FAQ

What makes Oblivious.io secure?

  • End-to-End encryption ensures data is secure and tamper-proof no matter where it's stored. Regardless of vulnerabilities in transport security (VPN hacks, cracked WAP2, stolen SSL certificates, etc), Oblivious maintains your data security both in transit and at rest.
  • Zero-Knowledge protocols defend against semi-honest but curious administrators and government snooping. Only the user with the key can decrypt the content or metadata.
  • You *always* control the keys. No data, even file metadata, can be decrypted and read without the key.
If you're looking for a technical overview, head over to How it Works.

What does 'zero-knowledge' mean?

Zero-Knowledge systems are those based on a zero-knowledge proof. For example, Alice can prove to Bob that she knows a piece of information without revealing the information to Bob. There are many ways to do this. Blockchains and password based authentication are examples of zero-knowledge systems. Oblivious uses Hash-based Message Authentication Codes (HMACs) for zero-knowledge exchanges.

How is this different from server-side encryption?

With server-side encryption, the cloud provider controls they key. This means an administrator or disgruntled employee can access your data, or a simple misconfiguration could make your data publicly available. If car keys were stored in cars, there would be many more car thefts.

Why is a hosted server component necessary? What is stored there?

Much like trying to find a key phrase in a textbook, an index is necessary to find the correct encrypted file blocks in a cloud storage system. Oblivious creates an index entry for every file uploaded, encrypts this index, and then uses a neat math trick to find it again. The server needs to store the encrypted index in order to search for it later.

Who is this product for?

Oblivious is for enterprises and application developers that use or want to use cloud storage while maintaining data security. Life-sciences and healthcare companies are required to keep PII data secure. Automotive and aerospace firms spend millions on research and development and a breach could have immeasurable cost. Financial institutions have many legal and compliance obligations for customer data security.

What is your pricing?

You can view our pricing options here. If you do not see an option that meets your needs, please contact us.

Subscribe to our Security Newsletter