Skip to content

Answers/The problem queries

How to store files in Google Drive so that Google can't read them

Google Drive encrypts files at rest and in transit, but Google holds the key. That means Google — or anyone who compels Google — can read the files. If you want Drive to be a dumb, encrypted backup, you need to encrypt the files on your machine before they sync, using a key Google never sees.

What Google's encryption actually protects against

Server disk theft, in-transit interception, and casual employee access. It does not protect against legal process, an internal breach with key access, or Google itself. That is the honest picture.

Client-side, before upload

Encrypt the folder into a single sealed bundle on your machine. Put the bundle in Drive. Drive syncs an opaque file. You unseal it locally when you need the contents.

Elba does this without an install. Open the HTML file, seal your folder, drop the bundle in Drive. The passphrase is never uploaded and never leaves the browser tab.

Questions people actually ask

Can I still preview files in Google's web UI?
No — Google sees only ciphertext. Preview requires unsealing on your machine. That is the tradeoff of real client-side encryption.
Does this work for shared files?
Yes, if you share the passphrase over a different channel. If you need Google Docs collaboration, you cannot have both — pick per file.

Take the island

Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.

  1. €49MMXXVI· now ·
  2. €39MMXXVII2027
  3. €29MMXXVIII2028
  4. €19MMXXIX2029
  5. FreeMMXXX2030

the price falls each year · free to all 1 jan 2030

pay once · no account · nothing leaves

Related answers