ProtonBlog(new window)

How Proton Drive downloads your files without breaking encryption

diese Seite teilen

Whenever we develop a service, our goal is to make sure it does not leak or expose any of your information at any time to anyone, including ourselves. This is a radically different approach to most Big Tech offerings, where data collection is the true purpose of the service. This approach also means we often have to create entire new frameworks to handle what otherwise might seem like a simple function.  

In this article, we explain how Proton Drive downloads your files so that you receive them quickly while making sure your information remains private and encrypted, even from us.

How other cloud storage services download your files

Before we can explain how Proton Drive downloads your files, we’ll need to look at how most cloud storage services download files. 

In the early days of the internet, servers handled the vast majority of the “work” (data processing, encryption, etc.), and web apps did relatively little beyond relaying information to the user. 

As the internet developed, applications became more complex and handled more of the processing themselves on the user’s devices. While this allows for more functionality, it comes with a downside. Instead of being able to use the massive amounts of memory and computational power of a server in a data center, the application is bound by the amount of memory, features, and computational power of the device it’s running on.

Current app development is a balancing act between what tasks the server will handle and what tasks the client (or app) will handle. 

This brings us to your standard cloud storage service. The simplest way to fetch an encrypted file is to:

  1. Have the frontend client, such as your browser, initiate a request and have the backend server deal with it. 
  2. The backend server finds the files, creates an archive (if needed), and sends everything back to your browser as a file download. 

In this example, your cloud storage service’s backend server does most of the work. Your browser simply receives the file.

This system, while efficient and direct, requires the server to be able to decrypt your files. This simply does not meet Proton’s standard for privacy. 

Proton Drive decrypts files locally and doesn’t have access to your data

Our focus on privacy means we do not want any unencrypted data sent to our servers. Consequently, we have our client handle computational work that other cloud storage services can delegate to their centralized servers.

As a result, the way Proton Drive fetches files looks more complex. If the file being downloaded is small, a download on Proton Drive uses the following process:

  1. The frontend client (your browser) initiates the request.
  2. Proton Drive fetches all the related data and sends it in an encrypted state to your browser.
  3. Your browser (the client) decrypts the data, buffers it in memory, and creates an archive that’s then sent out as a classic download.  

This way, the Proton server never interacts with unencrypted data or the unencrypted keys that would allow us to decrypt your data. Your client (your browser) handles this entire process. This solution is fast, robust, and straightforward, and the user experience is nearly the same as a standard download.

While this file fetch system works, it is not scalable. We only do this with small files because the size of the file you can download is constrained by the device’s memory, which can vary from device to device. If you’re trying to download 10 GB of files on a device that only has 8 GB of memory, it will simply not work.

Proton Drive “streams” encrypted data to avoid memory constraints

If you want to download a large file (or a lot of files at once), Proton Drive uses another approach: a streaming solution with service workers, which are a type of web worker. A web worker is a web technology that’s used to do work in the background. They let browsers do heavy data processing without freezing or locking up. 

A service worker is a special type of web worker that also runs in the background, but it has an important ability: it can act as a proxy, essentially a “middle” layer that can be used for caching. As discussed earlier, a browser can’t create and download a stream without storing the entire file in its device’s memory. Using service workers allows us to work around this limitation. The process of downloading a large encrypted file (or many encrypted files at once) from Proton Drive looks like the following:

  1. The client (your browser) initiates the request.
  2. Proton Drive fetches all the related data and sends it in an encrypted state to a web worker on your browser.
  3. The web worker receives each bit of data, decrypts it, verifies the signature on the file(s), creates an archive (if it’s multiple files), and sends it along in a stream to a service worker. At no point is the entire download compiled or buffered, so it doesn’t matter how much memory your device has.
  4. The data then passes through the service worker in a streaming fashion and is sent to your browser as a standard download.  

This process is clearly more complex than normal file downloads, but we have done this extra engineering because we’re committed to your privacy. The use of encrypted data streams is an additional complexity, but an important one because it allows Proton Drive to handle much larger files than most other end-to-end encrypted cloud storage solutions. In fact, the only limit on the size of your download is the amount of storage that comes with your Proton Drive plan (and, of course, your device’s storage capacity).

This system led to a longer development time for Proton Drive, but it enables a more seamless user experience, with the download experience being virtually indistinguishable from unencrypted cloud storage services. 

Taking security to the next level with digital signatures

With Proton Drive, we don’t just encrypt your data — we also sign it. We have several signatures to protect our users from possible MITM attacks, including from us. These signatures prove that the data has not been altered, intercepted, or replaced. Checking those signatures on the fly is part of the streaming download process as well. 

If we discover an issue, such as a missing or incorrect signature (which could lead to a garbled file or is a sign of a tampered file), we’ll pause the download and show you a pop-up dialog that asks if you want to continue. 

Proton Drive – Better cloud storage for a better internet

As you can see, Proton Drive does not simply use the same technology as standard cloud storage services. Our focus on making sure you remain in control of your data at every step while also wanting to deliver seamless, fast service means we must build our own process from the ground up. This can make development tricky, but it’s what is necessary to build the world’s most secure and private cloud storage.

As always, we welcome your comments and suggestions on Facebook(new window), Twitter(new window), or Reddit(new window),

Bewahre deine Dateien privat auf und teile sie sicher
Proton Drive kostenlos holen

diese Seite teilen

Michal Hořejšek(new window)

Michal is the lead of the Proton Drive web team. He was a Python developer who focused mostly on backend development for many years, but fully encrypted services require a lot of logic moved to JavaScript. He takes it as a challenge to find clever solutions to make applications feel as natural as possible to the user.

Verwandte Artikel

Can you password-protect a folder in Google Drive?
en
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
en
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
en
  • Grundlagen der Privatsphäre
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
en
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
en
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
en
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
en
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail