Back to all topics

Photos & files

Photos and documents often carry more than they appear to: location tags, timestamps, and device details ride along inside the file. Cloud storage can also mean a company holds a readable copy. These guides cover stripping hidden metadata, sharing files without handing over the keys, and choosing storage that encrypts your data so only you can open it.

Tools compared

Who holds the keys to your files?

Readable by the provider
  • Google Photos / Drive

    Google holds the keys and scans content (including for CSAM). Convenient, but your files are readable to the provider.

  • iCloud Photos (default)

    By default Apple can access your photos, so they are scannable server-side.

  • Dropbox

    Encrypted in transit and at rest, but Dropbox holds the keys and can read or hand over files.

End-to-end encrypted
  • iCloud + Advanced Data ProtectionVisitsupport.apple.com

    Turning on Advanced Data Protection makes Photos, Backup and most iCloud categories end-to-end encrypted, so even Apple can't read them.

  • Free, open-source client-side encryption you layer over any cloud (Drive, Dropbox), so the provider only ever sees encrypted blobs.

  • Proton DriveVisitproton.me

    End-to-end encrypted file storage and sharing from the Proton ecosystem.

  • Open-source, end-to-end encrypted photo storage; a private alternative to Google or Apple Photos.

Verified July 2026 and not exhaustive. “Readable by the provider” means the content can, in principle, be scanned or handed over. We take no money from any product listed here; where a tool sits can change, so check its current documentation.

Guides