The most secure cloud is your computer

I had to go to the homepage of this site to get a clear idea of what Anita does, and what the nonsense in this article was talking about. Anita is a web app that is something between a notes app and a password manager. This article is talking about how you can store your Anita database locally, even though it's a web app. It really has nothing to do with a cloud at all in the technical sense, but I could see how the fact that the app runs in a browser might be perceived as "cloud-like" by people with no technical understanding.

I run a few services (don&#x27;t quite break even), and host my own blog, etc. I used to use AWS. However, I would spend almost $200&#x2F;month.<p>So instead I now rent $200 of colo space from a data center. That gives me 5U of space per month. I bought my own servers. I can now host way more for absolutely no more marginal cost. Working on adding GPU instances for some AI projects.<p>So the most secure cloud for me is my own cloud.<p>I wish there was a service where I could purchase a computer that I never see from a company who I then pay rent to host in their data center. The computer is mine, and there is a strict contract indicating entry into &#x2F; out of the cubby it&#x27;s in.<p>For example, my data center won&#x27;t open my cabinet unless I request it and there is a strict set of law as to what they can and cannot do with it.<p>Moreover, unlike AWS, they cannot &#x27;terminate&#x27; my account. While they can stop the lease... the computer is my own and the contract specifies that I have X many days to remove it.<p>That would be true ownership. The idea that amazon can shut down an app in one day is what made me leave AWS for good.

&gt; When it comes to data storage, security is a big concern. No matter what information you store, you want to make sure that it is safe and secure. Even trivial information is now worth a lot of money, and it is used to profile users. So you want to make sure that your data is safe<p>Tracking and profiling is rarely what people mean by <i>data safety</i> and usually instead refer to <i>privacy</i>. Privacy != safety. Beyond that, it doesn’t explain why you might want to keep your “data” safe from profiling. Most profiling is done on data that you can’t “own”. Eg. Facebook tracks you through tracking pixels and behavioral monitoring, and there’s no way to “own” that data - it’s never given to you the way your footprints on the beach are never yours.<p>I worry that lay-people without a technical understanding of things understand enough to see through the BS scare marketing tactics but not enough to understand that data security is important AND data privacy is important - for different reasons than usually mentioned.

<p><pre><code> The only secure computer is one that&#x27;s unplugged, locked in a safe, and buried 20 feet under the ground in a secret location... and I&#x27;m not even too sure about that one -- Dennis Huges, FBI. </code></pre> A bit apocryphal, but this was a famous quote thirty years ago, before there even was an internet. Much moreso now.

The statement &quot;the most secure cloud is your computer ... because you have full control over your computer&quot; is false. Many, many people have lost control of their own computer, either physically through loss or theft, or virtually through malware. There is nothing particularly secure about the machine that happens to be on your desk.

I think more secure way of storing data is offline backup, at least 2 geographic locations should be used.

I think some pre-configured &quot;example projects&quot; could make me more interested. Demo seems mundane, I get the idea but all the required fields are just annoying to get through.

One thing that I did not mention in the post, is that all images have been produced with Dall-E (<a href="https:&#x2F;&#x2F;openai.com&#x2F;dall-e-2&#x2F;" rel="nofollow">https:&#x2F;&#x2F;openai.com&#x2F;dall-e-2&#x2F;</a>).<p>I must admit I&#x27;m having a lot of fun with Dall-E! I&#x27;ll probably write a post about my experience so far with it

&gt; you can even choose to store it on an external drive<p>I can already to that. Why do I need Anita?

it might be the &quot;most secure&quot;, but if you could see the amount of lint that&#x27;s built up inside computer cases in my home, you couldn&#x27;t call it the <i>safest</i>

&gt; This is because you have full control over your computer. You can decide what to do with it<p>&quot;A little knowledge does much harm&quot; as the saying goes.<p>You can decide what to do with it including screw up your security. End users, especially power users make the most risky decisions because of over confidence. How do you know I am not accidentally exposing NFS unsecured to the internet or exposing my pc to the internet but forgetting I have elastic search listening in all IPs, install random packages without checking and haven&#x27;t updated my browser this year? Maybe I do everything right but don&#x27;t have off-device backups, availability is also a security property.<p>I am not saying the cloud is better, I am saying the cloud is better depending on the threats you reasonably anticipate. Let&#x27;s take emails as a common example, everyone and their mother use the cloud (that&#x27;s where webmail lives), you trust your email provider be it gmail, proton or aol.com to not only access your private information but more or less take over most accounts and do a lot of serious damage to your life. Now if you trust google with gmail, why would you not trust them with gcp? Again, I am not pro-cloud, I am just laying out the concept of having a threat model.<p>Can you reasonably expect some threat actor to target or opportunistically compromise a security property you value with respect to spcific information? Is it more cost prohibitive for that threat actor to acheive their goals in a cloud VM or on your laptop?<p>Let&#x27;s say your threat actor is someone you live with or someone that could harm you physically, that is different than someone doing a perimeter attack which is also different than someone targeting you with exploits and social engineering lures without even bringing up their specific capabilities.<p>In general, if you are hiding from the government of the cloud provider or you have reason to distrust the employees of the cloud provider (be it intent or competence) your PC might indeed be more secure. But realistically and objectively, a cloud provider will have better security both from defaults and monitoring perspective.<p>I use to share OPs sentiment but I repeated the terms &quot;reasonably&quot; and &quot;reason&quot; because the more I learned the more I realized how suspicion,intuition and hypotheticals are not enough to measure risk. You need a a vulnerabilty and exposure and you need motives and incentives for humans that will gain from exploiting them.<p>Yes, the NSA can hack my ec2 using a bunch of 0days but what they have to gain as a result if that is not worth burning a 0day or even the time and effort of a paid human. Even for bored kids showing off it isn&#x27;t valuable (interesting) enough.

I mean any cloud is trivial to secure if you just use strong encryption on anything you put on it.

alas, an electromagnet in the doorframe won’t help you much these days.