Skip to content

Guide

What 'Zero-Knowledge' Means (and What It Does Not)

Zero-knowledge is one of the most used and misused terms in privacy tools. What the architecture actually guarantees, and the trust you still extend.

By SecretPNG TeamReviewed by SecretPNG Security TeamPublished 2026-07-14Updated 2026-07-14

In consumer privacy tools, 'zero-knowledge' describes an architecture where the service provider cannot read your data because encryption and decryption happen on your device, with keys the provider never receives. The provider may store ciphertext, or in SecretPNG's case mostly store nothing at all, but either way it holds no means of decryption.

The term is borrowed from academic cryptography, where a zero-knowledge proof is a specific mathematical protocol. Marketing usage is looser, which is one reason to evaluate the claims behind the label rather than the label itself.

What the architecture actually guarantees

When encryption is client-side and keys stay with you, several strong properties follow. A breach of the provider's servers exposes, at worst, ciphertext. Employees cannot browse your content, whether out of curiosity or under pressure. Legal demands served on the provider can only yield what the provider has, which does not include your keys or plaintext. And the provider cannot quietly repurpose your content for advertising or training, because it cannot read it.

SecretPNG's core tools take this further than most hosted services: files, passwords, and keys are processed entirely in your browser and are never uploaded, so for most tools there is not even ciphertext on a server. For secret links, the server stores ciphertext and expiry rules, while the decryption key travels only in the URL fragment, which browsers do not send to servers.

What it does not mean

Zero-knowledge is a statement about where keys live, not a blanket safety guarantee. It is compatible with real weaknesses, which honest tools acknowledge.

  • It does not mean anonymous: your network and browser still reveal ordinary technical information, like any website visit.
  • It does not mean unhackable: your own device, browser, and password remain in scope for attackers.
  • It does not mean the code is correct: an implementation flaw can undermine a sound architecture, which is why audits and public documentation matter.
  • It does not protect weak passwords: client-side key derivation slows guessing but cannot make 'password123' safe.

The trust you still extend

With a web-based tool, you trust the code delivered to your browser each time you load the page. A malicious or compromised server could, in principle, serve altered code that leaks keys. Mitigations exist on a spectrum: public source code and format documentation allow inspection, and installing the tools as a PWA for offline use reduces how often you fetch fresh code. SecretPNG publishes its source and container format, and states plainly that it is in beta and has not been independently audited.

You also trust your own environment: the browser, its extensions, and the operating system all sit between you and the math.

Evaluating a zero-knowledge claim

A credible zero-knowledge claim is specific and checkable. Look for the algorithm names and parameters, a description of exactly what data reaches the provider's servers and in what form, published source or format documentation, and frank statements about limitations. Vague superlatives, 'military-grade' promises, and missing technical detail are signs that the term is being used as decoration rather than description.

Limitations to keep in mind

  • Zero-knowledge architecture cannot protect against a compromised device, a malicious browser extension, or a weak password.
  • Web delivery means trusting the code served to your browser; SecretPNG is in beta and not independently audited, though source and format documentation are public.
  • Zero-knowledge does not imply anonymity; standard web metadata such as IP addresses is still visible to networks as with any site.

Sources