Tresorit is a leading Swiss cloud provider, promising a level of privacy and security that surpasses rival products from Big Tech. But does it deliver on the promise.

Having used Tresorit for roughly three years, we’re going to take a look at what makes Tresorit appealing, what it does right, what it does wrong, and whether you should use it.

Background

Tresorit was founded in 2011 in Lausanne, Switzerland, by István Lám, György Szilágyi, and Szilveszter Szebeni. The company remained independent for years before the Swiss Post eventually acquired a majority share of the company.

In the privacy and security community, Tresorit has earned a reputation as one of the best options for users wanting the best security and privacy available in the commercial cloud market.

Pros

Let’s first take a look at the pros Tresorit offers its users.

Swiss-Based Cloud

The single biggest reason an individual or organization is the fact that it is based in Switzerland and subject to Swiss jurisdiction. This offers a number of benefits.

• First and foremost, Switzerland has a reputation for being very privacy-focused, with privacy considered a basic human right. As a result, companies based in Switzerland are required to meet certain privacy standards and obligations that many other countries do not have.
• Just as Switzerland has a long history of political neutrality, extending that philosophy to financial transactions as well, the country has emerged as a neutral data storage destination. Obviously, as an independent country, Switzerland is not subject to the US Patriot act. Unlike other countries that still cooperate with US-led surveillance efforts, Switzerland does not automatically do so. Individuals are notified when they are being targeted for surveillance, and given the opportunity to challenge the order.
• Switzerland’s data neutrality gives companies the ability to meet the minimum data requirements of other jurisdictions while simultaneously surpassing them. For example, Swiss companies often offer protections beyond those required by US HIPAA laws and the EU’s GDPR, providing even more comprehensive privacy safeguards.

End-to-End Encryption

One of Tresorit’s biggest claims to fame is offering true zero-knowledge, end-to-end encryption (E2EE). This means that only the account holder can decrypt and access their files. No one else, not even Tresort, can access them.

This is one of Tresorit’s biggest pros and something that sets itself apart from Big Tech rivals, such as Google Drive, Microsoft OneDrive, or Dropbox. Even some cloud options that tout E2EE don’t offer a truly zero-knowledge experience, meaning the provider does have the option to decrypt data if ordered to. In contrast, if Tresort was ordered to hand over a user’s data, the only thing it could hand over would be encrypted gibberish.

What’s more, Tresorit’s encryption is provided in a fairly seamless manner, unlike some other providers. pCloud, for instance, uses basic client-side encryption by default, giving users the ability to put sensitive files in a special E2EE vault. Unfortunately, this creates an extra layer of complexity for the user, requiring them to specifically manage files that should be protected by E2EE. In contrast, Tresorit’s protections apply across a user’s entire storage space, eliminating extra administration.

Strong Sharing Options

Another advantage Tresorit offers is the ability to securely share files. The platform’s sharing tools encrypt shared files by default, as well as give users the ability to set limits on how many times the shared files can be accessed, set an expiration date for the shared link, and more.

These options make Tresorit one of the best cloud providers when it comes to securely sharing files, whether the recipient is a Tresorit user or not.

Tresorit eSign

Tresorit includes eSign, a feature I have admittedly not used in my three years using the cloud provider. Nonetheless, eSign offers “a secure, compliant, and seamless electronic signature solution designed to streamline your workflow.”

eSign offers the following features.

• Sign documents with confidence knowing they are locked away in a zero-knowledge, end-to-end-encrypted platform
• Mitigate risks with EU qualified electronic signatures to ensure the highest level of legal probative value
• Empower your teams, partners, and clients to sign securely from anywhere at any time, even if they don’t have a Tresorit account

Email Integration

Tresort also provides email integration on its business plans, giving enterprise users an easy way to share information and attachments. The one-click integration makes it a much easier option than more traditional methods, such as PGP/GPG.

Multi-Platform Support and Desktop Integration

Tresorit has some of the best multi-platform support among cloud providers and certainly among non-Big Tech cloud providers. The company provides apps for Windows, Mac, and Linux, as well as iOS and Android.

What’s more, at least on the desktop, Tresorit’s apps provide seamless integration and synchronization on par with Dropbox and other mainstream cloud providers. When you install Tresorit, you choose which folders you want to sync and it goes to work in the background. Any changes you make to synced folders are almost instantly synchronized to your Tresorit account, and those changes then filter down to any other devices that are synced with your account.

Audits

Unlike some companies, Tresorit has undergone—and passed—multiple independent security audits, giving users peace-of-mind that it delivers what it promises.

Cost

For what it offers, Tresorit is a reasonably priced option. It’s certainly not as cheap as something like Dropbox or Google Drive, but highly secure and private options rarely are.

That being said, the service is competitively priced with 1TB of storage available for $11.99 per month for individual users, and 6TB available for a minimum of three business users for $19 per user per month.

Cons

Despite its many pros, Tresorit is not without some disadvantages.

