Centralized vs peer-to-peer (P2P) file storage

Illustration of cloud storage

In 2017, hackers stole the private financial records of some 156 million people from servers belonging to Equifax, while the 2018 Facebook-Cambridge Analytica scandal revealed how personal data belonging to up to 87 million Facebook users was harvested without their consent.

A litany of high-profile data breaches has led to a growth of interest in peer-to-peer (P2P) cloud storage solutions. Instead of storing your data on centralized servers that can be hacked, these store multiple instances of your data on the drives of a decentralized network of other users. 

Several Proton users have asked us whether we considered a decentralized architecture for our end-to-end encrypted cloud storage service, ProtonDrive, which will be released later this year. 

In this article we will examine the pros and cons of P2P storage, and explain why we have opted for a centralized end-to-end encrypted security model instead.

For a technical overview of ProtonDrive security, please see our ProtonDrive security model.

What is peer-to-peer (P2P) cloud storage? 

The classic centralized storage model is used by all the “big name” providers, including Google Drive, Dropbox, and Apple iCloud. Users’ data is stored on physical servers that are owned and operated by the cloud provider. 

This means that when you upload files to a centralized storage account, you upload them to a server center run by the service provider, and download them from the server center when you want to access them (or when they are synced across your devices). 

Illustration of Centralized Cloud Storage

Under the peer-to-peer model, there is no centralized server. Files are instead distributed and stored on the drives of different users. When you “download” a file, individual parts may be received from multiple sources (“peers”) and reassembled on your device.

Illustration of P2P Cloud Storage

Advantages of P2P

No single point of failure

Without a centralized server, there is no single point of failure for P2P systems. There is no one server that can suffer a catastrophic failure, accidentally burn to the ground, or be seized by a third party. 

Resistant to censorship

With P2P systems, your data is stored on the disks of multiple (possibly even hundreds of) people, who may be located all over the world. As demonstrated by the success of the P2P BitTorrent protocol, this makes P2P systems almost impossible to censor, block, or shut down, as there is no central organization which can be pressured or coerced.

Efficient

Downloading data from a P2P network can be very efficient when the recipient is able to obtain data from multiple sources (peers) simultaneously. 

Reduced infrastructure requirements

P2P storage does not need expensive centralized servers that require continual maintenance and monitoring. Files are instead stored on users’ devices. 

Advantages of centralized cloud storage

Lower latency, predictable performance

Many centralized systems use expensive high-speed server networks with enterprise-level internet connections. This is in sharp contrast to many P2P systems, where data is typically stored on users’ PCs with home internet connections.

It is also worth noting that while P2P networks can offer good performance in terms of throughput, this can come at a cost of latency, due to the fact that file pieces must often be retrieved from the other side of the world — and possibly even over dial-up connections — at substantial performance cost.

A centralized system, on the other hand, allows developers to design systems for maximum performance and provides a level of predictability that is simply not possible with a decentralized system in which a huge number of variables (such as the distance between users, each peer’s connection speeds, and device capabilities) are outside of anyone’s control.

Greater functionality

There are many useful features that users of traditional storage platforms take for granted that are very difficult, if not impossible, to implement using a P2P model. 

In the section below, for example, we discuss features that ProtonDrive offers that are only possible using a centralized approach.

Why ProtonDrive uses a centralized approach

Offering a centralized service instead of a P2P one is always going to involve some trade-offs. We recognize, for example, that the decentralized nature of the P2P model makes it highly effective at defeating censorship. There are, however, many compelling reasons for us to go with a centralized model.

Existing infrastructure

ProtonDrive is built upon Proton’s existing infrastructure, which is both extensive and highly robust. It includes multiple redundancies, and data is stored at multiple geographically distributed locations across our server network. Even if one of our data centers were to be completely destroyed, no user data would be lost.

Resilience and fault tolerance are already built into Proton’s infrastructure, which we believe makes ProtonDrive inherently much more reliable and less susceptible to technical faults than many P2P systems.

Our servers are also powerful, feature high-speed internet connections, and are completely under our control. This allows us to offer much greater performance and stability than P2P solutions can offer, while also providing scalability. 

