Service | IDrive |
Based in | United States |
Free Version | Yes |
Price | $4.37/mo; 2 TB |
Website | www.idrive.com |
IDrive is a popular cloud storage service that has been widely recommended on various websites over the years. While it is a large player in the cloud storage space, this competitive industry can change fast.
So does IDrive still lead the pack – or is it falling behind the competition? Before you hand over your hard-earned money for an IDrive subscription, you’ll want to read on. (Hint: it’s not the best we’ve reviewed!)
So let’s start by covering the pros and cons.
+ Pros
- AES 256 encryption
- Optional end-to-end encryption
- Automatic, limited version tracking
- Compliant with GDPR and numerous other standards
- Fully-featured desktop client
– Cons
- Based in the United States, with data stored in the United States (bad privacy jurisdiction)
- Browser interface exposes your Private Encryption Key
- No file sharing if you use a Private Encryption Key
- Slow file transfer speeds (especially compared to the competition)
IDrive feature summary
Here is a quick summary of the core features of IDrive:
- Provides apps for Windows, Mac OS, Android, and iOS
- Web interface and scripts for Linux
- If you create a Private Encryption Key you can have end-to-end encryption of your data, with some major caveats
- IDrive Snapshot keeps track of up to 30 versions of each file for easy recovery; these files do not count against your storage limit
- Multiple file sharing options (if you don’t use a Private Encryption Key)
Company information
IDrive Inc. is a privately held company based in California, USA. As we’ve discussed in other reviews, many in the privacy field suggest you avoid any service based in the United States. These warnings are due to the nation’s aggressive mass surveillance programs and laws that force technology companies to assist intelligence agencies in spying on their users.
That said, being based in the United States does not automatically disqualify a service. If a service offers strong end-to-end encryption, this can mitigate most concerns about US jurisdiction. Since IDrive does offer optional end-to-end encryption, we decided to investigate further.
Where does IDrive store user data?
IDrive stores your data on one or more servers in the United States. This is definitely not ideal since the company is also based in the United States, part of the Five Eyes surveillance network.
IDrive Terms of Service
With all that out of the way, I took a good look at the IDrive Terms of Service (ToS) document, which was last updated April 24, 2015. The document is pretty huge, but not a mass of legalese. Here are some things I found in the ToS that you should know about:
- While the IDrive code is not open source, some of the applications they offer may include open source code.
- You agree not to violate the IDrive Acceptable Use Policy. It is a big list of stuff you aren’t supposed to do.
- If the company suspects you are storing and distributing something illegal, they give themselves the right to inspect your data. They also suggest that if you want absolute privacy, you should use the private encryption key (we’ll be saying more about this key soon).
- You are forbidden to use IDrive to sell or distribute content to others.
- You are required to immediately notify IDrive of changes to any of the information you used to register for the service, including mailing address, phone number, and email address.
- Joining a paid plan requires you to accept recurring billing at, “the published standard plan that is chosen at the time of sign-up or to a customized quote provided for your specific use. You also agree that the enrollment for the next service period is automatic and paid in advance at the same rate.”
- If there are any billing discrepancies, you have 60 days to report them by calling customer support or emailing support@idrive.com. If you don’t you waive all rights to compensation.
- You can disable auto-renewal; but all your data will be automatically deleted and your account terminated at the end of the term.
- You will be charged $0.25/GB/month for Personal plan and $0.50/GB/month for Business plans if you use more than your plan’s quota limit. This could add up fast!
- Free accounts are automatically terminated after 90 days of inactivity. In addition, IDrive can terminate free accounts at any time, with or without notice.
- If you use the default encryption option, IDrive will encrypt your data for you, using an encryption key they control. IDrive personnel can use that key to decrypt your data. If you use the Private Encryption Key option, your data will be encrypted using your key and IDrive personnel will not be able to decrypt it. With either type of encryption, file names and certain metadata will not be encrypted.
- When you use the Private Encryption Key option and sign in using the IDrive web application, your key is transmitted to IDrive for the duration of the session. This means your lose the benefit of a private key if you sign in using the IDrive web application.
- They may capture your IP address and will use it to identify you if they feel it is necessary for a range of reasons. (But you can easily hide your IP address with a good VPN service.)
