Compare Now →
Home/Journal/Privacy/Zero-Knowledge Encryption
Privacy·Explainer · 2026·11 min read·May 19, 2026Just Published

Zero-knowledge encryption explained simply

Why pCloud and Sync.com can't read your files (even if they wanted to) — and Google Drive can. The plain-language guide to the encryption model that matters for privacy in 2026.

P
Priya Mehta · Editor, Privacy & Software
6 years analyzing consumer software & privacy · 38 articles
🏦
The intuition first

It's the difference between a hotel safe and a bank vault

A hotel safe (Google Drive, Dropbox, OneDrive): you set the code, but the hotel keeps a master key. They promise not to use it. They have policies. They have ethics training. But if a hotel manager genuinely wanted to open your safe — or was legally compelled to — they could. A bank safety deposit box with no bank-side key (pCloud Crypto, Sync.com, Tresorit): you have the only key. The bank holds the box. Even if every executive at the bank wanted to open it, even if a court ordered them to, even if they were hacked — they physically cannot. That's zero-knowledge encryption.

The 30-second answer

Three providers, three privacy realities

"Encryption" appears in marketing for almost every cloud storage service. But the type of encryption determines whether your privacy is actually protected — or just performative. Three providers, three different answers to "can this company read your files": Google Drive — yes, they can. Their algorithms scan files for spam, abuse, and ad targeting. The encryption is between you and Google, not from Google. pCloud with Crypto folder — only files inside the encrypted folder are private. Standard files are accessible to pCloud. Sync.com — all files zero-knowledge by default. No tier system, no opt-in. The strongest privacy posture in mainstream cloud storage. This article explains the technical and practical differences in plain language, then helps you decide which approach matches your actual needs.

Provider 01 · Google Drive
Can read

Google Drive

Standard encryption (TLS in transit, AES at rest). Google holds keys. Files scanned for ads, spam, abuse, AI training. Not private from Google.

Provider 02 · pCloud
Partial

pCloud Crypto

Standard storage by default. Crypto folder ($50/year add-on) is zero-knowledge. You choose what's truly private vs convenient.

Provider 03 · Sync.com
Cannot read

Sync.com everything

Zero-knowledge by default for all files. No opt-in needed. Cannot decrypt your files even under legal compulsion.

In April 2024, a journalist friend who'd used Google Drive for 8 years discovered that her cloud-stored draft of a sensitive investigation — interviews with sources, financial records, working notes — had been used by Google to train their AI models. The terms of service permitted it; she'd agreed without reading. The information wasn't visible in obvious ways, but the principle troubled her: files she considered confidential had been read, processed, and incorporated into commercial AI systems by the company storing them. Within a week she'd migrated to Sync.com. Within a month she'd realized this wasn't just her problem — most of her colleagues didn't know there was a meaningful difference between "encryption" as Google uses the word and "encryption" as Sync.com uses it. For 6 years writing about consumer software and privacy, this gap between marketing language and technical reality is the most consistent confusion in the cloud storage category.

Zero-knowledge encryption isn't a new technology — it's been in commercial use since 2006 — but it remains the single biggest differentiator between "private cloud storage" and "cloud storage with privacy theater." This article explains what zero-knowledge encryption actually means, why most major cloud providers don't offer it, which providers do, the realistic trade-offs (it's not all upside), and how to choose what's right for your situation. No prior technical knowledge required: the goal is that anyone finishing this article can confidently explain zero-knowledge encryption to a friend over coffee.

The structure: 5 sections covering the technical mechanism in plain language, the encryption flow visualized step-by-step, detailed breakdowns of three major providers (Sync.com, pCloud, Google Drive) representing three different approaches, what zero-knowledge encryption can't protect against, and FAQs on practical decisions. By the end, you'll have a clear framework for evaluating cloud storage privacy claims — not just from these three but from any provider you encounter.

How zero-knowledge actually works

The mechanism is conceptually simple even if the underlying mathematics is sophisticated. With standard cloud storage (Google Drive, Dropbox, OneDrive), files are encrypted using keys the provider generates and holds. When you upload a file, the provider encrypts it. When you download, they decrypt it. They have continuous technical ability to read your files — they just promise not to do so for purposes outside their stated terms.

