Why End-to-End Encryption Matters for File Transfers

When you send a file through most popular services, your data is encrypted in transit (TLS) and encrypted at rest on the provider's servers. That sounds secure — until you realise the provider holds the decryption keys. End-to-end encryption changes that equation entirely.

What "Encrypted" Usually Means

Services like Google Drive, OneDrive, and Dropbox all encrypt your files. But they encrypt them with their keys. This means the provider can — and often does — decrypt your files to scan them for content policy violations, build advertising profiles, train machine-learning models, or comply with government requests. Your files are protected from outside hackers, but they are fully transparent to the service itself.

How End-to-End Encryption Is Different

With true end-to-end encryption (E2EE), the file is encrypted before it leaves your device, using a key that only you possess. The server receives nothing but an opaque blob of ciphertext. It cannot read, search, index, or analyse your data — because it simply doesn't have the key.

Why URL Fragments Matter

Everything after the # in a URL is called the fragment identifier. By design, web browsers never include the fragment in HTTP requests to the server. This is not a SecureEU feature — it's a fundamental part of how the web works, defined in RFC 3986. By placing the decryption key in the fragment, we ensure it stays exclusively in your browser, even if someone intercepts network traffic to our servers.

The Bottom Line

Encryption without key control is just access control managed by someone else. True end-to-end encryption means that you are the only one who can read your files — not us, not Hetzner, not any government. If privacy is your concern, accept nothing less.