- IDrive may on may not keep redundant backups of the data you store on their service. If your data is not backed up redundantly they, “may not be able to recover data in the event of failure and we may need to initiate a fresh backup of user data.” Their stated policy on backup is that, “Online or Cloud Backup should always be a complementary solution to local backup and not be the ONLY solution.”
- You are allowed to retain and restore 30 previous versions of all files backed up to your account. These don’t count against your quota, but if they occupy too much space IDrive may limit the number of versions retained.
- You can create Additional/Sub-accounts for clear separation of authentication and encryption key. While there are no limits on the number of devices that can be assigned to a sub-account, IDrive strongly urges you to include no more than five computers per sub-account. You can backup an unlimited number of computers, tablets, and/or mobile devices to a single account.
- IDrive allows third parties to create applications that utilize IDrive but the company disavows any responsibility or liability resulting from the use of such third party applications.
- Private Encryption Keys only work with IDrive for Windows or Mac. Note that this is no longer true. You can use your Private Encryption Key with your mobile devices too.
- IDrive makes no warranties or guarantees that the service will be, “TIMELY, ERROR-FREE, UNINTERRUPTED, VIRUS-FREE OR SECURE; (C) THAT THE DATA AND FILES YOU STORE IN YOUR ACCOUNT WILL NOT BE LOST OR DAMAGED; (D) THAT THE DATA ON YOUR DESKTOP OR SERVER WILL NOT BE LOST OR DAMAGED; OR (E) THAT DEFECTS IN THE SERVICE WILL BE CORRECTED.”
- And so on. Basically, they accept no responsibility for anything that might happen to your data.
The full IDrive ToS is found here.
IDrive Privacy Policy
I also reviewed the IDrive Privacy Policy, which was last updated 02/10/2020. Here are the major points I think you should consider:
- IDrive collects the following personal information when you create an account: first and last name, a valid credit card, home and/or business mailing address, email address, password.
- They keep session records that include: “the timing and size of all packets sent over the Internet during a session, session date and times, Device Internet Protocol (“IP”) address, browser type, Device name and/or identification number, and other interactions with the Service.”
- They use the data they collect: “(i) to provide and improve our Service, (ii) to administer your use of the Service, (iii) to better understand your needs and interests, (iv) to personalize and improve your experience, (v) to provide or offer software updates and (vi) to provide product announcements.”
- They state that they do not share the data you provide without your consent or unless compelled to do so by law. However, they can also disclose your personal information, and the content of the files you store on their service, if they have a good faith belief that disclosure is reasonably necessary to:
- Comply with a law, regulation or compulsory legal request
- Protect the safety of any person from death or serious bodily injury
- Prevent fraud or abuse of our Services or its users
- Protect their own property rights
- The business gets merged, acquired, or sold
- The company will retain your data as long as you have an account, or as long as needed to provide their services. When you cancel your account, they will delete your files within 10 business days. It may take longer to delete backed-up versions of files that may exist after deletion.
- They do not knowingly collect personally identifiable information from children under 13.
IDrive appears to collect and retain more personal information than other cloud storage services we have reviewed.
IDrive security audits & other third-party tests
I didn’t have any luck finding details of third-party audits of IDrive security. The company does state that they have, “periodic third party reviews of our network infrastructure to check for known application and service vulnerabilities.”
IDrive has been audited and complies with the SSAE 16 standard. IDrive also complies with GDPR, and assists clients in meeting their compliance obligations under HIPAA, SOX, GLBA, SEC / FINRA.
Privacy Shield compliance
IDrive has certified its compliance with the EU-US and Swiss-US Privacy Shield Frameworks. Privacy Shield covers data protection requirements when transferring data between the United States and other countries. This means that IDrive has publicly committed to comply with Privacy Shield requirements. It doesn’t appear that any kind of outside auditing of Privacy Shield requirements is necessary.
IDrive user interfaces
IDrive provides Windows and Mac OS desktop apps, along with Android and iOS mobile apps. These are not only the most popular apps for most people. They are also the ones that fully support IDrive’s end-to-end (E2E) encryption system completely. Their browser interface supports E2E, but in the process, it shares your Private Encryption Key with IDrive for the length of the time you are connected. Because of this, I don’t consider the web interface a valid part of the secure encryption system.
As far as I am concerned, if you share your Private Encryption Key with anyone your data is no longer secure.
This being the case, I only concerned myself with the desktop clients and mobile apps.
