Answers/The problem queries
How to store files in Google Drive so that Google can't read them
Google Drive encrypts files at rest and in transit, but Google holds the key. That means Google — or anyone who compels Google — can read the files. If you want Drive to be a dumb, encrypted backup, you need to encrypt the files on your machine before they sync, using a key Google never sees.
What Google's encryption actually protects against
Server disk theft, in-transit interception, and casual employee access. It does not protect against legal process, an internal breach with key access, or Google itself. That is the honest picture.
Client-side, before upload
Encrypt the folder into a single sealed bundle on your machine. Put the bundle in Drive. Drive syncs an opaque file. You unseal it locally when you need the contents.
Elba does this without an install. Open the HTML file, seal your folder, drop the bundle in Drive. The passphrase is never uploaded and never leaves the browser tab.
Questions people actually ask
- Can I still preview files in Google's web UI?
- No — Google sees only ciphertext. Preview requires unsealing on your machine. That is the tradeoff of real client-side encryption.
- Does this work for shared files?
- Yes, if you share the passphrase over a different channel. If you need Google Docs collaboration, you cannot have both — pick per file.
Take the island
Elba is one HTML file. It runs locally in a Chromium browser, seals a folder with AES-256-GCM, never phones home, and becomes open source on 1 January 2030.
- €49MMXXVI· now ·
- €39MMXXVII2027
- €29MMXXVIII2028
- €19MMXXIX2029
- FreeMMXXX2030
the price falls each year · free to all 1 jan 2030
pay once · no account · nothing leavesRelated answers
- How to keep files private from the cloud sync client that watches your whole disk
Dropbox, iCloud, and OneDrive clients have broad filesystem access. How to have a folder they cannot read — even when the client is running.
- Encrypt files *before* they reach Dropbox, iCloud, or OneDrive
The right moment to encrypt is on your machine, before the file ever sees a sync client. A minimal workflow, and where it breaks down.