Proton
Illustration of cloud storage

Centralized vs peer-to-peer (P2P) file storage

In 2017, hackers stole the private financial records of some 156 million people from servers belonging to Equifax, while the 2018 Facebook-Cambridge Analytica scandal revealed how personal data belonging to up to 87 million Facebook users was harvested without their consent.

A litany of high-profile data breaches has led to a growth of interest in peer-to-peer (P2P) cloud storage solutions. Instead of storing your data on centralized servers that can be hacked, these store multiple instances of your data on the drives of a decentralized network of other users. 

Several Proton users have asked us whether we considered a decentralized architecture for our end-to-end encrypted cloud storage service, Proton Drive(новое окно), which will be released later this year. 

In this article we will examine the pros and cons of P2P storage, and explain why we have opted for a centralized end-to-end encrypted security model instead.

For a technical overview of Proton Drive security, please see our Proton Drive security model(новое окно).

What is peer-to-peer (P2P) cloud storage? 

The classic centralized storage model is used by all the “big name” providers, including Google Drive, Dropbox, and Apple iCloud. Users’ data is stored on physical servers that are owned and operated by the cloud provider. 

This means that when you upload files to a centralized storage account, you upload them to a server center run by the service provider, and download them from the server center when you want to access them (or when they are synced across your devices). 

Illustration of Centralized Cloud Storage

Under the peer-to-peer model, there is no centralized server. Files are instead distributed and stored on the drives of different users. When you “download” a file, individual parts may be received from multiple sources (“peers”) and reassembled on your device.

Illustration of P2P Cloud Storage

Advantages of P2P

No single point of failure

Without a centralized server, there is no single point of failure for P2P systems. There is no one server that can suffer a catastrophic failure, accidentally burn to the ground, or be seized by a third party. 

Resistant to censorship

With P2P systems, your data is stored on the disks of multiple (possibly even hundreds of) people, who may be located all over the world. As demonstrated by the success of the P2P BitTorrent protocol, this makes P2P systems almost impossible to censor, block, or shut down, as there is no central organization which can be pressured or coerced.

Efficient

Downloading data from a P2P network can be very efficient when the recipient is able to obtain data from multiple sources (peers) simultaneously. 

Reduced infrastructure requirements

P2P storage does not need expensive centralized servers that require continual maintenance and monitoring. Files are instead stored on users’ devices. 

Advantages of centralized cloud storage

Lower latency, predictable performance

Many centralized systems use expensive high-speed server networks with enterprise-level internet connections. This is in sharp contrast to many P2P systems, where data is typically stored on users’ PCs with home internet connections.

It is also worth noting that while P2P networks can offer good performance in terms of throughput, this can come at a cost of latency, due to the fact that file pieces must often be retrieved from the other side of the world — and possibly even over dial-up connections — at substantial performance cost.

A centralized system, on the other hand, allows developers to design systems for maximum performance and provides a level of predictability that is simply not possible with a decentralized system in which a huge number of variables (such as the distance between users, each peer’s connection speeds, and device capabilities) are outside of anyone’s control.

Greater functionality

There are many useful features that users of traditional storage platforms take for granted that are very difficult, if not impossible, to implement using a P2P model. 

In the section below, for example, we discuss features that Proton Drive offers that are only possible using a centralized approach.

Why Proton Drive uses a centralized approach

Offering a centralized service instead of a P2P one is always going to involve some trade-offs. We recognize, for example, that the decentralized nature of the P2P model makes it highly effective at defeating censorship. There are, however, many compelling reasons for us to go with a centralized model.

Existing infrastructure

Proton Drive is built upon Proton’s existing infrastructure, which is both extensive and highly robust. It includes multiple redundancies, and data is stored at multiple geographically distributed locations across our server network. Even if one of our data centers were to be completely destroyed, no user data would be lost.

Resilience and fault tolerance are already built into Proton’s infrastructure, which we believe makes Proton Drive inherently much more reliable and less susceptible to technical faults than many P2P systems.

Our servers are also powerful, feature high-speed internet connections, and are completely under our control. This allows us to offer much greater performance and stability than P2P solutions can offer, while also providing scalability. 

End-to-end encryption

With data breaches hitting headlines with almost monotonous regularity, it’s clear that centralized servers are vulnerable to hacking. The difference with Proton Drive, however, is that all data stored on our servers is end-to-end encrypted, so even if the files are breached, they cannot be decrypted and accessed.

As with Proton Mail(новое окно) and Proton Calendar(новое окно), your data on Proton Drive is encrypted on your device before being uploaded to our servers, and only you can decrypt it on your device. This ensures your data is always safe from hackers, the authorities, and even from us.

