[lehmannro]

I regularly hear that if I could install it on my own server argument and wonder if you think you can handle security and administration much better than someone who's paid to do it. I, for one, can't and would not want to waste my time on it.

[aik]

I agree that is a good point. Perhaps it is a technology that would be better off not existing?

Security aside, one of the fears I have isn't necessarily against hackers, but against legal entities making use of the private information illegally, in addition to Greplin selling "me" in a very compact and precises manner to whoever they want.

[martinkallstrom]

Even if you trust that your own computer or server is more secure than Greplin's servers, your communication with others will be indexed on instances belonging to the people you communicate with as well.

So the question even for the seasoned computer security expert that want to use a distributed Greplin variant is: Do you trust your friends and colleagues to have better security on their home or work computers than Greplin can achieve with dedicated work?

With a distributed system it would still be a non-trivial task to protect against a dedicated worm or trojan that infest the network and traces paths to other Greplin users after stealing all the data from each instance.

Since the data is social and each document in many cases concerns more than one person, it might actually be a less complicated task to achieve sufficient security in a central location.

[mgkimsal]

There's security breaches all the time on systems that are set up and maintained by people who are 'paid to do it'. I don't think that's a the best possible signal. People who are able to install complex software (something beyond wordpress-ease of install) are possibly more capable than many 'paid to admin server' admins. Not all, of course, but being paid to do something doesn't indicate 100% competence.

Likewise, someone installing something on their own machines for privacy concerns can be said to have more vested in keeping things secure than the person who's only doing it for their job, maintaining a server with thousands of bits of data on it.