Developers, please take note of the authors statement below....
"Many developers assume that everyone wants their data to be “in the cloud”, but that's actually not true for a lot of my customers. Professional researchers often sign agreements in their children's blood stating that their data will be stored on an encrypted disk, won't leave their laptop, and will be destroyed when the research project is completed. “The cloud” is the last place they want their data to go."
There are so many great note taking and productivity application that I just can't use because the majority of my notes are of a confidential nature. If my company provided macbook where to be compromised I would not be held liable, however if my personal dropbox or evernote account where compromised I would be held accountable.
I'm very much in the camp of not wanting my data in the cloud. I don't autoupload photos, for example, because I want control over them.
What I would like is a home cloud server which would handle all the services I could get from the cloud with explicit sharing with chosen people (e.g. my family).
I think (hope) that there is a distinction that can arise between "cloud" applications and services and "offsite" or "online" applications.
If you plug together a handful of off the shelf Amazon components, slap a label on it, and open the doors, perhaps that is rightly called a "cloud" service ... the end provider has no accountability to you (or your users) and you have no idea what's going on behind the curtain. It's all just magic happening many layers of abstraction away.
But if you build systems, own the platform, write the architecture and provide something that you understand and have accountability for, end to end, I think it can satisfy the skeptics (of which I am one).
So in this case, the researcher that can't store the documents on dropbox ... hopefully he could upload them with duplicity to an online storage platform that was built and run like this[1].
And I hope that this would be possible because such a distinction could be made ...
SpaceMonkey stores your data on your home device, and then replicated across other users' devices for redundancy. If you have liability problems using something like Dropbox, SpaceMonkey may not solve them.
It's not only about protection from hacking, it's often also about protection from access by authorities – in particular American authorities. Non-disclosure agreements, data privacy laws and attorney-client privileges are not compatible are simply not compatible with most hosted services, especially not abroad where your local law cannot protect your local legal obligations.
I think the people here suggesting things like bittorent sync and owncliud missed the commenters request, i. e. a personal cloud that works with all these other services. Owncloud etc are just clunky implementations of drop box that offer less uptime and features. They don't offer slick, out of the box integration with other apps/services
Synology is doing good things in this area. They offer a "private cloud" backup and file-sharing solution, served from a (linux based) NAS, with client programs for Mac, Windows, Android and iOS. I have a home/small office model and I love it.
1. even in Seattle, internet response time is erratic. Delays anywhere from a second to a couple minutes is commonplace. Using an app requiring constant traffic over the internet is quite unpleasant.
2. The backup problem. If my cloud account "goes dark" for whatever reason, I'm dead in the water, and I'm helpless to fix it.
3. I simply won't use a cloud solution that doesn't encrypt the data on my machine before sending it to the cloud server. Encrypting it after it gets to the cloud server is unacceptable. I currently use Jungledisk for backups on Amazon's cloud service because it does encryption locally.
> 2. The backup problem. If my cloud account "goes dark"
> for whatever reason, I'm dead in the water, and
> I'm helpless to fix it.
Isn't the cloud part of your back-up strategy? For example, I use OneNote for all of my notes. It syncs the notes on my PC to the cloud. As long as I'm connected, I have a backup online.
Changes also sync to my other computers when they're online.
Additionally, the notebooks are included in the local data backups we make (in our case off-sited to our ISP).
Sensitive stuff is encrypted in TrueCrypt, and the TrueCrypt volume is stored on DropBox. MI5/CIA could probably break the encryption, but there are easier ways for them to get at it.. http://xkcd.com/538/
I also wouldn't want to use a cloud storage system that didn't at least have the option to keep a local cache of my data so that I could access it offline and with local speed. But that's how most of the "cloud storage" services I'm familiar with work, so it's not really much of a problem.
This is a great point, but also orthogonal to the tech/platform choice. One can still develop a front-end using web tech which connects to a localhost server (see for example Google Refine -- which runs a localhost web server). It may make packaging and distribution it tad more annoying, but there are tools that can do this, and then you get the benefit of cross-platform adoption -- as well as the option to make it a hosted service, if desired.
> a front-end using web tech which connects to a localhost server
But what advantage does that offer over a native application? You’d then need a ‘native’ web server and would still rely on the local browser in a way that opens you up to more incompatibilities than just using the native interface framework?
Assuming you are really a one-man team, you’d still have to set up the web server, database etc., which I imagine to be somewhat cumbersome on an ‘unknown’ platform.
An interesting usecase would be a LAN-local server, which would (with server-side data processing) avoid the slow uploading of data over the internet and could still utilise native computation speeds on the server.
The terms of these agreements seem pretty arbitrary and probably present a false sense of security. Properly encrypted data in the cloud is completely secure. In fact it should be impossible to tell from random bits.
On the other hand data on an encrypted disk is not exactly the same thing. It must be made available to the OS whenever the user is logged in. Any breach in security say from an email attachment or malicious website would expose its unencrypted contents.
I wonder what the required policy is for backups? Can they be stored on servers if encrypted? Remote servers?
What I have never understood is the willingness of people to accept ad ridden web services when some years ago everybody had their panties in a bunch when Opera or Getright had ads in their software.
Back when I was part of a EU research project, we could not use Skype, DimDim or any other video-conference platform because a lot of stuff we worked was protected as the author comments under a lot of privacy contracts.
Probably still not acceptable for many of these situations, especially when you're signing these kinds of data custody agreements. Oftentimes they specify requirements for physical custody of the hardware, and even if they don't, adding third parties into the mix (Amazon and you) may make the auditing requirements more complicated.
A lot of the time, these requirements are more about auditing and liability than about technical security measures.
"Many developers assume that everyone wants their data to be “in the cloud”, but that's actually not true for a lot of my customers. Professional researchers often sign agreements in their children's blood stating that their data will be stored on an encrypted disk, won't leave their laptop, and will be destroyed when the research project is completed. “The cloud” is the last place they want their data to go."
There are so many great note taking and productivity application that I just can't use because the majority of my notes are of a confidential nature. If my company provided macbook where to be compromised I would not be held liable, however if my personal dropbox or evernote account where compromised I would be held accountable.