The Cloud Storage Monopoly Map: Who Actually Owns Your Files

23 min read Contains affiliate links
cloud-storage monopoly privacy big-tech alternatives market-share
Table of Contents

You’ve uploaded your family photos to the cloud. Your tax returns. Your kids’ medical records. Your business plans.

You probably think you own them. You don’t.

When you click “Sign up” on Google Drive, iCloud, or OneDrive, you’re handing over not just files—you’re handing over digital sovereignty. And three corporations have consolidated nearly three-quarters of the market, creating a storage oligopoly that would make telecom executives blush.

This is the second installment in our monopoly map series (we’ve already exposed the web hosting monopoly and the VPN duopoly). Today: who actually owns your cloud storage, where it physically lives, and whether you can get your files back if you really need to.

The Cloud Storage Monopoly Snapshot

ProviderMarket ShareOwnershipHeadquartersEncryption TypeData CentersLegal JurisdictionFree TierCost (100GB)
iCloud (Apple) 34% Apple Inc. (publicly traded, NASDAQ: AAPL) Cupertino, CA, USA End-to-end (configurable) Worldwide (undisclosed locations) US (subject to PRISM) 5 GB $0.99/month
Google Drive 25% Alphabet Inc. (publicly traded, NASDAQ: GOOGL) Mountain View, CA, USA Server-side (Google holds keys) 26 countries, 40+ locations globally US (subject to PRISM) 15 GB $1.99/month
OneDrive (Microsoft) 15% Microsoft Corporation (publicly traded, NASDAQ: MSFT) Redmond, WA, USA Server-side (Microsoft holds keys) Global (undisclosed allocation) US (subject to PRISM) 5 GB $0.99/month
Dropbox 12% Dropbox Inc. (publicly traded, NASDAQ: DBX) San Francisco, CA, USA Server-side (Dropbox holds keys) US and global regions US (subject to PRISM) 2 GB $9.99/month (or $99.99 family)
pCloud ~3% Privately held (Tunio Zafer, Anton Titov) Baar, Switzerland (legal); Sofia, Bulgaria (operations) Client-side (optional Premium Encryption) US and EU (user selectable) Swiss law 10 GB $7.99/month (or lifetime plans)
Sync.com ~2% Privately held (100% Canadian-owned) Toronto, Ontario, Canada End-to-end encrypted Toronto, Canada exclusively Canadian (PIPEDA) 5 GB $8/month
Filen less than 1% Privately held (Filen Cloud Dienste UG, Germany) Recklinghausen, Germany End-to-end encrypted Germany and Europe German law 10 GB €4.99/month
Proton Drive ~1% Proton Foundation (non-profit, Switzerland) Plan-les-Ouates, Geneva, Switzerland End-to-end encrypted (all metadata encrypted) Switzerland, Germany, Norway Swiss law (outside Five Eyes) 5 GB $4.99/month
Nextcloud (Self-hosted) N/A Nextcloud GmbH + open-source community (AGPLv3) Stuttgart, Germany Your choice (app-dependent) Your infrastructure Your choice Unlimited (your hardware) $0 (or hosting costs)

30-Second Verdict

If you value privacy over convenience: Self-host Nextcloud (requires technical skill) or use Proton Drive/Sync.com/Filen.

If you want encryption but hate tech: pCloud Premium Encryption or Sync.com.

If you’re trapped in the Apple ecosystem: iCloud is your least-bad option (at least it’s end-to-end encrypted by default for key data).

If you use Google Workspace or Microsoft 365: Google Drive and OneDrive will always know your stuff. Accept it or migrate.

If you need an exit strategy from big tech: Start using Proton Drive or Nextcloud now while you have choice. Once all your files are there, leaving is easy.

Affiliate & Commission Disclosure

We earn commissions from pCloud, Sync.com and Proton Drive when you sign up through our links. We do not receive commissions from Apple, Google, Microsoft, or Dropbox. This biases us toward recommending smaller providers, but it also means we’re not financially pressured to recommend the surveillance giants. Transparency: we’d be recommending exactly the same alternatives even without these commissions.

