The private testing has started!

Blog What is zero-access encryption

Do you know your data can be accessed or sold by most, if not all, of your service providers or others at any time? Most people are unaware that their service provider has complete access to their data.

Shield with banned signs

Usually, you don't provide your private information to strangers because you know they may leak or misuse your data. When you save documents to Google Drive, photo albums to iCloud, or have intimate conversations using Facebook Messenger, you can trust that your data won't be abused.

However, more and more evidence indicates that your personal information may be abused or misappropriated. Such as Yahoo data breach and Facebook–Cambridge Analytica data scandal show data leakage can happen at any time.

Fortunately, this problem can be solved by using zero-access encryption now. Zero-access encryption protects your data at rest so well that even your service providers cannot access your data. There are several ways to encrypt data, but zero-access encryption is the best method to prevent other parties from accessing your data.

Zero-access encryption is a way to protect data at rest (when the information is stored in the server). Using this encryption method, even if hackers compromise your service provider's servers and steal your files, they are not able to decrypt your encrypted data. Zero-access encryption ensures that only the data owners have the technical ability to access and read their data.

How does zero-access encryption work?

Zero-access encryption ensures only your private encryption key can decrypt your data.

Once a user encrypts the data with the public encryption key, the service provider can no longer access the encrypted data (because the service provider's servers have no access to the private encryption key).

When data owners want to view their data, they request encrypted files from the servers and decrypt them locally on their devices instead of servers.

That's why zero-access encryption can prevent third parties (including service providers) from accessing users' encrypted data.

Zero-access encryption solves major security issues

Though zero-access encryption is an excellent way to secure your data, most service providers do not implement zero-access encryption for many reasons. One of the reasons is that they cannot sell your information to advertisers if they implement zero-access encryption.

Instead of using zero-access encryption, they use standard encryption (e.g. TSL) only, thereby retaining control of the encryption key. It is like using the lock itself to store its key, creating many vulnerabilities. Your data may be leaked if the service provider's servers get hacked.

Also, this method makes it possible for unethical employees or third parties to misuse your data. The service providers can allow any third party to access your data. At the same time, they can sell your data directly to advertisers.

Quote by Ted Hughes:

Nothing is free. Everything has to be paid for.

If you want to control your data entirely, stop using free email, and consider switching to Liverado. Liverado is a secure and encrypted email service that uses zero-access encryption to ensure users' data privacy. Even as the email service provider, Liverado cannot access your data. Zero-access encryption significantly reduces security and privacy vulnerabilities. In this way, the user's email content is still encrypted even if the Liverado servers are somehow damaged or compromised.

With $2 a month, you can own online privacy and security. You can stop to worry about your data being sold anymore.

Difference between zero-access encryption and end-to-end encryption

Liverado uses both zero-access encryption and end-to-end encryption to protect your data. To understand the difference, consider the following two scenarios:

An example of zero-access encryption

A Gmail user using the Gmail account sends an email to a Liverado account. When the message reaches Liverado, the servers can read the content because it was not end-to-end encrypted on the sender's side.

However, upon receiving the email, Liverado will immediately encrypt it with the public encryption key of the Liverado account owner. After that, only the account owner can decrypt the message.

Zero-access encryption is definitely essential to ensure good protection and prevent data leakage and privacy violations in the digital age.

An example of end-to-end encryption

A Liverado user uses a Liverado account to send an email to another Liverado user. Before transmitting the email to the Liverado servers and the recipient, the recipient's public encryption key is used to encrypt it on the sender's device. Therefore, the email is encrypted before it reaches our servers, and only the sender and the recipient can decrypt the email.

Though zero-access encryption can prevent the emails in a mailbox from being shared with third parties, the Liverado servers can still access the emails within a second before encrypting them.

End-to-end encryption is more secure because Liverado will never be able to see encrypted messages. For these reasons, we recommend that both parties use Liverado to take advantage of more robust end-to-end encryption to communicate with each other for highly sensitive conversations.

Ready to join Liverado? Start your free 14-day trial today.