Avoid Zoolz backup service if you value privacy

Douglas Crawford

Douglas Crawford

August 26, 2014

Cloud backup services are big business these days (just check out our sister website BestBackups to get an idea of how many companies have jumped on this particular bandwagon), and following Edward Snowden’s NSA revelations there is increasing demand for online data storage solutions that don’t either spy on your data for advertising purposes, hand it over to the NSA (or other government agency), or otherwise spy on the data stored there.

Zoolz, a company which boasts Microsoft, Dell, the BBC and the Washington Post as customers, is one such, promising users that,

Zoolz is designed to process and protect your data with zero knowledge and with the highest security, durability, and availability out there’, and ‘your files will be processed with zero knowledge and even if the company was held at gunpoint to release your data it will still be in its encrypted form.

It also promises end-to-end encryption,

Zoolz encrypts your files before they leave your machine, securely transfers your files, and stores them on encrypted servers using military grade 256 AES Encryption.

Well, a customer by the name of Ryan Gallagher had his Zoolz account cancelled after the company discovered some old .torrent files (not any actual infringing material) among his backed up data. The result was an immediate termination of his backup plan, with a one week timeframe to remove data from his account before it was deleted,

My account and all data (1.3TB) was nuked, they would not budge on deleting specific ‘prohibited file names’ saying they had no way to do it. It’s a complete waste of time and bandwidth.

Hidden away deep within Zoolz’s ToS Product Agreement is the following justification for this action,

‘If Metadata checking (i.e. file names) reveals that an account has content relating to video piracy, software piracy or any copyrighted data with the intent to distribute (i.e. torrents) the account will be immediately terminated.

Um – how exactly is ‘metadata checking’ (filenames, not actual data it should be stressed) in any way ‘zero knowledge’? It also means that when the data is being encrypted client-side, the software is sending this metadata to Zoolz!

When Geoff Akerlunk of the Backup Review website questioned Zoolz over the incident, the company actually accused him of supporting illegal behavior,

We are sad to see you side with illegal behavior, the torrents could mean that the user has the actual media files, and downloading any media file without any proof of ownership is considered illegal.

When TorrentFreak published a highly critical article on this subject, Zoolz responded with the following statement (a similar statement was sent to Akerlunk),

The flagging system is a deviation of the zero-knowledge policy only applicable to abusive home user accounts, not business users. It is completely automated at the time the abuser accesses the files from the web after entering the encryption password. The system will flag any account with suspicious bandwidth use, multiple access from different locations and will only scan for illegal filenames and not actual data. In rare cases the flagging system could generate false positive and we are currently working enhancing this and increasing the grace period. We have tens of thousands of home users who are happily using the system legally and the scanner has never been triggered on their accounts.

So the service is zero knowledge until Zoolz decides it isn’t? AVOID AVOID AVOID!!!!!

Douglas Crawford

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

22 responses to “Avoid Zoolz backup service if you value privacy


  2. Zoolz Absolutely Awful. Their service shut down my computer 3 times. I asked for refund they never gave one, their customer service is beyond bad and I would recommend anything except them. I am STILL awaiting a refund when I used the product for 2 hours (while it corrupted my pc!) and now paypal assisting. Pirates. Avoid. Then they pretend on forums like this they will help and they do not. Thieves and pirates. Refund me!

  3. Like @Escobar, I had a tough time getting Zoolz to actually back up files. I opened the program the other day and discovered it hadn’t backed up any files AT ALL for nearly 4 months. No alert, no error message, it just wasn’t bothering to run. Tech support doesn’t work weekends and took 3 days to get back to me. Getting Zoolz to actually work again required manually downloading a program update and then re-identifying my secured networks as safe. So while I don’t have any files that would make me worried about my privacy rights, I do have files that are critical both professionally and personally. Don’t trust a backup company whose software A) doesn’t do the job you pay the company to do, and B) doesn’t alert you that it’s not protecting your data.

    1. When you pay a company a flat ‘lifetime’ fee for this type of service, the company then has all the money they will ever receive from you, regardless of how they perform. It is then in the company’s interest to have you use their service as little as possible. Which explains why their service keeps failing to back up your files, and why customer service is difficult or non-responsive. That’s exactly what they want.

    2. Jack, when the flat lifetime fee is comparable to the cost of just a few months of service with other providers, that’s a risk I’m willing to take. I haven’t regretted it yet, and I’ve been using Zoolz for more than a year, during which I used Zoolz to restore files backed up on an old computer onto a new computer with very little difficulty. The only issue I had was that support led me to believe that migrating from one folder name to another would work automatically when in fact it caused my data to be duplicated on the cloud side. But this has since been remedied, and things are still working great. I’ve never seen such a great deal for cloud backup, if you get the 98% off promotion.

  4. What a waste of time. We went with a rigid plan to backup 3 million files about 10 TB of data to keep off premises for an emergency recovery.

    What a joke! After 3 months of running backups daily, the data has not been completed (I have 200 MB Internet up/down service).
    The tech support is USELESS. They take 24 hours to respond each time, and when they respond they ask you to run logs reports for another 24 hours and send then the logs, which you can’t because the logs are so big you can’t email them.

    After 7 days of back and forth on emails from support, their recommendation was to restart the backup from the beginning because I have “TOO MANY FILES”

    WTF ???? These F***ing geniuses sell a backup service but you can’t put too many files?

    Deduplication service doesn’t work because, (you have to laugh here) they said and I quote “It seems that you have uploaded a lot of files that you have already uploaded before (not recommended). Please be informed that the De-Duplication feature was designed to save only your bandwidth. This way, you have to delete all your files and start a new backup job.”

