IDrive Review – A Popular Service, But Falling Behind?
|Based in||United States|
|Price||$4.37/mo; 2 TB|
- AES 256 encryption
- Optional end-to-end encryption
- Automatic, limited version tracking
- Compliant with GDPR and numerous other standards
- Fully-featured desktop client
- Based in the United States, with data stored in the United States (bad privacy jurisdiction)
- Browser interface exposes your Private Encryption Key
- No file sharing if you use a Private Encryption Key
- Slow file transfer speeds (especially compared to the competition)
IDrive feature summaryHere is a quick summary of the core features of IDrive:
- Provides apps for Windows, Mac OS, Android, and iOS
- Web interface and scripts for Linux
- If you create a Private Encryption Key you can have end-to-end encryption of your data, with some major caveats
- IDrive Snapshot keeps track of up to 30 versions of each file for easy recovery; these files do not count against your storage limit
- Multiple file sharing options (if you don’t use a Private Encryption Key)
IDrive Inc. is a privately held company based in California, USA. As we’ve discussed in other reviews, many in the privacy field suggest you avoid any service based in the United States. These warnings are due to the nation’s aggressive mass surveillance programs and laws that force technology companies to assist intelligence agencies in spying on their users.That said, being based in the United States does not automatically disqualify a service. If a service offers strong end-to-end encryption, this can mitigate most concerns about US jurisdiction. Since IDrive does offer optional end-to-end encryption, we decided to investigate further.
Where does IDrive store user data?IDrive stores your data on one or more servers in the United States. This is definitely not ideal since the company is also based in the United States, part of the Five Eyes surveillance network.
IDrive Terms of ServiceWith all that out of the way, I took a good look at the IDrive Terms of Service (ToS) document, which was last updated April 24, 2015. The document is pretty huge, but not a mass of legalese. Here are some things I found in the ToS that you should know about:
- While the IDrive code is not open source, some of the applications they offer may include open source code.
- You agree not to violate the IDrive Acceptable Use Policy. It is a big list of stuff you aren’t supposed to do.
- If the company suspects you are storing and distributing something illegal, they give themselves the right to inspect your data. They also suggest that if you want absolute privacy, you should use the private encryption key (we’ll be saying more about this key soon).
- You are forbidden to use IDrive to sell or distribute content to others.
- You are required to immediately notify IDrive of changes to any of the information you used to register for the service, including mailing address, phone number, and email address.
- Joining a paid plan requires you to accept recurring billing at, “the published standard plan that is chosen at the time of sign-up or to a customized quote provided for your specific use. You also agree that the enrollment for the next service period is automatic and paid in advance at the same rate.”
- If there are any billing discrepancies, you have 60 days to report them by calling customer support or emailing email@example.com. If you don’t you waive all rights to compensation.
- You can disable auto-renewal; but all your data will be automatically deleted and your account terminated at the end of the term.
- You will be charged $0.25/GB/month for Personal plan and $0.50/GB/month for Business plans if you use more than your plan’s quota limit. This could add up fast!
- Free accounts are automatically terminated after 90 days of inactivity. In addition, IDrive can terminate free accounts at any time, with or without notice.
- If you use the default encryption option, IDrive will encrypt your data for you, using an encryption key they control. IDrive personnel can use that key to decrypt your data. If you use the Private Encryption Key option, your data will be encrypted using your key and IDrive personnel will not be able to decrypt it. With either type of encryption, file names and certain metadata will not be encrypted.
- When you use the Private Encryption Key option and sign in using the IDrive web application, your key is transmitted to IDrive for the duration of the session. This means your lose the benefit of a private key if you sign in using the IDrive web application.
- They may capture your IP address and will use it to identify you if they feel it is necessary for a range of reasons. (But you can easily hide your IP address with a good VPN service.)
- IDrive may on may not keep redundant backups of the data you store on their service. If your data is not backed up redundantly they, “may not be able to recover data in the event of failure and we may need to initiate a fresh backup of user data.” Their stated policy on backup is that, “Online or Cloud Backup should always be a complementary solution to local backup and not be the ONLY solution.”
- You are allowed to retain and restore 30 previous versions of all files backed up to your account. These don’t count against your quota, but if they occupy too much space IDrive may limit the number of versions retained.
- You can create Additional/Sub-accounts for clear separation of authentication and encryption key. While there are no limits on the number of devices that can be assigned to a sub-account, IDrive strongly urges you to include no more than five computers per sub-account. You can backup an unlimited number of computers, tablets, and/or mobile devices to a single account.
- IDrive allows third parties to create applications that utilize IDrive but the company disavows any responsibility or liability resulting from the use of such third party applications.
