I doubt that any of them will ever publish their most detailed threat models.
If I had to guess, I would say the most likely threat is nosy or corrupt staff.
Protecting a key server is easier than protecting tens of thousands of servers and physical disks.
Legal requirements are not necessarily baseless either. They are in place to protect someone against something.
The data I have on these cloud services is extremely sensitive. All my identity documents, proof of address, examples of my signature, financial data, health data, etc. If someone were to get hold of these documents, they could steal all my money, my identity and make life hell for me.
I doubt that any of them will ever publish their most detailed threat models.
If I had to guess, I would say the most likely threat is nosy or corrupt staff.
Protecting a key server is easier than protecting tens of thousands of servers and physical disks.
Legal requirements are not necessarily baseless either. They are in place to protect someone against something.
The data I have on these cloud services is extremely sensitive. All my identity documents, proof of address, examples of my signature, financial data, health data, etc. If someone were to get hold of these documents, they could steal all my money, my identity and make life hell for me.