Private Data and the Cloud

Keeping all my stuff in the interwebz never felt entirely comfortable to me, but after a recent crash that took my personal mail install with it I had an epiphany.

I have GMail. I have Steam. I have a NAS for backups. Why am I keeping so much critical data on a single machine that may very well crash (as it did)?

Some of the changes are no-brainers in my opinion. I don’t mind trusting Google with my email; they have been doing this long enough, and most of my mail was already flowing through my GMail account anyway. Adding the POP3 pickup from my personal account was a small formality, and now I can use the powerful search features across all my emails.

There are however other sorts of data that I’m having more trouble figuring out.

I like the idea of access to data everywhere. I’d love to have a single to-do list that I can access from any machine in the world. But there are also going to be to-do items I genuinely do not want to make publicly available. Even more so, there are probably items I would rather not even give to a cloud-based provider in the first place.

And that’s where it gets tricky. I don’t think there are any applications out there at this point that have a model that scales across the full gamut of privacy boundaries.

I’d like applications that can store data publicly in the cloud, privately in the cloud and privately on my own personal devices, synchronised only through my own personal network at home. But I do not think any application with that ability exists.

For a while I was thinking that DropBox may be a part of the solution, but their recent security breach and admission that they have full access to data stored in a DropBox, when previously they were claiming nobody but the user can decrypt the data, is less than comforting.

Now, one possible solution is to store data into an encrypted volume into a DropBox, but now I am wondering if even that is enough. Storing private data in an encrypted volume on a public share is still less secure than not letting it leave my own network in the first place.

I think there is room in the marketplace for someone to develop infrastructure usable by apps in the cloud that can deal with the full range of these security domains in a seamless fashion. Something that’ll work across my Linux-NAS, my Windows PCs and my Android phone. Oh, and an associated dev model that can allow web-apps to run in some limited fashion on my Windows PC and Android phone to deal with the private-only data without ever touching the web.

Is that really too much to ask for? *sigh*