate that the Explore tutorial checklist is optional and non-intrusive.
Desktop (Windows 7+, macOS and Linux)
The first thing that Tresorit recommends is to download the application to the desktop. Regardless of the version, the next step is to create a new “Tresor.” This is a cloud-based folder that can be synchronized across connected devices if the user chooses.
Sharing a folder is particularly easy with options showcased to the right-hand side. Alternatively, users can right-click the file or folder within Tresorit and select ‘Share’. The layout is identical across all desktop-based operating systems, including the Admin Center tab redirecting users to their default browser. Currently, it seems as though Windows is the only platform to house OS integration.
Mobile (Android and iOS)
The mobile version of Tresorit is similar to its desktop counterpart, albeit slightly simplified. It enables access to all Tresors to upload and download any folder chosen. For security, the application prevents screenshots from being taken on mobile but we have snapped a picture to showcase what to expect.
Unfortunately, the mobile application isn’t currently able to synchronize with folders created on smartphones and tablets, meaning there’s a lot of manual work to keep on top of back-ups. It does, however, back-allow uploads from the device's camera automatically.
Tresorit offers a mostly complete version of its services on browsers, although Sync and Direct File Open are not available at this time. Users can directly access the Admin Center, allowing administrators to see what devices and users are connected, add 2-step verification, customize branding from logos to color schemes and change various settings. As mentioned in the Browser Cryptography section, this isn't as secure as the applications.
Tresorit is one of the most feature-rich cloud services available, with privacy enthusiasts sure to celebrate its neutral Swiss base of operations. Although the company does manage to cater to most ends of the market, it is undeniably a pricey offering compared to competition with some features confined to higher packages.
There is a wide range of support for current and obsolete operating systems, all of which are equally sleek in aesthetic and performance. The lack of mobile synchronization is forgivable when comparing it to the rest of the market, which similarly omits such a feature, but we can't help but hope this changes in the future.
Still, you certainly get what you pay for, which is a highly secure, highly private alternative to Dropbox and Google Drive. This is backed by reliable support that endeavors to answer queries in a timely manner. In particular, we recommend pairing Tresorit with a reliable password manager to make the most of securing your files.