"Encryption and backup. [...] If people did these things correctly, hacks would rarely matter [...] This is a field that is ripe for system-level disruption"
Encryption and backups set in stone. An attacker may not be able to read your encrypted backups, but if he can delete them, you still won't be happy.
I think the only feasible solution is that of online, write-only backups. They need to be online so that devices can backup themselves when they deem that necessary; you cannot trust users to do any manual backup task. They need to be write-only because, otherwise, with online backups, an attacker could wipe all your backups. Semi-write only, in the form of "deleting backups older than a year" or "delay any deletes by a month" (to give the user time to report his phone to be stolen) or "delete only after three-factor authentication" probably is acceptable.
"perhaps because the business models of companies are now so dependent on reading our information and selling it back to interested parties"
I think it is because online backup looks too pricey. People keep comparing the price of online storage to that of hard disks. For example Dropbox is about $1 per GB of storage per year. You can buy a SSD disk or a laptop for less than $1 per GB of storage. As this example shows, current solutions also do not protect well against attacks.
I am not sure that the options of having your own cloud, or of making a cloud with others (peer-to-peer backups) will make sense to Joe consumer. Users may not want yet another device at home, likely will not have the upload bandwidth (yet), and are a risk factor with respect to operations on such a device. A home device probably would have to be a custom device, not a PC. Users cannot be trusted to operate it in ways that keeps their data secure, so you must make it impossible for them to operate it.
Encryption and backups set in stone. An attacker may not be able to read your encrypted backups, but if he can delete them, you still won't be happy.
I think the only feasible solution is that of online, write-only backups. They need to be online so that devices can backup themselves when they deem that necessary; you cannot trust users to do any manual backup task. They need to be write-only because, otherwise, with online backups, an attacker could wipe all your backups. Semi-write only, in the form of "deleting backups older than a year" or "delay any deletes by a month" (to give the user time to report his phone to be stolen) or "delete only after three-factor authentication" probably is acceptable.
"perhaps because the business models of companies are now so dependent on reading our information and selling it back to interested parties"
I think it is because online backup looks too pricey. People keep comparing the price of online storage to that of hard disks. For example Dropbox is about $1 per GB of storage per year. You can buy a SSD disk or a laptop for less than $1 per GB of storage. As this example shows, current solutions also do not protect well against attacks.
I am not sure that the options of having your own cloud, or of making a cloud with others (peer-to-peer backups) will make sense to Joe consumer. Users may not want yet another device at home, likely will not have the upload bandwidth (yet), and are a risk factor with respect to operations on such a device. A home device probably would have to be a custom device, not a PC. Users cannot be trusted to operate it in ways that keeps their data secure, so you must make it impossible for them to operate it.