- Private Encryption Keys only work with IDrive for Windows or Mac. Note that this is no longer true. You can use your Private Encryption Key with your mobile devices too.
- IDrive makes no warranties or guarantees that the service will be, “TIMELY, ERROR-FREE, UNINTERRUPTED, VIRUS-FREE OR SECURE; (C) THAT THE DATA AND FILES YOU STORE IN YOUR ACCOUNT WILL NOT BE LOST OR DAMAGED; (D) THAT THE DATA ON YOUR DESKTOP OR SERVER WILL NOT BE LOST OR DAMAGED; OR (E) THAT DEFECTS IN THE SERVICE WILL BE CORRECTED.”
- And so on. Basically, they accept no responsibility for anything that might happen to your data.
- IDrive collects the following personal information when you create an account: first and last name, a valid credit card, home and/or business mailing address, email address, password.
- They keep session records that include: “the timing and size of all packets sent over the Internet during a session, session date and times, Device Internet Protocol (“IP”) address, browser type, Device name and/or identification number, and other interactions with the Service.”
- They use the data they collect: “(i) to provide and improve our Service, (ii) to administer your use of the Service, (iii) to better understand your needs and interests, (iv) to personalize and improve your experience, (v) to provide or offer software updates and (vi) to provide product announcements.”
- They state that they do not share the data you provide without your consent or unless compelled to do so by law. However, they can also disclose your personal information, and the content of the files you store on their service, if they have a good faith belief that disclosure is reasonably necessary to:
- Comply with a law, regulation or compulsory legal request
- Protect the safety of any person from death or serious bodily injury
- Prevent fraud or abuse of our Services or its users
- Protect their own property rights
- The business gets merged, acquired, or sold
- The company will retain your data as long as you have an account, or as long as needed to provide their services. When you cancel your account, they will delete your files within 10 business days. It may take longer to delete backed-up versions of files that may exist after deletion.
- They do not knowingly collect personally identifiable information from children under 13.
IDrive security audits & other third-party testsI didn’t have any luck finding details of third-party audits of IDrive security. The company does state that they have, “periodic third party reviews of our network infrastructure to check for known application and service vulnerabilities.” IDrive has been audited and complies with the SSAE 16 standard. IDrive also complies with GDPR, and assists clients in meeting their compliance obligations under HIPAA, SOX, GLBA, SEC / FINRA.
Privacy Shield complianceIDrive has certified its compliance with the EU-US and Swiss-US Privacy Shield Frameworks. Privacy Shield covers data protection requirements when transferring data between the United States and other countries. This means that IDrive has publicly committed to comply with Privacy Shield requirements. It doesn’t appear that any kind of outside auditing of Privacy Shield requirements is necessary.
IDrive user interfacesIDrive provides Windows and Mac OS desktop apps, along with Android and iOS mobile apps. These are not only the most popular apps for most people. They are also the ones that fully support IDrive’s end-to-end (E2E) encryption system completely. Their browser interface supports E2E, but in the process, it shares your Private Encryption Key with IDrive for the length of the time you are connected. Because of this, I don’t consider the web interface a valid part of the secure encryption system. As far as I am concerned, if you share your Private Encryption Key with anyone your data is no longer secure. This being the case, I only concerned myself with the desktop clients and mobile apps.
IDrive desktop clientsThe IDrive desktop client is very versatile. It handles scheduled backups of your data, as well as file synchronization, disk image backup, entire machine backup, and more. I’m not even going to try to describe everything this beast can do. I will say this is the most powerful desktop client I’ve seen so far. I can’t think of an online storage task IDrive can’t do. It’s great.
IDrive mobile appsThe mobile apps allow you to backup and sync your data with IDrive’s servers. Here is the IDrive Android app: They also offer useful features like the ability to automatically backup your photos to the servers. More importantly from our perspective is that the mobile apps do support the use of your Private Encryption Key, despite what the documentation might say.
IDrive hands-on testing for the reviewFor this review, I installed the IDrive Full Client on my Windows 10 machine, and a Samsung S9+. The free plan requires you to submit your name, email address, and password, while the Personal / Business plan requires those items, plus a phone number, and full credit card information.
