Skip to content

privacy

4 posts with the tag "privacy"

The Zero-Knowledge Illusion in Cloud Transfer Tools

The zero-knowledge illusion in cloud transfer tools, encrypted in transit versus never seen

A transfer tool can only call itself zero-knowledge if it is never in a position to see your files or your credentials. There is really only one way to guarantee that: the tool never sits in the path your data travels. If it runs on someone else's servers, "zero-knowledge" describes an intention, not the architecture.

"Encrypted in Transit" Is Not the Whole Story

Section titled ""Encrypted in Transit" Is Not the Whole Story"

Most hosted tools say your data is encrypted in transit, and it is. The detail that matters is where the encryption stops. When data moves through a company's servers, it is decrypted there so it can be read and sent on to the destination, then encrypted again for the second leg. That is hop-by-hop encryption, not end-to-end. For a moment, on a machine you do not control, your files are in the clear.

This is not a sign of bad intent. It is how a relay has to work. But it means "encrypted in transit" and "we never see your files" are two different promises, and only one of them is being made.

The Bigger Exposure Is Your Credentials

Section titled "The Bigger Exposure Is Your Credentials"

Files in transit are the visible worry. The quieter one is the keys. To move data on your behalf, a tool needs your storage credentials, and a storage key is not a limited transfer pass. It can read, write, list, and delete across your account.

A hosted service has to store those keys somewhere so it can use them. That store, holding the credentials of many users, is a single valuable target. If it is breached, the exposure is not one transfer; it is standing access to everyone's storage.

One arrangement actually delivers it: the tool runs on your own machine, keeps your credentials in local storage, and connects straight to your providers. With nothing in the middle, there is no relay to decrypt your files and no shared vault to breach. The vendor's service knows nothing because it is not in the transfer path.

Blober works this way. Credentials stay in a local store on your computer, the data streams directly between your providers and your machine, and there is no Blober account or server in the path.

You do not have to take a claim on faith. A few questions sort the architecture out:

  • Does it require an account with the tool's own service? A pure local tool needs a licence, not an account that holds your data.
  • Where are credentials stored? On your machine, or on the tool's servers?
  • Can it run when the tool vendor's own servers are unreachable? If the core transfer can run with those servers unreachable, they are not in your data path. If it cannot, they are.

That vendor-offline test is the most telling. A tool that keeps working with its own service unreachable cannot be sending your files through that service.

The command-line tool rclone is also local, and that is its strength: it runs on your machine and moves data directly between providers. Its credentials live in a configuration file on your disk, which rclone says should be protected because it typically contains login information[1]. Blober keeps the same local-only principle while removing the configuration step, storing your credentials on your own machine and connecting straight to your providers.

Zero-knowledge is about the middleman, not the endpoints. No tool can protect you from a provider you have chosen to authorize; that provider can see what is in its own account by definition. What a local-first tool removes is the extra party, the one that had no need to see your data and no business holding your keys.

Is "encrypted in transit" enough? It protects data from outsiders on the wire, but not from the service doing the relay, which decrypts it to pass it along. End-to-end privacy requires that no middle service ever holds the unencrypted data.

Why are credentials a bigger deal than the files? A single transfer exposes one set of files. A leaked storage key exposes the whole account, for as long as the key stays valid.

How do I know a desktop tool is not phoning home? Test it offline. If the transfer between your clouds runs with the tool's own servers unreachable, your data is not passing through them.

What 'Local-First' Actually Means

What local-first software means, software that runs on your device rather than a remote server

Local-first software runs on your own device and keeps your data and its core features working without depending on someone else's servers. The cloud is still welcome, but it is optional rather than required. You hold the data, the app and local state remain usable offline, and nothing essential disappears if a company does.

The phrase was popularized by a 2019 essay from the research group Ink & Switch, titled "Local-first software: you own your data, in spite of the cloud"[1]. It set out a handful of ideals for software that respects the person using it: your data stays on your device and remains yours, the work is available offline, it lasts for the long run instead of vanishing when a service shuts down, and privacy is the default rather than an upgrade.

The essay was written about documents and collaboration, but the principles travel well to any tool that touches your data, including one that moves files between clouds.

It helps to place local-first between two older ideas.

  • Cloud-first software lives on a company's servers. You reach it through a browser, your data sits in its database, and when the service is down or gone, so is your access.
  • Local-only software is the classic desktop app that could not talk to anything else. Your data was yours, but it was stranded on one machine.

