[GoofballJones]

I know it may be nitpicking or just pedantic, but they say on their page "Your data also never goes to the cloud, as we own and manage our own server infrastructure." But...if you upload your data to their servers (so it can go to all your devices), isn't that the "cloud"?

[indigochill]

I think in general one might consider "the cloud" to be virtual resources on hardware shared with third parties. So of course AWS/GCP/Azure, but DigitalOcean would probably also qualify since to my knowledge droplets are virtual servers on shared hardware.

Although renting virtual resources on shared hardware can be convenient (much easier to provision virtual resources than real servers), there are a couple of drawbacks. Most importantly, particularly from a password management perspective, running on shared hardware could expose your virtual resources to hardware exploits like the row hammer effect.

[protonmail]

Yes, this is indeed what we mean. Proton does not use third-party providers for hosting encrypted user data. So none of the providers that people typically consider to be "cloud" such as AWS. What we do instead is own and operate all of our physical server hardware and network equipment in datacenters in Switzerland and Germany.

[hazmazlaz]

With properly managed encryption, it shouldn't matter to which cloud (yours or theirs) the data goes to.

[indigochill]

Why have just one layer of protection when you can have multiple? https://www.comptia.org/blog/what-is-defense-in-depth

Mistakes happen in the most secure systems. The more layers of defense you have, the less likely a mistake causes an incident.

[jsnell]

So if you store a file in OneDrive or Google Drive, you'd say it's not storing a file in the cloud? No third parties involved there after all. Just you, the service provider, and the hardware owned and operated by said service provider in their own datacenters.

[indigochill]

I'd say there are colloquial and technical definitions of the word. Colloquially people have taken to referring to servers not their own, particularly operated by Amazon/Google/Microsoft, as "the cloud", such as OneDrive and Google Drive. I might even use the word colloquially sometimes. But when technical precision is needed, "cloud" refers to virtual resources on shared hardware.

Applied to this particular context, the colloquial interpretation doesn't make any sense whereas the technical interpretation does.

[tough]

Im guessing they're using cloud in the classical sense of the term, as in they own their own infra and rack servers which are colocated into a datacenter and so don't depend on third parties for infra and nobody else besides them should have access to your data

[Hamuko]

Isn't the term "public cloud" invented for this distinction?

[npteljes]

Not nitpicky at all, they are having the cake, and eating it too with that phrasing. Cloud, colloquially, is data or software being "on the internet".

https://www.merriam-webster.com/dictionary/cloud%20computing

[selykg]

I think you're conflating "cloud" to mean any computer on the internet. I think that's generally a fine thing to do most of the time. But, cloud used to mean something a little different and it's been lost to weird arguments it seems.

I look at the cloud as something I can spin up a new service or VM very quickly. Think AWS, or Azure or whatever other service lets you quickly and easily deploy something.

We've now gotten to the point where people are saying any computer on the internet is "the cloud" and I don't think that's right or wrong necessarily, but for the sake of Hacker News, I do wish we were a little more specific.

That said, I think this argument from Proton is bordering on funny word play to make it seem different.

[gregmac]

> I think you're conflating "cloud" to mean any computer on the internet.

If you read "cloud" as "somebody else's computer" it entirely depends on perspective.

If you're running a service on your own hardware in your own datacenter, you're clearly not cloud.

However, if you're a user of that same service, and your data lives on some computers that are running in someone else's data center, then for all intents and purposes your data is "in the cloud". It's indistinguishable if the service you're using is using AWS/Azure/etc, running their own hardware, and/or storing data on something like S3.

There's of course a mix of in between stuff that makes this 10x more complicated: if it's a rented server in somebody else's datacenter, are you "cloud" or not? What if it's your hardware, but somebody else's datacenter? What if you store backups on S3?

[RajT88]

This is a fine use case for using "cloud" to mean, "somewhere, not here".

I don't feel like my passwords should be stored "somewhere, not here". They should be stored "here" - where I choose to store them, and nowhere else.

I purchased a hardware password manager a while back, which seemed really neat:

https://www.beamu.io/

But, sure enough, bulk import uploads all of your passwords to their servers, even though there's just no rational reason why a server "somewhere, not here" needs to play man-in-the-middle to all your logins. To avoid it, you have to go one by one (even then there's no assurance, but the official docs do not say it's sent up to their servers).

[AwaAwa]

Definitely somebody else's computer. I guess their point is that if you pay them for mail service, you own [a portion of] them. Or vice versa.

[tescocles]

It depends what you mean by data. Metadata maybe, but I'd think they're meaning that once your passwords data is encrypted (on your device), it is no longer your data without the encryption key?

[nerdponx]

Yes