Confidential User Information - whom do you trust?
I'm building an online application in which users will be (among other things) working with and saving their personal business data. This data ends up being stored in an encrypted database on my host server. The application will use a secure (https) connection and will require users to use strong passwords.
Question - do you think people will be reluctant to store personal data on a strangers server? Offhand you would think that they would be resistant to the idea, yet millions of users maintain e-mail accounts at Hotmail, Gmail and AOL where they effectively store very personal data on servers owned by giant companies. Online dating sites also hold a lot of very personal information, yet this doesn't seem to bother their customers.
I'd like opinions, and any ideas as to how to put potential subscribes at ease by insuring them that their data is safe. One idea I had was to let users create their own encryption key and store it on their workstation or on a USB thumb drive. That way they could be assured that no one (including me) could read their data. It does, however, make using the product a bit more cumbersome.
Thanks for any and all comments!
Bill
You might not like what I say - but I believe it.
Build it, make money, then build some more
Some old school smarts would help - and here's to Rob Toth for his help. Bloody good stuff, even the freebies!