[indigochill]

I think in general one might consider "the cloud" to be virtual resources on hardware shared with third parties. So of course AWS/GCP/Azure, but DigitalOcean would probably also qualify since to my knowledge droplets are virtual servers on shared hardware.

Although renting virtual resources on shared hardware can be convenient (much easier to provision virtual resources than real servers), there are a couple of drawbacks. Most importantly, particularly from a password management perspective, running on shared hardware could expose your virtual resources to hardware exploits like the row hammer effect.

[protonmail]

Yes, this is indeed what we mean. Proton does not use third-party providers for hosting encrypted user data. So none of the providers that people typically consider to be "cloud" such as AWS. What we do instead is own and operate all of our physical server hardware and network equipment in datacenters in Switzerland and Germany.

[hazmazlaz]

With properly managed encryption, it shouldn't matter to which cloud (yours or theirs) the data goes to.

[indigochill]

Why have just one layer of protection when you can have multiple? https://www.comptia.org/blog/what-is-defense-in-depth

Mistakes happen in the most secure systems. The more layers of defense you have, the less likely a mistake causes an incident.

[jsnell]

So if you store a file in OneDrive or Google Drive, you'd say it's not storing a file in the cloud? No third parties involved there after all. Just you, the service provider, and the hardware owned and operated by said service provider in their own datacenters.

[indigochill]

I'd say there are colloquial and technical definitions of the word. Colloquially people have taken to referring to servers not their own, particularly operated by Amazon/Google/Microsoft, as "the cloud", such as OneDrive and Google Drive. I might even use the word colloquially sometimes. But when technical precision is needed, "cloud" refers to virtual resources on shared hardware.

Applied to this particular context, the colloquial interpretation doesn't make any sense whereas the technical interpretation does.

[tough]

Im guessing they're using cloud in the classical sense of the term, as in they own their own infra and rack servers which are colocated into a datacenter and so don't depend on third parties for infra and nobody else besides them should have access to your data

[Hamuko]

Isn't the term "public cloud" invented for this distinction?