Like a locked safe where we don't have the key. Upload your files, they're encrypted instantly on your device. Not even we can see what's inside.
Built for activists, journalists, and privacy maximalists. Zero-knowledge architecture with dynamic jurisdiction selection. Your data migrates to the safest locations automatically.
Advanced protection without the complexity. Drag, drop, done.Decentralized infrastructure with dynamic jurisdiction arbitrage.
Imagine sending a locked safe through the mail. We never see inside because you keep the only key. Your files are encrypted on your device before upload.
Client-side AES-256-GCM encryption. Keys derived using Argon2id. We store encrypted blobs - mathematically impossible for us to decrypt your data.
Bank-levelAES-256-GCMProtected against future threats. Even quantum computers won't be able to break your encryption. Your files stay private for decades.
NIST-approved Kyber-768 key encapsulation mechanism. Hybrid scheme combining classical and post-quantum algorithms for maximum security.
Next-genKyber-768Your encrypted files are automatically backed up to multiple locations worldwide. If one server goes down, your data is safe elsewhere.
AI-powered jurisdiction arbitrage. Data migrates automatically based on legal climate, server performance, and geopolitical stability. 15+ jurisdictions including offshore havens.
3 copies15+ locationsStart using it immediately. No email, no password, no personal information required. Just upload and share.
Zero registration required for uploads. Anonymous file sharing via cryptographic links. Optional account for permanent storage with crypto-only signup.
InstantAnonymousAll our encryption code is publicly available. Security experts can review it, and you can see exactly what happens to your files. Trust through transparency.
Complete client-side code publicly available. Audit encryption implementation, verify security claims. Reproducible builds ensure binary matches source.
Open sourcePay with crypto for maximum privacy. No personal information collected. Bitcoin, Monero, and Lightning Network supported.
BTC, XMR, Lightning Network. No KYC, no tracking, no payment processor surveillance. Card payments available but +10% fee covers processor costs and data collection risks.
CryptoBTC, XMR, LNEven if forced by law, we can't decrypt your files. We don't have the keys. Your password never leaves your device. This is by design, not policy.
By designDrag and drop to upload. Click to share. All the security happens automatically behind the scenes. No technical knowledge needed.
EasyUse it on any device. Phone, tablet, computer. No app to install. Just open your browser and start uploading.
Any deviceOffshore infrastructure with domain separation. Backend and frontend on different jurisdictions. Resilient against takedown attempts and legal threats.
DistributedTesting bunker deployments and submarine data centers. Exploring extreme physical security for long-term data preservation. Pioneering next-gen hosting.
R&DOffshore structure makes legal coercion difficult. Even under pressure, we can only provide encrypted blobs. Multiple-round post-quantum encryption makes decryption impossible.
OffshoreThree simple steps to complete privacy.Multi-layer security with decentralized infrastructure.
Drag and drop any file. The moment you upload, it's automatically encrypted on your device using military-grade security. Like putting it in a locked safe.
Your encrypted file is backed up to multiple secure servers worldwide. We can't see what's inside - only you have the key. Even if we wanted to look, we can't.
Get a secure link to share with anyone. When they open it, the file decrypts in their browser using your key. Simple, secure, private.
Key generation: Argon2id password hashing (256MB memory, 3 iterations) or hardware-backed keystores (Secure Enclave, TEE).
Encryption: AES-256-GCM with unique IV per file. Post-quantum Kyber-768 KEMs for key encapsulation.
Chunking: Files split into 4MB chunks, independently encrypted for parallel upload and deduplication.
Jurisdiction selection: AI analyzes 15+ offshore locations including Switzerland, Iceland, Singapore. Ranks by legal climate, latency, and stability.
Redundancy: 3-copy minimum across different jurisdictions. Automatic failover and re-replication on server failure.
Dynamic migration: Files automatically migrate based on geopolitical changes and legal threats.
Domain separation: Frontend, backend, and storage on independent infrastructures and jurisdictions.
Offshore structure: Complex entity structure makes legal attacks difficult. Can relocate services rapidly.
Coercion defense: Multiple encryption rounds. Under duress, we provide encrypted blobs that reveal nothing.
No hidden fees. No surprises. Just honest pricing.Accept crypto. No KYC. Anonymous payments available.
Files deleted after 30 days
per month
Save €1-10 per upload with prepaid balance — skip transaction fees and upload instantly without blockchain wait times.
