IDrive has received lots of recommendations over the years. And this popular cloud storage certainly has some excellent features. But this is a competitive industry, and things change fast. So does IDrive still lead the pack – or is it falling behind the competition?
Before you hand over your hard-earned money for an IDrive subscription, you’ll want to read on to see what we think of this service today. (Hint: it’s not the best we’ve reviewed!)
Let’s start by covering the pros and cons:
- AES 256 encryption
- Optional end-to-end encryption
- Automatic, limited version tracking
- Compliant with GDPR and numerous other standards
- Fully-featured desktop client
- 2FA support
- Based in the United States (a bad privacy jurisdiction)
- Data stored in the United States
- Browser interface exposes your Private Encryption Key
- No file sharing if you use the most secure mode
- Slow file transfer speeds (especially compared to the competition)
IDrive feature summary
Here is a quick summary of the core features of IDrive:
- Provides apps for Windows, Mac OS, Android, and iOS
- Web interface and scripts for Linux
- If you create a Private Encryption Key you can have end-to-end encryption of your data, with some major caveats
- IDrive Snapshot keeps track of up to 30 versions of each file for easy recovery; these files do not count against your storage limit
- Multiple file sharing options (if you don’t use a Private Encryption Key)
IDrive company information
IDrive Inc. is a privately held company based in California, USA. As we’ve discussed in other reviews, many in the privacy field suggest you avoid any service based in the United States. These warnings are due to the nation’s aggressive mass surveillance programs and laws that force technology companies to assist intelligence agencies in spying on their users.
But being based in the United States doesn’t automatically disqualify a service. If a service offers strong end-to-end (E2E) encryption, this can mitigate most concerns about the US jurisdiction. Since IDrive does offer optional end-to-end encryption, we decided to investigate further.
Where does IDrive store your data?
IDrive stores your data on one or more servers in the United States. This is definitely not ideal since the company is also based in the United States, part of the Five Eyes surveillance network. The AES 256 encryption the company uses is secure if you have control over your encryption key, but that is not always the case when you use IDrive. We’ll talk more about this situation later in the review. It is something you need to pay close attention to if you want your data to be completely secure.
IDrive Terms of Service
With concerns about the company’s jurisdiction and how they implement their security, I took a close look at the IDrive Terms of Service (ToS) document, which was last updated April 24, 2015. The document is pretty huge, but written in more or less plain English. Here are some things I found in the ToS that you should know about:
- The IDrive code is not open source. I would feel much better if it was open source given my other concerns about the product.
- You agree not to violate the IDrive Acceptable Use Policy. It is a big list of stuff you aren’t supposed to do.
- If the company suspects you are storing and distributing something illegal, they give themselves the right to inspect your data. They also suggest that if you want absolute privacy, you should use the private encryption key. We’ll be talking about this key a lot so will also refer to it as the Private Key or simply the Key for convenience.
- You are forbidden to use IDrive to sell or distribute content to others.
- You are required to immediately notify IDrive of changes to any of the information you used to register for the service, including mailing address, phone number, and email address.
- Joining a paid plan requires you to accept recurring billing at, “the published standard plan that is chosen at the time of sign-up or to a customized quote provided for your specific use. You also agree that the enrollment for the next service period is automatic and paid in advance at the same rate.”
- If there are any billing discrepancies, you have 60 days to report them by calling customer support or emailing email@example.com. If you don’t you waive all rights to compensation.
- You can disable auto-renewal; but if you do, all your data will be automatically deleted and your account terminated at the end of the term. They really want you to auto-renew.
- You will be charged $0.25/GB/month for Personal plan and $0.50/GB/month for Business plans if you exceed your plan’s quota limit. This could add up fast!
- Free accounts are automatically terminated after 90 days of inactivity. In addition, IDrive can terminate free accounts at any time, with or without notice.
- If you use the default encryption option, IDrive will encrypt your data for you, using an encryption key they control. IDrive personnel can use that key to decrypt your data. If you use the private encryption key option, your data will be encrypted using your key and IDrive will not be able to decrypt it. With either type of encryption, file names and certain metadata will not be encrypted.
- When you use the Private Key option and sign in using the IDrive web application, your key is transmitted to IDrive for the duration of the session. This means your lose the benefit of a private key if you sign in using the IDrive web application.
- They may capture your IP address and will use it to identify you if they feel it is necessary for a range of reasons. (But you can easily hide your IP address with a good VPN service.)
- IDrive may on may not keep redundant backups of the data you store on their service. If your data is not backed up redundantly they, “may not be able to recover data in the event of failure and we may need to initiate a fresh backup of user data.” Their stated policy on backup is that, “Online or Cloud Backup should always be a complementary solution to local backup and not be the ONLY solution.”
