Cloud Apps Are Like Coat Checks

Do you really trust them with your stuff?

When you use a centralized cloud service, you are not really in possession of anything. An apt analogy for most cloud applications is a coat check service — everybody’s stuff is mixed together. Your things are tagged with a number, usually containing your user ID. When you ask the coat check attendants for your coat, they search a rack of similarly-sized items to retrieve yours, on demand.

If you use multiple cloud services to store your data, photos, videos, spreadsheets, drawings, etc., it is as if you have several coat check tickets in your wallet; you have to go to multiple venues and speak with multiple coat check attendants to get access to your stuff, one piece at a time.

But as we now know, sometimes those “coat checks” go out of business. Sometimes they raise their prices for no reason. Worst of all — they like to look through your stuff and sell the information to others.

Now, imagine you decide to retrieve all the coats, bags, and luggage one day, and lock them in your closet. You now have all your stuff in your possession.

This is similar to owning bitcoins or another cryptocurrency on a hardware wallet. People using bitcoins for the first time usually have an epiphany when they realize that they are in direct possession of this measurement of value.

But having all your stuff at home is only great if you never leave the house. And what if someone breaks in while you’re gone?

You take on the same inconvenience and risk when you assume full control of your data. If your private key is on your computer or on a USB device, that key and a passphrase is all that stands between you and your stuff becoming someone else’s, or lost forever. There is no recourse if you mess up.

That’s why we’re building a better model of data ownership that combines the best of both approaches. We call it a “personal cloud.”

When you run apps on Cardstack, you now have a “coat check,” and others become the ticket holders. You get to choose how your application data is stored, and you have final control over the access to it.

Let’s say you’re using a Cardstack app and you generate some data. If you don’t want it to mix together with other users’ data, just instruct your Cardstack to keep the application data on your own device. If you see advantages in emerging distributed file storage systems like IPFS, you can use that instead. If there’s a reason you want your Cardstack instance to use centralized cloud storage, you can do that too — but in this case you would hold the keys, like renting a private storage unit. Your stuff is not mixed with others’. And you can move it somewhere else whenever you want.

Apps (top row) talk to your Cardstack (center), which orchestrates your data (bottom).

Because of Cardstack’s user experience, which tracks your original data and changes using a version-managed system based on the Git protocol — more on this in an upcoming blog post! — you can still see and interact with all of your data in a cohesive way, no matter where it lives.

Before an app accesses any of your data, it must get permission from your Cardstack. These permissions are enforced by a smart contract, so that apps only use what they need, to do what they need. The same smart contract pays the app on your behalf for the services the app provides, and the costs the app incurs.

All of this means the relationship between users and apps becomes more balanced. You no longer have to hand over your digital life to a stranger every time you want to do something on the Internet.