but you can see many Google results show ZK header:
they even have a blog post:
drime.cloud/blog-posts/5-best-end-to-end-encrypted-cloud-storage-that-keeps-your-data-private-in-2025
where they say:
“For users with highly sensitive information, Drime Vault provides zero-knowledge, end-to-end encryption where files are encrypted on your device before upload.”
… so yet again they lie. It’s not just “old marketing header”. They were consistently using zero-knowledge encryption.
If I was them I would simply acknowledge that mistake was made and try to fix ASAP.
Instead they blame the author of these findings: “document you shared contains several inaccuracies”, “we have already contacted author … but never received a reply”.
I guess they’re trying to sweep it under the the rug, so they can preserve nice image and lure even more people into Black Friday Lifetime plans.
Question is how long they last when they run out of money from the initial Lifetime funding - they sell it way below operating costs, it’s not sustainable. They will need to keep selling new Lifetime to keep the lights on, but that’s even less sustainable.
I like the clarification that they’ve addressed the zero-knowledge question before, though they only started saying it after my post.
To anyone from the Drime team reading this, I’d genuinely like to see the detailed response you mentioned sending me. It’s possible it got lost in my inbox, so if you could resend it to sylphie@tuta.io, I’d really appreciate it. Thanks!
I believe it makes sense to stash versions here, as with their approach, they will edit pages and later make fool of you.
and one more: drime.cloud/blog-posts/7-most-secure-end-to-end-encrypted-cloud-storage-services-tested-in-2025
”Drime offers its “Vault” feature—a fully end-to-end encrypted storage area with zero-knowledge architecture.”
except that their Reddit post says: “For now, Drime Vault offers end to end encryption, but it is not zero knowledge. We have said this many times”
====
This gives many user rights to withdraw from the agreement and ask for their money to be returned, as clearly they were misled by their catchy marketing.
So they basically bought a $29 file-hosting script, bolted a ‘Vault’ feature on top of it, and slapped a ‘Military-Grade Security’ and ‘Zero-knowledge’ label on the homepage
They’re trying to call their code secure when their entire core foundation was bought off CodeCanyon and was never architected for privacy, also explains why the metadata was in plaintext.
This is deceptive marketing at its finest, no Drime, this isn’t military grade security, just a $29 template.
And don’t even get me started on the ‘Vault’ which is just a UI gate(using the check hash sent by the server), since the server holds the encryption keys, they can decrypt your files at any time. Whether it’s a warrant or just a random admin getting curious, they can access everything at will. Real privacy means you hold the keys, not the company.
(the orange text is the hash directly from drime)
MzQ0NDZ8cGFkZA > 34446|padd
all the code does is add the characters ‘|padding’ at the end until it reaches 10 characters, if it’s at 10 characters already, it adds 0 padding. this isn’t encryption, it’s a PHP homework assignment
the ’34446’ number is probably how many files there have ever been uploaded*(I mistakenly said it’s the amount they’re hosting right now, it’s not)* inside of their ‘Vault’ since that’s where I made the request in(also outside vault it’s 482,280,015 files, which seems to be inflated, i’d say the real count is probably 2,280,015 files if they manually set it to 480m, because they only have 19k users at the moment, and it’s practically impossible for only 19k users to upload 482m files)
so 34k files in the vault, not bad drime!
seems like security(and honesty) is really taken seriously over there!
ask for their money to be returned
