Frank Karlitschek founded ownCloud, a personal cloud platform that also happens to be open source, in 2011. Why open source? Frank has some strong opinions about how we host and share our data, and with the recent scrutiny on security and privacy, his thoughts are even more relevant. In this interview, I ask Frank some questions I've been wondering about my own personal data as well as how ownCloud might play a role in a more open, yet secure, data future.
A little history on Frank: He is a long time open source contributor and former board member of the KDE e.V. After 10 years of managing engineering teams, today he is the project leader and maintainer of ownCloud. Additionally he is the co-founder and CTO of ownCloud Inc. which offers ownCloud for enterprises.
Are we winning? Do you think current best-in-class open source encryption is effectively keeping private data private?
I don't think there is a clear winner yet, but open source is a success story for security and privacy critical tasks. The transparency that open source provides is critical for the development of secure software. Also, the fact that a lot of people can collaboratively work on a piece of software and constantly discuss and review the architecture and code is critical.
How would we know?
The problem with security and privacy is that you don't immediately notice when you lose it. People don't know who has access to their data and who has already cracked the encryption of the systems they use. This is a big problem because people might think that everything is fine when in fact it isn't.
Does encryption and federation require an unsustainable amount of storage and bandwidth because of duplication?
I don't think the amount of data that some cloud services store about me is huge in size. It is definitely huge in value, but I think all the data that Facebook, Google, Twitter, and others store from me is just a few GB that would easily fit on my laptop or phone. So, I don't think that storage is the big issue here. Some people might even argue that a federated infrastructure can scale better than centralized cloud services.
What's the easiest way to setup a personal ownCloud server? (Maybe Sandstorm?) Is choosing a hosted option worthwhile, or does it defeat the purpose?
There are a lot of options to run ownCloud.
Obviously, you can get ownCloud from a provider. We list some of them on this page.
You can also run ownCloud on your Linux server, or even a bigger cluster if you have the infrastructure. A lot of home users run ownCloud on small boxes like the Raspberry Pi or other hardware. At the ownCloud Contributor Conference earlier this month, we introduced a new and super easy way to run ownCloud. You only need to download a virtual machine image and make it accessible from the Internet with the new ownCloud Proxy app.
I do believe there is added value, from a privacy point of view, from the providers. First of all, because it decentralizes our data if we all pick different providers rather than one of the three big ones; and second, because you can pick a provider you trust. For instance, one in the city you live in or run by people you know, or in a jurisdiction you trust because it has good privacy-protecting laws.
What's the hardest technical problem on your list right now?
I'm actually happy with the overall progress of ownCloud. We made a lot of huge improvements all over the place in the last few month alone. The next topics that we want to solve for the next release are scalability improvements in the petabyte space. We are working with CERN and others to reach that. Another area of focus will be the upgrade experience. We want to make it ultra simple for users to jump to the latest version, independently if you run a very small or very big instance.
Is there a place for centralized services like Dropbox, or are they an inherently bad idea?
I think there is a space for everything. Centralized services are fine as long as the users understand the problems and limitations. Unfortunately, I think that a lot of people don't understand all the consequences, so there should be decentralized alternatives.
There is probably plenty of data that isn't so valuable that's fine to put on Dropbox and similar services. And to not have to use different user interfaces and tools, ownCloud supports them as a storage backend. You could even encrypt your data on there via ownCloud (or other tools).
If someone is just getting serious about their privacy now, is it too late? Aren't we all already well represented in various surveillance databases?
I don't think it is too late. But I agree that we live in a transition period. If we don't build the necessary mindset and tools for good security and privacy now, then people might not have a choice anymore. Everybody should have basic rights about their personal data. This is also the topic of the user data manifesto 2.0 that we launched this month. More information can be found here.