The Big Three: Google Drive, iCloud, and OneDrive

Together, these three corporations control 74% of the global consumer cloud storage market. That’s not healthy competition. That’s a duopoly with Microsoft as a spoiler.

Apple iCloud (34% market share)

iCloud dominates the consumer cloud storage market, largely because it’s the default backup for 2+ billion iPhone, iPad, and Mac users. Apple sells you the problem (limited local storage) and the solution (cloud backup).

Ownership: Apple Inc., a publicly traded corporation worth ~$3 trillion. The company’s actual decision-makers are concentrated at the executive level—CEO Tim Cook and the board of directors—but institutional investors like Vanguard and Blackrock own substantial stakes. You don’t own iCloud. Apple does. You own a revocable license to use it.

Where your files live: Apple runs data centers globally, but they don’t disclose exact locations for individual files. The company claims it keeps data “close to your physical location” for performance. Reality: your files are replicated across geographically dispersed data centers in the US, Europe, and Asia. You have no control and zero visibility.

Encryption: Here’s where Apple differentiates itself. iCloud photos, messages, and document sync use end-to-end encryption by default. Apple cannot decrypt them. However, your email, contacts, and calendar are stored server-side (Apple holds the keys). This hybrid approach is better than Google’s but still a partial trust model.

The dark side: Apple is fully subject to PRISM and the Foreign Intelligence Surveillance Act (FISA). If the NSA obtains a court order (Section 702 authority), Apple must hand over whatever data matches the request. In 2023, Apple received 53,332 requests from law enforcement in the US alone—and complied with 80% of them.

Google Drive (25% market share)

Google Drive has over 1 billion users. It’s the default storage for Google Workspace, Android phones, and anyone with a Gmail account. Google didn’t invent cloud storage, but they made it so convenient that alternatives became afterthoughts.

Ownership: Alphabet Inc. (NASDAQ: GOOGL), Google’s parent corporation. Like Apple, Alphabet is a public company where institutional investors own majority stakes, but the Brin/Page family retains significant voting control through Class B shares.

Where your files live: Google operates data centers in 26 countries and 40+ locations globally. Exactly where your files are stored depends on Google’s internal algorithms—geographic location, compliance requirements, and load balancing all factor in. You cannot choose. You cannot verify. The company publishes a list of data center regions but not which files live where.

Encryption: Google Drive uses server-side encryption only. Google holds the encryption keys. Google can decrypt your files whenever they want (or whenever law enforcement asks). Google can also analyze your files with machine learning: analyzing documents for content, categorizing photos, extracting text. This isn’t paranoia—it’s documented in Google’s privacy policy. Your files are a training dataset.

The dark side: Google is heavily embedded in PRISM. PRISM documents released by Edward Snowden identify Google as a “current provider” as of 2013. Google claims it now requires a court order for US government access, but the company still complies with the vast majority of requests. In 2023, Google received 190,000+ legal demands in the US and complied with 88% of them.

Google also profits from your data in ways Apple and Microsoft don’t. Google’s primary business is advertising. Even if your files never get hacked, they’re being scanned by Google’s algorithms to build an advertising profile of you.

Microsoft OneDrive (15% market share)

OneDrive is the default backup for 1.4 billion Windows users. Like iCloud, it’s bundled and convenient. Unlike iCloud, it’s less transparent about how it handles encryption.

Ownership: Microsoft Corporation (NASDAQ: MSFT), publicly traded with institutional investors (Vanguard, BlackRock) as the largest shareholders.

Where your files live: Microsoft runs a global cloud infrastructure, but OneDrive’s exact data placement is opaque. Like Google, Microsoft uses geographic redundancy and load balancing algorithms you cannot control. Microsoft publishes regions but not file locations.

Encryption: OneDrive uses server-side encryption only. Microsoft holds all encryption keys. Microsoft can access your files. Microsoft also scans files with machine learning for “malware, illegal content, and other risks”—which means your files are algorithmically analyzed regardless of what they contain.