- You are allowed to retain and restore 30 previous versions of all files backed up to your account. These don’t count against your quota, but if they occupy too much space IDrive may limit the number of versions retained.
- You can create Additional/Sub-accounts for clear separation of authentication and encryption key. While there are no limits on the number of devices that can be assigned to a sub-account, IDrive strongly urges you to include no more than five computers per sub-account. You can backup an unlimited number of computers, tablets, and/or mobile devices to a single account.
- IDrive allows third parties to create applications that utilize IDrive but the company disavows any responsibility or liability resulting from the use of such third party applications.
- Private Encryption Keys only work with IDrive for Windows or Mac. Note that this is no longer true. You can use your Private Key with your mobile devices too.
- IDrive makes no warranties or guarantees that the service will be, “TIMELY, ERROR-FREE, UNINTERRUPTED, VIRUS-FREE OR SECURE; (C) THAT THE DATA AND FILES YOU STORE IN YOUR ACCOUNT WILL NOT BE LOST OR DAMAGED; (D) THAT THE DATA ON YOUR DESKTOP OR SERVER WILL NOT BE LOST OR DAMAGED; OR (E) THAT DEFECTS IN THE SERVICE WILL BE CORRECTED.”
And so on. Basically, they accept no responsibility for anything that might happen to your data.
The full IDrive ToS is found here.
- IDrive collects the following personal information when you create an account: first and last name, a valid credit card, home and/or business mailing address, email address, password.
- They keep session records that include: “the timing and size of all packets sent over the Internet during a session, session date and times, Device Internet Protocol (“IP”) address, browser type, Device name and/or identification number, and other interactions with the Service.”
- They use the data they collect: “(i) to provide and improve our Service, (ii) to administer your use of the Service, (iii) to better understand your needs and interests, (iv) to personalize and improve your experience, (v) to provide or offer software updates and (vi) to provide product announcements.”
- They state that they do not share the data you provide without your consent or unless compelled to do so by law. However, they can also disclose your personal information, and the content of the files you store on their service, if they have a good faith belief that disclosure is reasonably necessary to:
- Comply with a law, regulation or compulsory legal request
- Protect the safety of any person from death or serious bodily injury
- Prevent fraud or abuse of our Services or its users
- Protect their own property rights
- The business gets merged, acquired, or sold
- The company will retain your data as long as you have an account, or as long as needed to provide their services. When you cancel your account, they will delete your files within 10 business days. It may take longer to delete backed-up versions of files that may exist after deletion.
- They do not knowingly collect personally identifiable information from children under 13.
IDrive appears to collect and retain more personal information than other cloud storage services we have reviewed.
IDrive security audits & other third-party tests
I didn’t have any luck finding details of third-party security audits of IDrive security. The company does state that they have, “periodic third party reviews of our network infrastructure to check for known application and service vulnerabilities.”
IDrive Privacy Shield compliance situation
IDrive has certified its compliance with the EU-US and Swiss-US Privacy Shield Frameworks. Privacy Shield covers data protection requirements when transferring data between the United States and other countries. This means that IDrive has publicly committed to comply with Privacy Shield requirements. It doesn’t appear that any kind of outside auditing of Privacy Shield requirements is necessary.
Note: On July 16 2020, the European Court of Justice declared the EU-US Privacy Shield invalid. On the same day, the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland, “issued an opinion concluding that the Swiss-US Privacy Shield Framework does not provide an adequate level of protection for data transfers…” You can learn more about the Swiss-US situation here.
IDrive user interfaces
IDrive provides Windows and Mac OS desktop apps, along with Android and iOS mobile apps. These are not only the most popular apps for most people. They are also the ones that fully support IDrive’s end-to-end (E2E) encryption system completely. Their browser interface supports E2E, but in the process, it shares your Private Key with IDrive for the length of the time you are connected. Because of this, I don’t consider the web interface a valid part of the secure encryption system.
As far as I am concerned, if you share your Key with anyone your data is no longer secure.
This being the case, I only concerned myself with the desktop clients and mobile apps.
IDrive desktop clients
The IDrive desktop client is very versatile. It handles scheduled backups of your data, as well as file synchronization, disk image backup, entire machine backup, and more.
I’m not even going to try to describe everything this beast can do. I will say this is the most powerful desktop client I’ve seen so far. I can’t think of an online storage task IDrive can’t do. It’s great.
IDrive mobile apps
The mobile apps allow you to backup and sync your data with IDrive’s servers.
