Search the Dropbox Watchdog archive
Comparison
Who can actually read your files, where the company sits legally, and how its track record compares. A starting point for an informed choice — not an endorsement.
How does Dropbox compare with the alternatives on the things this archive cares about — who can read your files, where the company sits legally, and its track record? The table is a starting point for an informed choice, not a verdict; every provider has trade-offs between convenience, ecosystem, price, and privacy.
| Provider | Can they read your files? | Zero-knowledge by default? | Encryption model | Legal jurisdiction | Notable incidents | Transparency report | Free tier |
|---|---|---|---|---|---|---|---|
| Dropbox | Yes | No | Server-side encryption with Dropbox-held keys (core sync). Optional end-to-end encryption for some Teams folders since 2024–2025. | United States (CLOUD Act applies) | 2012 breach (68M credentials); 2024 Dropbox Sign breach; 2022 GitHub repo theft | Yes | 2 GB |
| Google Drive | Yes | No | Server-side encryption with Google-held keys; client-side encryption available only on some Workspace tiers. | United States (CLOUD Act applies) | No single mass Drive breach; data-access concerns center on ad-tech profiling and account-takeover at scale | Yes | 15 GB (shared across Google services) |
| Microsoft OneDrive | Yes | No | Server-side encryption with Microsoft-held keys; 'Personal Vault' adds 2FA gating, not zero-knowledge. | United States (CLOUD Act applies) | Tied to broader Microsoft identity incidents (e.g. 2023 Storm-0558 token forgery affecting Microsoft cloud) | Yes | 5 GB |
| Apple iCloud | Optional | Optional | Server-side by default, but Advanced Data Protection (opt-in) makes most categories end-to-end encrypted. | United States (CLOUD Act applies) | 2014 'Celebgate' (targeted phishing/credential attacks on accounts, not a server breach) | Yes | 5 GB |
| Proton Drive | No | Yes | End-to-end / zero-knowledge by default; Proton cannot read file contents. | Switzerland (outside CLOUD Act; strong privacy law) | No major breach reported | Yes | Up to ~5 GB |
| Sync.com | No | Yes | End-to-end / zero-knowledge by default for stored files. | Canada | No major breach reported | Limited | 5 GB |
| Tresorit | No | Yes | End-to-end / zero-knowledge by default; ISO 27001, HIPAA, external audits. | Switzerland / EU | No major breach reported | Limited | Limited free / trial |
| MEGA | No | Yes | End-to-end / zero-knowledge by default; open-source clients. | New Zealand | No major breach reported | Limited | Up to ~20 GB |
| Internxt | No | Yes | End-to-end / zero-knowledge by default; fully open-source. | Spain / EU (GDPR) | No major breach reported | Limited | ~10 GB |
| pCloud | Yes | Partial | AES-256 at rest with pCloud-held keys by default; zero-knowledge ONLY in the paid 'Crypto' folder. | Switzerland (company); EU/US data regions | No major breach reported | Limited | Up to ~10 GB (not zero-knowledge) |
Dropbox. The subject of this archive. Mature sync and broad integrations, but a US-jurisdiction, provider-holds-the-keys model with a documented incident history.
Google Drive. Deep ecosystem and generous free tier, but an advertising-driven company with the same US-jurisdiction, provider-holds-keys posture.
Microsoft OneDrive. Best for Microsoft 365 users; same provider-holds-keys model and US jurisdiction.
Apple iCloud. Strong if you enable Advanced Data Protection and live in the Apple ecosystem; weaker as a cross-platform file-sync tool.
Proton Drive. Privacy-first: the provider genuinely cannot read your files. Fewer integrations and a smaller ecosystem than Dropbox.
Sync.com. A close functional substitute for Dropbox's folder-sync with zero-knowledge encryption; less third-party app integration.
Tresorit. Zero-knowledge built for regulated businesses (healthcare, legal, finance); pricier, with compliance tooling and data-residency choice.
MEGA. Largest free zero-knowledge tier; you manage the recovery key. Some skepticism from its early corporate history (since divested).
Internxt. Fully open-source and zero-knowledge under EU law; smaller/younger, with lifetime-plan options.
pCloud. Lifetime pricing is the draw, but by default pCloud holds the keys like Dropbox; zero-knowledge costs extra and only covers the Crypto folder.