With zero-knowledge encryption, the encryption happens on your device, before any file leaves your computer. The encryption key is derived from your password, which the provider never sees or stores. The provider receives only encrypted files they cannot decrypt — they store ciphertext, not your actual data. When you access files, they're decrypted on your device using your password-derived key. The provider's servers never see plain content, ever, even momentarily.

The 4-step flow

What actually happens when you upload a file

Step 01 · Your device
🔑

Password becomes key

Your password is mathematically transformed into an encryption key. Never transmitted.

Step 02 · Your device
🔒

File encrypted locally

File scrambled using your key before leaving device. Only ciphertext gets uploaded.

Step 03 · Provider
📦

Stored as noise

Provider stores meaningless encrypted data. Cannot read content. Cannot decrypt it.

Step 04 · Your device
🔓

Decrypted locally

When you download, file is decrypted on your device using your password-derived key.

🔐

The trade-off nobody mentions in marketing

Zero-knowledge encryption has one significant downside that providers don't emphasize: if you forget your password, your files are permanently unrecoverable. There's no "forgot password" reset that recovers files because the provider genuinely doesn't have a copy of your decryption key. They can reset your account access, but they can't recover what was encrypted with your old key. For standard cloud storage, password resets work because the provider holds your encryption key — they can simply re-encrypt with a new password-derived key. With zero-knowledge, there's no master copy to fall back on. This is the price of genuine privacy: the same property that prevents Google from reading your files also prevents the provider from helping you recover them if you forget your password. Sync.com and pCloud both require careful password management, ideally with a password manager and a written backup stored physically secure. The freedom is real; so is the responsibility.

Sync.com — zero-knowledge by default for everything

Privacy Posture · Zero-Knowledge Default

Sync.com Pro

All files zero-knowledge encrypted · $96/year for 2TB · Canada-based

Cannot
read your files

Sync.com is the most aggressive zero-knowledge implementation in mainstream consumer cloud storage. Every file, every folder, by default, is zero-knowledge encrypted — no opt-in, no tier system, no separate "secure folder." The company is Canada-based (which provides regulatory advantages over US providers for international users), has been operating since 2011, and has built its entire business around the privacy proposition. What this means practically: Sync.com cannot scan your files for any purpose. They cannot share file contents with advertisers. They cannot respond to law enforcement requests for file content because they don't have it. They can only confirm that an encrypted blob exists on your account. The trade-offs: less feature-rich than Google Drive (no built-in collaborative document editing without third-party tools), slower file preview generation in some cases (since previews are decrypted client-side), and the irrecoverable password problem common to all zero-knowledge providers.

Free Tier5GB
Pro 2TB$96/yr
EncryptionAll files default
JurisdictionCanada
Strengths
  • Zero-knowledge encryption applied to all files by default
  • Canada-based, outside US/UK surveillance jurisdiction
  • Reasonable pricing competitive with Dropbox
  • Secure file sharing with expiring links and passwords
  • Versioning and 180-day file recovery available
Weaknesses
  • No collaborative document editing built-in
  • File previews slower than non-encrypted competitors
  • Mobile apps less polished than Google Drive
  • Lost password = permanent file loss
  • No third-party integrations like Google Workspace
Visit Sync.com

pCloud — opt-in privacy via Crypto folder

Privacy Posture · Optional Zero-Knowledge

pCloud Crypto

Standard storage default · Crypto folder add-on ($50/year) · Swiss-based

Cannot
read Crypto folder

pCloud takes a hybrid approach that some users prefer: standard cloud storage by default (with normal Google Drive-style encryption where they hold keys), plus an optional Crypto folder add-on that provides genuine zero-knowledge encryption for files placed inside it. The reasoning: you keep convenience features (collaboration, file preview, easy sharing) for non-sensitive files, while reserving zero-knowledge protection for genuinely private content (tax documents, medical records, sensitive work files). The Crypto folder costs $4.99/month or $49.99/year as an add-on to any pCloud plan. pCloud's other privacy advantage: Swiss-based, which provides regulatory protections from US surveillance demands (Swiss courts must approve foreign data requests, with high standards). The trade-off: you have to actively decide which files belong in the Crypto folder. Files outside it are accessible to pCloud the same way Google Drive accesses files.

