[thrmsforbfast]

> Do you trust that these companies will never be hacked?

I trust them more than I trust myself, unfortunately.

I generally try to avoid uploading unnecessary/extra data. But email and remote document access aren't optional, and while I don't trust BigCorp to do security right, I also know that I don't have the resources to do it right for myself...

[013a]

That's fair. You shouldn't trust yourself, or the companies, because your trust will be betrayed one day. Everyone is a little incompetent, its just a matter of when.

That's why End To End Encryption is the best solution we have, which balances usability with good security. It reduces the surface of attack to just the encryption algorithms, their implementation, and the keys, which is substantially easier to audit and doesn't change when the products evolve. It also allows you to say "fuck it, have the data, its encrypted so who cares". Finally, it logically separates the attack surface into two distinct parts; attackers need both the keys and the data to do harm, either alone does nothing.

In practice, trust comes down to "can I protect the keys". That's something I can trust myself to manage well, and plenty of companies sell solutions to make it easy (ex: Apple and the secure enclave of your phone).

[thrmsforbfast]

Any suggestions for how to combine end-to-end encryption with document storage in a way that still allows me to access documents on my phone/tablet/computer and also share documents with others?

Unfortunately end-to-end encryption for email is completely impossible because almost everyone I interact with via email does not know how to use gpg...