I analyzed Drime Cloud’s Vault feature, which they market as “zero-knowledge” with end-to-end encryption.
Their website claims “Only you can see your files. Not us, not anyone else.”
However, after a simple API inspection, I noticed all metadata is transmitted in plaintext:
- File and folder names
- File types and sizes
- Complete directory structure
- All timestamps
Only file contents appear to be encrypted. This contradicts the industry definition of “zero-knowledge” encryption.
Full technical analysis with evidence:
Thought I’d put this out since my post on their subreddit got removed and my Reddit account shadow-banned for no apparent reason.
Be careful where you put your data.