Free Tier10GB
Premium 500GB$50/yr
Crypto Add-on$50/yr extra
JurisdictionSwitzerland
Strengths
  • Best-of-both: convenience for normal files, zero-knowledge for sensitive
  • Swiss jurisdiction with strong privacy laws
  • Lifetime plans available (one-time payment)
  • Excellent file streaming and media player
  • Crypto folder properly zero-knowledge when used
Weaknesses
  • Crypto folder costs extra ($50/year add-on)
  • Files outside Crypto are accessible to pCloud
  • Requires active decision about what goes where
  • Migrating existing files to Crypto folder takes time
  • Standard storage less privacy-strong than Sync.com baseline
Visit pCloud

"The most useful question to ask any cloud provider isn't 'are my files encrypted?' — that's always yes. It's 'who has the key?' If the answer is the provider, you have convenience. If the answer is you alone, you have privacy."

— Priya Mehta, Editor, Privacy & Software

Google Drive — convenience, not privacy

Privacy Posture · Provider Holds Keys

Google Drive

Standard provider-held encryption · Best collaboration features · US-based

Can
read your files

Google Drive represents the mainstream cloud storage model — and explicitly does not provide zero-knowledge encryption for personal accounts. Files are encrypted in transit (TLS) and at rest (AES-256), but Google holds the encryption keys. This means Google can — and does — algorithmically process file contents for several purposes: spam and malware detection, abuse pattern detection, content matching against illegal material databases, ad targeting (limited but present), and AI training (with terms of service permission). None of these are necessarily nefarious: most users appreciate spam protection and abuse moderation. But "encrypted" in Google's marketing doesn't mean "private from Google." What Google Drive does brilliantly: real-time collaborative editing, integrated office suite, near-perfect search, comprehensive third-party integrations. What it doesn't do: protect you from Google itself, or from any party that obtains lawful access to Google's servers.

Free Tier15GB
Google One 2TB$100/yr
EncryptionProvider-held
JurisdictionUnited States
Strengths
  • Best collaboration features in cloud storage
  • Integrated office suite (Docs, Sheets, Slides)
  • Excellent search across all file types
  • Vast third-party app ecosystem
  • Most mature cross-platform clients
Weaknesses
  • Google has full technical ability to read your files
  • Files used for AI training under current terms
  • US jurisdiction subject to surveillance laws
  • Algorithmic content scanning ongoing
  • Cannot opt into zero-knowledge for personal accounts
Visit Google Drive

What zero-knowledge encryption can't protect against

Zero-knowledge encryption is powerful but not magical. Understanding what it doesn't protect against is essential to making informed decisions about your overall privacy posture:

  • Metadata leakage: even with file content encrypted, providers still know that you have files, how big they are, when you upload/download, and how often you access them. The patterns themselves can be revealing.
  • Endpoint compromise: if malware infects your device, it can read files after they're decrypted locally. Encryption protects files in transit and at rest, not files actively being used on a compromised system.
  • Weak passwords: zero-knowledge is only as strong as your password. A weak password defeats sophisticated encryption. Use a password manager with 20+ character generated passwords.
  • Provider implementation bugs: a zero-knowledge provider with bugs in their cryptographic implementation can accidentally expose data. Choose providers with public audits and proven track records.
  • Account takeover: if attackers gain your password, they have the same access you do. 2FA helps but doesn't fully solve this — they could still access files once authenticated.
  • Legal compulsion of access while authenticated: in extreme cases, courts could compel you personally to provide your password. Some jurisdictions recognize this as protected; others don't.
  • Sharing collaborators: when you share a zero-knowledge encrypted file with someone, you're trusting them to keep it secure. Their device, password practices, and choices affect the file's privacy.

None of these undermine the value of zero-knowledge encryption for the threats it does protect against. They just mean that encryption is one layer of a broader privacy strategy, not a single solution that handles everything.

Common Questions

Zero-knowledge encryption, answered

The most common questions about evaluating cloud storage privacy and choosing the right provider in 2026.

