[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: free cloud

On Sat, 11 Apr 2015 13:56:59 +0200
deloptes <deloptes@yahoo.com> wrote:

> Petter Adsen wrote:
> > Switzerland might be good, unfortunately I don't know of any cloud
> > services there, but I'm sure there are. But if the NSA wants data
> > stored on servers in Switzerland badly enough, do you really think
> > Swiss laws would stop them?
> > 
> > Petter
> I mean a situation where they come to you as service provider and
> tell you to deliver the encryption keys for the services you provide.
> In this case Swiss and Austrian Law is still much harder to bend.

I see. Well, if your customers manage keys for themselves, that would
not be your problem at all. However, if you manage them, then I see
your problem.

In my personal case, I don't much care which cloud providers I use, as
I pretty much encrypt everything I store on them anyway. CloudMe is
geographically close and I get good speeds, which is mainly why I'm
considering them for backups.

> The back side is ... do you want to host data of mentally sick
> people ... like islamists, pedophiles or alike - and how would you
> guarantee that there is none? For me this is an important question -

I do not think you can guarantee that. Of course, if you have access to
the encryption keys and your clients do not encrypt things themselves,
you can scan their content. However, this may not be legal (I have _no_
idea), your customers may strongly dislike it, and you still won't find

Ironically, the best approach could actually be to cooperate with the
authorities :) I think in most cases if they come with a warrant for
the content of a certain user, they actually have a strong reason for
it. I do not think they would do that without strong grounds.

> that I can still not answer. Assume you sell a service with encrypted
> mail, cloud etc. Surely you get people from the underground world,
> that would like to use the service. How do you prevent the service
> being used by such people? Ideas? I have never had the time to look
> for theoretical papers or implementations on this subject.

I honestly don't have anything to suggest, I'm afraid. I would hazard a
guess that many users who are concerned about privacy and security
would still encrypt mail and content themselves, though, and in that
scenario I don't see that there is much you could do about it.

I wish you the best of luck in your venture, though, as the world
sorely needs more secure infrastructure, and many people don't want to
or are incapable of handling crypto for themselves.


"I'm ionized"
"Are you sure?"
"I'm positive."

Attachment: pgpkCfF_UxYJk.pgp
Description: OpenPGP digital signature

Reply to: