I’ve renamed this post to not be Cryptee specific, if your goal is to have this standard applied across the site.
I’m not sure what the privacy impact is of a service using servers on Google Cloud, to be honest. Even if encrypted data is stored in Google Cloud Storage for example, what is the risk we’d want to avoid for any threat model?
Services commonly utilize a number of different backend server providers, and enumerating them all seems like an impossible task, as opposed to figuring out how those backend providers are utilized, i.e. does a service like Cryptee adequately encrypt information so that the backend server has no visibility into it whatsoever? As far as I can tell, yes they do in this case.
There is obviously a privacy risk when it comes to Firebase, but Firebase managed services are only used in Cryptee’s codebase for authentication, so the privacy risk is avoided by simply not signing in with Google. Whether or not you should use an SSO provider is something we already cover, so I’m not sure there’s value in adding a—what should be pretty self-explanatory—note on Cryptee’s listing telling people to avoid the sign in with Google option: