The problem is that when data is stored in the cloud, I don't have full control over it. My data hold as hostage against me. We need to break up data storage from data processing. Imagine if all your data was stored in a secure, independent location, like a large vault. You could then choose which services could access your data, allowing you to use multiple services simultaneously. Better, if this will be on browser side, where I have full control.
IMHO, small independent providers should unite and develop something like File API, but for web (for a NAS with web interface).
That's the reason why malware has it easy because companies still send office documents that should be a PDF.
Most of Words featured aren't used anyway because most people don't know them.
The rest is some Excel tools somebody once created which heavily rely on VBA but nobody can support them because they guy who made them already has left the company.
> That's the reason why malware has it easy because companies still send office documents that should be a PDF.
PDF embedding attacks have been a thing for years.
Personally I think that the culture of sending everything as a Word or Excel attachment has a lot to do with the dominance of MS office but if you can't avoid Office-like applications the other options are even worse.
Hi, I work for Microsoft (just a dev), all (most?) our apps are actually designed to work with third party compliant hosting with an open protocol called WOPI.
So for example you can use Excel online with Sharepoint/OneDrive (two different hosts btw) but you can also use many maany third party hosts.
Additionally third party tools can programmatically access the first party hosts (like sharepoint).
I don't like Microsoft-esque APIs and the company sure has issues here and there but I doubt you'd get the same level of data privacy with a startup (e.g. everything goes through privacy review, security review, devs can't access customer data, data is separated by region etc)
That doesn't seem to be accurate. [0] [1] Microsoft consistently does mistakes that put its customers at risk, like being unable to secure their development environment so that when encryption keys leak in a badly sanitized dump into the dev environment they are almost immediately misused by other state actors against the US federal agencies. [2] How can you trust anything that comes out of the development if you cannot be reasonably sure about the security of it? And we cant really trust Microsoft reports either because of "Inaccurate public statements" (euphemism for lying). [0]
And if you argue with Andres Freund and the XZ discovery recently, he is really a Citus guy. Yes, that is now part of Microsoft but I guess you get my point of him not being directly hired by Microsoft AFAIK.
Microsoft as an organization could and should really do a lot more for security and privacy than they do. But first the culture would need to be that there actually is a lot of low hanging fruit instead of searching for excuses. [3] For instance, Windows Updates could be more reliable, predictable in how long they run and much faster overall. Windows could detect and stop ransomware much better. Microsoft could make Windows Server Core cheaper and have a separate more expensive license for the "full fat" Windows Server with desktop services. That would put some pressure on organizations to do the right thing and reduce the attack surface area.
It's not about data, it's about being pre-installed in the OS, being first to market, being the default at school, bundled as an office pack with other tools, networks effects as people already know it it's easier to continue to use it etc. Where the data is stored is secondary.
Most companies have a solution for network storage or cloud storage and most software will function with it. For personal use most people use their local hard disk and others use a cloud provider as a network drive. Or whatever proprietary storage solution the software supports.
Yes. Data can and will be used against people wether it's petty scamming or political/war operations. If there is uncontrolled prolifiration of personal data it makes this much easier to exploit
ONLYOFFICE supports this. The webservice they host supports different "storage backends", which can be something they offer, or Dropbox, or your own Nextcloud instance, etc.
"Storage backend" is not a "storage frontend" I'm talking about.
Example scenario:
As an office user Alice, I want to open documented XXX stored on NAS Foo at Foo.net in application Bar at bar.com.
To do that, in application Bar user clicks on "Open File" button, then in dialog she selects "NAS" tab, then selects Foo, then selects file XXX.
When the file is selected, NAS Foo forms a one-time URL for the file, like davs://foo.net/u/alice/d/xxx.docx?otp=1234567890abcdef. This URL is invisible to user, unless she explicitly asks for it.
Application Bar receives this URL from the user browser and tries to open it.
NAS Foo shows popup to user about "Application Bar at Bar.com [LOGO] tries to open document xxx.docx. Allow? [O]nce, [A]llways, [C]ancel".
When Alice presses Once, a temporary password is generated and securely shared between Foo.net and Bar.com for the next 12h.
Now, application Bar.com can read and write document xxx.docx freely. At each read, NAS stores a record in a log about access to the document. At each write, NAS creates a new revision of the document and backups it.
Application Bar.com has no access to other files except for those selected by Alice. NAS Foo automatically revokes access of Bar.com to all files after a period of inactivity (month?).
In this case, service Bar.com cannot force Alice to pay for service just because their app contains some important documents in storage. Bar.com cannot pass those document to third party actor, like government, police, etc.
IMHO, small independent providers should unite and develop something like File API, but for web (for a NAS with web interface).