Here is the IDrive Android app:
They also offer useful features like the ability to automatically backup your photos to the servers. More importantly from our perspective is that the mobile apps do support the use of your Private Encryption Key, despite what the documentation might say.
IDrive hands-on testing for the review
For this review, I installed the IDrive Full Client on my Windows 10 machine, and a Samsung S9+. The free plan requires you to submit your name, email address, and password, while the Personal / Business plan requires those items, plus a phone number, and full credit card information.
I signed up for the Free 5 GB plan for this review. This free plan requires you to submit your name, email address, and password. If I had signed up for the Personal / Business plan I would have been required to submit that information, plus a phone number, and full credit card information. Doing so also commits you to automatic yearly renewal of the subscription at the full price (instead of the discounted first year price). With any of the free or paid plans you must agree to receive email from IDrive about product updates.
As you proceed through the account creation process, you will come to this, the most important step in the process:
If you want secure cloud storage, you need to select the Private encryption key option. The default approach uses an encryption key controlled by IDrive, which puts the security of your data in their hands. If you set a Private Encryption Key, your data gets encrypted with that key before it leaves your device. IDrive states that they have no access to this key so cannot decrypt your data if you select this option.
Of course, since IDrive won’t know your encryption key, it is up to you to keep it safe (perhaps using a secure password manager).
Note: If you have already installed IDrive using the default encryption, you can switch to the Private Key to get their E2E encryption. However, to do so, you must reset your account. This can result in IDrive deleting all your data from their servers.
If you don’t have your own backup of the data you store in IDrive and this happens, you can lose everything.
Once you work your way through the account creation process, you will end up on the Welcome to IDrive web page.
From here you can install the apps you want to use and get to work. As part of the installation process, IDrive will put an icon on your desktop you can use to launch the desktop app.
As you might imagine with a service that can do so much, there are a ton of Settings you can adjust from the desktop client. Fortunately, you probably won’t have to touch any of them. The defaults should work fine for you.
What you will want to do is configure IDrive to back up and/or sync the files and folders you want it to. Here are the things you will want to configure right away:
- Backup – Stores the selected files and folders on the IDrive server in case you need to restore them to this device.
- Scheduler – Tells IDrive when to make backups.
- Sync – Makes a copy of selected files and folders (in the folder you configure as the sync folder) available on every device connected to this account.
Once you get the configuration done, using IDrive is a piece of cake. It’ll automatically back up the stuff you told it to, and synchronize whatever you put in the sync folder. However, if you want to use your Key to secure your data, there are a couple of things you won’t be able to do.
- You can’t share files. Because your files are E2E encrypted, IDrive can’t share them. I know some other secure cloud storage apps have a process for sharing files while they are E2E encrypted, but IDrive can’t.
- You can’t use the web interface. While the web interface works fine even when you are using a Private Key, it shares your key with the IDrive servers for the duration of the connection. You would have to trust the IDrive to protect your key in this case. I’m sure the IDrive team is honorable, but for the best privacy and security, you need to control your own Key.
Informal backup testing
I don’t normally do performance testing on the products I review. My concern is more about the security and privacy that a service offers than on raw speed. However, in my research on IDrive, I saw numerous complaints about extremely slow data transfers to and from the IDrive servers. As in days to back up tens of GB of data over the Internet.
The marketing for IDrive Express also gave me pause, talking about physically shipping disk drives back and forth around the world, allowing you to back up or retrieve several GB of data “within a week.”
I needed to at least do a quick check on this. What I did was upload just under a GB of data to my IDrive backup folder. Then I uploaded the same data on the same computer to a MEGA sync folder. I realize this isn’t exactly an “apples to apples” test, but I simply wanted to get a ballpark idea of whether IDrive was really slow. Here are the results:
IDrive uploaded the data in 57 minutes.
MEGA uploaded the same data in under 8 minutes.
That’s a huge difference. If these speeds are typical for IDrive, slow performance could impact your experience.
What does this tell us? Nothing concrete, but it is definitely a warning to investigate the speeds you get in your own environment before making a long-term commitment to IDrive.
Additional IDrive features
IDrive offers some excellent additional features. I’m only going to touch on a few to keep this review from getting huge. The first one we’ll talk about is IDrive Express.
IDrive Express is a service that can populate your online IDrive account with large amounts of data fast. It does so moving the data using a physical storage device. IDrive ships you a physical storage device. You connect it to your computer and use the IDrive Local Backup feature to quickly transfer the data you want to backup onto the physical storage device. Then you ship the device back to IDrive, where your data is downloaded, by the company, into your cloud account.