IDrive desktop clients
The IDrive desktop client is very versatile. It handles scheduled backups of your data, as well as file synchronization, disk image backup, entire machine backup, and more.
I’m not even going to try to describe everything this beast can do. I will say this is the most powerful desktop client I’ve seen so far. I can’t think of an online storage task IDrive can’t do. It’s great.
IDrive mobile apps
The mobile apps allow you to backup and sync your data with IDrive’s servers.
Here is the IDrive Android app:
They also offer useful features like the ability to automatically backup your photos to the servers. More importantly from our perspective is that the mobile apps do support the use of your Private Encryption Key, despite what the documentation might say.
IDrive hands-on testing for the review
For this review, I installed the IDrive Full Client on my Windows 10 machine, and a Samsung S9+. The free plan requires you to submit your name, email address, and password, while the Personal / Business plan requires those items, plus a phone number, and full credit card information.
Installing IDrive
I signed up for the Free 5 GB plan for this review. This free plan requires you to submit your name, email address, and password. If I had signed up for the Personal / Business plan I would have been required to submit that information, plus a phone number, and full credit card information. Doing so also commits you to automatic yearly renewal of the subscription at the full price (instead of the discounted first year price). With any of the free or paid plans you must agree to receive email from IDrive about product updates.
As you proceed through the account creation process, you will come to this, the most important step in the process:
If you want secure cloud storage, you need to select the Private encryption key option. The default approach uses an encryption key controlled by IDrive, which puts the security of your data in their hands. If you set a Private Encryption Key, your data gets encrypted with that key before it leaves your device. IDrive states that they have no access to this key so cannot decrypt your data if you select this option.
Of course, since IDrive won’t know your encryption key, it is up to you to keep it safe (perhaps using a secure password manager).
Note: If you have already installed IDrive using the default encryption, you can switch to the Private Encryption Key to get their E2E encryption. However, to do so, you must reset your account. This can result in IDrive deleting all your data from their servers.
If you don’t have your own backup of the data you store in IDrive and this happens, you can lose everything.
Once you work your way through the account creation process, you will end up on the Welcome to IDrive web page.
From here you can install the apps you want to use and get to work. As part of the installation process, IDrive will put an icon on your desktop you can use to launch the desktop app.
Configuring IDrive
As you might imagine with a service that can do so much, there are a ton of Settings you can adjust from the desktop client. Fortunately, you probably won’t have to touch any of them. The defaults should work fine for you.
What you will want to do is configure IDrive to back up and/or sync the files and folders you want it to. Here are the things you will want to configure right away:
- Backup – Stores the selected files and folders on the IDrive server in case you need to restore them to this device.
- Scheduler – Tells IDrive when to make backups.
- Sync – Makes a copy of selected files and folders (in the folder you configure as the sync folder) available on every device connected to this account.
Using IDrive
Once you get the configuration done, using IDrive is a piece of cake. It’ll automatically back up the stuff you told it to, and synchronize whatever you put in the sync folder. However, if you want to use your Private Encryption Key to secure your data, there are a couple of things you won’t be able to do.
- You can’t share files. Because your files are E2E encrypted, IDrive can’t share them. I know some other secure cloud storage apps have a process for sharing files while they are E2E encrypted, but IDrive can’t.
- You can’t use the web interface. While the web interface works fine even when you are using a Private Encryption Key, it shares your key with the IDrive servers for the duration of the connection. You would have to trust the IDrive to protect your key in this case. I’m sure the IDrive team is honorable, but you may want control over your own key.
Informal backup testing
I don’t normally do performance testing on the products I review. My concern is more about the security and privacy that a service offers than on raw speed. However, in my research on IDrive, I saw numerous complaints about extremely slow data transfers to and from the IDrive servers. As in days to back up tens of GB of data over the Internet.
The marketing for IDrive Express also gave me pause, talking about physically shipping disk drives back and forth the world, allowing you to back up or retrieve several GB of data “within a week.”
I needed to at least do a quick check on this. What I did was upload just under a GB of data to my IDrive backup folder. Then I uploaded the same data on the same computer to a MEGA sync folder. I realize this isn’t exactly an “apples to apples” test, but I simply wanted to get a ballpark idea of whether IDrive was really slow. Here are the results:
IDrive uploaded the data in 57 minutes.
MEGA uploaded the same data in under 8 minutes.
That’s a huge difference. If these speeds are typical for IDrive, slow performance could impact your experience.
