There are a lot of places the "cloud" can be zero-knowledge for payloads in storage, email, and real time communications, but most services are not set up that way, and they would have to charge a subscription fee to replace their ad revenue.
It is possible to make cloud services where trust is not needed. It remains to be seen if cloud services will have to change to remain in business.
People say email can be zero-knowledge, but I'm not quite sure--ever since Gmail pushed us from organizing everything into folders, to one giant Archive + labels, I find server-side search to be an essential attribute of my email service. I don't want to pull my entire mail history down onto my phone just to find one message; even the index would be ridiculous.
For those with the wherewithal to run their own server both in terms of hardware and software along with secure backup policies. The likelihood of be compromised through missing a security patch or poor configuration is almost certainly massively higher than anything like this.
But then where do you get the software for said server? Or your mobile client? We're back to the age old question of how do you trust the compiler? How do you trust the source code?
There's a reason that Governments that take security seriously have their own, private, WAN infrastructure that has gateway upon gateway before it reaches the internet, if it ever does.
That sounds like a lot of work. You have to set up the server, get a domain, update it, back it up etc; What do you get out of it? An email server. Google will give you all of that in a few seconds. Google's uptime is way better than what I could hope to get.
When my laptop had water spilled on it, there was no need to worry about my thesis. I went to a lab and started working on it again 10 minutes later. No work lost. My own backup solutions would be far worse, and likley involve losing some work.
When using these services, I have to ask myself, how much do I value my privacy? I think I get more from google's services than I lose. For me, and a lot of people, it's not worth the time to set up an email server, let alone maintain one.
Yes, for some people, it's too much work.
However, there are many for whom it would not be at all.
I have always run my own servers both for personal and business
use and I don't find it the least bit onerous.
Honestly, I think it only seems like too much work until one
learns more about it. Just like anything else, I suppose.
I'm not trying to change your mind; not everyone is meant to run their
own systems. But I certainly want to counter your discouragement against
doing so.
It means that my mail archive (which is very useful to me) either (A) is vulnerable to risks such as theft/fire/flood that are orders of magnitude more likely than google losing my data; or (B) will cost me effort to make and maintain proper regular offsite backups, which is a rather significant chore that I'd want to outsource anyway to someone else.
Heck. I really could host everything at home but the mere thought of the periodic hassle when some hardware or software inevitably breaks... I'd rather simply send all my email archive to NSA, KGB and Chinese gov't, the hassle is really not worth it (for me).
The home search server would just be a cache, presumably the authoritative mailbox would be on an encrypted cloud service. Disaster recovery would consist of replacing the appliance and reauthenticating it.
It would be hard to trust a Web client, never mind implementing folders etc in anything but a desktop client. There really isn't any way to make the semantics of encrypted email identical to Webmail that is sent and stored in the clear.
It is possible to make cloud services where trust is not needed. It remains to be seen if cloud services will have to change to remain in business.