While I don’t think this is a feature I have a use for, if you have multiple terabytes of data archived, this could be a good solution. Your data is encrypted at all times during this process, so assuming you are using a Private Key, your data should be secure.
IDrive Photos is one of the newest features added to IDrive. It is a cloud storage app for photos from your iOS and Android devices. It offers unlimited storage space, and other capabilities such as a timeline view, auto uploads, and a favorites album.
Interestingly, shortly after its release, the company published an update to IDrive Photos, which they say is now, “…possibly the fastest and most affordable unlimited photo/video cloud backup app.” Given the general slow performance of IDrive, if true, this bodes well for future IDrive performance improvements.
Rather than backing up a select set of files, IDrive Mirror makes full image backups of Windows computers and servers. These backups can protect you against ransomware and other attacks. The increasing frequency and severity of such attacks is leading experts to call ransomware a national security risk.
IDrive Mirror allows you to backup an unlimited number of computers and servers into a single account. , allowing for direct data backup and retrieval from the IDrive cloud without any intermediary storage device.
This is another place where IDrive gets a lot of criticism. I’ve seen lots of complaints that IDrive Support is slow to very slow responding to support tickets, and that the responses that they finally provide are not very useful. While testing the service, I submitted a support ticket on a Tuesday, containing a couple of simple questions related to the ToS. Within a couple of hours, I received an email containing my ticket number and stating that a representative would follow up with me as soon as possible.
I finally got a response on Friday, which is way too long to have to wait. I understand that the Coronavirus is making things tough for businesses everywhere. At the same time, none of the other services I have contacted recently took anywhere near this long to reply. In addition, comments we have received since we first reviewed IDrive also complain about slow customer support.
How secure and private is IDrive?
Now we come to the Thousand Dollar Question: how secure and private is IDrive?
When it comes to data security, the answer depends on which type of encryption you use. If you select the default option for encryption, your data should be secure in transit to and from the IDrive servers. But your security is in the hands of IDrive once your data arrives at their servers since they control the key used to encrypt your data. The United States could force IDrive to not only disclose the personal information they normally collect, but also to decrypt all your data and hand it over to whichever agency wants it.
If you use a Personal Encryption Key to encrypt your data, it should remain secure, even on the IDrive servers since you control the key used to encrypt your data and that data is encrypted before it leaves your device. This client-side, end-to-end encryption means only you can decrypt your data.
But this is vital to remember. If you access your data through a web browser using this encryption, the browser will share your Key with IDrive for the duration of the connection. This puts your data at risk, since someone at the company could get their hands on your Key. Or they could be compelled by the United States to capture your Private Key and use it to decrypt your data. The IDrive code is not open source, so there is no way to know if something like that is going on.
So how secure and private is IDrive? Significantly less than some of their competitors. Perhaps the question you should ask about this product should be, “Is IDrive sufficiently secure and private for my needs?” The answer to that question depends on your threat model.
IDrive pricing has gotten more complicated over time. IDrive Basic is their free plan, with a limit of 5GB of data storage. Beyond that, they offer three paid pricing plans:
- IDrive Personal
- IDrive Team
- IDrive Business
Each of those plans has variable pricing based on the amount of storage you need. Each also features a discount on your first year of service. The following image shows pricing that was in effect at the time of this IDrive review.
In addition to the plans, the company offers additional price add-ons such as Managed endpoint protection and IDrive BMR Appliance, as well as the aforementioned IDrive Photos. Note that IDrive does not offer monthly plans. For more details on IDrive pricing plans, go here.
IDrive review conclusion
IDrive has lots of features and benefits for someone who just wants a secondary cloud backup of their data. On the flip side, backing up files with the service seems very slow, as does responding to support tickets. The company also captures a good bit of your personal information, and their Terms of Service don’t make me too confident in their ability to safely store user data once they have it. You’ll have to weigh those tradeoffs yourself.
But remember that we are looking for a secure cloud storage service. You can get secure IDrive end-to-end encryption if you create a Private Encryption Key, but you will sacrifice some features and functionality for that security. Given that many of IDrive’s competitors have resolved both of these issues, it seems to lag behind the competition.
Is IDrive right for you?
If you are looking for a flexible, inexpensive cloud backup service, IDrive could fill the bill nicely. But if your priorities include secure cloud storage, or fast storage, there are several better options to choose from.
You can find other options by checking out our guide on the best cloud storage services. Other cloud storage reviews from Restore Privacy include:
- Tresorit Review
- MEGA Cloud Review
- Sync.com Review
- Nextcloud Review
- pCloud Review
- SpiderOak Review
- NordLocker Review
This IDrive review was last updated on June 29, 2021.