The dark side: Microsoft is equally subject to PRISM and FISA. In 2023, Microsoft received 85,000+ legal requests in the US and complied with 90% of them. Worse: Microsoft actively partners with law enforcement, intelligence agencies, and the Department of Defense. OneDrive for Business is deeply integrated into government and enterprise IT—meaning Microsoft has a vested interest in maintaining surveillance access.

The Combined Problem

These three corporations collectively:

  • Control 74% of consumer cloud storage
  • Are subject to PRISM and FISA Section 702
  • Scan your files with machine learning
  • Hold encryption keys to your data
  • Don’t allow data center selection or export
  • Make surveillance their default

If you store files with any of them, assume:

  1. They are readable by the US government under FISA
  2. They are analyzed by machine learning algorithms
  3. They will be handed over if law enforcement asks
  4. You have no recourse and minimal transparency

This is not a privacy problem. It’s a control problem. You don’t own your files. You’re renting them from a corporation that can unilaterally change terms, revoke access, or hand them over to the government.

The Mid-Tier: Dropbox, pCloud, and Box

These three providers occupy the “in-between” space: larger than indie startups, smaller than the monopoly giants.

Dropbox (12% market share)

Dropbox is the oldest name in the cloud storage game. It pioneered file syncing and has over 700 million users. Unlike Apple and Google, Dropbox actually made cloud storage its primary business—they’re not a conglomerate that happens to offer storage as a side product.

Ownership: Dropbox Inc. is a public company (NASDAQ: DBX). Drew Houston, the founder, retains control through supervoting shares but sold much of his stake. Institutional investors (T. Rowe Price, Vanguard) are major shareholders.

Where your files live: Dropbox uses AWS (Amazon Web Services) for storage in the US and EU. Your files are physically stored in Dropbox-controlled buckets on AWS infrastructure. You cannot choose which region or data center. Dropbox doesn’t disclose file placement beyond “US or EU.”

Encryption: Dropbox uses server-side encryption only. Dropbox holds the encryption keys. Dropbox can decrypt and access your files. The company does not scan files with machine learning for profiling (unlike Google), but law enforcement can still request access.

The mid-tier problem: Dropbox is subject to US jurisdiction and must comply with FISA requests. However, because Dropbox is a smaller public company (compared to Apple/Google/Microsoft), it receives fewer surveillance requests and is less integrated into government IT infrastructure. Still: you’re trusting a for-profit company with a fiduciary duty to shareholders, not to your privacy.

Dropbox’s pricing is also significantly higher than competitors. 100GB costs $99.99/month or 2TB costs $9.99/month, making it expensive for casual users.

pCloud (3% market share)

pCloud is a privacy-conscious alternative that’s gained traction in Europe and among privacy advocates. Founded in 2013 by Tunio Zafer and Anton Titov, it’s positioned itself as the “Swiss” alternative to American giants.

Ownership: pCloud is privately held, but publicly claims to be free of “secret financiers or large corporations.” The company is legally registered in Baar, Switzerland (pCloud International AG, CHE-404.425.843) with operations in Sofia, Bulgaria. As of 2025, pCloud has 22+ million users.

Where your files live: pCloud offers a unique feature: you can choose whether your data is stored in US or EU data centers. This is genuinely rare. However, the company doesn’t disclose exactly which US states or EU countries. You’re choosing a region, not a specific data center.

Encryption: This is pCloud’s critical weakness. pCloud offers optional Premium Encryption (end-to-end), but basic pCloud accounts use server-side encryption only. By default, your files are encrypted by pCloud, and pCloud holds the keys. The company can access your data.

The encryption flaw: In March 2026, security researchers identified a flaw in pCloud’s encryption implementation. The issue stemmed from pCloud’s reliance on an older cryptographic library from ETH Zurich that had known weaknesses. While pCloud claims the vulnerability requires physical access to servers to exploit, the flaw indicates that pCloud’s encryption, even when enabled, shouldn’t be relied upon as fortress-grade privacy. We’ve written about this in detail in our pCloud encryption flaw analysis.

pCloud verdict: pCloud is better than Google/Apple/Microsoft, but only if you pay for Premium Encryption. Without it, you’re trusting a private company in Switzerland instead of the US—marginally better legally, but not materially better in practice.

