Sync.com review - A private cloud storage service

Sync.com is a Canadian online backup and cross-platform syncing service with a strong focus on privacy. In this Sync.com review take an in-depth look at each aspect of this cloud storage service.

Pros

  • Strong end-to-end encryption
  • Syncs beautifully across devices and platforms
  • Vault allows 100% online storage (but could be improved)
  • Fully featured mobile apps
  • File versioning

Cons

  • Canada is a Five Eyes member 
  • Apps are not open-source (although web portal is)
  • We found mobile camera upload feature rather clumsy
  • No Linux support

Pricing

The Sync Starter plan costs everyone’s favorite price: nothing. This gives you 5 GB of secure file storage. As a point of comparison, Dropbox hands out a rather measly 2G storage for free, while Google Drive provides a very generous 15GB storage for free.

Personal Pro plans for personal and family use start at 500GB storage, but this is expandable up to 2TB. One potential catch is that plans must be paid for annually, as there is no monthly payment option. That said, the 2TB price per year, in particular, represents good value for money. 

Signup for sync.com

The free plan provides access to most features, but there are some features which are only available to Personal Pro members.

Various business plans are also available but are not the focus of this review.

Payment can be made by card or PayPal. Sync.com also accepts potentially anonymous payment in Bitcoin/Bitcoin Cash, which is processed by BitPay. 

Features

  • Unlimited data transfer (Personal Pro accounts only)
  • Zero knowledge
  • Real-time backup and sync
  • Sync Vault
  • Two-factor authentication (2FA)
  • Cross-platform support with mobile apps
  • File versioning (limited to 30-day rollback for Sync Starter accounts)
  • Password protected link sharing
  • Advanced share controls (Personal Pro accounts only)
  • File requests (Personal Pro accounts only)
  • Shared folders (Sync Starter users have only basic access to this feature)
  • Mobile photo and video upload

Sync Vault Online-only backup

Instead of syncing files across all devices, Sync.com’s Vault feature allows you to upload files only to the cloud. A local version of the file remains on the original device it was uploaded from, but it is not automatically synced to other devices unless you specifically opt to Sync offline.

This is a great feature for those with limited disk space on some of your devices, allowing you to access files easily without the need to download your entire Share Folder to every device. It is worth noting here that on mobile devices all files are stored online-only until actively downloaded or synced locally (“Sync offline”).

File versioning

Sync.com stores saved versions of files so that you can recover them if they become corrupted, infected by a virus (such as ransomware), or if you just want to access a historical version of that file. Free users can only recover files up to 30 days old, while Personal Pro accounts have no time limit.

Link sharing

Individual files can be shared using a link which can be deleted at any time. Even free users can set a password for the share, although Pro users enjoy a bunch of additional link features such as expiry dates, download limits, document preview, email notifications of activity, and more.

Link sharing

One feature we really like is file requests, which allows you to send an upload link so that recipients can send documents to your account without the shared access features of a team folder.

Shared team folders

You can share a team folder with others. On free accounts, team members can read and edit all files in a shared folder, although Pro accounts allow you to specify read-only permissions. Team members must sign up for a Sync.com account if they don’t already have one, although a free account is all that is needed to access a shared folder.

sharing team folders

Cross-platform

Apps are available for Windows, macOS, Android, and iOS. Linux is not supported. On desktop platforms, the apps primarily just sync specified folders to the cloud, with more detailed management performed via the web interface which can be accessed on any platform which supports web browsing.

copy to sync vault from desktop

The Windows (but not macOS client) features some basic OS integration features. The mobile apps do not sync files to local storage by default, although you can choose to do this.

Mobile photo and video upload

The mobile apps can auto-upload photos and videos to the cloud, which is a very useful feature. If you want to upload existing media stored on your device, though, the app will upload everything it finds as there is no way to exclude specified folders.

sync.com mobile app

In our case, this meant it used up precious bandwidth and storage capacity uploading big movie files intended only for use on our phone. We were also unable to prevent it uploading our library of 2000+ photos except by disabling the feature altogether. 