Why the card fee? Payment processors charge us and collect your data. Crypto is private, instant, and has no middlemen. We pass the savings to you.
Custom needs? Need custom domain, white-label, or bulk storage? Contact us for enterprise solutions. We support volume discounts and custom jurisdictional arrangements.
See how we compare to major cloud providers.Technical and privacy comparison with industry leaders.
| Feature | tesho | Google Cloud | AWS S3 | Azure | IBM Cloud | Mega.nz |
|---|---|---|---|---|---|---|
| Zero-knowledge encryption | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ |
| Offshore infrastructure | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ |
| Post-quantum cryptography | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Open source client | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ |
| No data mining | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ |
| Anonymous payments (crypto) | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ |
| Jurisdiction selection | ✓ | ✗ | Partial | Partial | Partial | ✗ |
| Starting price | $0.50/mo (20GB) | ~$3/mo (10GB) | ~$2.30/mo (10GB) | ~$2.40/mo (10GB) | ~$2.20/mo (10GB) | €5/mo (16GB) |
The key difference: Major cloud providers can access your data because they hold the encryption keys. tesho uses zero-knowledge architecture - we literally cannot see your files, making surveillance and data mining impossible.
Technical edge: While enterprise providers offer regional compliance, they maintain master keys and cooperate with government requests. Our cryptographic architecture and offshore structure provide mathematical and legal barriers to surveillance.
The world is changing. Protect yourself while you still can.Global surveillance infrastructure threatens fundamental freedoms.
Governments and corporations worldwide are expanding their control over digital communication. From Europe's proposed Chat Control legislation to China's comprehensive surveillance systems, we're witnessing unprecedented attempts to monitor private conversations, calls, and files - all justified in the name of security.
We're entering an era of mass surveillance normalized by both state actors and tech monopolies. The EU's Chat Control proposal mandates client-side scanning of encrypted messages. The US EARN IT Act threatens end-to-end encryption. China's Great Firewall serves as a blueprint for digital authoritarianism worldwide. These aren't dystopian fears - they're active legislative proposals and operational surveillance systems.
History has shown us where this leads. The Pegasus spyware scandal revealed how sophisticated surveillance tools were used to target journalists, activists, and political opponents. What was sold as anti-terrorism technology became a weapon against freedom of speech and press.
Historical precedent is clear: Pegasus spyware infected devices of journalists, dissidents, and political rivals. NSA's PRISM program harvested data from tech giants. Palantir built surveillance infrastructure for ICE. Tools marketed for "safety" invariably become instruments of oppression. The infrastructure being built today will be inherited by tomorrow's authoritarians.
Large tech companies profit from your data. They scan your files, read your emails, and track your behavior to serve targeted ads and build detailed profiles. Your privacy is their product. We believe this is fundamentally wrong.
Tech monopolies monetize surveillance. Google scans Gmail for ad targeting. Meta analyzes private messages for behavioral profiling. Amazon's Ring creates private surveillance networks. Microsoft's Azure Government serves intelligence agencies. Your data is extracted, analyzed, and sold. Privacy policies are legal theater - the business model is surveillance capitalism.
tesho is different. We can't scan your files because we can't decrypt them. We don't serve ads because we don't see your data. We accept cryptocurrency so your payments remain private. We operate offshore to resist government overreach. We're transparent about our architecture and publish our code. Privacy isn't a feature - it's our foundation.
tesho is resistance infrastructure. Zero-knowledge architecture makes surveillance mathematically impossible. Offshore structure creates legal barriers to coercion. Open source code enables verification and audit. Cryptocurrency payments eliminate financial surveillance. Multi-jurisdictional storage resists centralized takedowns. We're building tools for a hostile environment where privacy is under systematic attack.
Privacy protection through smart geography.Legal isolation through multi-jurisdictional infrastructure.
No single government can force us offline. Our infrastructure is spread across multiple countries. Taking us down would require coordinated legal action in dozens of jurisdictions.
Frontend, backend, and storage are legally separate entities in different jurisdictions. Domain seizure affects only one component. We can relocate services rapidly. Multi-jurisdictional takedowns are expensive and complex.
Distributed15+ jurisdictionsWe operate from privacy-friendly jurisdictions with strong data protection laws. This makes it legally difficult to compel us to hand over data - especially since we can't decrypt it anyway.