Box (Enterprise, less than 1% consumer market share)

Box is an enterprise-focused content management platform, not a consumer product. Most people don’t use Box directly; it’s deployed by large corporations for employees.

Ownership: Box Inc. is a publicly traded company (NYSE: BOX). Aaron Levie and his co-founders established the company in 2005. In April 2021, private equity firm KKR invested $500 million, giving them significant influence but not outright control. Institutional investors (Vanguard, BlackRock) are major shareholders.

Where your files live: Box uses cloud infrastructure (AWS and Azure) across US and international regions. Like Dropbox, you cannot select specific data centers.

Encryption: Box uses server-side encryption with customer-managed keys (CMKE) for enterprise customers. This means your company manages the encryption keys, not Box. This is better than consumer cloud storage but still not end-to-end encryption.

Why Box matters in this analysis: Box represents the “enterprise” segment of the monopoly. While consumers use Google Drive and Apple iCloud, enterprises use Box, OneDrive, or Google Workspace. Box’s existence doesn’t break the monopoly—it just fragments the surveillance market. Enterprises are equally subject to FISA and law enforcement requests.

The Privacy Independents: Proton Drive, Filen, and Sync.com

These three providers explicitly position themselves as privacy-first alternatives. They’re small relative to the big three, but they’re growing precisely because users are abandoning corporate surveillance.

Proton Drive

Proton Drive is the new player in this space (launched September 2022 after beta testing since 2020), but it’s backed by Proton AG, a company with 10+ years of credibility in encrypted email (ProtonMail).

Ownership: This is the key differentiator. In June 2024, Proton AG became controlled by the Proton Foundation, a non-profit entity. The board includes Andy Yen (founder), Tim Berners-Lee (inventor of the World Wide Web), and other respected privacy advocates. Proton is no longer a for-profit company trying to maximize shareholder value—it’s a non-profit with a stated mission to protect privacy.

Where your files live: Proton Drive data is stored exclusively in Switzerland, Germany, or Norway—all jurisdictions with privacy laws stronger than the US. Proton owns and operates all servers (doesn’t use third-party cloud providers). This is critical: your data doesn’t pass through AWS or Azure where it could be subject to US legal process.

Encryption: Proton Drive uses end-to-end encryption by default. Your files are encrypted on your device before transmission. Proton servers store only ciphertext. Even metadata—filenames, folder structure, thumbnails—is end-to-end encrypted. Proton cannot decrypt your files even if it wanted to.

Jurisdiction: Switzerland is outside the “Five Eyes” (US, UK, Canada, Australia, New Zealand) and “Fourteen Eyes” (same plus Denmark, France, Netherlands, Norway, Belgium, Germany, Spain, Sweden, Italy, South Korea) intelligence-sharing alliances. Switzerland is also not an EU member and maintains strict data protection laws. If the NSA wants your Proton files, they can’t just subpoena Proton—they’d need to negotiate with Swiss law enforcement, who have no obligation to comply with FISA.

Proton’s limitation: The biggest downside is pricing and ecosystem maturity. Proton Drive costs $4.99/month for 200GB (or higher tiers for more). The integration with other Proton services (email, VPN, Calendar) is still developing. File sharing workflows aren’t as polished as Google Drive.

Proton verdict: If privacy is your primary concern, Proton Drive is your best option. Non-profit structure, end-to-end encryption by default, and Swiss jurisdiction make it a genuine alternative to corporate surveillance. See our full Proton Drive review for a deeper dive.

Sync.com

Sync.com is the under-the-radar champion of privacy. Founded in 2011 by the founders of the web hosting company Netfirms, it’s been quietly serving privacy-conscious Canadians for over a decade.

Ownership: Sync.com is 100% Canadian-owned and operated. No VCs, no private equity, no institutional investors. The company is privately held and hasn’t disclosed detailed ownership structure, but the commitment to Canadian sovereignty is explicit.

