Rigorous Security Protocols Protect Your Files, Links, and Folders
Our Industry-leading security and data privacy measures keep your information safe and in your control.
We use Private ID’s secure single sign-on (SSO) because it offers you the most advanced sign in protections available, and keeps your information more secure than any other cloud storage service on the market.
Private ID Gives You Control Over Your Data
The Private ID platform is focused on privacy, security, and restoring ultimate control over personal information back to you, the owner. Private ID gives you, not us, control over your private data and your account, and it prevents us from storing any of your credentials or data. We can’t see anything you store and you can revoke our access to your data anytime from your Private ID control panel.
Using Private ID and VaultDrop
Get started in VaultDrop by signing in with your existing Private ID account, or creating a new one.
Your web browser will redirect you to a secure Private ID session, which is no longer on the VaultDrop website.
After logging in, or creating an account, you will be redirected back to VaultDrop with a fully authenticated session.
Your password is never revealed to us
SSO Technical Details
Private ID SSO is similar to OAuth, OAuth2 and similar protocols, except it incorporates secure extensions such as back channel direct inter-site communications protected by TLS cryptography for best-in-class privacy and security.
Private ID is different from OAuth2 in the following ways:
In OAuth2, the authorization code passes through the web browser, but Private ID sends authenticated user information and the secure access token by an out-of-band channel directly to a partner endpoint. In bypassing the user’s web browser and encouraging partner sites to keep private information on the back end-web server and database, Private ID rules out an entire class of vulnerabilities.
OAuth2 requires two calls in sequence for this type of delegated authentication sequence: first acquiring an authorization code, and then acquiring a secure access token. This is done to avoid sending the token through the web browser. Since Private ID has eliminated that vulnerability already, only one step is needed.
OAuth2 relies heavily on TLS for assurance of security, arguably leaving it open to malicious certificates and man-in-the-middle attacks. Private ID also uses TLS, but further requires the partner to sign each request cryptographically to provide a higher level of protection.
Data & Key Encryption
When you use VaultDrop, your data are encrypted using a per-file key, then securely dispersed for storage in the cloud.
All data are protected by two cryptographic techniques working in tandem: symmetric encryption and secure dispersal.
First the data are encrypted using standard algorithms and a randomly generated key.
Next, the data are securely dispersed to multiple servers located in geographically separated data centers.
The cryptographic dispersal algorithm ensures that a hacker who accessed one server would be unable to decrypt the file, as decryption would require reading from a threshold of servers.
VaultDrop uses a robust, patented Data Dispersal Platform (DDP) to securely and privately store your data. The DDP uses sophisticated, well-established algorithms to encrypt with AES-256 keys, fragment data, and then distribute the fragments to geographically scattered storage nodes on a series of dispersed networks. No complete copy of the original data ever exists on any single storage node anywhere in the network.
Encrypted, fragmented, and distributed across multiple networks with access controlled by you rather than us, the DDP-protected data is nothing but useless bits until it is pulled together and decrypted to make readable information.
The DDP performs the encryption and decryption, fragmenting and reuniting, and distribution and recall of user information as specified by the individual owner of the information from a control panel. The control panel allows you to set access permissions for your data. Options are to: always allow VaultDrop to access your data, provide access to VaultDrop only when you are logged in, or to never provide access or to delete all information you have stored.
Once a transaction is authorized, the relevant information passes between the DDP and VaultDrop. After the completion of a transaction, and once the data is sent back to the storage nodes, the DDP and VaultDrop’s systems both permanently delete the information, making it impossible to access the data again without explicit consent from the owner of the information.
Neutral Data Custodians
For the security of your private information, we don’t store your data on our servers. Once encrypted, sliced and separated, your fragmented data is distributed to independent nonprofit data storage facilities that are in geographically separate locations and on separate networks. No single nonprofit has access to a complete set of your data. If one or more is compromised, your data is still safe.
We distribute to multiple storage facilities because:
If hackers were to gain access to even several of these storage nodes and could succeed in downloading and decrypting the information belonging to a user, which is virtually impossible, they still would only have fragmented information that could not be reassembled.
Readable information is only achieved when the data has been correctly reassembled by the DDP.
Each nonprofit strorage facility is prevented from having complete data sets.
Nonprofit organizations as data custodians
The use of nonprofits as data custodians is a proprietary innovation from Private.me that allows established security and encryption solutions to be under the control of users instead of corporations. The nonprofit organizations that serve as data custodians are established with the sole purpose of stewarding user data. The nonprofits provide stronger protection against hackers or misuse of data when compared to a traditional organization which typically assigns administrative rights or access to all servers to at least one person within a company. This does not occur in the nonprofit structure; the incorporation of independent nonprofits eliminates access risks.
The Data Neutrality Administration (DNA) is a nonprofit organization that manages the network of nonprofit data-storage locations, all of which are independent, geographically dispersed, and established as mutual benefit corporations under the laws of California. The DNA is set up with strict bylaws and regulations governing the access and use of any data stored on their servers. Their bylaws forbid the nonprofits from sharing, either among themselves, with other member nonprofits, or with third parties, information that is stored on their servers, unless authorized by the owners of that information, which is always the individual who provided the information, and not a company.
Additionally, each member of the nonprofits’ board of directors bears the fiduciary responsibility of safeguarding users’ information. The board’s governing responsibilities are not only collective; individual board members are bound by the legal obligations of protection, loyalty, and obedience. Federal law enjoins the board to ensure that no inappropriate private exposure occurs that might result in individuals who can influence the affairs of the nonprofit to control organizational assets.