Never Upload These 5 Files To Your Cloud Storage

Before cloud storage, people’s digital lives stayed confined to their devices. If you needed a file from your work computer while on vacation, you’d have to hope someone was around to email it. Forgetting to back up your smartphone before buying a new one often meant losing years of photos and videos. When services like Dropbox and eventually Google Drive, iCloud, and more arrived, that all changed. We can now keep files synced across devices, and precious memories don’t die when your phone does.

Although cloud storage is convenient, it comes at a cost. The difference between cloud and local storage is primarily one of ownership. You should never think of your cloud storage as belonging to you. It’s the digital equivalent of renting a storage unit: your belongings are hosted on someone else’s property. The owner may give you a key, but you’re trusting them not to change the locks on you, and you aren’t there to protect your belongings from break-ins and theft. In both cases, your peace of mind when you store things there depends on how trustworthy the owner is and how robust the company’s security protocols are.

You probably wouldn’t store anything at a storage rental that you couldn’t live without, and the same rule of thumb applies to cloud storage. From sensitive personal documents that could lead to identity theft and doxxing to large files that will wastefully eat up your allotted storage, there are many file types worth keeping off your cloud drive. Here are five files you should never upload to your cloud storage.

We’ve all done it. You need to get some paperwork to your accountant, lawyer, or doctor, so you snap a photo of the documents or scan them into a PDF and send them along. There are already inherent security risks in doing that, since you never know how careful the other person will be with those scans. But if your device automatically backs up photos to a service like iCloud or Google Photos, you could be creating even more risk. For that reason, you should refrain from uploading personal files –such as government IDs and passports, tax returns, medical or legal records — to the cloud.

Notably, there’s the risk of being hacked. While you can take steps to secure your cloud accounts, no digital fortress is impenetrable. Whether you fall victim to a phishing attack, leave your phone unlocked at a busy bar during a moment of distraction, or simply neglect to change a non-unique password after it was discovered in a breach from another platform, there are innumerable ways for malicious actors to gain access to your account. Any personal information an attacker finds could be used against you to commit identity theft, doxx you, blackmail you, and more.

You additionally risk data loss when uploading anything to the cloud. Google any storage provider along with the phrase, “deleted my files without asking me,” and you’re likely to see pages of results from disgruntled users who lost irreplaceable files. Some of these instances may be due to user error  — some people simply don’t understand what a delete button does  — but many are not. Cloud architecture is far from infallible, and mistakes do occur. If you decide that uploading personally identifiable files is worth the risk, back up the files to an external drive.

Revealing photographs of yourself, or those consensually obtained from an intimate partner, should not be uploaded to cloud storage for several reasons. First, as with other file types discussed here, you can never assume complete privacy when uploading media to a cloud service. The risk that your account could be hacked is always present, which could lead to such media being leaked online. Despite “take it down” laws allowing you to seek recourse when revealing photos are uploaded without your consent, that’s a nightmare situation you’re best off avoiding by keeping such media stored locally.

But there’s one more reason to avoid uploading revealing media to the cloud. AI scans of your photos can get your account banned by Google or other providers, even if the media flagged by the system is entirely legal. In fact, your media can be flagged even if it is not prurient. In one case reported by The New York Times, a father who took photos of a medical issue his child was experiencing in order to consult with the child’s doctor had his account banned when the photos were mistaken for child sexual abuse material (CSAM). His details were even forwarded to law enforcement, making him the target of a police investigation. 

The New York Times reported on another case wherein a mother whose young child uploaded a video of himself innocently dancing naked found herself in a similar situation. While these tools have thankfully led to the prosecution of actual criminals, the risk of being caught in that dragnet for uploading completely legal material is severe enough that you should always err on the side of caution.