Local-first keeps the good parts of both. Your data and the app live on your device, so you keep control and offline access, and the app still reaches the cloud when you want it to. The difference from cloud-first is who is in charge: the cloud serves you, instead of holding you.

Applied to moving files between clouds, local-first has a clear shape:

  • The app runs on your computer, not in a browser tab on someone else's servers.
  • It connects directly to your providers, so your files are not relayed through a middle service.
  • Your credentials stay in a local store on your machine.
  • The core work does not depend on the tool's own servers, so it keeps running even when they are unreachable.
  • It keeps working for the long run. Blober is a lifetime licence with future updates under the current terms, so the copy on your machine does not stop working when a billing cycle ends.

This is the same idea described in Your Files, Your Machine, No Middleman, set out as a principle here rather than step by step.

  • Ownership. Your files and your keys stay on your side. A tool you run cannot quietly change what it does with data it never receives.
  • Longevity. A local-first tool does not depend on a company staying in business to keep functioning. What works today keeps working.
  • Privacy. With no middle service in the path, there is no extra party to see your files or hold your credentials.
  • No lock-in. Because the tool moves data between the storage you already use, it makes leaving any one provider easier, not harder.

Local-first is not anti-cloud, and it is not a claim that servers are bad. Plenty of good software is cloud-first for good reasons. Local-first is a statement about control: the data and the core features belong on your device, and the cloud is something you reach out to on your terms. For a tool whose whole job is handling your files, that is a sensible default.

Is local-first the same as offline? Offline is one of its results, not the whole idea. Local-first means the app and your data live on your device; working offline follows from that.

Does local-first mean I cannot use the cloud? No. It means the cloud is optional for the app to function. You still connect to cloud providers; you are just not dependent on the tool's own servers.

How is this different from an old desktop program? An old desktop program was often local-only, stranded on one machine. Local-first keeps your data on your device and still connects to the cloud when you want it.

Your Files, Your Machine, No Middleman: Why Local-First Transfers Matter

Your Files. Your Machine. No Middleman. Blober local-first cloud file transfer

The Risk You're Not Thinking About

Section titled "The Risk You're Not Thinking About"

Every time you use a SaaS cloud transfer tool (MultCloud, Flexify, or any browser-based service), your files pass through someone else's servers. Your vacation photos, your client deliverables, your financial backups: all routed through infrastructure you don't control, operated by companies you've never audited.

Most people don't think about this. They click "transfer," see a progress bar, and assume their files went from A to B. In reality, the path is A to middleman to B. That middleman sees your filenames, your folder structure, and in many cases, the file contents themselves.

The risk of SaaS cloud transfer tools: your files pass through someone else's servers, data is routed through proxies, and you have zero control over the path

Blober is a desktop app. It runs on your machine (Mac, Windows, or Linux) and talks directly to your cloud provider's API. When you transfer files from AWS S3 to Backblaze B2, the data flows from your machine to the provider endpoint. No relay. No proxy. No middleman.

This isn't just a privacy feature. It's a fundamentally different architecture:

  • SaaS tools: Your Machine > Their Server > Cloud Provider
  • Blober: Your Machine > Cloud Provider (direct)

Your credentials never leave your device. Your files never touch a server you didn't choose. And because there's no middleman bandwidth to pay for, there are no per-GB transfer charges from the tool itself. You only pay what your cloud provider charges.

Blober runs on your machine with direct API calls. SaaS tools proxy through their servers while Blober connects you directly to your cloud providers

Blober connects to a growing list of storage providers - AWS S3, Azure Blob Storage, Backblaze B2, Cloudflare R2, DigitalOcean Spaces, Dropbox, Google Drive, GoPro Cloud, Local Disk, Wasabi, and more - all from a single app with a visual file browser.

No subscriptions. No per-transfer fees. One purchase, lifetime access. And every byte stays between you and your cloud provider.

Take back control with Blober. A growing list of cloud providers, 100% local transfers, one-time purchase, available on Mac, Windows, and Linux
  • Privacy-conscious users who don't want their files routed through third-party servers
  • Photographers and videographers transferring large media libraries between providers
  • Small businesses that need to move data without compliance headaches
  • Anyone leaving a cloud provider who wants a clean, direct migration path
  • GoPro users who want their footage somewhere they actually control

Your files. Your machine. No middleman. Download Blober

Data Sovereignty: Why Your Cloud Transfer Tool Matters

Data sovereignty and why your cloud transfer tool architecture matters

Your Transfer Tool Is a Trust Decision

Section titled "Your Transfer Tool Is a Trust Decision"

When you move data between cloud providers, your transfer tool has access to everything: your storage credentials, your file contents, your metadata. The architecture of that tool - where it runs, where credentials are stored, where data flows - determines whether you maintain control or hand it to a third party.