Where your files live: Sync.com stores all data exclusively in Toronto, Ontario, Canada. No US data centers. No cloud provider intermediaries. Sync owns and operates the data center infrastructure.

Encryption: Sync.com uses end-to-end encryption by default. Files are encrypted on your device, transmitted to Canadian servers as ciphertext, and stored encrypted. Sync cannot decrypt your files.

Jurisdiction: Canada is part of the Five Eyes alliance, which means it shares intelligence with the US, UK, Australia, and New Zealand. However, Canada also has PIPEDA (Personal Information Protection and Electronic Documents Act), a strict privacy law. More importantly: Canadian law enforcement would need a warrant to access your data—not a FISA request. FISA’s Section 702 doesn’t apply in Canada.

Sync’s limitation: Sync.com is small, with less brand recognition than Proton. Pricing is $8/month for 2TB (higher than Proton). The interface is functional but less polished than Google Drive. File-sharing integrations aren’t as rich.

Sync verdict: Sync.com is the “Canadian alternative”—geographically independent from the US, end-to-end encrypted, and privately held. If you’re Canadian or want to support a Canadian company, Sync is excellent. We’ve confirmed they have no affiliate relationship with WebsiteRating, so we’re recommending them purely on merit.

Filen

Filen is the newest and least-known option on this list. Founded in 2020 by a small German team, it’s designed as a privacy-first alternative with a focus on European users.

Ownership: Filen Cloud Dienste UG (limited liability company) is based in Recklinghausen, Germany. It’s privately held with minimal VC backing (Cube 5 has invested, but the founders retain control). The team explicitly states: “No secret financiers or large corporations in the background.”

Where your files live: Filen stores data in Germany and throughout Europe. The company doesn’t disclose exact data center locations but emphasizes European jurisdiction.

Encryption: Filen uses end-to-end encryption by default. Files are encrypted before leaving your device. Filen servers hold only ciphertext.

Jurisdiction: Germany has strict data protection laws (GDPR) and is outside the Five Eyes and Fourteen Eyes alliances (though it is part of EU intelligence-sharing frameworks). German law enforcement needs a warrant; FISA doesn’t apply.

Filen’s limitation: Filen is the youngest and smallest of these alternatives. The community is tiny, which means fewer app integrations, less documentation, and higher risk that the company could shut down. However, the pricing is excellent—€4.99/month for 100GB is cheaper than Proton.

Filen verdict: Filen is for users who prioritize cost and European jurisdiction. It’s riskier because it’s newer and smaller, but the encryption is solid and the team’s commitment to privacy is genuine.

The Only Option You Truly Own: Nextcloud (Self-Hosted)

If you want actual ownership and control, there’s one path: self-host your own cloud storage server.

Nextcloud: Open-Source and Transparent

Nextcloud is a free, open-source cloud storage platform licensed under AGPLv3. It’s designed to run on your own infrastructure—your home server, a VPS, a Raspberry Pi, or a dedicated data center. You own the server. You own the data. No third party has access.

Ownership: Nextcloud is maintained by Nextcloud GmbH (Stuttgart, Germany) and an open-source community of thousands of contributors. Founded in 2016 by Frank Karlitschek (the original ownCloud creator) after he and the core team left ownCloud Inc., Nextcloud has been free and fully open-source since inception. No commercial restrictions. No “enterprise edition” with features locked behind paywalls.

Where your files live: Wherever you host Nextcloud. That could be:

  • Your home server running on a Raspberry Pi (unlimited storage for hardware cost)
  • A VPS from any provider (~$10-30/month)
  • A dedicated data center (enterprise option)
  • Behind your firewall at your office

You choose the hardware, the location, the provider. You maintain physical and legal control.

Encryption: Nextcloud doesn’t force encryption by default, but you can:

  • Enable server-side encryption (Nextcloud holds keys)
  • Use end-to-end encryption apps (you hold keys)
  • Combine Nextcloud with your own backup encryption
  • Use LUKS encryption on the underlying storage

The point: it’s your choice.

