Cloud (service): Difference between revisions
Added a section for alternatives |
→Ineffective access controls: There is also a ToS page |
||
Line 34: | Line 34: | ||
A service provider requires some level of access to the data it processes. Unless access to the service is engineered on consumer's side to minimize such access (e. g. end-to-end encryption), all of the processed data is visible to the service provider<ref name=":0" />, where it can be leaked as a result of a cybersecurity incident or used for purposes to which consumers did not consent (such as included in machine learning datasets{{Citation needed}} or sold to advertising companies{{Citation needed}}). | A service provider requires some level of access to the data it processes. Unless access to the service is engineered on consumer's side to minimize such access (e. g. end-to-end encryption), all of the processed data is visible to the service provider<ref name=":0" />, where it can be leaked as a result of a cybersecurity incident or used for purposes to which consumers did not consent (such as included in machine learning datasets{{Citation needed}} or sold to advertising companies{{Citation needed}}). | ||
Providers may offer some access controls for the data they possess and process, but most of the time they are also the ones enforcing them, which renders them ineffective for restricting providers' access due to a conflict of interest. There may be legally binding promises of effectiveness of these controls in their terms of service, but violations of policies established through these controls are difficult to detect and legal enforcement is difficult in general. | Providers may offer some access controls for the data they possess and process, but most of the time they are also the ones enforcing them, which renders them ineffective for restricting providers' access due to a conflict of interest. There may be legally binding promises of effectiveness of these controls in their [[terms of service]], but violations of policies established through these controls are difficult to detect and legal enforcement is difficult in general. | ||
===Less legal protection=== | ===Less legal protection=== | ||
Line 42: | Line 42: | ||
Service company can deprive you of your data/services. For example if you lose login credentials, as might happen when a person dies, or your account is stolen, or the service provider terminates the account. (see for example, [[Microsoft account]], [[Google account]]). | Service company can deprive you of your data/services. For example if you lose login credentials, as might happen when a person dies, or your account is stolen, or the service provider terminates the account. (see for example, [[Microsoft account]], [[Google account]]). | ||
== Alternatives == | ==Alternatives== | ||
=== Generic protocols === | ===Generic protocols=== | ||
A lot of cloud services use needlessly specialized protocols, which allows service providers to maintain monopolies over their respective niches. Use of more generic protocols provides more choice to consumers, incentivizes competition between service providers and creates business opportunities for new service providers to emerge. | A lot of cloud services use needlessly specialized protocols, which allows service providers to maintain monopolies over their respective niches. Use of more generic protocols provides more choice to consumers, incentivizes competition between service providers and creates business opportunities for new service providers to emerge. | ||
For example, the impact of [[Amazon PhotosPlus discontinuation]] would be minimal if it were to allow connection to generic file storage rather than relying on Amazon's specialized photo storage service. | For example, the impact of [[Amazon PhotosPlus discontinuation]] would be minimal if it were to allow connection to generic file storage rather than relying on Amazon's specialized photo storage service. | ||
=== Self-hosting === | ===Self-hosting=== | ||
{{Main|Self-hosting}} | {{Main|Self-hosting}} | ||
Some cloud services can be adequately replaced with self-hosted alternatives, where consumers run compatible software on hardware they control. | Some cloud services can be adequately replaced with self-hosted alternatives, where consumers run compatible software on hardware they control. |