End-to-end encryption

With data breaches hitting headlines with almost monotonous regularity, it’s clear that centralized servers are vulnerable to hacking. The difference with ProtonDrive, however, is that all data stored on our servers is end-to-end encrypted, so even if the files are breached, they cannot be decrypted and accessed.

As with ProtonMail and ProtonCalendar, your data on ProtonDrive is encrypted on your device before being uploaded to our servers, and only you can decrypt it on your device. This ensures your data is always safe from hackers, the authorities, and even from us.

Learn more about end-to-end encryption

End-to-end encryption is a key differentiator between ProtonDrive and most other centralized services. Unlike Google, Dropbox, Microsoft, or Apple, we simply can’t access and hand over your files. 

One advantage of P2P systems is that their decentralized nature means there is no centralized server to break into or otherwise compromise. For us, however, this is simply not an issue. Our centralized servers hold the encrypted data, but the decryption keys are tied to user passwords that we do not know.

The resistance of any system to hacking is based on the security measure it uses. If a hacker can compromise a system, then it matters little if the system is centralized or decentralized. 

Proton is famous for taking security seriously. The robustness of our security practices and design principles are well-known, while our open source code is fully and independently audited for security issues. 

And, again, in the unlikely event that our systems were to be hacked, end-to-end encryption ensures your data will be safe anyway.

Based in Switzerland

The geographically distributed nature of P2P cloud storage systems makes them highly resistant to censorship. This is undoubtedly one of the strongest arguments in their favor. 

However, Proton has a high level of censorship resistance through legal protections and technical innovations, such as Alternative Routing. Our company is based in Switzerland, a democracy with strong rule of law, no ties to the United States-led Five Eyes surveillance network, and it enjoys some of the strongest data privacy laws in the world. 

If one of our servers (or even all of them) were to be seized, the fact that all data is end-to-end encrypted so that not even Proton can see it ensures the adversary would be unable to access any of the files or other data stored on it.

Exciting features

Using a centralized model allows us to offer a wealth of features to our users that are simply not possible using a P2P model. These include:

Advanced sharing options

ProtonDrive allows you to share files and folders with multiple other users, assigning granular permissions (such as read-only, write-only) to each “Share.” 

Everything is encrypted

All data stored on ProtonDrive is end-to-end encrypted. This means all the contents of your files are inaccessible to anyone but you. 

End-to-end encrypted sharing via URL

You can share files stored on ProtonDrive with non-Proton users via a simple URL. The files remain end-to-end encrypted, so Proton never gets to see them. You can choose to include the password required to decrypt your files in the URL for ease of use, or you can share it via another means for maximum security. 

More information on these features can be found in our ProtonDrive security model blog post. As with all our software, the ProtonDrive clients will be made open source and submitted for third-party auditing in accordance with our usual roadmap. 

Zero-knowledge authentication

ProtonDrive uses the same zero-knowledge authentication system that we use to secure ProtonMail accounts. This allows us to verify your password without ever knowing what it is or anything about it. If our servers were ever compromised then no password information could be stolen because there is nothing to steal.

The Secure Remote Password (SRP) protocol that we use to achieve this is also highly resistant to attempts to brute force the password, as each guess requires further interactions with our servers, which makes the entire process arduous (we also block IPs that make too many login attempts).

Easy access to your data from multiple devices

A centralized approach prevents synching conflict between multiple devices. 

Final thoughts

We are very excited about ProtonDrive as we move toward the beta launch, and as a community-powered project we’re grateful to you for supporting this important addition to Proton services. With ProtonDrive, we will be able to increase overall access to privacy, security, and freedom online by bringing more of our users’ data inside an end-to-end encrypted ecosystem. 

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy. ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan. Thank you for your support.

About the Author

Proton Team

We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. Ensuring online privacy and security are core values for the ProtonMail team, and we strive daily to protect your rights online.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

16 comments on “Centralized vs peer-to-peer (P2P) file storage

    • Hi Charles, sorry to be unclear. End-to-end encryption implies encryption at rest, but to be clear, any file uploaded on to ProtonDrive will be encrypted on your device and will not be decrypted until it returns to your device. All files stored (or at rest) on ProtonDrive will be securely encrypted.

