when looking at different data management approaches i see the following:
- third party manages encryption keys and data custody, users manage none (dropbox, G drive et al)
- third party manages data custody, users manage encryption key (e2e encryption, icedrive, pcloud, 1password etc)
- third party manages none, user manages data custody (and eventually encryption) (0data and more generally "storing files in your computer")
the 0data is just like going back to what we used to do a decade or two ago and we all know it has its drawbacks (data can be lost, stolen, corrupted, difficult to move)
the most popular data custody model where a third party has total control over our data but we don't also has its drawbacks (data misuse, data breach, data mining, data transfer etc)
the second approach which i am surprised not a lot of providers adopt is where we delegate data custody to a third party but we still have e2e encryption over the data contents also has its drawbacks (data can be lost if keys are lost) but it's what i think it's more compelling compared to this 0data philosophy.
One large reason that option 2 isn't great is because people will forget or lose their key. And at that point you'll have a very angry customer when you tell them that you can't let them in or give them their data back (or at least not any useful data). People don't truly understand just how impossible it is to regain access to their data.
I can't speak for all projects listed here, but usually with option 3 you can also choose to e.g. pay someone to do the hosting for you and effectively get option 2, provided that data is not stored locally and can be encrypted.
- third party manages encryption keys and data custody, users manage none (dropbox, G drive et al)
- third party manages data custody, users manage encryption key (e2e encryption, icedrive, pcloud, 1password etc)
- third party manages none, user manages data custody (and eventually encryption) (0data and more generally "storing files in your computer")
the 0data is just like going back to what we used to do a decade or two ago and we all know it has its drawbacks (data can be lost, stolen, corrupted, difficult to move)
the most popular data custody model where a third party has total control over our data but we don't also has its drawbacks (data misuse, data breach, data mining, data transfer etc)
the second approach which i am surprised not a lot of providers adopt is where we delegate data custody to a third party but we still have e2e encryption over the data contents also has its drawbacks (data can be lost if keys are lost) but it's what i think it's more compelling compared to this 0data philosophy.