What about other "private" cloud providers — Tresorit, MEGA, Proton Drive?
Several other providers offer zero-knowledge encryption with varying approaches. Tresorit (Switzerland, founded 2011): 1) Zero-knowledge encryption by default for all files. 2) Premium pricing — $120/year for 1TB personal, business-focused tier. 3) Strong enterprise features (granular sharing, access controls, audit logs). 4) Generally considered the gold standard for business privacy needs. 5) Best for: businesses, professionals, anyone for whom $120/year is reasonable for premium privacy. MEGA (New Zealand, founded 2013): 1) Zero-knowledge encryption by default. 2) Generous free tier (20GB) and competitive pricing ($120/year for 2TB Pro Lite). 3) Founded by Kim Dotcom — history brings mixed reputation but technical implementation is solid. 4) End-to-end encrypted chat included. 5) Best for: users wanting generous storage at reasonable cost with proper privacy. Proton Drive (Switzerland, founded 2020): 1) Zero-knowledge encryption by default. 2) Part of broader Proton ecosystem (Mail, VPN, Calendar). 3) Pricing competitive at $100/year for 500GB, $120/year for 2TB Unlimited. 4) Strongest reputation for journalist/activist privacy needs. 5) Younger product than competitors — fewer features. 6) Best for: users already in Proton ecosystem, journalists, activists. Internxt (Spain, founded 2020): 1) Zero-knowledge with European-style privacy laws (GDPR). 2) Lifetime plans available (one-time payment). 3) Open-source codebase (rare in the category). 4) Smaller company with less proven longevity. 5) Best for: open-source preference, lifetime payment preference. Cryptomator (German, open-source software): 1) Not a storage provider — software that adds zero-knowledge encryption to any cloud (Dropbox, Google Drive, etc.). 2) Free for desktop, ~$15/year for mobile. 3) Open-source and audited. 4) DIY approach — you handle setup and key management. 5) Best for: keeping existing cloud storage while adding zero-knowledge layer on top. How to evaluate any "private" cloud provider: 1) Is encryption client-side (your device) or server-side (their device)? Client-side is the requirement for true zero-knowledge. 2) What's their jurisdiction? Switzerland, Canada, New Zealand generally better for privacy than US, UK, China. 3) Have they published security audits? Public audits by independent firms (Cure53, Trail of Bits) provide transparency. 4) How long have they been operating? Longevity suggests business viability. 5) What's their stance on government requests? Transparency reports help. 6) Open source vs proprietary? Open source allows verification but proprietary isn't disqualifying with good audits. The honest framework: 1) The "Big Three" in this article (Sync.com, pCloud, Google Drive) represent the spectrum but aren't exhaustive. 2) Tresorit, MEGA, Proton Drive are all legitimate alternatives worth considering for specific use cases. 3) For most users, the choice between major zero-knowledge providers is preference and pricing, not technical capability. 4) Cryptomator deserves consideration for users wanting to keep existing cloud accounts but add privacy. 5) Many users end up using multiple providers — one for collaboration (Google), one for sensitive files (Sync or Proton).
How does zero-knowledge compare to end-to-end encryption (E2EE)?
Often conflated but technically distinct concepts. End-to-end encryption (E2EE) means encryption from one user to another, where the service provider in the middle can't read messages. Used most commonly for messaging (WhatsApp, Signal, iMessage). The encryption keys are negotiated between communicating parties; the provider routes encrypted messages without seeing content. Zero-knowledge encryption is specifically about cloud storage — encryption of files at rest where the provider can't read the stored data. The encryption is between you and yourself (across time) rather than you and other users. How they relate: 1) E2EE messaging: Alice → encryption → Server (can't read) → decryption → Bob. 2) Zero-knowledge storage: You → encryption → Server (can't read) → stored as ciphertext → encryption → You again. 3) Same principle: provider sees ciphertext, not plaintext. 4) Different application: communication vs storage. When zero-knowledge cloud and E2EE messaging overlap: 1) Sharing zero-knowledge encrypted files: when you share a file from Sync.com with another user, the system must establish E2EE-style key exchange between you and the recipient. 2) Encrypted collaboration: zero-knowledge providers with collaboration features (rare) use E2EE-style protocols for shared documents. 3) Combined products: Proton suite uses zero-knowledge for Drive and E2EE for Mail, complementary technologies in one ecosystem. What "encryption" alone means in marketing: 1) Encryption in transit (TLS/HTTPS): data encrypted between your device and provider's servers, but provider can decrypt at server. Almost universal now. 2) Encryption at rest: data encrypted on provider's storage, but provider holds keys and can decrypt. Common. 