Google dominates many aspects of our digital lives: emails, internet search, navigation, cloud storage, and so much more. That domination demands trust.

Can you trust Google with your documents, pictures, and memories? How do they keep your private files secure when you pass the baton of trust and upload your files to Google Drive?

Well, Google encrypts your files when your data is resting (as well as in transit too). Is Google Drive's integrated encryption enough to keep your private files safe from harm? Let's find out.

How Does Google Drive Encryption Work?

Google Drive uses AES-256 to protect file transfers, and AES-128 to encrypt your files at rest. AES is a very secure encryption algorithm without any currently feasible attacks, and is the current US Government encryption standard.

Your Google Drive account, then, keeps your files extremely secure when the upload completes and when your files are at rest.

How Google Drive Encryption Keeps You Safe

Incoming data is split into chunks, then Google Drive encrypts each chunk with a unique data key. The data key is then further encrypted with a specific key encryption key (wrapping the data encryption key) and stored by Google.

In addition to the double set of encryption keys, you can also protect your Google Drive with two-factor authentication (2FA), and you can use that 2FA with a secure password manager to add another layer of security.

In truth, there is no easy way to show you how Google Drive encryption works or what it looks like in a folder. Google purposefully doesn't provide forward-facing information for Google Drive customers within the Google Drive environment. Like many things "Google," it just works.

The system does have a few minor flaws, though.

Google Drive's Biggest Issue: Privacy

Google Drive's encryption has two main issues:

  1. During the upload process, your file has TLS protection. TLS stands for Transport Layer Security and is designed to protect data in transit. However, when your data arrives at the gates of your Google Drive, it is momentarily decrypted before being encrypted again. Why? Google rapidly scans and analyzes the file before encrypting it. There is very little chance of leakage, but it is still a slight flaw.
  2. You are never in control of the encryption keys, meaning you never have 100 percent control over your Google Drive data. Of course, you have 100 percent control in decision making---if you don't like losing control of your encryption keys, read on for some solutions.

Yes, your files are secure with Google Drive. Yes, Google encrypts them internally. But no, that doesn't mean Google isn't using you for advertising (it is their business model, after all). The bottom line is that if you're using a free Google product, then you have no true expectation of complete privacy.

The big question is: "Does it matter to you?"

I use Google Drive all the time. It's a great and easy to use bridge between my desktop and laptop. However, I don't use it for sensitive files, and realistically, nor should you. Other, more secure options are available.

Alternatively, there are tools you can use to increase your Google Drive privacy and security further.

Tools for Google Drive Security and Privacy

You can bulk out your Google Drive encryption using a client-side encryption tool. What does that mean?

Well, instead of sending your files as-is to Google, you encrypt them on your own system first, then send them to your Google Drive. Check out these useful encryption tools to use with Google Drive.

1. Cryptomator

Cryptomator tops this list. It is free, open source, has no backdoors, and requires no user registration. Better still, it is easy to set up and works on Windows, macOS, various Linux distributions, iOS, and Android (the Android and iOS apps aren't free, however).

Cryptomator uses transparent encryption to make it feel like nothing extra is happening to your files, keeping your productivity at the same level. The major difference is the addition of a Cryptomator vault. The vault resides on your Google Drive, but you have a virtual hard drive to access and modify your files. Cryptomator encrypts each file you add to the virtual hard disk individually. Meaning if you only edit a Word document, only the Word document changes. The rest of your files remain encrypted at all times.

Cryptomator is a free, open source project---but it is donationware. Small donations keep amazing projects like Cryptomator ticking over, so do consider supporting if possible.

Download: Cryptomator for Windows | Mac | Linux (Free)

Download: Cryptomator for Android ($4.99)

Download: Cryptomator for iOS ($3.99)

2. Boxcryptor

Next up, Boxcryptor. Boxcryptor is a free product, but with limitations. For instance, the Boxcryptor free subscription grants users access to the basic Boxcryptor version, a single cloud provider, and only two devices.

Furthermore, Boxcryptor is proprietary software (closed-source, in other words). The lack of access to the Boxcryptor source code for analysis of weaknesses and backdoors is a major issue for some. However, there are as yet no indications as to any issues.

Boxcryptor creates a virtual drive on your system, then automatically adds any cloud providers to the drive. The Boxcryptor drive acts like an extra layer on top of your existing files, letting you view, edit, and save your encrypted files on-the-fly. Boxcryptor automatically encrypts any cloud files or folders within the drive, as well as those added in the future.

As for security, Boxcryptor uses AES-256 with RSA-4096 to encrypt your files. They are phenomenally secure.

Download: Boxcryptor for Windows | Mac | Android | iOS (Free with premium plans)

3. Rclone with Crypt

Rclone is a command line program to sync files and directories from Google Drive (and a long list of other services, too). Rclone is open source and offers a huge range of control and customization in their cloud service sync process.

In that, the crypt function allows you to encrypt your Google Drive files on your system before syncing. The video below is a thorough walk-through of how to do this.

Rclone with Crypt is an advanced tool. It takes a bit of setting up but once done grants you extensive control.

Download: Rclone for Windows (64-bit) | Windows (32-bit) | Linux (64-bit) | Linux (32-bit) (Free)

Google Drive Is Secure, But Not Entirely Private

You now understand a little more about how Google encrypts its cloud services. Your documents are secure, albeit lacking privacy. As we've shown above, you have a few options available to expand your security and privacy. Use them to protect your Google Drive data. (And remember to secure your Google account also.)

Your Google Drive always has one weak-link: you. Users like you and me are always the potential weak link, and that is something only improved with better security education.

Interested in more on the privacy topic? Take a look at companies that don't really care about your privacy or why some consider privacy to be a luxury good.