Learn more about end-to-end encryption(новое окно)

End-to-end encryption is a key differentiator between Proton Drive and most other centralized services. Unlike Google, Dropbox, Microsoft, or Apple, we simply can’t access and hand over(новое окно) your files. 

One advantage of P2P systems is that their decentralized nature means there is no centralized server to break into or otherwise compromise. For us, however, this is simply not an issue. Our centralized servers hold the encrypted data, but the decryption keys are tied to user passwords that we do not know.

The resistance of any system to hacking is based on the security measure it uses. If a hacker can compromise a system, then it matters little if the system is centralized or decentralized. 

Proton is famous for taking security seriously. The robustness of our security practices and design principles are well-known, while our open source code is fully and independently audited for security issues. 

And, again, in the unlikely event that our systems were to be hacked, end-to-end encryption ensures your data will be safe anyway.

Based in Switzerland

The geographically distributed nature of P2P cloud storage systems makes them highly resistant to censorship. This is undoubtedly one of the strongest arguments in their favor. 

However, Proton has a high level of censorship resistance through legal protections and technical innovations, such as Alternative Routing(новое окно). Our company is based in Switzerland, a democracy with strong rule of law(новое окно), no ties to the United States-led Five Eyes surveillance network(новое окно), and it enjoys some of the strongest data privacy laws(новое окно) in the world. 

If one of our servers (or even all of them) were to be seized, the fact that all data is end-to-end encrypted so that not even Proton can see it ensures the adversary would be unable to access any of the files or other data stored on it.

Exciting features

Using a centralized model allows us to offer a wealth of features to our users that are simply not possible using a P2P model. These include:

Advanced sharing options

Proton Drive allows you to share individual files with multiple other users, assigning granular permissions (such as read-only, write-only) to each “Share.” 

Everything is encrypted

All data stored on Proton Drive is end-to-end encrypted. This means all the contents of your files are inaccessible to anyone but you. 

End-to-end encrypted sharing via URL

You can share files stored on Proton Drive with non-Proton users via a simple URL. The files remain end-to-end encrypted, so Proton never gets to see them. You can choose to include the password required to decrypt your files in the URL for ease of use, or you can share it via another means for maximum security. 

More information on these features can be found in our Proton Drive security model(новое окно) blog post. As with all our software, the Proton Drive clients will be made open source and submitted for third-party auditing in accordance with our usual roadmap. 

Zero-knowledge authentication

Proton Drive uses the same zero-knowledge authentication(новое окно) system that we use to secure Proton Mail accounts. This allows us to verify your password without ever knowing what it is or anything about it. If our servers were ever compromised then no password information could be stolen because there is nothing to steal.

The Secure Remote Password (SRP) protocol that we use to achieve this is also highly resistant to attempts to brute force the password, as each guess requires further interactions with our servers, which makes the entire process arduous (we also block IPs that make too many login attempts).

Easy access to your data from multiple devices

A centralized approach prevents synching conflict between multiple devices. 

Final thoughts

We are very excited about Proton Drive as we move toward the beta launch, and as a community-powered project we’re grateful to you for supporting this important addition to Proton services. With Proton Drive, we will be able to increase overall access to privacy, security, and freedom online by bringing more of our users’ data inside an end-to-end encrypted ecosystem. 

You can get a free secure email account from Proton Mail here(новое окно).

We also provide a free VPN service(новое окно) to protect your privacy. Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(новое окно). Thank you for your support.

Feel free to share your feedback and questions with us via our official social media channels on Twitter(новое окно) and Reddit(новое окно).

Статьи по теме

Proton Mail and Proton Calendar winter product roadmap
en
  • Новости о продуктах
  • Proton Calendar
  • Proton Mail
Preview upcoming updates to Proton Mail and Proton Calendar, including performance boosts, new features, and enhanced privacy tools.
Gantt chart displaying Proton Drive plans and development of new features
en
  • Новости о продуктах
  • Proton Drive
Discover the tools, features, and improvements coming to Proton Drive’s secure cloud storage and document editor this winter and spring.
laptop showing Bitcoin price climbing
en
  • Советы о конфиденциальности
Learn what a Bitcoin wallet does and the strengths and weaknesses of custodial, self-custodial, hardware, and paper wallets.
pixel tracking: here's how to tell which emails track your activity
en
  • Советы о конфиденциальности
Discover what pixel tracking is and how it works, how to spot emails that track you, and how to block these hidden trackers.
A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
  • Новости о продуктах
  • Proton Pass
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
en
  • Новости о конфиденциальности
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.