What guarantees that my data is secure?

Preamble

One thing has become is clear: thanks to the multitude of services we use on a daily basis (email, instant messaging apps, online payment services that require a credit card number, etc.), our personal data is centralized in a few different places that are managed by third parties.  By using these services, you are putting all of your eggs in the same basket. Added to this is the economic model of these online services: this model is based on advertizing, meaning selling your personal data (= your digital privacy) in exchange for influence. 

To know more: Combining ethics and digital tech: mission impossible? answers from Benjamin André, co-founder of Cozy Cloud.

Cozy Cloud's answer

Given this disheartening context, we at Cozy Cloud have decided to reverse the trend by adopting measures to guarantee that the data stored in your Cozy remains secure. 

1. A decentralized structure differs from the current economic model introduced by Facebook and Co. 

The current centralization of data in silos owned by the major industry players is a catastrophe in terms of security, especially when these silos are advertising powerhouses whose economic model is based on selling their users' attention. This model is also highly conducive to digital piracy. Although our data is incredibly valuable to each of us, individually it has little value for an attacker who is interested in securing mass data in the event of a successful security breach. Decentralization breaks the current model, thereby increasing the cost of cyber attacks and reducing their likelihood.

2. Source code needs to be audited by experts 

Cozy uses open source code, which can be audited at any time by trusted experts in order to ensure that it's free from any unintentional or hidden flaws. There is no possible black box effect.

3. The user is king.

By focusing on the user, users gain the ability to choose who hosts his or her data (even self-hosting if technically capable) and can leave at any time. "You will stay because you can leave" has been Cozy's promise from the outset.

4. Transparency and access to data used by apps

Each Cozy app shows what data is used; this is not limited to permissions, contrary to smartphones which only control access to data.

5. Applying "state of the art" technical standards

• Encrypted storage (more information)
• Server role isolation  
• Applications separated from each other
• Two-factor authentication (more information)
• Hosting in France (more information)

Conclusion 

Your personal data security cannot depend solely on technical responses to problems, because we know that all technical expertise is imperfect. Cozy Cloud is not satisfied with being at the cutting edge of security and providing additional transparency and governance tools. 

Creative responses (which are intrinsic to the product's DNA) such as decentralization, auditing Cozy's open source code and changing the host or self-hosting and transparency of data exchanges between apps outside of Cozy, increase Cozy's ethical commitment, driving the company beyond the Privacy by Design -> Security by Design.  

Cozy brings together a number of structural advantages that are far superior to any other personal data system currently available in the public cloud.