What does this tell us? Nothing concrete, but it is definitely a warning to investigate the speeds you get in your own environment before making a long-term commitment to IDrive.
Additional IDrive features
IDrive offers some excellent additional features. I’m only going to touch on one however. The one we just discussed above, IDrive Express
IDrive Express
IDrive Express is a service that can populate your online IDrive account with large amounts of data fast. It does so moving the data using a physical storage device. IDrive ships you a physical storage device. You connect it to your computer and use the IDrive Local Backup feature to quickly transfer the data you want to backup onto the physical storage device. Then you ship the device back to IDrive, where your data is downloaded, by the company, into your cloud account.
Your data is encrypted at all times during this process, so assuming you are using a Private Encryption Key, your data should be secure.
IDrive Support
This is another place where IDrive has been getting a lot of criticism recently. I’ve seen lots of complaints that IDrive Support is slow to very slow responding to support tickets, and that the responses that they finally provide are not very useful. I submitted a support ticket on a Tuesday, containing a couple of simple questions related to the ToS. Within a couple of hours, I received an email containing my ticket number and stating that a representative would follow up with me as soon as possible.
That was 72 hours ago, and still no reply. I understand that the Coronavirus is making things tough for businesses everywhere. At the same time, none of the other services I have contacted recently took anywhere near this long to reply. It seems the complaints about slow response to support tickets is a valid one.
On the bright side, the IDrive FAQ is truly enormous, with hundreds of detailed answers to questions. They also offer a nice set of video tutorials for the most common activities.
How secure and private is IDrive?
Now we come to the Thousand Dollar Question: how secure and private is IDrive?
As far as privacy goes, the Privacy Policy indicates that they collect more than an average amount of your data, and will disclose it to various third parties if they feel the need to. Beyond that, because they are based in the United States and their servers are in the United States, IDrive can be compelled to disclose your data to the US government.
When it comes to data security, the answer depends on which type of encryption you use. If you select the default option for encryption, your data should be secure in transit to and from the IDrive servers. But your security is in the hands of IDrive once your data arrives at their servers since they control the key used to encrypt your data. The United States could force IDrive to not only disclose the personal information they normally collect, but also to decrypt all your data and give it to the Feds.
If you use a Personal Encryption Key to encrypt your data, it should remain secure, even on the IDrive servers since you control the key used to encrypt your data and that data is encrypted before it leaves your device. This client-side, end-to-end encryption means only you can decrypt your data.
Unfortunately if you access your data through a web browser using this encryption, the browser will share your Personal Encryption Key with IDrive for the duration of the connection. In addition, because the IDrive code is not open source, you still need to trust that the code works the way they say it does.
So how secure and private is IDrive? Significantly less than some of their competitors. Perhaps the question should be, “Is IDrive sufficiently secure and private for my needs?” The answer to that question depends on your threat model.
IDrive prices
IDrive pricing is pretty easy to understand. There are two paid plans:
- IDrive Personal
- IDrive Business
Each of those plans has variable pricing based on the amount of storage you need. Each also features a discount on your first year of service. The following image shows pricing that was in effect at the time of this IDrive review.
Note that IDrive does not offer monthly plans. For more details on IDrive pricing plans, go here.
IDrive review conclusion
IDrive has lots of features and benefits for someone who just wants a secondary cloud backup of their data. On the flip side, backing up files with the service seems very slow, as does responding to support tickets. The company also captures a good bit of your personal information, and their Terms of Service don’t make me too confident in their ability to safely store user data once they have it. You’ll have to weigh those tradeoffs yourself.
But remember that we are looking for a secure cloud storage service. You can get secure IDrive end-to-end encryption if you create a Private Encryption Key, but you will sacrifice some features and functionality for that security. Given that many of IDrive’s competitors have resolved both of these issues, it seems to lag behind the competition.
Is IDrive right for you?
If you are looking for a flexible, inexpensive cloud backup service, IDrive could fill the bill nicely. But if your top priority is a secure cloud storage service, there are several better options to choose from.