3) Zero-knowledge encryption: data encrypted before leaving your device, provider has no keys, cannot decrypt. Specific and meaningful claim. 4) End-to-end encryption: applies specifically to messaging or collaboration — provider routes encrypted data between users. The marketing dilution problem: 1) Many providers advertise "encryption" without specifying type. 2) "Bank-grade encryption" usually means AES-256, which is the algorithm — but doesn't address who holds keys. 3) "Encrypted both ways" usually means in transit + at rest (provider-held keys), not zero-knowledge. 4) "Privacy-focused" is marketing language with no technical meaning. 5) "Compliant with GDPR" doesn't mean zero-knowledge. Questions to ask any provider: 1) "Can you decrypt my files if legally compelled?" Honest answer reveals technical capability. 2) "Do you hold encryption keys for my files?" Direct technical question. 3) "Where does encryption happen — on my device or your server?" Client-side is the requirement. 4) "Have you published security audits?" Transparency indicator. 5) "What's your response to government data requests?" Legal/policy stance. The honest framework: 1) "Encryption" alone doesn't tell you what you need to know. 2) "Zero-knowledge encryption" is the specific term that means provider cannot read your files. 3) "End-to-end encryption" is the specific term for messaging where provider can't read between users. 4) Both concepts use the same underlying technology in different applications. 5) Demand specific terminology in your evaluation — vague marketing language usually means provider holds keys.
If I use Google Drive, am I actually at risk — does it really matter?
Depends substantially on what files you store and your specific threat model. Reasonable risks from Google Drive for typical users: 1) AI training inclusion: per current terms of service, Google can use file contents for AI model training. 2) Algorithmic content scanning: files scanned for spam, abuse, copyright infringement, illegal content. 3) Ad targeting (limited): file metadata and content can influence advertising profiles. 4) Account loss: if your Google account is suspended (fraud detection, terms violation), files become inaccessible. 5) Lawful access: US law enforcement can obtain file contents with proper warrants. 6) Data breach exposure: if Google has a breach, your files could be exposed. Less likely than smaller providers but not impossible. What's probably fine on Google Drive: 1) Vacation photos, casual personal documents, work files that aren't confidential, files you'd share casually with friends. 2) Anything you wouldn't mind appearing in a search result. 3) Collaborative documents where the workflow value exceeds the privacy concern. 4) Public-facing content (drafts of articles, social media plans). 5) Casual creative work. What probably shouldn't be on Google Drive (or any non-zero-knowledge cloud): 1) Tax documents and financial records: regulatory implications if exposed, identity theft risk. 2) Medical records and health information: HIPAA-equivalent sensitivity, deeply personal. 3) Legal documents (contracts, divorce papers, wills): confidentiality matters legally and personally. 4) Sensitive work content: trade secrets, M&A documents, source code with security implications. 5) Journalism source materials, activism plans, whistleblower documents: protection essential. 6) Anything subject to professional confidentiality: legal, medical, therapeutic, religious confessional. 7) Intimate photos or correspondence: high personal cost if exposed. 8) Government-issued ID copies (passport, Aadhaar): identity theft enablement. Realistic threat assessment for typical users: 1) Probability you'll be specifically targeted: low for most people. 2) Probability of mass data breach affecting your files: moderate over a decade timeframe. 3) Probability of algorithmic processing that affects you: high — already happens routinely. 4) Probability of being lawfully accessed: low for most, higher for journalists/activists/anyone in legal disputes. 5) Subjective discomfort with corporate access: variable by person. The "I have nothing to hide" objection: 1) Privacy isn't about hiding wrongdoing — it's about control over your information. 2) Future political climates might criminalize current legal activities. 3) Aggregated harmless data can produce harmful profiles. 4) "Nothing to hide today" doesn't mean "nothing to hide in 5 years." 5) Privacy preserves freedom to change your mind, change your circumstances, or make mistakes without permanent record. The honest framework: 1) Google Drive is excellent for what it does — collaboration, search, integration. 2) It's not appropriate for content where privacy from Google itself matters. 3) Most users genuinely benefit from a "two-tier" approach: Google Drive for convenience, separate zero-knowledge service for sensitive content. 4) "Threat model" should drive choice — what specifically are you protecting against? 5) The cost of zero-knowledge is mostly convenience features and ~$100/year subscription. The benefit is genuine privacy for content that warrants it.
