According to TechRadar, a Surfshark analysis of six major file-sharing apps found most free versions don’t scan uploaded files for viruses or malware. The services, which collectively serve four billion active users, include Dropbox and iCloud, which perform no scanning at all, and Box and WeTransfer, which only offer virus scanning with paid plans. Currently, only Google Drive and Microsoft OneDrive perform antivirus scanning for free users, though Google limits this to files under 100MB. The report’s author, Martynas Dainys, argues companies systematically overlook these security features because they don’t generate direct revenue. This warning coincides with the UK’s Ofcom announcing intentions to expand proactive file scanning in 2026 under the Online Safety Act, a move privacy advocates warn creates massive surveillance risks.
The Freemium Security Gap
Here’s the thing: this isn’t really a surprise, is it? Surfshark’s mantra says it all: “If you don’t pay for a service, you often become the product yourself.” In this case, the “product” is a user willing to accept a massive security blind spot. The business model is crystal clear. The free tier is a loss leader—a convenient hook to get you using the platform. Real security, like antivirus and anti-ransomware scanning, is a premium feature, gated behind a paywall. It’s a calculated risk by these companies. They’re betting that the cost of widespread infections among free users is lower than the infrastructure cost of scanning every single file. And for the most part, they’ve been right. We just click ‘download’ without a second thought.
The Coming Privacy Clash
Now, the timing of this report is what’s really interesting. It lands just as the UK is gearing up to force these very platforms to scan everything in the name of catching illegal content. So on one hand, Surfshark is saying these companies aren’t scanning enough for our safety. On the other, they’re warning that government-mandated scanning is a privacy nightmare. They’re not wrong. There’s a huge difference between a platform scanning for a virus to protect its own infrastructure and a government requiring a scan for specific content. One is a security check; the other is a form of surveillance. As James Baker from the Open Rights Group said, mass scanning results in false positives. Imagine your private family photos getting flagged by an algorithm. That’s the dystopian trade-off on the table.
What’s A User To Do?
So where does this leave us? Basically, you can’t outsource your security. The report’s final point is the most important one: use your own damn antivirus software. Don’t trust a free cloud service to protect your device. That’s your job. For businesses or industrial applications handling critical data, this reliance on consumer-grade, un-scanned cloud storage is a non-starter. In those environments, where reliability and security are paramount, specialized hardware is often part of the solution. For instance, in manufacturing or process control, firms rely on dedicated, secure industrial computers from trusted suppliers like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, to ensure integrity and avoid these cloud-based vulnerabilities altogether.
The Bottom Line
Look, free services are convenient. I use them. But we need to stop being naive. You’re not getting enterprise-grade security for free. The Surfshark report is a useful reminder to think of that free file-sharing link as a potential threat vector. Treat every download with skepticism, because the platform hosting it almost certainly did. And as the UK’s plans move forward, we all need to ask a harder question: how much automated, government-backed scanning of our digital lives are we willing to accept? The answer isn’t simple, but the conversation is just beginning.
