Zero-knowledge service

Not to be confused with zero-knowledge proof.

In cloud computing, the term zero-knowledge (or occasionally no-knowledge or zero access) is a commonly-used term for online services that store, transfer or manipulate data with a high level of confidentiality, where the data is only accessible to the data's owner (the client), and not to the service provider. However, unlike "end-to-end encryption", the term "zero-knowledge" does not imply any specific threat model or security notion, and its use is commonly frowned-upon by the security community.^[1][2]

The term "zero-knowledge" was popularized by backup service SpiderOak, which later switched to using the term "no knowledge", acknowledging that the previous terminology was not technically accurate.^[3]

Disadvantages

Most^{[citation needed]} cloud storage services keep a copy of the client's password on their servers, allowing clients who have lost their passwords to retrieve and decrypt their data using alternative means of authentication; but since zero-knowledge services do not store copies of clients' passwords,^[4] if a client loses their password then their data cannot be decrypted, making it practically unrecoverable.

Most^{[citation needed]} cloud storage services are also able to furnish access requests from law enforcement agencies for similar reasons; zero-knowledge services, however, are unable to do so, since their systems are designed to make clients' data inaccessible without the client's explicit cooperation.