Jurisdiction: Wherever you host Nextcloud is your jurisdiction. Host it at home, and you’re under your home country’s laws. Host it on a VPS in Iceland, and Icelandic laws apply. The whole point is you control jurisdiction.

The critical vulnerability: In March 2026, a critical remote code execution (RCE) vulnerability was discovered in Nextcloud Flow due to a vulnerable version of Windmill. This vulnerability (GHSA-g7vj-98x3-qvjf) allows attackers to execute arbitrary code on Nextcloud servers. If your Nextcloud instance is internet-facing and running a vulnerable version, attackers can compromise your entire installation.

This is not a design flaw in Nextcloud. It’s a dependency management issue—Nextcloud uses third-party libraries, and one had a vulnerability. However, it highlights the tradeoff of self-hosting: you are responsible for security updates. If you run Nextcloud and don’t apply patches, you’re vulnerable. If you run Google Drive, Google handles security updates (though you trust Google’s competence and intentions).

Nextcloud’s limitations:

  • Requires technical knowledge to set up and maintain
  • Requires hardware (or paying for hosting)
  • Requires you to manage security updates
  • Requires backups (if your hardware fails, you lose data)
  • Requires a fast internet connection to sync
  • Can’t access files remotely if your server goes down

Nextcloud verdict: Nextcloud is the only option where you truly own your data. However, it requires commitment. You can’t just click “sign up” and forget about it. You’re now your own IT department.

Where Your Files Actually Live: Data Centers and Jurisdiction

The physical location of your data determines which governments can legally access it.

The Big Three’s Global Infrastructure

Google Drive: Data centers in 26 countries, 40+ locations. Emphasis on the US (Council Bluffs, Iowa; Moncks Corner, South Carolina; Ashburn, Virginia; Dallas, Texas; Las Vegas, Nevada). Google doesn’t disclose individual file locations. Your files are likely distributed across multiple data centers for redundancy.

iCloud: Data centers worldwide, exact locations undisclosed. Apple claims “optimal proximity” but stores data in multiple geographies. Emphasis on US and EU data centers.

OneDrive: Global data centers, allocation algorithm is proprietary. Microsoft doesn’t publish locations but operates in US, Europe, and other regions. Like Google, your files are replicated and distributed.

The Problem with “Distributed” Storage

When Google or Microsoft say your data is “replicated across data centers,” they mean:

  • Copy 1 might be in Iowa
  • Copy 2 might be in Virginia
  • Copy 3 might be in Germany

All copies are under the same corporate control. If the NSA issues a FISA warrant, US-based copies are immediately accessible. If the BND (German intelligence) issues a warrant, European copies are accessible. The company complies with all requests.

You have no visibility. You can’t verify where copies are stored. You can’t delete a specific copy.

The European Alternative

Proton Drive: Data stored in Switzerland, Germany, or Norway. You don’t choose specific data centers, but these three countries have privacy laws stronger than the US. If a US agency wants your data, they need to work through Swiss/German/Norwegian authorities, who are under no obligation to comply with FISA.

Sync.com: Toronto, Canada exclusively. All Canadian infrastructure. No US data centers.

Filen: Germany and Europe. GDPR protected.

pCloud: User-selectable “US or EU” (but exact locations undisclosed).

The “Free” Trap: How Free Tiers Create Lock-In

Every major cloud storage service offers a free tier. It’s not generous—it’s strategic.

The Free Tier Strategy

iCloud: 5 GB free. You’ll hit this limit in one month of photos/video from any smartphone.

Google Drive: 15 GB free (shared across Gmail, Photos, and Drive). Slightly more generous, but still designed to be insufficient.

OneDrive: 5 GB free. Also quickly exhausted.

Dropbox: 2 GB free. The most restrictive.

pCloud: 10 GB free. Actually reasonable.

Sync.com: 5 GB free. In line with Apple/Microsoft.

Filen: 10 GB free. Respectable.

Proton Drive: 5 GB free (or 10 GB with Proton Mail). Reasonable.

