Christian Schmickler Interviewed: Provide Shield to Cloud Data with Cryptomator
- Salman Ahmed
- September 24th, 2018
The data has now become gasoline to run almost everything that is online, the demand for cloud data management is increasing on an exponential basis.
However, these cloud-centric databases are facing the music in the form of data privacy concerns. Moreover, the data stores in the cloud contain confidential and personal information of individuals that if shared publicly or get in the wrong hands can become a nightmare for user privacy.
Online data security is the key maintain privacy of users. To address this issue “Skymatic” develops a cloud encryption solution Cryptomator that ensures ultimate protection.
We are thankful to Mr. Christian Schmickler, Managing Partner at Skymatic for his precious time to discuss how Cryptomator software works and to ensure your data protection.
So without wasting any time let’s dig into the answers given by Mr. Christian Schmickler regarding how Cryptomator is an essential software in improving your online privacy.
Q1. Your Introduction at “Cryptomator”?
Yeah, well as you probably know that the main product, Cryptomator is out there from 2016, it is simply a program and an App that encrypts files on a user’s device, which can be a mobile phone or tablet, a computer or the client. So this is client side encryption or is known as end to end encryption.
The idea behind Cryptomator is to build a cloud based encryption solution that serves all kind of user and has no previous technical knowledge or advanced computing skills. We develop a software that is user friendly and easy to use as much possible and another factor that is very important for us is transparency to give people confidence in what we say that we do. So the open source aspect that was included in the basic version of Cryptomator.
Q2. As the Cryptomator technology is a bit advanced technology for the beginners, so how can you explain it in simple terms for those who have zero knowledge about encryption.
Well it’s a simple installation routine. If you’re on a computer then you just download the Java application, normal file or if you are downloaded from the IOS, from the App store or the Android, Google play store, you know the correct word there I guess. Yeah, you can just download this app from the very basic interface. You create so called the bowl (destination folder) then you Choose a path forward for a bowl that you have just created and then even a baby can use this file system it’s a drag and drop and any time you store file it got encrypted automatically.
As your audience consists mainly of non-technical people, who have concerns about online privacy but are relatively new or unknown on the technical aspects of it. Then the best way to explain our product is meant to provide online privacy within other products with the combination of Dropbox or Google drive.
Our, my Co-founder Sebastian Stenzel you can find more about him at Skymatic website. He is an engineer and he realized that there are some flaws in cloud storage out there, and the main area of privacy is not really covered by the available offerings.
As in clouds you never know is it just another computer or another company’s computer. Can you trust them yet no. At then he was looking for solutions, to save these file in an encrypted manner and the available solutions of that time either not user friendly or not really trust worthy because they are neither open source nor their architecture is as convincing on privacy.
Sebastian started Cryptomator as the side project and begin writing first line of code and in the beginning of 2014 the first GitHub project was launched. Then some of his friends joined him. I joined the team in the beginning of 2016. At that time it became clear that it is time to transform this into a business model or a whole business projects so that’s how it’s all started. The idea is to sell Cryptomator app in order to provide a way for protecting user privacy.
But why didn’t it work extensively? Because people are not willing to pay any money in order to protect their privacy. It’s just very small niche markets out there of people that have very much knowledge of the digital world, and are very close to computers and everything you got to do with computers.
We tried to design Cryptomator to make it easy that everybody can use it. Ninety eight percent of our twitter followers, which is more than 3000 now, are male and only few of them understand the real meaning of privacy. Subject is technology, cryptography, and how to use it to enable user’s privacy. We have an audience now that was able to do encryption way before Cryptomator ever existed. So Cryptomator supposed to have all the other people in particular and it’s obvious no body is interested in that.
Those who don’t have much knowledge about online privacy can save your comfort from compromising to companies like Google, Facebook. In the end People spending towards improving their privacy find it very beneficial to use our services. I think the main problem is in the first place is the part about privacy in general which many fails to understand because the people who did not understand what it means, to have privacy as it is totally lost in society. Even people with the technical knowledge are reluctant to pay for privacy, and this is why we are still not getting great response.
Well Cryptomator takes your file and encrypts it on your device which can be a mobile phone or computer and stores it in an encrypted way and send it automatically to the cloud where it then arrives in the encrypted form.
Yeah. Well it encrypts all your files on your devices, like your mobile phone, your iPad or computer. It means only encrypted files leave out of your system and beyond that, only encrypted data of yours is existed. Let say, if your cloud gets hacked or if your cloud is not as trustworthy as you hoped it was and some hackers trying to access your data, but they find only encrypted data. And they cannot really do much with it. Cryptomator not only encrypt the file content but also the file names like sample, so any kind of information except for the file size obviously. In short, Um, it is somewhat unreadable to anyone that compromises your cloud storage.
To me GDPR is not as effective. I mean it’s a good thing that people have taken GDPR as a reason to think about their online privacy right but then again Facebook and Cambridge Analytica has done much more to it.
I think the biggest problem with the GDPR is that the big institutions such as Google, Amazon, Apple, and Facebook, are ask people to agree to all of the terms and conditions in order to be able to use those services and GDPR has asked the people whether they want to give permission to them or not. But everybody has again, click on, yes, of course I read the new terms and conditions that are now compliant with GDPR. So this is the biggest problem and nothing has changed about that.
At the same time, if I look at the situation here in Germany, many SME business like small businesses that do dependents on some data in order to address their customers. They now need user’s permission to access this data and in this way users can control their data regarding to share with different social platforms and websites.
What seems to me are now questioning how well these small companies are? Can I really trust them? Okay. Yes. But if I do have to agree to what they asked me to do, well to get access, I have to allow them to use my data, then I might decline this request. And If I declined that request with all of the small companies that are actually quite good for the competition, in the market but only the big spawns have the data.