Installing IDriveI signed up for the Free 5 GB plan for this review. This free plan requires you to submit your name, email address, and password. If I had signed up for the Personal / Business plan I would have been required to submit that information, plus a phone number, and full credit card information. Doing so also commits you to automatic yearly renewal of the subscription at the full price (instead of the discounted first year price). With any of the free or paid plans you must agree to receive email from IDrive about product updates. As you proceed through the account creation process, you will come to this, the most important step in the process: If you want secure cloud storage, you need to select the Private encryption key option. The default approach uses an encryption key controlled by IDrive, which puts the security of your data in their hands. If you set a Private Encryption Key, your data gets encrypted with that key before it leaves your device. IDrive states that they have no access to this key so cannot decrypt your data if you select this option. Of course, since IDrive won’t know your encryption key, it is up to you to keep it safe (perhaps using a secure password manager). Note: If you have already installed IDrive using the default encryption, you can switch to the Private Encryption Key to get their E2E encryption. However, to do so, you must reset your account. This can result in IDrive deleting all your data from their servers. If you don’t have your own backup of the data you store in IDrive and this happens, you can lose everything. Once you work your way through the account creation process, you will end up on the Welcome to IDrive web page. From here you can install the apps you want to use and get to work. As part of the installation process, IDrive will put an icon on your desktop you can use to launch the desktop app.
Configuring IDriveAs you might imagine with a service that can do so much, there are a ton of Settings you can adjust from the desktop client. Fortunately, you probably won’t have to touch any of them. The defaults should work fine for you. What you will want to do is configure IDrive to back up and/or sync the files and folders you want it to. Here are the things you will want to configure right away:
- Backup – Stores the selected files and folders on the IDrive server in case you need to restore them to this device.
- Scheduler – Tells IDrive when to make backups.
- Sync – Makes a copy of selected files and folders (in the folder you configure as the sync folder) available on every device connected to this account.
Using IDriveOnce you get the configuration done, using IDrive is a piece of cake. It’ll automatically back up the stuff you told it to, and synchronize whatever you put in the sync folder. However, if you want to use your Private Encryption Key to secure your data, there are a couple of things you won’t be able to do.
- You can’t share files. Because your files are E2E encrypted, IDrive can’t share them. I know some other secure cloud storage apps have a process for sharing files while they are E2E encrypted, but IDrive can’t.
- You can’t use the web interface. While the web interface works fine even when you are using a Private Encryption Key, it shares your key with the IDrive servers for the duration of the connection. You would have to trust the IDrive to protect your key in this case. I’m sure the IDrive team is honorable, but you may want control over your own key.
Informal backup testingI don’t normally do performance testing on the products I review. My concern is more about the security and privacy that a service offers than on raw speed. However, in my research on IDrive, I saw numerous complaints about extremely slow data transfers to and from the IDrive servers. As in days to back up tens of GB of data over the Internet. The marketing for IDrive Express also gave me pause, talking about physically shipping disk drives back and forth the world, allowing you to back up or retrieve several GB of data “within a week.” I needed to at least do a quick check on this. What I did was upload just under a GB of data to my IDrive backup folder. Then I uploaded the same data on the same computer to a MEGA sync folder. I realize this isn’t exactly an “apples to apples” test, but I simply wanted to get a ballpark idea of whether IDrive was really slow. Here are the results: IDrive uploaded the data in 57 minutes. MEGA uploaded the same data in under 8 minutes. That’s a huge difference. If these speeds are typical for IDrive, slow performance could impact your experience. What does this tell us? Nothing concrete, but it is definitely a warning to investigate the speeds you get in your own environment before making a long-term commitment to IDrive.
Additional IDrive featuresIDrive offers some excellent additional features. I’m only going to touch on one however. The one we just discussed above, IDrive Express
IDrive ExpressIDrive Express is a service that can populate your online IDrive account with large amounts of data fast. It does so moving the data using a physical storage device. IDrive ships you a physical storage device. You connect it to your computer and use the IDrive Local Backup feature to quickly transfer the data you want to backup onto the physical storage device. Then you ship the device back to IDrive, where your data is downloaded, by the company, into your cloud account. Your data is encrypted at all times during this process, so assuming you are using a Private Encryption Key, your data should be secure.
IDrive SupportThis is another place where IDrive has been getting a lot of criticism recently. I’ve seen lots of complaints that IDrive Support is slow to very slow responding to support tickets, and that the responses that they finally provide are not very useful. I submitted a support ticket on a Tuesday, containing a couple of simple questions related to the ToS. Within a couple of hours, I received an email containing my ticket number and stating that a representative would follow up with me as soon as possible. That was 72 hours ago, and still no reply. I understand that the Coronavirus is making things tough for businesses everywhere. At the same time, none of the other services I have contacted recently took anywhere near this long to reply. It seems the complaints about slow response to support tickets is a valid one. On the bright side, the IDrive FAQ is truly enormous, with hundreds of detailed answers to questions. They also offer a nice set of video tutorials for the most common activities.
IDrive pricesIDrive pricing is pretty easy to understand. There are two paid plans:
- IDrive Personal
- IDrive Business