Mobile Support

While Tresorit’s desktop support is top-notch, its mobile support is decidedly lackluster. This is especially the case on Android, where some limitations quickly become apparent.

• The Android Tresorit app has no support for moving files between root level folders, which the company calls “Tresors.” In other words, if you have Documents and Pictures folders in the root level of your Tresorit storage, you cannot move files between those two folders. You can, however, move files within subfolders, such as between folders within your Pictures folder. Looking at the company’s subreddit, this is one of the biggest complaints customers have had for at least a couple of years, yet the company has not addressed it. In fact, the Android version of the app has seen little to no tangible improvement or major feature additions for a couple of years.
• Users wanting to use Tresorit as a Dropbox, Google Drive, OneDrive, Proton Drive, or Mega replacement for their photo storage are in for a major disappointment. The mobile version of Tresorit is absolutely abysmal at generating thumbnails for photos, and even worse for videos.. To be clear, it will generate them for photos, but it does so on the fly and takes a long time to do so, especially on a slower connection or when viewing a folder with a large number of images. Video previews, on the other hand, are completely unsupported on mobile. While some may say that this is a byproduct of the app’s strong encryption, other platforms manage to offer similar levels of encryption while still providing a better experience with images. Proton Drive is one such example. As a result, if you plan to use Tresorit as a photo viewer like you can use Dropbox or Proton Drive, you will be in for a major disappointment.

The Future of Swiss Privacy

While Swiss privacy certainly counts as a major advantage for Tresorit at the time of writing, there are some concerning developments within the country that may put that in jeopardy and turn Switzerland into one of the least privacy-respecting jurisdictions.

As we previously covered, Switzerland’s Federal Council is considering “a partial revision of two implementing orders for the monitoring of postal and telecommunication correspondence (OSCPT and OME-SCPT).” The revision would require companies with more than 5,000 users to keep identification information on their customers, as well as comply with decryption requests for user data.

To be clear, the Federal Council says the revised ordinance would not apply to E2EE systems, and it seems to be aimed more at VPN and messaging providers. Nonetheless, the ordinance in question is the Ordinance on the Surveillance of Correspondence by Post and Telecommunications (OSCPT), which is particularly concerning given that the Swiss Post is a majority owner of Tresorit.

In addition, while the revised ordinance may currently be aimed at VPN and messaging providers, it is such a step away from Switzerland’s traditionally strong pro-privacy stance that one can’t help but wonder where it will be applied next. If the ordinance passes, it’s a safe bet that it will gradually be applied to one industry after another, including cloud providers like Tresorit.

Swiss companies are already sounding the alarm, saying they will be forced to leave the country if the revision passes.

“This revision is trying to put in place something that has been considered illegal in the EU and the US,” Proton founder and CEO Andy Yen said in an interview. “The only country in Europe that has a roughly equivalent law is Russia.

“I think we would have no choice but to leave Switzerland,” Yen added. “The law would become almost the same as that in force in Russia today. This is an untenable situation. We would be less confidential as a company in Switzerland than Google based in the United States. So it’s impossible for our business model.”

Only time will tell if the measure passes, but the very proposal raises uncomfortable questions about Tresorit’s—and Switzerland’s—viability as a privacy and security-first option.

Should You Use Tresorit?

Why You Should

The question of whether you should use Tresorit comes down largely to your use case. If you plan to rely on it primarily for documents and other non-media files, Tresorit is hard to beat. It offers unrivaled security that has been repeatedly verified by independent audits.

In addition, users benefit from its strong file sharing and email integration, both of which are incredibly easy and straightforward to use.

The desktop experience is also first-class, giving users virtually the same experience they would have with a more mainstream service like Dropbox.

Why You Shouldn’t

On the other hand, if your workflow involves heavy mobile use, Tresorit falls woefully short, with its media support being absolutely abysmal.

Even taking into account the company’s enterprise focus and chalking up the poor media support to that, there’s no excuse for the inability to move files between root-level folders on the Android app. It’s even more inexcusable when accounting for the fact that users have been asking for the feature for years.

What to Watch For

The biggest question mark surrounding Tresorit is something outside of its control, namely whether the Federal Council’s proposed changes to Swiss privacy laws will go into effect. If the measure fails, users could decide that Tresorit’s disadvantages don’t impact them, or they may be willing to wait until those disadvantages are eventually addressed.

If the measure passes, however, Tresorit will be in jeopardy of losing one of the single biggest advantages it currently has, in which case it will be difficult to recommend using Tresorit over any number of competing products in other jurisdictions.

Rating

Given that Tresorit appeals heavily to the enterprise, its only fair to give it two ratings, one for enterprise users and one for individuals.

Enterprise Rating

4.5 out of 5 stars

Individual Rating

2.5 out of 5 stars

The big caveat with both ratings, however, is that all bets are off if the Federal Council’s revised ordinance passes. If that happens, it will be hard to recommend Tresorit at all.