In conversation with several online cloud data backup services for both consumers and commercial operations, I kept coming across the same problem that their software was not open source, so how to trust? As in most cases it’s best to never trust the provider, but the software encryption! Services then which allow the generated keys to be in the possession of the user, and only the user, seem like the best way forwards.
But then the second issue: upstream speed. My theory then was that if open crypto-algorithms likes AES were relied upon by the company, then surely a Seed Drive could be encrypted before hand with the same keys and mailed in safely?
The solution time and time again rubbished the idea of a Seed Drive (storage mediums pre-populated with data and sent through traditional post to the storage provider for the sakes of speed) due to technical issues:
• Extra manual work requirements
• The Seed Drive(s) require software changes
• New security protocols needed for how staff interact with Seed Drives
• Increased complexity to add Seed Drive data into existing storage infrastructure
As if my suspicions were not raised enough already, why then does every avenue to true anonymity keep being blocked off?
(don’t get me started on crypto-payments)
My question is what are the steps needed to provide such a service?
But then the second issue: upstream speed. My theory then was that if open crypto-algorithms likes AES were relied upon by the company, then surely a Seed Drive could be encrypted before hand with the same keys and mailed in safely?
The solution time and time again rubbished the idea of a Seed Drive (storage mediums pre-populated with data and sent through traditional post to the storage provider for the sakes of speed) due to technical issues:
• Extra manual work requirements
• The Seed Drive(s) require software changes
• New security protocols needed for how staff interact with Seed Drives
• Increased complexity to add Seed Drive data into existing storage infrastructure
As if my suspicions were not raised enough already, why then does every avenue to true anonymity keep being blocked off?
(don’t get me started on crypto-payments)
My question is what are the steps needed to provide such a service?
