You can own your data if you use client-side encryption with cloud. When encrypted, you don't have to trust the cloud provider. This opens up new possibilities such as P2P networks with fair pricing, no provider lock-in, equal access and censorship resistance. I'm excited about Sia / Skynet which enables these kind of apps.
That works fine as long as you don't care that advances in computers and cryptography would one day (maybe after you are dead, and likely only with some notable effort) allow someone to read your data and (much more practically) you are extremely confident you can't lose control of your key somehow.
This is if you are storing all your data together in a single location. If you decouple it, using multiple accounts on the host, or even several hosts, you might have some of your data decrypted, but it would be worthless. If you decouple correctly, you should have data that is meaningless without some other data that is hosted elsewhere, on an account completely unrelated and unconnected to your other host accounts.
If it wasn't considered a solved problem, we wouldn't have public CA's for our browsers to trust, as their very premise is based on having a secure way to store private keys. I think a FIPS-140-2 level 4 HSM and hashicorp vault enterprise will cover 99.9999% of all other use cases for private CA's and PKI.
Keychains, Vault, GPG, HSMs, password managers. It's solved, just requires effort and understanding to setup. It's neither "huge" nor "unsolved" as pks have to live somewhere and cannot exist in the aether.
Yeah, I meant that the security tradeoff with usability is unsolved in personal use. It requires too much effort and understanding. If you use hardware keys, you still have to backup your keys somewhere safely.
It's funny that you mention the breaking of keys using outdated algorithms; I booted up my Standard Notes app and there's an "Encryption Upgrade Available" notice at the bottom which has you enter your password to locally regenerate your keys. I could imagine something similar working here, and perhaps let your progeny have access to your credentials postmortem.
Client-side encryption could help Confidentiality and Integrity, but still leaves you powerless on Availability. If your cloud provider decides to have a glitch, changes their offer, raises fees, … your whole setup is impacted by the cloud provider.
