Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Broken Cloud Storage is a research disclosure website published by the Applied Cryptography Group at ETH Zurich. Its topic is “End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosystem.” The site states that the research analyzes five end-to-end encrypted cloud storage services: Sync, pCloud, Seafile, Icedrive, and Tresorit. The paper will be published at ACM CCS 2024. This is not a security product that can be purchased or deployed, but rather a cryptographic security assessment aimed at the industry.
In terms of protection scope, the site focuses on the confidentiality and integrity of E2EE cloud storage protocols themselves, rather than traditional antivirus, firewall, or access-control mechanisms. The research uses a “malicious server” threat model, assuming that the server can read, modify, and inject data. This is highly relevant to the security promise made by E2EE services that “the provider cannot access plaintext.” Disclosed issues include key substitution, link-sharing leaks, unauthenticated encryption, unauthenticated chunking, metadata tampering, filename/location tampering, and file or folder injection.
As for deployment, the site only provides web-based explanations and a link to the paper. It does not offer a client, scanner, SaaS console, or self-hosted component. On compliance certifications, the only confirmed item is that the research is scheduled to appear at ACM CCS 2024; there is no mention of commercial compliance certifications such as ISO, SOC 2, or GDPR. No management, alerting, or integration features are described either.
The page does not mention pricing, subscriptions, payment methods, or enterprise support, so it should not be treated as a commercial security service. Its “value for money” mainly lies in the usefulness of public research for user evaluation and vendor improvement, rather than in any product capabilities after purchase.
Its strengths are that the research targets a representative set of well-known E2EE cloud storage providers, offers a fairly deep technical breakdown, and lists cryptographic primitives, key hierarchies, and concrete attack consequences. It also discloses vendor responses, such as Seafile fixing a protocol downgrade issue. Its limitations are that it does not provide direct protection capabilities, nor can it prove that products not analyzed are necessarily secure. Some conclusions also rely on the strong threat model of a compromised server, so organizations should interpret them in light of their own risk tolerance.
It is suitable for security researchers, cloud storage vendors, enterprise security teams, and users evaluating encrypted cloud drives, especially for vendor due diligence and threat modeling. The page does not provide information on accessibility from China, nor any payment-related details. If data storage is to be implemented in mainland China, teams should also consider network reachability, compliance requirements, cross-border data transfer, and local alternatives. Possible alternatives include self-hosted Nextcloud/Seafile or cloud storage solutions that have undergone independent cryptographic audits.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on brokencloudstorage.info official site.
brokencloudstorage.info is an overseas Security provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach brokencloudstorage.info directly.