If you use the free tier of Dropbox, Google, iCloud, or any other cloud provider, you’ll start with very limited storage. On the generous end, Google gives unpaid users 15 gigabytes of free storage (though it includes emails in your Gmail account), but others are more tightfisted. Dropbox, for instance, only provides 2 gigabytes to users who don’t cough up for a subscription. Apple gives free iCloud users 5 gigabytes.

Many users can make a free cloud storage option work, as long as they don’t have too many large files uploaded. Emails, documents, and similar files take up relatively little space. Photos take up slightly more, but if you’re only shooting from your smartphone on its default settings, they’ll take up just a few megabytes.

However, if you’re uploading videos  — especially at higher resolutions  — things can quickly get out of hand. A one-minute 4K-resolution, 60 frames-per-second video shot on a Samsung Galaxy S25 Ultra in automatic camera mode takes up just about 400 to 500 megabytes of space. If you’re uploading to Dropbox’s free plan, you’ll hit your limit after just four or five minutes of video at that rate. If you’re an avid smartphone videographer using free cloud storage, be sure to disable automatic backups on Google Photos, Dropbox, and other services.

As an aside, this is why high-resolution videos are the first files you should tackle if your cloud storage warns you that it’s running out of space. Videos, especially those shot at 1080p or higher, are the most likely to take up multiple gigabytes of space, and deleting large videos is the easiest way to reclaim storage space both locally and in the cloud.

Many people don’t often consider how easy it is to end up in court. Sure, you might not be a hardened criminal, but that doesn’t mean you can’t be charged with a crime or have a suit filed against you. And if you do end up in front of a judge, the opposing party will be allowed to dig through your digital life for evidence relevant to the case in a process known as electronic discovery. Many cases are lost when a lack of digital hygiene meets the legal system, not to mention the personally harmful or embarrassing secrets that can be unearthed. And uploading files to the cloud can make it easier to argue for their discovery, including files that would otherwise have been off-limits thanks to attorney-client privilege.

The rise of AI has made this issue even more pressing. The U.S. District Court for the Southern District of New York ruled in 2026 that conversations held between a defendant and a publicly available AI chatbot regarding the legal defense strategy were not protected by attorney-client privilege, even though he had also shared those conversations with his lawyer. The FBI had seized the documents, and the judge cleared federal prosecutors to use them as evidence. Given that prominent cloud storage providers such as Google Drive can integrate with chatbots like Gemini, you may be waiving important privacy rights for any files that are scanned by a chatbot.

To be clear, this is not legal advice, and we are speaking in a personal context, not an enterprise one. But most people don’t hire a lawyer until they need one, and so it’s best to make their job as easy as possible before they even enter the picture.

If you’re anything like most people, you struggle to remember all your passwords. And since you should always enable 2-factor authentication on your accounts, you’ve likely got a bunch of 2FA backup codes meant for emergencies that you don’t know what to do with. It’s entirely understandable that many people may choose to upload passwords and backup codes to a cloud provider, but doing so is a mistake  — and it could cost you dearly.

As with other types of files we’ve discussed, there’s always the possibility that your cloud storage could be breached by a hacker. If they then find your unencrypted text files filled with passwords and backup codes, they’ll be able to access the rest of your accounts, potentially hijacking your identity beyond the point of recovery and even committing crimes in your name. Encrypting those files before upload so that they cannot be accessed without a password can offer a layer of protection, but it’s best to use a dedicated password manager.

Additionally, with so many cloud storage providers now offering AI integrations, you’ll essentially be feeding all of your passwords directly into a chatbot. If the provider uses your files for training data, the LLM could regurgitate your passwords to other users. Even if it doesn’t, your private interactions could accidentally be made public. In June 2025, WIRED reported that one of Meta’s AI apps had added a feature allowing users to see conversations other users had with LLMs, and in July of that year, TechRadar reported that using a simple “site:chatgpt.com” search operator in Google can unearth OpenAI users’ chats depending on their sharing settings. Those relied on users not understanding privacy controls, but in late 2023, Google researchers were able to make ChatGPT output other people’s personal information.