[rbranson]

Isn't one of the main benefits of something like Firebase or Parse that you don't have to run it? It's nice that Kinto packages the stack together and provides plug-and-play APIs, but there's quite a bit of expertise and overhead operating a backend stack in production.

[aidos]

Maybe, but there are others of us who don't use firebase because we can't outsource our datastore like that. It goes both ways.

[cristoph]

You can use Parse an Firebase to store sensitive data by applying client side encryption. Of course one of the biggest problem is: how do you query that data since it's encrypted. But lately, there are some start-ups that aim to make encryption searchable. See ZeroDB, CryptDB, IQrypt.- the last one is designed to be used for Parse and Firebase: http://iqrypt.com/docs/Home/

[metasean]

We're actually building an open-source alternative to services like Firebase and Parse. Ours is a fully peer-to-peer, real-time, graph database that doesn't require a lot of expertise or overhead, and is extensible.

http://gun.js.org/ / https://github.com/amark/gun / https://gitter.im/amark/gun

[d0m]

In many industries (I.e. healthcare with HIPAA) you can't save your data in Firebase/Parse.

[cmsthrowit]

Parse is HIPAA certified.

[jondubois]

Regardless of this (assuming this is even true), I can't imagine that a finance company would want to store their data inside something like Firebase - The risk of data theft is too high and the value of the data is also too high.

When you store everything in a big centralized system, the risk of that data being compromised increases greatly. Right now, the reason why no one is hacking Firebase is because the data which is being stored in there is low-value.

If banks and hospitals started storing data in Firebase, you can be sure that it would attract the attention of hackers and you can be sure that they would find an exploit eventually.

You can't possibly place all of the world's high-value data inside one or two systems. Every single change made to the codebase is a potential security vulnerability.

Also, I imagine that employees of Firebase have access to all your data - What if one of them decided to share your data with a competitor. Humans are corruptable - This is too much power to put in the hands of so few people.

[m1sta_]

All of the problems you recognise exist with 99% of large scale internal solutions too.

[freshhawk]

True, but your internal solution isn't "large scale" until you are. The external solution is "large scale" when all users combined together are.

[girvo]

> hospitals started storing data in Firebase

Is health data actually worth that much to hackers? Genuine question.

[jondubois]

Yes, some types of data are highly valuable because it can be exploited by someone to make a lot of money.

Data related to a person's education/intelligence is valuable too.

If you could get a list of all emails of people in the world with IQ < 70, you could easily take advantage of those people by sending them scam emails (for example).

Also, someone's preference for particular adult content is highly valuable (for blackmail).

A person's location data might also be quite valuable (especially if that person is a politician/celebrity).

[detaro]

Media probably would pay a lot for health info on celebrities, politicians, ...

Scammers could use the info to find targets (Fake hospital bills, "new medications", ... are easier to sell with correct information. Financial scams might work better on families that are desperate to pay expensive bills)

Publicly shaming or attacking people with "bad" or "disgraceful" health issues. (HIV, gender operations, mental issues...)

[onion2k]

There are other forms of value besides money; in terms of social value and reputation, a hack that steals a large quantity of data about people is worth a great deal to the hacker.

[adolph]

Apparently Medicare spoofing is a big deal. Basically people pretend to be someone with Medicare and receive medical goods and services.

[vittore]

Legal stuff in case it is stolen does.

[gfosco]

No, it is not. No idea where you got this notion, but I've been answering this question for almost 3 years.

[javawizard]

According to whom? A quick Google search turns up a number of results to the contrary.

[ryanSrich]

What do you mean by HIPAA certified? Do you mean they'll sign a BAA? I don't think they will.

...and even if they did, the technical requirements of HIPAA compliance go much further than what Parse has to offer. You'd be much better suited building an application and hosting it on Catalyze[1], which covers every aspect of HIPAA compliance and has a HITRUST certification.

1. https://catalyze.io

[inlined]

[citation needed]

[reitoei]

It is not.

[cmsthrowit]

Wow, they used to list hipaa certification. Sorry, I'm wrong.

[csmajorfive]

No, I don't think we ever did.

[mansilladev]

My thoughts exactly. Kinto is a database with an API that you have to configure, deploy, manage and scale. It's not really an alternative to Parse/Firebase, as it is an alternative to Mongo.

[doczoidberg]

main feature of firebase for me are the "realtime" updates

[tostitos1979]

I recently tried Parse's Push Notification (which go through GCM on Android). I was shocked by how long the messages seems to take when on cellular.

If anyone has tips, I'm all ears.

[inlined]

Full disclosure: former Parse Push tech lead, current Firebase engineer. If your slowdown is only while the device is on mobile, it's almost certainly due to something outside of the Parse stack. Push notifications have grown to be an async information pipe, but never a real-time or reliable one. The most common example of this is APNs (Apple's push network)--Apple only buffers the most recent undelivered notification for an (app, device) pair and messages without UI (aka "silent push") must be sent at a low priority which will likely incur extra delays. If your goal for silent push is to help improve cache hits by pre-populating an app with useful data, don't worry about the slowdown. If you're using push for something that must be reliable or real time, you're probably using the wrong tool. Consider something like Firebase for this instead. If you're already deeply invested in Parse, I've seen people use Parse Cloud Code to replicate writes against Firebase and use Firebase to build a client sync layer.

[nojvek]

I'm not sure why no one mentions rethinkdb. We use it and are extremely happy with both its API mindframe, realtime updates and how easy it is to scale it.

[mxuribe]

I believe, really, its more about being indie and such. Its the same reason many people can just run gmail - or google apps for your domain - as opposed to the heavy-lifting of running your own email server, etc. Not like I'm an expert, but running one's email - and ensuring high degree of deliverability nowadays - is quite difficult. There are those who choose to run something on their own, maybe to learn, maybe for privacy's sake, etc. I'm sure those who do so, dive in with their eyes wide open. ;-)

[rdtsc]

> Isn't one of the main benefits of something like Firebase or Parse that you don't have to run it?

But do I have to pay for it?