What do you think of Filen.io?

I opened an account with filen.io (a private cloud storage provider) a while ago. I am still on the free plan which is 10GB.

It is really quite a good service;

  1. Based in Germany (Subject to GDPR, pretty good country in regards to privacy)
  2. Open-source (Desktop clients, mobile, etc…)
  3. Really quick support (You can get a reply within an hour)
  4. Really active within their communities (Reddit, Discord, Twitter)
  5. Very short and clear Privacy Policy
  6. Fully GDPR-Compliant
  7. Only an email address needed to sign-up.
  8. One-time plans can be paid in Bitcoin.
  9. Affordable.

There is one main downside though, they only accept payments through Stripe or PayPal for their monthly and annual subscriptions.

So, what do you think of filen.io?


I like them too, but their file management and clients are far from polished (last time I tried was about 3 months ago). If we take Mega as another example, their UX is far superior. Oh, and Filen is also lacking collaboration features.


Filen is still very new and only has one developer at the moment, so you can’t compare it to services which have been in development by a bigger team for a long time. It’s okay though, for me it mostly needs some visual polish. Right now I only use it as a backup service with a hosted Nextcloud as the main thing.


I haven’t used it before but it doesn’t really matter what cloud provider you use if you encrypt the files before they are on the cloud service. I use rclone and you can set up encryption for the supported providers or any other service that supports protocols like WebDAV and cryptomator is a good tool to use as well.


I use Cryptomator with it and it works quite well.

I put it on my list of stuff to dig in as it’s a promising service but as @Feradin said it’s too early to tell if it’s really secure.

Open source ≠ Secure

As it’s open source more talented developers will take a look, contribute, fix vulnerabilties (every software have some) and in 2-3 years we should see it mentioned on Privacy Guides and Techlore if it’s trustworthy


I discovered it through privacytools.io but, as my previous topic has revealed;

privacytools.io has started to degrade in reliability.

They are a growing community so I think, as you say, in 2-3 years we will see it get more recognition and maybe have an audit.

1 Like

Open source ≠ Secure

A great example of this is Mega, all the clients are open source but the server is not. They had a key recovery bug and their fix was to retrofit in a fix instead of fixing the core issue as that would require everyone to reset their passwords. More information can be found at the given link: https://mega-awry.io/#rsa-key-recovery


When they started they used Cloudflare. :scream_cat:
At least I can’t find connections to Cloudflare at the main site any more, but I’m not sure if they use it on the servers the data is stored. Their privacy statement is also pretty incomplete :confused:

1 Like

The reason (I think) why their privacy policy is incomplete is because as a business under GDPR if you have under 250 employees you are not required to have a complete privacy policy.

I don’t know where you have heard that but that is not true. Every german business needs to have a complete privacy statement. A privacy statement has way more details then just if someone uses tracker or forwards information to third parties or not. If they have less then 20 employees the CEO of the company can act as a data privacy officer of the company. If the company has more then 20 employees, someone else (intern or extern) needs to do the job but that never implies you can have in any way an incomplete data privacy statement.
Statements like privacy contact, ‘Supervisory authority’ or your rights are completely missing.

Not a lawyer, not your lawyer, not anyone’s lawyer, no legal advice

In my country it states that;

‘If you have over 250 employees you have to fully document all of your data processing activites’

If you have under 250 employees you do not have as many documentation responsibilities.

As you have said, the German law is different. I just decided to make an assumption that German law would be similar.

1 Like