There is a short answer, and the short answer is: “many companies profit from your data”, but you are going to be interested in the long answer which explains our point of view….
Let’s stick with Google for a moment. What exactly is Google’s business model? They build free products and services, in some case highly discounted, from which end-users benefit. But with a free service they don’t make any money, so where is their cash flow coming from? Of course from advertisement. So what they do is sell a combination of user attention and rich user profile information to advertisers (with their own platform AdSense and AdWords). So do you think Big G would be interested in building Zero Knowledge systems? No, they are not, because when users hold their data in private this would be completely contradictory to their goals.
Obviously there are more cases and reasons where companies could build Zero Knowledge Systems, but simply don’t even consider it. The following are some of the reasons why they don’t:
It Doesn't Make Sense
There are cases where the nature of a system is impractical for a Zero Knowledge implementation. Let’s think about Netflix. Zero Knowledge Netflix wouldn’t make any sense because they hugely rely on a large database with movie contents, so there would be no effective way for subscribers to consume movies without revealing to the underlying infrastructure which movie they want to retrieve and view.
Another good example where Zero Knowledge doesn’t make effectively any sense is Google’s search engine, the same concept as with Netflix applies.
Having a look at the Zero Knowledge Concept we soon discover that products and services which are built in a client server concept and the processing is done on the clients side (users device), are the kind of systems where Zero Knowledge as a concept fits perfectly.
Implementation is just too difficult
Even for Products and services where the Zero Knowledge as a design pattern is applicable, there is an additional hurdle to design such a system, then to build it, and finally to maintain it.
The requirements to build a successful development team which understands cryptography and encryption is a challenge on its own. Designing a Zero Knowledge system largely builds on the correct choices of development patterns and data structures that fit the problems solution.
In a Zero Knowledge System, one cannot simply change database structures or create plugins which do not anticipate the overall system design. This requires that a Zero Knowledge system has to be designed from ground up to make the inelastic system elastic enough to later expand on top of its core components. As one might anticipate, this requires an awful lot of planning and tweaking such a systems architecture to make it later on able to expand and build on it.
Security is the next concern. In a good security concept reviews from independent sources are the only way to go to avoid serious flaws that could even accidentally happen, and as an end result expose information to third parties.
In general security reviews are expensive, and above all the process is time consuming. Few conventional apps, even non-zero knowledge apps, bother with this level of security assurance.
Managing user keys
Managing encryption keys is another challenge which needs a solution. Cryptography is only as strong as the chain of cryptography keys.
For most consumer services, there's no ideal key storage solution available. Users don't like the idea that forgetting a password may mean they are forever locked out of their account and their content is lost.
At the bottom line Zero Knowledge matters
At XXL Cloud, Zero Knowledge is in the core of our Business. We know that there are things our customers ultimately want to protect. Having something worth protecting is not equal to having something to hide. Our user’s privacy online is what 150.000 users value when using XXL Box to store their data, and most of them their confidential documents - private or enterprise.