Here's something most people don't think about: when you upload a file to WeTransfer, Google Drive, or Dropbox, the company running that service can see everything in your file. Your tax returns, your medical records, that contract you're sending to a client — all of it is readable by the service provider.

They probably won't look at your stuff. But they can. And that distinction matters more than you might think.

What "encrypted" actually means (and doesn't mean)

Most cloud services use encryption. They'll happily tell you about it on their security page. But there's a massive difference between two types of encryption that often gets glossed over:

Encryption in transit means your data is encrypted while it's traveling between your computer and the server. This is just HTTPS — the padlock icon in your browser. Every website worth anything does this. It stops someone on the same Wi-Fi network from snooping on your traffic, but the server receives your data in plain text.

Encryption at rest means your data is encrypted while stored on the server's hard drives. This protects against someone physically stealing a server. But the service still has the decryption key, so they can still read your data whenever they want.

End-to-end encryption (E2E) means your data is encrypted on your device before it ever leaves, and only the intended recipient can decrypt it. The server handles encrypted blobs it literally cannot read. Even if someone hacks the server, subpoenas the company, or if a rogue employee goes snooping — they get nothing useful.

Why this matters in practice

You might think "I have nothing to hide." Fair enough. But consider these scenarios:

• Data breaches happen constantly. If a service stores your files readable, a breach means your files are exposed. With E2E encryption, a breach exposes only encrypted data — useless without the key.
• Government requests. Companies comply with law enforcement requests. If they can read your data, they can hand it over. If they can't, there's nothing useful to hand over.
• Employee access. Most cloud services have employees who can access stored files for support, debugging, or "trust and safety" reviews. With E2E encryption, even employees with database access see only encrypted blobs.
• Business confidentiality. If you're sharing contracts, financial projections, or IP with a client, do you really want a third party to be able to read it?

How to tell if a service is actually end-to-end encrypted

This is where it gets tricky, because companies love to use the word "encrypted" without specifying which kind. Here's a quick test:

1. Can they reset your password and you still access your files? If yes, they have your encryption key. It's not E2E.
2. Can they preview your files in a web interface they control? If the server generates thumbnails or previews, it can read your files. Not E2E.
3. Is the encryption key in the URL or generated in your browser? If the key only exists on your device (or in a link you share), and the server never receives it, that's a good sign.
4. Is it open source? Can you actually verify that the encryption happens client-side? Trust but verify.

The trade-offs

End-to-end encryption isn't free lunch. There are real trade-offs:

• If you lose the key, the data is gone. There's no "forgot password" with true E2E encryption. The service literally can't help you recover it.
• No server-side processing. The service can't scan for viruses, generate previews, or index your files for search. Because it can't read them.
• Slightly more complex sharing. The encryption key has to get to the recipient somehow. Most E2E services embed it in the share URL.

These trade-offs are worth it for sensitive files. For your vacation photos? Maybe regular cloud storage is fine. But for anything confidential — legal documents, financial records, medical data, business IP — end-to-end encryption should be the default, not the exception.

The question isn't whether you trust a company today. It's whether you trust every employee, every contractor, every government request, and every future owner of that company, forever.