Loomio
January 2nd, 2018 14:43

How can we ensure Privacy is being protected in cloud era?

Kannan V M
Kannan V M Public Seen by 365

While cloud being someone else's computer and we are sharing our private data with them because we need to use their cloud service?
Even though they might be using open source technologies, we will still have to trust the service provider with the data. Is there any way to avoid this dependance on trust on that provider?

  • How can we make sure our privacy is not breached because we send our data through someone else's computer?
  • Is there any standards for that?
  • How we can use encryption for that purpose?
Pirate Praveen

Pirate Praveen January 2nd, 2018 14:50

  1. We should be in control of our infrastructure. We should be paying only for the hardware/bandwidth.
  2. We have multiple decentralized standards. matrix for chat, diaspora/mastadon for social media etc. It is a cultural challenge than a technical challenge.
  3. matrix has end to end encryption, for email use gpg.
Kannan V M

Kannan V M January 2nd, 2018 14:56

Federation is a good solution for social media, but how can we assure our data is not stolen when we can not afford our infrastructure? That is my primary question.

Bady

Bady January 2nd, 2018 15:04

in my opinion the technical challenge is to create fast, reliable, distributed (peer-to-peer, not just decentralized) and end-to-end encrypted solutions. i agree with the cultural challenge part, but if the technical challenge is handled then the developer community can focus on making the solutions more convenient (looks, user-friendliness, etc.) which is also a very important factor when addressing the masses.

Pirate Praveen

Pirate Praveen January 2nd, 2018 15:04

The question is not about affordability at all in my opinion. Its people not realize the important of control over our data. It does not cost so much to run our own infrastructure.

Kannan V M

Kannan V M January 2nd, 2018 15:13

so there is no technical solution to the cloud problem? (one solution can be end to end encryption, but we cant always use end to end encryption too)

Pavithran S

Pavithran S January 2nd, 2018 15:15

  1. Encrypt everything you transfer over someone elses computer. Just dont trust it with unencrypted traffic. All the data which you send also should be via HTTPS.

  2. Standard protocols do exist but we do need apps and mass adoption. We can obviously use webdav/caldav with nextcloud, matrix via riot, Federation via Diaspora, friendica.

  3. Email obviously via GPG but you are leaking lot of meta data via email. I would rather have two matrix instances communicating with each other via e2e.

Pirate Praveen

Pirate Praveen January 2nd, 2018 15:17

If people realize its importance, we can easily solve the technical, useability and convenience questions by funding more people to fix it.

Pirate Praveen

Pirate Praveen January 2nd, 2018 16:58

host your data with someone you trust, and we need more and more people to offer such services.

NE

Nandakumar Edamana January 2nd, 2018 23:36

There are some cloud storage services that claim to have client-side encryption enabled. And when it comes to the basic services like Google Drive, the simplest way is to use an archive format like 7z that supports encryption (of course, we shouldn't unzip it online).

Bady

Bady January 10th, 2018 18:23

Pirate Praveen

Pirate Praveen January 10th, 2018 18:32

I agree p2p is the final goal, but decentralized systems provide a stepping stone in the short term. We can't easily jump to p2p directly from centralized services, especially in countries like ours where internet access is very costly. p2p systems will have to deal with a lot of data transfer (tox) or have to use a system like tor (briar app), which can be very slow.