User data confinement


  • Data-minimization
  • Separate
  • Isolate

Avoid the central collection of personal data

Central collection of personal data can be a threat since an attacker gaining access to a user's account can basically access all their data. Some amount of data processing and storing can be instead transferred to the user devices, so that trust relationship with the service is shifted.

Threat model

  • An attacker wants to access user's data stored on a central service provider
  • The service provider is not trustworthy and might try to copy or transfer user generated data to malicious parties

User story

Secondary effects

Reduce leaking personal information in case of a breach.