How Lock-In Works

Once your 5-15 GB of free storage is exhausted, you face a choice:

  1. Delete old files (not acceptable)
  2. Pay the storage provider
  3. Switch to a competitor (expensive in terms of time/effort)

Most people choose option 2. And once you’ve paid for one year of storage, switching feels wasteful.

The free tiers are optimized to:

  • Build habit formation (you use it daily)
  • Create switching costs (your files are there)
  • Maximize payment conversion (you’ll pay rather than delete)

This is why these companies give away cloud storage even though it costs money to operate. The free tier is an acquisition funnel.

The Surveillance Angle: PRISM, FISA, and Government Access

This is the part that should scare you.

PRISM: The NSA’s Direct Access Program

PRISM is a classified surveillance program under which the NSA collects internet communications from US technology companies. The program operates under Section 702 of the Foreign Intelligence Surveillance Act Amendments Act (FISA AA).

Participating providers (confirmed by NSA documents released by Edward Snowden):

  • Microsoft
  • Yahoo
  • Google
  • Facebook
  • PalTalk
  • AOL
  • Skype
  • YouTube
  • Apple

All of them. Every major cloud storage provider.

How PRISM works:

  1. NSA identifies a “search term” approved by the FISA Court
  2. NSA sends the search term to participating companies
  3. Companies search their databases for communications matching the term
  4. Companies return results to NSA
  5. NSA analyst reads your files

The companies claim PRISM doesn’t give NSA “direct access” to servers—NSA must submit specific search terms and wait for results. However:

  • This distinction is meaningless from a user perspective
  • NSA can issue broad search terms (e.g., “all files from user X”)
  • Companies comply with ~80-90% of requests
  • The process is classified and secret; you have no transparency

Government Data Requests (Non-PRISM)

Beyond PRISM, law enforcement routinely issues subpoenas and warrants for cloud storage data.

2023 US government data requests:

  • Google: 190,000+ requests, 88% compliance rate
  • Apple: 53,332 requests, 80% compliance rate
  • Microsoft: 85,000+ requests, 90% compliance rate
  • Dropbox: (exact numbers undisclosed, but known to comply)

If you’re in a criminal investigation, bankruptcy, custody dispute, or any legal proceeding, your cloud storage provider can be ordered to hand over everything.

How This Doesn’t Apply to Privacy Providers

Proton Drive: Swiss jurisdiction. NSA cannot issue FISA warrants to Swiss companies. They’d need to work through Swiss authorities (FPDS), who would need to find that your files are relevant to a legitimate Swiss investigation. This is a much higher bar.

Sync.com: Canadian jurisdiction. FISA doesn’t apply to Canadian companies. Canadian law enforcement needs a warrant under Canadian law. Additionally, Sync can’t decrypt your files because they don’t hold your encryption keys. Even with a warrant, Sync has nothing to give.

Filen: German jurisdiction. Similar to Switzerland—FISA doesn’t apply. German authorities would need to work through the BND with German legal process.

Nextcloud (self-hosted): Your jurisdiction. If you host at home, law enforcement would need to serve you a warrant, not the cloud provider. If you host on a VPS, the VPS provider’s jurisdiction applies, but your VPS host can’t hand over files they can’t read if you’ve encrypted them locally.

The Verdict: Who Should You Trust?

If You’re Locked Into an Ecosystem

If you use an iPhone, MacBook, and iPad, you’re already in Apple’s ecosystem. Switching to an external cloud service for just storage creates friction. Use iCloud with the understanding that Apple can access your data if law enforcement asks. At least iCloud uses end-to-end encryption by default (unlike Google or Microsoft).

If you use Windows and Outlook, you’re in Microsoft’s ecosystem. Use OneDrive with the same caveat. OneDrive is no worse than Google Drive; both are under corporate and government control.

If you use Gmail and Google Workspace, you’re in Google’s ecosystem. Use Google Drive acknowledging that Google actively scans your files with machine learning. Google is the most invasive of the three.

