How Internxt Protects Your Data
Internxt is a little different from your average cloud service.
Internxt is open-source, end-to-end encrypted, and built on a secure distributed network, so every bit of code we create is accessible for verification. Plus, every action on our platform is encrypted before it leaves your device and stays that way until you access it again.
Confused? Computer technologies can be a bit complicated. Learn more about how Internxt works to create the safest and most secure cloud service possible below.
From A to X: Everything About How Internxt Works
An overview of what happens when you store your files or photos with Internxt:
Anonymous Account Creation
First, you make an account, which on the surface, is a pretty standard process. The difference with our service is that each account the user creates is issued a client.
This client is like your master account. The password and account you make give you access to your client. In your client, we store your mnemonic, which is used as the seed for generating each file encryption key(more on that later).
Whenever you register an account with the Internxt platform, we generate a passphrase and place it in your client. This passphrase is called a mnemonic.
We then use encryption to secure your mnemonic before sending it to Internxt systems. Your plain text password is used as a key to encrypt your mnemonic before it leaves your device. Any time you log in to your account after that, your password is used to decrypt the mnemonic, which will then be used to derive each unique encryption/decryption key for each file.
Once you create an account and access the platform, the service operates like any other familiar private cloud storage. You can create folders, share docs, and upload or download files.
Encrypting and Decrypting Files With AES-256
When you upload a file to our private cloud storage, Internxt automatically encrypts the file before it leaves your device. Nothing you upload reaches the internet in its raw, readable form.
When a file is encrypted, the information is scrambled and rendered unreadable. After your file is encrypted, we upload the file in unified parts and distribute the pieces of information throughout the Internxt network. Only the user with the encryption key can decrypt and piece back together encrypted files.
For end-to-end encryption, we use your mnemonic as an encryption key (the only one with access to that mnemonic is you). We also utilize an element called IV, which is a randomly generated number that adds entropy to the encryption algorithm. We do store the IV, but this is not an element that can be used to decrypt your data.
To be more specific, we use an algorithm in our safe storage known as AES-256.
Your password is hashed with a randomly generated salt. Then, before we send the hash to Internxt systems for persistence, we also encrypt this hash. By using this method, we ensure nobody outside your client can gain access to your password. You can be confident that your files are in a safe storage service.
We also provide a free password checker tool that will tell you how strong your password is, ensuring that your account is not hacked or exposed to data breaches.
Encrypted files are sent across our vast distributed network rather than a centralized server location. Internxt doesn't operate a single massive data center, unlike Amazon and Google. These large centers are a prime target for hackers since much of the data stored there is in its raw form.
Instead, we've partnered with the global data center infrastructure provider OVHcloud to host the servers that run our secure network.
Internxt distributes your encrypted files across a distributed network, meaning your files are scattered across the world to various servers and data centers.
The host can't open your encrypted files since they don't have the encryption key. On top of that, our data centers deploy world-class Anti-DDoS detection and protection infrastructure across their entire network. Our infrastructure and services adhere to the following security certifications and attestations: ISO/IEC 27001, 27017, 27018, and 27701, SSAE18 Type 2 SOC 1, SOC 2, SOC 3, PCI-DSS, AOC, HIPAA Type 1.
Even if our data centers were to be compromised, files stored within Internxt's private network are encrypted by a protocol that keeps the information confidential, as access to the info is insufficient to read the content.
Sure, brute force can be applied in the case someone breaks into our datacenters, but still, our AES-256 encryption protocol should (theoretically) resist that type of attack for thousands of years.
We have servers across the globe, with the majority being found in the European Union (EU), allowing for fast response times for our users. By spreading information over many more devices and geographic locations, Internxt’s secure storage ensures the user is less likely to experience data loss due to all sorts of issues.
We chose OVHCloud to host our network as they are vertically integrated. They build their own data centers and servers, own and operate their network, and are directly responsible for all the maintenance and support of their systems. Basically, they are an end-to-end provider that doesn't allow any access to outsiders trying to become involved in their operations.
Also, OVHCloud has the lowest Power Usage Effectiveness (PUE) ratings in the industry, meaning they are green (or as green energy-heavy server facilities can be).
Redundancy and Content Replication
Internxt's secure storage ensures the user is less likely to experience data loss due to hardware malfunctions, power disruptions, or natural disasters. All of the user's eggs are spread out across many baskets or across many different centers and servers hosted by OVHCloud.
Our cloud uses object storage, where data is stored as standalone devices called "objects." Each of these objects consists of the data, a unique identifier, and the associated metadata. Object storage is for catalogs of documents handled by applications, which provide static content, including images, text files, tables, audio, or video.
All actions are carried out via OVHCloud's S3 APIs. This feature makes automation possible and makes integration more straightforward, but it also lets us specifically define the access rules we give to users.
The good news about object storage and OVHCloud's SR APIs is that any disruptions or corrupted files are limited to a single object, so if one file has a problem, it won't spill over into your other data. Also, if something goes wrong, we can replicate a serviceable copy of the corrupted content from the previous version of the object.
End-to-End Encrypted File Sharing
File sharing works a tad differently on our service. Rather than moving the file in a workable or raw form between users, we instead encrypt the mnemonic of the file you would like to share (and store it encrypted) with a code that goes in the link.
We do not store the code with the mnemonic or the shared file. Instead, it gets attached to the link. Only those with the link containing the code can correctly regenerate the decryption key and download the content without corrupting it.
This process applies when you share or sync files within Internxt apps using or with our free transfer service Internxt Send.
Open Source and Transparent
Everything we have mentioned prior is all built on Internxt’s source code. The code is the language engineers, programmers, and developers use to tell computer systems what to do and how to do it.
Computers don't do anything without first being told or, at the very least (in the case of AI), given a set of guidelines to follow.
Internxt is open-source, which means anybody (who understands the coding language) can look under the hood and personally inspect the system we've built in our secure storage. All of our code is published here on GitHub. Feel free to take a look!
Independent Security Verification
Internxt is located in Spain, so, of course, we are totally GDPR compliant. But the safety doesn't stop there. Internxt has been independently audited and verified by Europe's leading penetration testing company, Securitum.
Securitum, a leading European security auditing company, is responsible for hundreds of security testing projects yearly, including for many top European tech companies and banks. We contracted Securitum to penetration test our web, mobile, and desktop applications and cloud services.
Long story short, the audit was a success, and our final security report was extremely positive. The independent audit by Securitum uncovered no significant issues or security vulnerabilities.
And That's How Internxt Protects Your Data
All in all, Internxt is a private and secure cloud storage service designed to protect your data.
How this is done may sound highly technical, but all the jargon simply means you can be sure we are doing everything in our power to protect your privacy and personal data.
Still, have questions? Contact us directly via email at email@example.com.