On 2/25/16, Jerry Leichter <leichter@lrw.com> wrote:
So let me understand: exactly *where* is my data?
If I have a file full of random numbers in country #1 and another file full of random numbers in country #2 and another file full of random numbers in country #3 and so on, so I guess my "data" is in *all* of the countries.
But only I know the function that will transform the data stored in all of these countries into a form that might actually be useful, so my "data" is also in *none* of the countries. Congratulations. You've rediscovered the argument every kiddie comes up with to protect themselves from copyright lawsuits: I don't actually have your protect music on my server. I have a bunch of random numbers. So does my friend across the street. It happens that if you XOR the two together you get the music, but neither of us actually has your music....
It's nonsense. You're acting as if judges were idiots. They're not.
If you encrypt your stuff locally before putting it in the cloud, and hold the key yourself, you're protected against anything the cloud provider can do. They can only deliver what they have (encrypted text that neither they nor the government can read), not what they don't have (the corresponding plaintext.) This is much safer than any hacks for spreading the stuff around.
Add integrity checks if you're concerned about modification attacks. Use replicas and error correction to deal with failures of individual replicas.
The rest is just noise. -- Jerry
https://en.wikipedia.org/wiki/OFFSystem http://offsystem.sourceforge.net/ Add https if you're concerned to make it better.