And if we give data to only giants, then it becomes a great challenge for the smaller companies and it just kind of a problem in the competition that only the big players now get all the data and small players might even get less data than they have before. So they have a disadvantage here.
Again, I see that there’s many things that are actually not really feasible implemented at all in to do the part of GDPR with the ability to transfer Data from one entity to another and to make it compatible with that world anyway. But I think that there are many things with GDPR that will have to be decided again and I think in five years maybe if everything accelerate at the current rate. So in five years we could see if GDPR was successfully passed or not.
The main challenge as I already said is that, the majority of people is not willing to pay protection of privacy. Our way to tackling that is we focus on our main customers and businesses and not consumers anymore.
We like to help companies with our encryption technology so that they can implement it like a cloud system or something, we can bring in our cryptographic library to make the encryption. We have implemented in mounted docs, which a secure FTP client.
For United internet, One and One, we have actually built an end to end encrypted cloud storage for them because they wanted to differentiate from cloud providers that do not offer end to end encryption.
Yeah, well, I do not know that how behavior really is changed. But we do talk about privacy paradox and I think that is what you actually heard of the difference, the attitude and the behavior the people are always been skeptical about many services and at the same time they still use them.
So will people use a service they don’t trust every day, we all do that all the time. Well, of course we think a digital book that has rather manifested or even enhances the strength of the attitude. Yes, I do care for my privacy, for the good reasons. And at the same time we still have the privacy paradox. The behaviors, not necessarily following the attitude.
There are all the network effects out there. There is the funnel you get if you share something to swarm behavior, like the earth herd instinct, right? If everybody just said, why should I, why should I be harmed? And well at the end of the day we don’t have digital instincts.
I think that’s a good word to describe it and if we do not have a feeling for the potential harm that we could cost ourselves or others in our network if we do what we do online.
The special thing about Cambridge Analytica was that people have realized for the first time that their data may be used for the as means of end goals that getting not necessarily agree but this is something new.
We have turned mostly into the business segment that we are currently developing Cryptomator server. It is kind of an extension of Cryptomator. This is going to run on premise and not in the Java application and send automatically encrypted data, but they are just going to send it out to magic and encrypted backup to the cloud.
Cryptomator is mainly for the SME companies and it is very easy way and will replace your pilot server orders. It is installed on your company’s server, it acts as a file server, and it makes it very easy to have a place where all the company files are securely stores because they are also encrypted with is Cryptomator libraries.
And then it automatically backups to a cloud of your choice but stores only in an encrypted way but also there are several additional functionalities that become possible now because as I said, Cryptomator main function is to provide the end consumer version to end encryption that could makes some analysis.
For example, most possible now to a server that is still located within the company’s network or server only. The server does the encryption and the decryption of the file. So it also enables us to do something like all the trails to know who has access, what kind of sensitive at the time we are also considering of course in order to protect the employees were thinking about like an unknown anonymizing of the excess after a week or two or something like that.
We also have grants and web protection that we are currently building into the solution to what we’re trying to do here is we try to find or to build to develop a solution that is very easy to use and that includes styles on a very safe and minimizing dangers.
This kind of also allows us to provide Cryptomator in the future for end consumers because at the end of the day we would have to admit that it doesn’t generate sufficient revenue to, about, to actually have it as a company running just by itself. If you sell a couple of hundreds or thousands, well actually provide some apps. It is just not enough. This is the big challenge, right? Privacy for end consumers, if they are not willing to pay, you are not making enough money with it, and then you kind of maintain the project unless you have something else. For companies that do the financing and then Cryptomator can still be used by anyone, which was very nice thing to have.
If you had a monopoly and if there’s much data stored within under the control of one single company that is not under democratic control, of course it is a kind of an issue. Even danger, perhaps knowledge about all the data that are stored in there.
Yes, for sure. Then again, and just needs regulation I believe. As talking about GDPR. The rules or the law just does not go far enough. It kind of did not take into account. It uses a just going to say again, okay. I agreed to everything you to do. And they did not by law kind of forbids to do whatever they want with the data. And at the same time we could also talk about a very well-regulated platform may well be creative even though it is much more difficult if it’s not an economic, um, well, if it’s not working in the business model, right. I mean that we may be able to build maybe even open source platforms, collectively as projects. Perhaps even that can offer very similar services as Facebook.
Probably the one definition that it’s very difficult to define Privacy. I mean at the end of the day it is more about information of self-determination then about privacy I believe because in terms of self-determination means that you actually are in charge. You have the power to say, what can be done with your data, and I think this is, this is the better approach. At the end of the day, privacy just means that you’re very personal realm.
Well nobody has access to your personal realm, but then again sometimes you decide, okay, actually I’m okay if you can see pictures of me. Well half naked, whatever it is, and obviously this would be kind of a breach of your privacy, but then again it is a breach to which you use in your content. So content is a very important topic about informational self-determination because you get your content that your data, well, your name, your age, your birthplace, your interests, your hobbies, mainly shared with the third party and if you are in control about that, this is something you should any match.
Extended advice you would like to share that can help protect the privacy since regarding the day at our books and go through it.
The most important thing I think we have to realize that the privacy and well let’s call it information self-determination for the moment that it is not an individual thing but a collective challenge. And is this a collective challenge because you alone cannot do too much. Cause you to network effect. If everybody uses WhatsApp, what can you do or you just think I’m not using what’s app and I contact access to my network anymore. On the other hand, you opt out of Facebook even though then you just miss all the invitations to the best parties. So what are you doing? What do you do? Right? So, we have to kind of become aware that it’s a collective challenge. And this is the main advice.
I mean why we don’t use Signal and Wire more, which is a free open source. A messenger can be much for everything.