Most people evaluate migration tools on speed and features. Few ask the harder question: who else can see my data while it's in transit?


Tools like Flexify.io and MultCloud run on their own servers. Your credentials are stored in their infrastructure. Your data routes through their systems during transfer.

ConcernFlexify.ioMultCloud
Credential storageFlexify serversMultCloud servers (Hong Kong)
Data pathThrough Flexify infrastructureThrough MultCloud servers
Account requiredYesYes
OAuth token storageServer-sideServer-side
Offline operationNoNo
Privacy policy scopeUS (Florida)Hong Kong

This doesn't mean these services are malicious. But it means:

  • A third party stores your cloud credentials - API keys, OAuth tokens, or access grants
  • Your data transits infrastructure you don't control - introducing a man-in-the-middle by design
  • You're subject to their privacy policy and jurisdiction - which may change without notice
  • A breach of their systems exposes your credentials and potentially your data

For personal photos, this might feel acceptable. For business data, media archives, legal documents, or HIPAA/GDPR-adjacent workloads - it's a serious risk.

rclone runs locally on your machine. Your data goes directly to and from each cloud provider. This is a genuine trust advantage over SaaS tools.

However, rclone stores credentials in a plaintext configuration file (~/.config/rclone/rclone.conf). Anyone with access to your filesystem - malware, another user, a compromised backup - can read your cloud credentials directly.

rclone does offer an encryption option for the config file, but it's opt-in and requires manual setup. Most users leave it in plaintext.

Blober runs entirely on your machine with encrypted credential storage. Your data flows directly between your machine and each cloud provider. No intermediary.

ConcernBlober
Credential storage✅ Local, encrypted
Data path✅ Direct (no middleman)
Account required✅ No (license key only)
OAuth token storage✅ Local only
Offline operation✅ Yes
Jurisdiction✅ Your machine, your rules

Your cloud storage credentials are the keys to your kingdom. An AWS access key or a Google OAuth token doesn't just grant transfer access - it grants full access to your storage: read, write, delete, list. If a SaaS provider's database is breached, your credentials are in that breach.

With Blober, credentials never leave your machine. There is no remote database to breach.

When a SaaS tool transfers your files, those files pass through their servers. Even with SSL encryption in transit, the data is decrypted on their infrastructure before being re-encrypted and sent to the destination. This is not end-to-end encryption - it's hop-by-hop.

With Blober, data flows directly from source to your machine to destination. No hops through third-party infrastructure.

MultCloud operates from Hong Kong. Flexify.io from Florida, USA. Each jurisdiction has different data protection laws, government access rules, and breach notification requirements. When your data or credentials live on their servers, you're subject to their jurisdiction - not yours.

Blober runs on your hardware, in your jurisdiction. No foreign servers. No cross-border data flow through third parties.

SaaS tools require active accounts. Cancel your subscription, and you lose access to your workflows, task history, and potentially your configured connections. This creates a soft lock-in that has nothing to do with the quality of the tool.

Blober is a one-time purchase. No account, no subscription, no leverage.


DimensionSaaS (Flexify, MultCloud)CLI (rclone)Blober
CredentialsThird-party serversPlaintext local file✅ Encrypted local
Data pathThrough vendor serversDirect✅ Direct
Account requiredYesNo✅ No
Offline capableNoYes✅ Yes
Risk of vendor breachExposes your credentialsN/A✅ N/A
JurisdictionVendor's countryYour machine✅ Your machine
Subscription lock-inYesNo✅ No

  • Freelancers and agencies handling client data - you have a professional duty to control where that data flows
  • Photographers and videographers with irreplaceable media - GoPro footage, wedding archives, production masters
  • Small businesses without dedicated security teams - reducing your attack surface matters
  • Anyone under GDPR, HIPAA, or SOC 2 obligations - third-party data processors require disclosure and contractual agreements
  • Privacy-conscious individuals who simply want to own their data pipeline

Your migration tool is not a neutral pipe. It's an active participant in your data flow. Its architecture determines whether your credentials are stored remotely, whether your files transit foreign servers, and whether you maintain sovereignty over your data.

Blober is designed around a simple principle: your data, your machine, your rules.

No accounts. No SaaS intermediaries. No credential exposure. One-time purchase, local execution, direct transfers.

Get Blober =>