What's the practical setup for someone who wants both convenience and privacy?
The "two-tier" approach works for most users. Tier 1: Convenience cloud (Google Drive, Dropbox, OneDrive): 1) Use for: collaborative documents, casual files, photos you'd share, work files without confidentiality requirements, anything you actively edit with others. 2) Cost: free tier or existing subscription you already have. 3) Acceptance: you understand provider can access files, you've decided that's acceptable for this content. Tier 2: Privacy cloud (Sync.com, pCloud Crypto, Proton Drive): 1) Use for: tax documents, medical records, legal documents, financial information, ID copies, intimate photos, sensitive correspondence, anything you'd specifically not want a corporation reading. 2) Cost: $96-120/year for 2TB tier (Sync.com Pro is good entry point). 3) Acceptance: you understand the password recovery limitation, you use a password manager, you have a backup recovery plan. Practical setup steps: Step 1: Audit existing cloud files (1-2 hours): 1) Go through current Google Drive/Dropbox/OneDrive contents. 2) Categorize each file/folder: "casual" or "sensitive." 3) Make list of what needs migration. Step 2: Set up privacy provider (30 minutes): 1) Sign up for Sync.com (or chosen alternative). 2) Use password manager (1Password, Bitwarden) to generate and store strong password. 3) Enable 2FA. 4) Write password to physical paper, store in safe location separately from primary records. Step 3: Migrate sensitive files (varies by data volume): 1) Download sensitive files from convenience cloud. 2) Upload to privacy cloud. 3) Verify successful upload and access. 4) Delete from convenience cloud and empty trash. 5) Note: deleted files may persist briefly in convenience cloud's deletion recovery; this is acceptable for most threats. Step 4: Establish ongoing habits: 1) When creating new sensitive files, save directly to privacy cloud. 2) When sharing files, choose appropriate cloud based on sensitivity. 3) Periodically (quarterly) review what's where. 4) Test privacy cloud restore once per quarter — make sure you can access files. Common categorization heuristics: 1) "Would I email this to a stranger?" If yes → convenience cloud OK. If no → privacy cloud. 2) "Could this be used to impersonate me or harm me?" If yes → privacy cloud. 3) "Does this contain other people's confidential information?" If yes → privacy cloud (their privacy depends on your storage choices). 4) "Would I be embarrassed if a coworker saw this?" If yes → privacy cloud. 5) "Is this regulated content (medical, legal, financial)?" If yes → privacy cloud. Password management for zero-knowledge: 1) Use password manager — non-negotiable. 2) Generate 24+ character random password specifically for privacy cloud. 3) Store master password recovery method separately. 4) Write password on paper, store in safe deposit box or fireproof safe. 5) Consider sharing emergency access with trusted family member. 6) Test recovery procedures annually. The "set it and forget it" mistake: 1) Zero-knowledge providers require slightly more attention than convenience clouds. 2) Forgotten passwords are genuinely permanent. 3) Periodic verification of access prevents nasty surprises. 4) Document your setup for future-you (or family in emergency). The honest framework: 1) Two-tier setup balances genuine privacy with practical convenience. 2) Initial setup takes 2-4 hours; ongoing maintenance minimal. 3) Cost is ~$100/year for privacy cloud on top of existing convenience cloud. 4) Migration of existing files is the largest one-time effort. 5) Most users find this approach sustainable long-term — better than all-in on either approach.
Where can I read more about privacy and security?
See our full privacy category and security category for detailed coverage. Specific deep-dives include the ransomware survival guide for security context, the 3-2-1 backup strategy for backup architecture, Synology NAS vs cloud math for self-hosted alternatives, the camera subscription trap for related privacy/cost analysis, and Sync.com vs pCloud head-to-head for direct privacy provider comparison. For broader content, browse our Journal for brand stories, sustainability content, and category guides. Browse our complete categories list for comparisons across travel, fashion, footwear, and more.
Read Next

More privacy guides

Ransomware survival
Security · Cybersecurity

The ransomware survival guide for home users

What Acronis and Carbonite learned from 1,200 incidents — and how to never pay the ransom.

16 min · Rohan S.
3-2-1 backup strategy
Strategy · Backup

The 3-2-1 backup strategy explained

Backblaze + Synology + iDrive — the layered approach that actually protects against ransomware.

14 min · Vikram T.
NAS vs cloud math
NAS · Cloud

Synology NAS vs cloud backup — the 5-year math

One-time Synology hardware vs 5 years of subscriptions. The break-even, the hybrid, and which wins.

13 min · Arjun K.