Servers strategically placed in jurisdictions with strong privacy laws (Switzerland, Iceland) and some in adversarial locations (obfuscation). Legal requests must navigate complex international law. Even under pressure, we only possess encrypted blobs.
Strong lawsStrategic placementWant your data in Switzerland? Iceland? Singapore? You choose. Or let our AI pick the safest location based on current global conditions. Your data, your rules.
Manual jurisdiction selection for compliance requirements (GDPR, Swiss data residency). AI-powered auto-selection analyzes legal climate, latency, and geopolitical stability. Dynamic migration responds to regulatory changes.
Your choiceAI-optimizedIf privacy laws change in one country, your data automatically migrates to safer locations. No action needed from you. We monitor global regulations so you don't have to.
Continuous monitoring of legal developments, new data retention laws, and government surveillance programs. Automated migration triggers based on threat assessment. Real-time jurisdictional optimization.
SmartAutomatedWe use the same legal structures wealthy people use to protect their privacy: offshore companies, crypto payments, jurisdictional diversity. Now available to everyone.
Complex entity structuring, cryptocurrency payment rails, multi-jurisdictional redundancy, legal isolation layers. Privacy techniques of high-net-worth individuals democratized for ordinary users.
Elite toolsDemocratizedSome governments force companies to add backdoors to their encryption. Operating offshore with zero-knowledge architecture makes this impossible. We have nothing to backdoor.
Zero-knowledge architecture combined with offshore structure creates mathematical and legal barriers to coercion. Cannot install backdoors in encryption we don't control. Cannot decrypt data we cannot access.
ImpossibleMathematical + legalEverything you need to know about tesho.Technical and operational details.
No, and anyone who promises that is lying. Absolute security doesn't exist. While we use military-grade encryption and offshore infrastructure, there are attacks we cannot prevent:
What we CAN'T protect against:
• Someone installing spyware on your device (keyloggers, screen capture)
• Physical threats forcing you to reveal passwords ("$5 wrench attack")
• Sophisticated nation-state attacks on your personal devices
• Social engineering tricks that fool you into revealing information
• Future quantum computers that might break today's encryption (though we use post-quantum crypto to prepare for this)
What we ARE doing:
Our backend is split across multiple companies in different countries. Each entity runs independent servers, verifies each other's code, and follows unchangeable security rules designed to last decades. No single entity can access or compromise your data alone. We actively monitor threats and will adapt our infrastructure as new attacks emerge.
Bottom line: We're building the most secure system possible, but security is a process, not a destination. Use strong passwords, keep your devices clean, and understand that privacy requires both good tools AND good practices.
CRITICAL DISCLAIMER: Perfect security is mathematically and practically impossible. Our threat model has explicit limitations:
ATTACKS WE CANNOT PREVENT:
Endpoint compromise: Malware on user device (keyloggers, clipboard hijacking, memory dumps, screen capture). If your device is compromised before encryption, no cloud service can help.
Physical coercion: Rubber-hose cryptanalysis, $5 wrench attacks, torture, detention. We cannot protect against threats to your physical safety.
Advanced nation-state attacks: Supply chain attacks on hardware/firmware, CPU vulnerabilities (Spectre, Meltdown variants), hardware implants, TEMPEST attacks, timing analysis.
Social engineering: Phishing, pretexting, baiting. Human factors remain the weakest link.
Quantum computing (future): While we implement post-quantum cryptography (Kyber-768), the field is evolving. Harvest-now-decrypt-later attacks could threaten today's encrypted data decades from now.
Zero-day exploits: Unknown vulnerabilities in our codebase, dependencies, or cryptographic implementations. Open source helps, but doesn't eliminate this risk.
Traffic analysis: Despite Tor/VPN usage, sophisticated adversaries can potentially correlate upload/download patterns, file sizes, timing.
Infrastructure attacks: DDoS, BGP hijacking, DNS poisoning, submarine cable tapping. We mitigate but cannot fully eliminate.
OUR DEFENSE STRATEGY:
Multi-entity architecture: Backend fragmented across 5+ legal entities in different jurisdictions. Each entity operates independent infrastructure, performs code verification, and adheres to immutable security principles encoded in founding documents. No single entity has complete access.
Mutual verification: Each backend entity must cryptographically sign and verify others' code deployments. Rogue updates are detectable. Consensus required for infrastructure changes.
Jurisdictional isolation: Frontend, API, storage, payment processing are legally and physically separate. Compromise of one component doesn't cascade.