    GO with another service.

    Recommended – NO F***ing WAY!!!

  5. Keep well away from this business, it’s not just your privacy at risk!!!

    I had an account with them for little under a year, they managed to make a complete mess of 5 TBs of data on their Business plan at my cost. The support is next to useless, and the tool does not deliver on performance for downloads or uploads. But what most worried me was exactly how safe are my documents were so I did some research and found out this is not actually a UK business, these people are based in the middle-east in Jordan of all places, which is why I moved what documents I could retrieve to a new provider called Datacastle RED who I checked out before signing up to their business plan.

    If you value your privacy and electronic documents then keep well away from this smoke and mirrors business!

  6. Stay FAR FAR away and DO NOT TRUST ZOOLZ. Complete scam. We started with an unlimited plan for $60/year, and they jacked it up to $1620 after 2 years, literally holding 5TB of data hostage unless we paid (though kindly offering a 40% discount – WTF). Absolutely unbelievable, and probably illegal. Who knows how much they would charge to actually restore a lost backup. Please spread the word- this company is BAD NEWS.

  7. I’ve had a pretty bad experience with Zoolz. I wish I could complain about them making intrusions into my privacy but I simply can’t get the service to work. I contacted customer support but they’re useless. Not only that, I discovered after signing up that it takes 3 to 5 hours to view any documents uploaded (if I was able to upload at all!). This is not a great option if you’re searching for a missing file in a hurry. Having paid my subscription my only recourse is to cancel the recurring payment on Paypal and opt for another provider.

  8. You article not fair!!!!
    I know many people are using it , and all are happy, if you upload illegal content , you should be suspended!

    1. Hi Mo,

      That is completely missing the point – if a service that claims to be ‘zero knowledge’ then it should have no ability to determine if files are illegal. It is therefore lying about being zero knowledge…

    2. If you think that torrents are used to distribute only illegal files then I’m really sorry for you and the likes of you.

  9. I download a lot of stuff from torrents — a fair bit of it illegally — and I’m generally not apologetic about it. So much of what I download is not available commercially or is locked into a particular ecosystem that I don’t feel bad about downloading it.

    My problem with Zoolz position is that they’ve arbitrarily decided to make themselves the arbiters of what data is fit for me to download. And why should they care? If I have paid them to store my bits, they shouldn’t give a rip what pattern those bits came in. Their position would be like a cab company saying they won’t give rides to men who are going to visit their mistresses. If the men pay for their rides, why should the cab drivers care why you’re going where?

    Ultimately, however, I had the Zoolz service for a year and it was practically useless to me anyway. It would scan my folders, upload a few files and stop. I would reset the service using the information in their FAQ and restart the process. Then it would re-scan, upload a few more files, and then stop. For the TB of data that I was trying to upload, this process would never have worked for me. Too bad too — there aren’t many providers who will back up and store offline data.

    Then again, once they found out how many torrents I had downloaded, they probably would have banned me anyway.

  10. From the Zoolz wiki ( “Like most online services, we have a small number of employees who must be able to access user’s metadata (e.g., file names and locations) for the reasons stated in our privacy policy (e.g., when legally required to do so).”

    This is not zero knowledge. Too bad, since the service seems good, except for this major false claim.

  11. Douglas, dont know zoolz, but i checked their response and seems fine!!! to be honest, dropbox, mozy, just cloud, everybody knows your filenames and if you share or download a torrent they stop you, the guy was storing torrents!!, i used to use just cloud before and they stopped my service for same reason!!!, and if you check the web you will see so many complains about it, also box, dropbox, mozy, crashplan, they all stop your account if you store, share or download torrents!!!, simply if you store torrents, dont use the cloud
    Just to be far

    1. Hi Dani,

      If I was using a service such as Dropbox, JustCloud, etc., I would expect filenames to be scanned, and myself banned if found uploading .torrent files. Zoolz however (its very name means Zero Knowledge incidentally), promises full end-to-end encryption with zero knowledge of what customers upload. Scanning uploaded filenames 100% contradicts this claim (knowing what filenames are being uploaded constitutes a great deal of knowledge), making the service absolutely not suitable for those who want a zero knowledge cloud storage solution… That Zoolz is so blatantly misleading about what the service provides reflects poorly IMHO on its general trustworthiness…

      1. What amazes me is that torrents are NOT ILLEGAL. In fact, movies like Water for Elephants are free and distributed via torrent.

        Are people really this incapable of critical thinking?

        On this basis alone, I you should avoid Zoolz like the plague. Anyone using torrents is supposedly a criminal, even if the content distributed is legally free to distribute. This is purely done so that Zoolz have an out clause to stop providing you with a service.

    2. The zero knowledge statement may be misleading (apparently it applies to file content, and not all data, which is an understandable point of confusion), but doesn’t seem like conclusive evidence that Zoolz is being intentionally deceptive or has any access to the *content* of the files you store. If you’re concerned about them accessing your metadata, I suspect it could be easily concealed in a ZIP file. This seems like an issue worth calling attention to, but not blowing out of proportion or entirely discouraging use of the service for *all* privacy concerns or even entirely, which seems to be the reaction of many commentators here. Kudos on including the privacy caveat in your headline, but it seems to me to still be overly broad, implying that none of the data is protected, where there is no evidence that anything is exposed beyond the metadata. They made a vague claim that got misinterpreted and had some negative consequences for which they should be held responsible, but I think the consequences are getting out of hand if the implication is that the service can’t be trusted at all. Use with caution.

Leave a Reply

Your email address will not be published. Required fields are marked *

Exclusive Offer
Get NordVPN for only