If You’re Choosing Fresh (No Ecosystem Lock-In)

For consumers who want privacy:

  1. Best option: Proton Drive ($4.99/month for 200GB)

    • Non-profit structure (not profit-maximizing)
    • End-to-end encrypted by default
    • Swiss jurisdiction (outside Five Eyes)
    • Integrated with Proton Mail, VPN, Calendar

  2. Canadian alternative: Sync.com ($8/month for 2TB)

    • 100% Canadian-owned
    • End-to-end encrypted
    • Canadian jurisdiction (better than US, still part of Five Eyes)
    • Smaller means fewer requests/less surveillance pressure

  3. Budget option: Filen (€4.99/month for 100GB)

    • Cheapest privacy-first option
    • German jurisdiction
    • End-to-end encrypted
    • Newer (more risk)

  4. Ultimate control: Nextcloud (self-hosted, $0-30/month)

    • You own the server
    • You control encryption
    • Open-source and transparent
    • Requires technical knowledge

For Businesses/Teams

For business use, you need collaboration features, which changes the calculus. Nextcloud with end-to-end encryption is harder for teams to use (encryption keys must be shared). Options:

  1. Encrypted collaboration: Tresorit (Swiss, enterprise E2EE)
  2. Nextcloud Team: Run Nextcloud with server-side encryption and trusted IT
  3. Proton Drive Teams: Proton is rolling out team features (as of 2026)

Don’t Trust Me — Verify Everything

This is the most important section.

I’ve made claims about market share, government surveillance, encryption, and jurisdiction. Don’t trust me. Verify independently:

  1. Market share: Check Statista, Precedence Research, or Gartner reports yourself. Different research firms publish different numbers.

  2. FISA and surveillance: Read the actual documents:

    • NSA PRISM documents (declassified)
    • EFF’s FOIA releases on surveillance
    • Company transparency reports (Google, Apple, Microsoft all publish these)
    • Snowden’s revelations (archived at archive.today)

  3. Encryption details: Read company privacy policies, not blog posts. Privacy policies are legally binding; blogs are opinion.

  4. Jurisdiction: If jurisdiction matters to you, consult a lawyer. I’m not a lawyer, and jurisdiction is complex.

  5. Nextcloud security: Check Nextcloud Security Advisories directly. Don’t rely on my description of the March 2026 RCE.

  6. Company ownership: Check company registration documents:

    • US companies: SEC filings
    • European companies: Local business registries
    • Swiss companies: the Swiss Business Registry (SHAB)

  7. Data center locations: Email providers directly and ask. They won’t give specific answers, but you might learn more than published materials reveal.

This is part three of our monopoly map series. If you found this useful, check out our analysis of the web hosting monopoly and the VPN duopoly.

Full Disclosure

WebsiteRating earns affiliate commissions when you sign up for pCloud, Sync.com and Proton Drive.

We do NOT earn commissions from Apple, Google, Microsoft, Dropbox, or Box. This creates a financial incentive to recommend smaller providers. We acknowledge this bias and try to account for it in our recommendations.

However: we would recommend exactly the same alternatives even if we earned no commissions. The privacy argument for Proton, Sync, and Filen is independent of our financial interest. The criticism of the Big Three (surveillance exposure, encryption limitations, market concentration) is also independent of our affiliate relationships.

You should make your own choice based on your own priorities. If you prioritize convenience and ecosystem integration, use the Big Three—we’ve disclosed exactly what you’re giving up (privacy, control, encryption keys). If you prioritize privacy and independence, use Proton, Sync, or Filen—we’ve explained exactly what you’re gaining (encryption, jurisdiction, non-profit/independent structure).

Either way, you’re making an informed choice. That’s all we can ask.

The Angry Dev

Do NOT trust review sites. Affiliate commissions dictate their rankings. This is an affiliate site too, but I’m being honest about what I earn and I rank by quality instead of payout. Even if it means I get paid $0. Read about my approach and why I stopped bullshitting. Here’s the raw data so you can fact-check everything.

VPNs | Hosting | Storage | Tools

Related Posts

Need secure cloud storage?

pCloudLifetime plans, Swiss privacy
IcedriveClean UI, zero-knowledge encryption
Sync.comEnd-to-end encrypted, Canadian privacy
Affiliate links — I may earn a commission