      Reply
  • Insightful article, and kudos to the whole team at Protonmail! Since we moved our business communications system to Protonmail, it has been a fantastic response from our clients and staff alike. Can’t wait to get Drive up and running.

    Well done!

    Reply
    • Hi Matt,
      We are happy to announce we recently released the ProtonDrive beta. However, we cannot yet give a firm date of when ProtonDrive will be publicly released. You can keep up with the latest ProtonDrive developments by following our blog and social media channels.
      Cheers

      Reply
  • Have been a Protonmail user almost since the beginning of the service and very satisfied with it. I also have VPN and an encrypted cloud service (SYNC) that I’ve had just as long and am satisfied with. There are certainly reasons to combine these services all under one roof, and I’m wondering if you will be offering package deals for all three when the cloud service begins.

    Reply
    • Hello Pete,
      ProtonDrive has just been released in beta, so we’re still considering different bundle plans. However, a ProtonMail Visionary plan will cover all Proton products, so that would be one plan that would give you access to all these services.
      Cheers

      Reply
  • I wonder how do you counter this one, for me user?

    Swiss Spies Benefitted From Secret CIA Encryption Firm: Probe

    AFP – Agence France Presse
    November 10, 2020

    Switzerland benefitted from a spectacular espionage scheme orchestrated by the CIA and its German counterpart who used a Swiss encryption company to spy on governments worldwide, a parliamentary probe showed Tuesday.

    A large media investigation revealed back in February an elaborate, decades-long set-up, in which US and German intelligence services creamed off the top-secret communications of governments through their hidden control of the Crypto encryption company in Switzerland.

    The revelation sent shock waves through Switzerland, and the parliament’s Control Delegation was asked to investigate.

    In a statement announcing the delegation’s findings Tuesday, parliament said the Swiss intelligence service had known “since 1993 that foreign intelligence services were hiding behind the company Crypto AG.”

    The Swiss intelligence service had subsequently benefitted from an “information collaboration”, it said.

    The Swiss government had meanwhile not been informed of the arrangement until late last year, it said, warning that this raised concerns about gaps in the control over the intelligence service.

    “Thus, the government carries some of the responsibility, since the company Crypto AG for years exported “vulnerable” encryption machines,” it said.

    The government has until June 2021 to officially comment on the report.

    Several of Switzerland’s left-leaning parties meanwhile called Tuesday for the creation of a full-fledged parliamentary commission to do a more in-depth investigation.

    According to the revelations in February by the Washington Post, German broadcaster ZDF and Swiss broadcaster SRF, Crypto served for decades as a Trojan horse to spy on governments worldwide.

    The company supplied devices for encoded communications to some 120 countries from after World War II to the beginning of this century, including Iran, South American governments, and India and Pakistan.

    Unknown to those governments, Crypto was secretly acquired in 1970 by the US Central Intelligence Agency together with the then West Germany’s BND Federal Intelligence Service.

    Together they rigged Crypto’s equipment to be able to easily break the codes and read the government customers’ messages.

    Citing a classified internal CIA history of what was originally called operation “Thesaurus” and later “Rubicon,” the reports said that in the 1980s the harvest from the Crypto machines supplied roughly 40 percent of all the foreign communications US code-breakers processed for intelligence.

    The spy agencies were thus able to gather precious information during major crises, such as the hostage crisis at the US embassy in Tehran in 1979 and the 1982 Falklands War between Argentina and Britain.

    The Barron’s news department was not involved in the creation of the content above. This story was produced by AFP. For more information go to AFP.com.
    © Agence France-Presse

    Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved.
    Barron’s

    Reply
  • I think end-end-eccryption is the best bet as well. As stated p2p is reliant on peers and seeders who are randomly storing parts of your imfo., Some could even still be on dialup networks as stated. But the great thing is the is no “main structure” that connects it all so it would be impossible for a full.on failure. On the other hand various strangers “peers” randomly have bits of your information. I think protonmail has proven it’s infustracture to be powerful and safe that end-end encryption is better for us all. I am so happy to see protonmail expanding and growing like this, two years ago you were just a good safe email.service, now look at you all. Most Safely kept privicy in the WORLD for any user of protonmail and your awesome growing services! Thank you protonmail Team!!!!!

    Reply