Their website it more interactive and provided below with more information, and I’ve linked to their paper at bottom. But it goes to show you that you just can’t trust third parties with important data. Run your own solutions you control, where files are only on your equipment and encrypted in travel. And use a VPN to private networks for added security.
https://brokencloudstorage.info/
A Broken Ecosystem
Jonas Hofmann, Kien Tuong Truong.
Work to appear at ACM CCS 2024
Cloud storage is ubiquitous: Google Drive, Dropbox, and OneDrive are household names. However, these services do not provide end-to-end encryption (E2EE), meaning that the provider has access to the data stored on their servers. The promise of end-to-end encrypted cloud storage is that users can have the best of both worlds, keeping control of their data using cryptographic techniques, while still benefiting from low-cost storage solutions.
However, previous analyses of MEGA and NextCloud have shown that even the largest providers of E2EE cloud storage are affected by cryptographic vulnerabilities and creating secure E2EE cloud storage is a harder problem than initially thought.
Indeed, we show that the current ecosystem of E2EE cloud storage is largely broken. We conduct a cryptographic analysis of five major providers in the field, namely Sync, pCloud, Icedrive, Seafile, and Tresorit, in the setting of a malicious server. We unveil severe cryptographic vulnerabilities in the first four.
The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext. Remarkably, many of our attacks affect multiple providers in the same way, revealing common failure patterns in independent cryptographic designs.