Is it correct that when I use the Gateway fähigsten by Tardigrade theoretical Tardigrade have acces to my data ?
No. We still do not have it. Your metainformation is encrypted by your S3 access key. So it’s decrypted only in moment when you accessing it. The remained operations are the same - the data is encrypted with the key from the metainformation and split to pieces then distributed across the globe.
However, there is probability to invent an exploit and steal your keys from the memory when you accessed it and have an access to your data. This is cost of server-side encryption.
So, if you would use a Gateway-MT for backups for example, I would like to suggest you to use an integrated client-side encryption (like in Duplicati for example).
However, we are working on client-side encryption for Gateway-MT’s users to eliminate the probability to steal your keys.
The main challenge is to leave it compatible with S3-compatible software. The AWS S3 protocol doesn’t have an option for client side encryption.