"End-to-end encrypted." "Zero-knowledge." "We can't see your files." Every secure-storage service says some version of this, and much of it is genuinely true. But there's a quiet distinction underneath the marketing that decides how much you actually have to trust — and it comes down to one question:
Where does the readable version of your file exist, and who could reach it?
Two models that sound identical
Zero-knowledge cloud services encrypt your files so that, in the normal case, only you hold the key. Done well, the provider genuinely can't read your data. But the architecture still involves uploading — your file (encrypted, ideally before it leaves your device, but not always) travels to and lives on the provider's servers. You're trusting their client code to encrypt correctly before upload, their servers not to be compromised, and their promises about keys.
Client-side (local) tools like FileX never upload at all. The file is encrypted, decrypted, redacted, or erased entirely in your browser or on your machine. There is no server that receives your file, so there's nothing on the other end to breach, subpoena, misconfigure, or leak.
Both can use the same cipher — AES-256-GCM — and still have very different risk profiles, because the cipher isn't what differs. The attack surface is.
Think in threat models, not adjectives
"Secure" is meaningless without asking against whom. Line up the realistic threats:
| Threat | Zero-knowledge cloud | Client-side / local |
|---|---|---|
| Someone steals your laptop | Protected (if locked) | Protected (if the file's encrypted) |
| Provider gets breached | Depends on their key handling | No file there to steal |
| Provider is compelled by a court | Ciphertext (and metadata) exists to hand over | Nothing was ever uploaded |
| Provider changes terms / shuts down | Your files are on their infrastructure | Your files were always only yours |
| A bug uploads plaintext by mistake | Possible | No upload path exists |
The pattern is clear: zero-knowledge reduces how much you trust the provider; client-side removes the provider from the picture entirely for the operation you're doing. You can't leak what you never collected.
The strongest privacy guarantee isn't "we promise not to look." It's "there was never anything on our side to look at." That's the difference between a policy and an architecture.
Where each one fits
This isn't "cloud bad, local good." They solve different problems:
- Cloud storage/sync exists to make your files available across devices and to others. That inherently requires the files to live somewhere reachable. Zero-knowledge is the right, responsible way to do that — and for genuine multi-device sync, you need it.
- Client-side tools exist to transform a file — encrypt it before you send it your own way, strip its metadata, redact it, erase it — without ever handing it over. When you don't actually need a server involved, involving one only adds risk.
The mistake is using a cloud service for a job that never needed the cloud. If you just want to password-protect a file before emailing it, uploading it to a web service to do that is backwards: the plaintext takes a round trip through someone else's computer for no reason.
How to tell what you're really using
Marketing won't always tell you. A quick test: watch the network. A truly client-side tool makes no upload request when it processes your file. FileX makes this checkable — a live monitor on the page shows bytes uploaded (0) and files sent to a server (0), and a strict Content-Security-Policy blocks any third-party request in the first place. You don't have to take the claim on faith; you can verify it.
Other signals:
- Does it work offline after loading? Local tools do; upload-based ones can't.
- Does encrypting a large file take as long as uploading it would? If it's instant regardless of size and your connection, it's local.
- Is there an account? Client-side tools usually don't need one, because there's no server-side anything to attach you to.
The takeaway
- Zero-knowledge cloud minimizes trust in a provider you still depend on — the right tool when files genuinely must live somewhere reachable.
- Client-side removes the provider from the equation for the task at hand — the right tool when a server was never actually needed.
- The best privacy property is architectural: no upload means no server-side copy to breach, subpoena, or leak.
- Don't take "we can't see it" on faith — prefer tools where you can watch that nothing left your device.
Want to encrypt a file before you send it, with nothing uploaded? Encrypt it in your browser — or drop a private message into an encrypted secret note. Both run entirely on your device.