The short answer: many companies profit from your data.

In the case of Google, their business model is to build free or highly discounted products (to the end user), and then sell the combination of user attention and rich user profile information to advertisers. So building a No Knowledge (NK) system is antithetical to their goals.

In other cases, there are several reasons why a company wouldn’t consider it:


In this case, the nature of a system is impractical to implement in No Knowledge. There’s no obvious way to build a “NK Netflix,” for example. Netflix relies on a large database of content, and there’s not an efficient way for subscribers to consume that content without revealing their actions to the server. Google’s search product would also be difficult to make NK.

Generally the products for which a straightforward approach to building them in No Knowledge exists are those where the computation could all happen on the end user’s device (e.g. all traditional desktop apps, like Quicken, Turbotax, Excel, etc.) and some systems that work with user supplied content (e.g. Google Docs, Google Hangouts, MS Skype, Apple’s iMessage, etc.)


Even for the types of products that are amenable to NK designs, the biggest limiting factor is the added difficulty to design, build, and maintain over time.

An effective NK system requires the development team to understand cryptography. The design usually requires choosing specialized data structures that fit the problem domain. Because the server cannot read the data, building new features that require unanticipated schema changes (i.e. changing the database structure, like adding extra columns or tables) are difficult. This means the initial application architecture requires a great deal more planning to anticipate future needs and make data structures extensible after the fact.

A No Knowledge application really needs good security review from an independent team to have assurance that there are not accidental flaws that reveal information. Security review is expensive and time consuming. Few conventional apps, even non-no knowledge apps, bother with this level of security assurance.


Lastly there’s the challenge of key management. As is frequently discussed in the Apple/FBI case, cryptography is only as strong as the chain of custody for the crypto keys. For most consumer services, there’s no ideal key storage solution available. Users don’t like the idea that forgetting a password (which is the least common denominator for a cryptography key) may mean they are forever locked out of their account and their content is lost. Enterprise customers may need sophisticated key escrow features for regulatory compliance reasons.


Knowing all the hard work and the extra expense that it adds to our business, you might be wondering: “Why do they even bother?”

At SpiderOak, No Knowledge is at the core of what we do and it is precisely the value we know we’re adding to our products. This extra effort is the reason why our supporters choose our products over the alternatives. NK supports our goal to continue to provide peace of mind by creating products that protect people’s privacy online.