Other cloud storage reviews from Restore Privacy:
- MEGA cloud storage review
- pCloud review
- Sync.com review
- Tresorit review
- Nextcloud review
- SpiderOak ONE review
IDrive Review
-
Rating
There are a lot of bad actors out there, so when one wants a secure service, you have to research the company first – and you have to take verify that research. (We have a BAA with them.) We have done several backups from iDrive (because I break my computers about once a year) and it has gone quite well. It is true that file names are not encrypted – which you will see if you have to upload logs to iDrive for tech support. So we changed our policies to not put account numbers in the file name. The BIGGEST drawback in my opinion (and I have gotten much better at fixing this) is that if you change a filename such as “Windows file saved 2020.04.15” to “Mac file saved 2020.04.15”, because it retains the first file, it is very easy for your backup to grow large with files that have merely been renamed, reorganized, or moved. So now we go in and delete those folders and files pretty immediately. (We also delete the Trash folder often, to ensure a current backup.) I got to this review site, becuase I too am having problems using idrive with my VPN. It works for the Continuous Backup Protection, but not so much for the the Backup Now button.
+1 for awful iDrive support. If you call or use chat, level 1 people will answer you very fast. But when they open a ticket, it can take days to have the first reply and more than week until your problem is solved.
I use the product for home backup, bought it about 6 months ago.
There is a MAJOR gotcha to their ‘entire machine backup’.
The disk you restore to must be at least as big as the disk that was backed up.
This is regardless of how much data was actually backed up (my disk was about 50% full), and regardless of the partition size being much less than the disk size.
My situation was that I had a 1TB HDD that crashed, and was backed up by iDrive’s “entire machine backup”, so I thought I was covered.
I bought a 1TB SSD that formatted to slightly smaller than the HDD, and iDrive refused to restore to it.
iDrive support says that is by design.
I had to rebuild the SSD from scratch and other very-partial backups, took me about a week.
And there is one more gotcha.
The ‘entire machine backup’ is encrypted – there is no choice to do an un-encrypted entire machine backup.
In order to restore for a disk crash scenario, you must first restore the entire backup to decrypt it, then use that decrypted version to restore to the crashed disk.
The boot up using iDrive’s WinRE (Windows Recovery) flash drive to reformat+repartition+restore will NOT accept an encrypted backup.
Overall this means double the storage and double the time for a crash recovery scenario.
iDrive support says that is also by design.
My installation on my Mac seemed to work fine, but when I tried to use it, I never got a complete backup. It kept coming up with an error. When I emailed the company, they replied telling me to do things I had very little idea what they were talking about. It was all in tech speech. I’m not that much of a back end tech person. I finally said I’ll just wait for an upgrade that fixes it.
I had ordered iDrive service before reading your review. I received my express backup drive and currently in the process. At this point the filenames are encrypted as I can see the number names on the drive. I would imagine upon getting uploaded they have to be “converted” to my original file names so I can recognize them in a restore process. Similar to the way Crashplan works. Whether the actual filenames are encrypted is unknown.
According to their FAQ “iDrive does not store your private encryption key on its servers.”
As for tech support I was able to reach them on the phone in 3 minutes hold time and they answered all my questions.
Will give it a try and see how it works. Looks like all the competitors have various issues.
Great review. Thank You.
IDrive service is cheap and works fine if you have windows computers. I am an IDrive business subscriber and use it to back up a couple of Linux computers and I must say that the Linux version is bad, very very buggy. You have to turn SELinux off in RedHat based systems, for example, which is obviously not acceptable in a business environment. Also, support is really bad, it takes them 3-5 days to reply, and it is not unusual that it takes 2-3 interactions to get the problem solved. All Linux configurations have to be done via CLI which is very common for Linux users, but if you don’t like to use the CLI there is no GUI for the Linux version of IDrive.
Great review, I’ve heard conflicting things about iDrive’s zero-knowledge security. I’ve heard that the private key is transmitted to them, but they claim not to save or store it, which isn’t true zero knowledge. I’ve also heard in an IGN review that their decryption occurs server-side which means unencrypted user data is exposed on their servers even with a private key. I also was unaware that they didn’t encrypt filenames, which doesn’t seem very private. Couldn’t find anything about that in their TOS though I didn’t read all of it. I know Wikipedia’s article comparing cloud backup services does not list iDrive as offering zero-knoledge despite it claiming to be an optional feature. Maybe these are the reasons why. Kind of like how a lot of companies clam to offer private encryption or no logging, but there are loopholes in the fine print or design flaws that effectively circumvent it.
Review surfshark VPN tell us about its pros and cons who is running this company , logs policy extra
I’m working on it now. It should be live later this week.