Encryption is a buzzword thrown around by almost every tech company. "We use military-grade encryption!" sounds impressive, but what does it actually mean? Let's break down the different types of encryption and how they protect your files.
Encryption in Transit (TLS)
This is the lock on the tunnel. When you visit a website with https://, you are using Transport Layer Security (TLS). This ensures that the data moving between your computer and the server is scrambled.
Without TLS, an attacker on the same Wi-Fi network (like at a coffee shop) could use a tool like Wireshark to capture your packets and reassemble your files. With TLS, all they see is random noise. SnapSend enforces TLS 1.3, the latest and most secure standard, for all connections.
Encryption at Rest
This is the lock on the vault. Once your file reaches the server, it is stored on a disk. If a hacker were to physically steal that hard drive from the data center, encryption at rest ensures they cannot read the files without the decryption key.
Cloud providers usually handle this transparently. However, "at rest" encryption often means the cloud provider itself could theoretically access your data if served a warrant, because they hold the keys.
Client-Side (End-to-End) Encryption
This is the gold standard. With client-side encryption, the file is encrypted on your device before it is even uploaded. The server receives an encrypted blob. The server literally cannot read the file because it never sees the key—the key is usually part of the shareable link (the "fragment" after the #).
Currently, SnapSend uses Transit Encryption combined with Ephemeral Storage. We focus on ensuring the data doesn't exist long enough to be a liability, rather than managing complex Key Management Systems for users who want zero-friction sharing.
Why Ephemeral is Better than "encrypted forever"
Encryption is only as good as the math behind it. Algorithms protecting data 10 years ago are easily broken today. By deleting the data atomically (Ephemeral Storage), we sidestep the problem entirely. You don't need to worry if the encryption will hold up in 2035 if the data was deleted in 2025.