What makes Ellipticc Drive different from other cloud storage services?

Ellipticc Drive is the first cloud storage platform with post-quantum encryption using NIST-approved Kyber and Dilithium algorithms, true end-to-end encryption where keys never leave your device, and it's completely open-source.

Is Ellipticc Drive really free?

Yes, Ellipticc Drive offers 10 GB of free storage forever with no ads, no tracking, and no data selling. This is dedicated private storage, not shared limits.

How secure is Ellipticc Drive?

Ellipticc Drive uses post-quantum cryptography (Kyber + Dilithium), true end-to-end encryption, zero-knowledge file previews, and secure authentication where passwords are never sent to the server.

When will mobile apps be available?

Mobile apps for iOS and Android are coming in Q1 2026, along with desktop sync clients for macOS, Windows, and Linux.

Why ‘No IP Logging’ Is a Myth in Real Cloud Systems

A short, practical truth: saying “we don’t log IPs” is marketing, not engineering. IP addresses are how networks route, secure, and throttle traffic. They exist in transit and in the systems that keep the internet working. Below is a concise, no-fluff breakdown of what the claim can and cannot mean.

Summary (TL;DR)

“We don’t log IPs” usually means we don’t persist IPs in user records, not IPs never existed.
IPs are visible at the CDN, proxy, load balancer, and often at storage providers, for routing, DDoS protection, and billing.
The honest promise: minimal logs, short retention, no identity correlation, and limited use for abuse prevention only.

The Claim Everyone Makes: “We Don’t Log IPs”

Why users want it: privacy, lower deanonymization risk, and fewer attack surface traces.
Why companies advertise it: quick privacy signal that’s easy to market.
The problem: the phrase is ambiguous, is it seeing, storing, linking to identity, or retaining long-term? Experts expect precision; marketing avoids it.

How Internet Traffic Actually Reaches a Server

User → ISP → Internet → CDN → Reverse proxy (e.g. Nginx) → Backend → Storage / external services

At each hop, packets carry source IPs and some component will inspect them for routing, TLS termination, geo decisions, and security. That’s network reality, not a policy mistake.

Where IP Addresses Exist (Whether You Like It or Not)

TCP/IP headers: every packet includes a source IP.
CDN edge nodes: see client IPs and often write them to logs.
Reverse proxy / load balancer: connection context and access logs include IPs; X-Forwarded-For may include the client’s IP.
Firewall/WAF: rules and blocks depend on source IPs.
Abuse detection systems: rate limiting and correlation use IPs.

These are transient realities of packet routing and defense. They are not optional.

CDN Reality: Why Cloudflare (and peers) Already See Your IP

DDoS protection: needs source IPs to filter attacks.
Rate limiting: must know the request origin to throttle.
Geo routing: edge decisions require the client’s IP.
TLS termination: often happens at the CDN; the origin only sees proxied requests.

If you route via a CDN, the client IP is upstream, unavoidable unless you use a bespoke, encrypted tunnel to the origin (rare for public apps).

Application Logs vs Infrastructure Visibility

Seeing ≠ storing. A component can observe an IP without the app persisting it.
Memory ≠ disk. Runtime context can include IPs that never hit disk.
Ephemeral ≠ persistent. Firewalls and DDoS mitigators hold short-lived state; access logs can persist unless controlled.

Log types: access logs (webserver), debug logs (app), audit logs (security). You can redact or truncate data, but you cannot make packets forget their headers.

What “No IP Logging” Can Actually Mean (Precise Definitions)

A credible promise can be all, some, or none of the following:

No intentional IP storage in user records or profile tables.
Short retention windows for infra logs (e.g., 24–72 hours).
No correlation between IPs and user identities.
No analytics built from raw IPs.
Minimal logging retained only for abuse/emergency investigations.

If a product claims “no IP logging,” ask which of the above they mean.

Why Abuse Prevention Still Requires Temporary IP Handling

Defenses that need IP context:

Rate limiting and bot mitigation
Credential stuffing and brute-force prevention
Resource exhaustion and DDoS mitigation

Accept the trade-off: short-term, minimal handling for security; don’t expect zero visibility and still be protected.

Storage Providers and the Myth of the Invisible Backend

S3-compatible APIs and object stores commonly log request metadata used for billing, metrics, and quotas. Object access leaves traces such as timestamps and request IDs; some providers also record source IPs. You can minimize what the platform exposes, but you cannot make the provider’s telemetry disappear.

What We Do Instead (Practical Architecture Stance)

No IPs in user tables or identity records.
Minimize logs and rotate them automatically.
Short, explicit retention windows for raw access logs.
Separation of concerns: auth systems separated from content systems; no cross-linking without explicit need.
No behavioral profiling from IPs.
Encryption, access controls, and auditing for any systems that handle logs.

Say what you don’t do as clearly as what you do.

A Better Question Than “Do You Log IPs?”

Ask for specifics:

Who controls the logs and who can access them?
How long are logs kept (exact retention windows)?
Are IPs tied to user identity or account IDs?
Which logs are immutable and which are rotated/ephemeral?
Are logs regularly audited and access recorded?

These questions force concrete, verifiable answers instead of slogans.

Important (How we use IPs at Ellipticc Drive)

We use IPs for session and device monitoring, sharing, and abuse protection only. No profiling or long-term tracking. Access is restricted and retention is short. Sign up for Ellipticc Drive

Why 'No IP Logging' Is a Myth in Real Cloud Systems