Immutable security policies: Core principles (zero-knowledge, no logging, encryption standards) written into legal structure. Cannot be changed without dissolving and reconstructing entities - economically infeasible.
Cryptographic agility: Hybrid classical/post-quantum scheme allows algorithm updates. Monitoring NIST post-quantum standards for migration triggers.
Active threat intelligence: Continuous monitoring of: CVE databases, cryptographic research, jurisdiction legal changes, nation-state capabilities. Incident response plans for various attack scenarios.
FUTURE ADAPTATION COMMITMENT:
Security is not static. We commit to: quarterly security audits, immediate response to critical vulnerabilities, transparent disclosure of incidents affecting users (within legal constraints), regular cryptographic algorithm updates, expansion to new jurisdictions as needed, hardware security module integration (planned), threshold cryptography for enterprise (researching).
USE CASE APPROPRIATENESS:
tesho is suitable for: activists in hostile environments, journalists protecting sources, businesses with sensitive IP, individuals seeking privacy from corporate surveillance, data requiring multi-decade confidentiality.
tesho is NOT suitable for: protection against targeted nation-state attacks on high-value individuals (use airgapped systems), scenarios where physical security is compromised, situations requiring absolute certainty (nothing provides this).
TRANSPARENCY: This disclosure exists because we respect your intelligence. Services claiming "unhackable" or "military-grade" without caveats are either incompetent or dishonest. Security requires informed users making risk-aware decisions.
No, we technically cannot. All encryption happens in your browser before upload. It's like you're putting your file in a locked safe before sending it to us. We never see the key, so we can't open the safe. Not even if we wanted to.
Unfortunately, we cannot help you recover your files. Since we don't have your encryption key, we have no way to decrypt your data. This is the trade-off of true privacy. We recommend using a password manager and storing recovery keys safely.
Google can see all your files because they hold the encryption keys. They scan your files for their services and can comply with government requests. With tesho, only you have the keys. We can't see your files, scan them, or give them to anyone - because we literally can't decrypt them.
Yes, completely legal. Encrypted cloud storage is legal worldwide. We're offshore to protect user privacy from government overreach, but we're not doing anything illegal. We comply with laws where we operate and simply cannot comply with requests to decrypt files (because we can't).
They would get encrypted files they can't read. It's like stealing a locked safe - useless without the key. Your files are encrypted before they reach our servers, so even a complete server breach wouldn't expose your data.
Defense against: state surveillance, corporate data harvesting, server breaches, quantum computing threats, legal coercion, DNS/domain seizure. Assumptions: adversary can compromise individual servers but not all simultaneously, cannot break post-quantum cryptography, cannot compromise user's local device. Out of scope: client-side malware, $5 wrench attacks, nation-state physical raids.
Backend and frontend are legally separate entities in different jurisdictions. Storage servers in 15+ locations including offshore havens with strong privacy laws (Switzerland, Iceland, Singapore, etc.) and some intentionally in adversarial jurisdictions (obfuscation). AI monitors legal changes and user can override auto-selection. Complex entity structure makes takedown attempts require coordinated multi-jurisdictional action.
We have servers in EU jurisdictions (Switzerland, Ireland) for users requiring GDPR compliance. Zero-knowledge architecture means we're data processors, not controllers - we cannot access plaintext data. Users control encryption keys. Right to deletion: we delete encrypted blobs immediately. Data portability: export encrypted files anytime. We provide DPAs for enterprise customers.
Offshore structure makes this difficult, but if forced: we can only provide encrypted blobs. Multi-round post-quantum encryption means even with computational resources, decryption is infeasible. We don't log user IPs or metadata. No crypto payment processors means no payment trail. Canary policy: we publish transparency reports; absence of update signals legal pressure.
Currently: user-controlled key rotation (re-encrypt files with new password anytime). Planned: automatic periodic re-encryption with new keys, old keys securely destroyed. File-level keys never reused. Forward secrecy at transport layer (TLS 1.3). Investigating threshold cryptography for enterprise accounts (M-of-N signatures required).
Bunker hosting: Testing secure underground facilities in Nordic countries. Provides physical security and EMP resistance. Submarine data centers: Early research phase, exploring offshore platform deployments for legal isolation. Not yet in production. Focus on bleeding-edge infrastructure for long-term data preservation and censorship resistance.
500MB free. No credit card needed. Start in 30 seconds.
Zero registration. Anonymous uploads. Crypto payments accepted.