Privacy and security

Jurisdiction

Sync.com and its servers are based in Canada and are presumably covered the Personal Information Protection and Electronic Documents Act (PIPEDA) data privacy legislation. This gives customers the right to access personal information held by Sync.com, and requires Sync.com to ask permission before collecting, using, or disclosing information to a third party. 

The Sync.com privacy policy appears to adhere to PIPEDA and affirms Sync.com’s commitment to privacy. It does admit, however, that the company will disclose information when required to by law, which brings us to the fact that Canada is a core member of the United States NSA-led Five Eyes spying alliance

This situation is not helped by the highly controversial 2015 Anti-terrorism Act (Bill C-51) which greatly expanded the Canadian Security Intelligence Service (CSIS)’s surveillance powers and gave it sweeping powers to hack or otherwise access any internet-connected device (which presumably includes cloud storage servers).

Additionally, there is the 2014 Protecting Canadians from Online Crime Act which requires police to have "reasonable grounds for suspicion" in order to obtain a warrant to access online data, but the bar for which has been criticized as being very low.

In theory, none of this should matter very much as Sync.com uses end-to-end encryption (e2ee)…

Technical security

E2ee means that you encrypt files on your computer or mobile device before uploading them to the cloud, and only you can decrypt them. In other words, whatever the legal situation might or might not be, Sync.com (or the NSA) simply cannot access your data. This is why it claims to be a “zero-knowledge” service. 

Data is encrypted using as AES-256-GCM cipher which is secured with an RSA-2048 private key and your password. PBKDF2 key stretching with a high iteration count is used to help make weak passwords more cryptographically secure.

Encrypted private keys are stored on Sync.com’s servers and downloaded by the apps or web panel after successful authentication. This requires a password, but this is one-way hashed using Bcrypt and is never stored. Sync.com never has access to your private key or your actual password, which is used to decrypt files locally.

The web panel is open-source and uses the latest JavaScript cryptography libraries. As with all browser-based cryptography, however, there is a danger that malicious code could be pushed from the server which your browser will automatically accept.  Additional details are available in a white paper, and all looks good. 

Not open source

The problem, however, is that apart from its web portal, Sync.com’s apps are all closed source. There is no way to independently check that files are, in fact, e2e encrypted before being uploaded.

Ease of Use

Signing up with a valid email address and password gets you to access to the 5GB free service. Just download and install the apps, and off you go! You can upgrade to a premium account from within the web portal. 

The Desktop clients

Bar minor OS interface differences (and the fact that the Windows client has some OS integration features, as discussed above), the Windows and macOS clients are more or less identical. It's fantastic support for Mac users makes this one of the best cloud backup services for Mac users.

Sync.com for windows and Mac

They basically just keep your Sync Folder synchronized with other linked devices’ Sync Folders and your online storage. More advanced features are accessed via the web portal.

sync.com control panel advances settings

It is worth noting that files stored in the Sync Vault cannot be accessed via the desktop Sync Folder - only through the web portal. This is something of a shame, as features like Dropbox’s new Smart Sync, which shows files in your Sync Folder but only downloads them locally when needed, are very handy.

The web portal

The open source web portal is the beating heart of this product and provides access to the full range of Sync.com’s features. Here you can easily upload files to the Vault, create shared folders, monitor file shares, and more.

the sync.com web portal

The mobile apps

The Android and iOS apps provide access to almost all of Sync.com’s features, including direct access to the Vault, share monitoring, and more. The only thing we could spot missing is the ability to create team share folders.

sync.com android app

Files and folders can be synced or simply downloaded locally. 

Final thoughts

Sync.com is a very slick and easy-to-use cloud storage solution which uses robust end-to-end encryption for maximum privacy. Its mobile apps, in particular, are refreshingly fully featured after our disappointment with the read-only SpiderOak mobile apps. We did end up having to disable photo uploads, though, which wasn't ideal.

NSA-style surveillance is not a concern for everyone, but we can’t help wishing this wasn’t a largely closed source service based in Canada. 

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at ProPrivacy.com. Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.