User data confinement
Avoid the central collection of personal data
Central collection of personal data can be a threat since an attacker gaining access to a user's account can basically access all their data. Some amount of data processing and storing can be instead transferred to the user devices, so that trust relationship with the service is shifted.
- An attacker wants to access user's data stored on a central service provider
- The service provider is not trustworthy and might try to copy or transfer user generated data to malicious parties
Reduce leaking personal information in case of a breach.