Principles

1. Just one key. (Securing one is hard enough.)
2. Commoditize data.
3. Automate conflict resolution.
4. Don't know your customer. Minimize host knowledge of users and their data.
5. Limit damage from a malicious host. Cannot be worse than withholding data. Prevent data injection (spoofing).
6. Prevent cross-host identification of users and their data.
7. Host storage is cheap.
8. Efficiency is important.
9. E2EE > GDPR. The only guarantee of data privacy is cryptographic guarantee.