Zero-knowledge buckets

In Nebbl you can create two types of buckets: general and zero-knowledge. Both of them have their own benefits and privacy properties.

General buckets

General buckets are the most common type of buckets in Nebbl. When you create a general bucket, you provide your bucket credentials to Nebbl. Nebbl uses these credentials to upload, download, and manage your files in the cloud.

Those credentials are stored in a securely encrypted vault in the Nebbl database. This ensures that any sensitive connection information is protected against unauthorized access and helps to avoid extra network requests which in turn makes file operations faster.

But in the end of the day the credentials are stored in the Nebbl database and although Nebbl is a privacy centric platform and we will never use your credentials or data for any purposes, we still want to avoid storing any credentials entirely to give our users the maximum of control and privacy.

Zero-knowledge buckets

When you create a zero-knowledge bucket, your bucket credentials are encrypted in your browser before they are sent to Nebbl. To achieve this you create and use a special session password which is used as an encryption key to encrypt your bucket credentials. This way the Nebbl backend never sees your credentials and even if it's compromised your credentials are completely safe and cannot be accessed by anyone.

The downside is that Nebbl has to make more network requests for file operations which makes them a little bit slower. This won't be a big issue for big files, but on smaller ones it can be more noticeable.

Also, because you use a session password (which only you know) to encrypt your credentials, you have to enter this password in each session where you want to perform an action on your zero-knowledge bucket. Essentially, a new session will be started on each page reload, so keep that in mind.