Writing

Your passport copy is sitting on someone's Google Drive

Giuseppe Giona·23 March 2026

Last week I scanned 15 citizenship agencies. The websites were bad. But the website is just the front door.

The real question is what happens to your passport copy after you email it.

Where your documents actually go

Google Drive. That's the answer for most agencies. A shared folder, maybe organised by client name, maybe not. Your passport sits next to every other client's passport. Access depends on whether someone remembered to restrict sharing permissions when they set up the folder in 2019.

Communication happens over Gmail. Your birth certificate as an attachment, stored on Google's servers under their terms of service. Or WhatsApp — which the FCA has been fining financial firms for since 2023. No audit trail. Backups often unencrypted on iCloud or Google Drive.

When your case closes, your documents stay. Nobody deletes them because nobody has a process for it.

The encryption lie

Google Drive says your files are "encrypted at rest and in transit." This means Google encrypted them. Google holds the key. Google can read them. Their employees with the right access can read them. A government subpoena can compel Google to hand them over.

That's server-side encryption. It protects against someone stealing a physical hard drive from a Google data centre. It doesn't protect against Google, their employees, or anyone who compromises their infrastructure.

Client-side encryption is different. The file is encrypted on your device, with a key that never leaves your browser. The server receives random bytes. Even if it's compromised, the attacker gets ciphertext they can't read.

So I built one

vault. Drop a file. AES-256-GCM encrypts it in your browser. The ciphertext uploads. You get a link. The encryption key is in the URL fragment — the part after the #— which RFC 3986 says is never sent to the server in any HTTP request.

One-time download by default. After the recipient downloads, the blob is deleted. No accounts. No tracking. No third-party scripts.

I wrote 9 research documents before a single line of code. The Mega breach paper from ETH Zurich. The Firefox Send shutdown. The code delivery problem. Every limitation is documented and published. Most encrypted file sharing tools bury their caveats. vault leads with them.

Four questions for your agency

Before you email someone your grandmother's birth certificate:

Where are my documents stored? If the answer involves Google, Dropbox, or "the cloud," ask who holds the encryption keys.

Who has access to my file? One person or a team? A shared login?

What happens when my case is done? The right answer is short: deleted.

Can you show me a written policy? If they look confused, that's the answer.

vault is open source. Code · Project page · 10 documented limitations