What about foreing servers running Microsoft software, that Microsoft can somewhat control like when deleted Tor from Windows machines? If have the power to (even if done via security updates) retrieve information from remote servers, even not owned by them, should comply with obama administration orders?
Really owning your data is becoming thing of the past, at least for some markets.
The point is that don't create a VM. Containers runs applications in their own isolated (as in filesystem, memory, processes, network, users, etc) environment, but just one kernel, no hard reservation of memory or disk, it consumes resources pretty much like native apps.Another difference is at it just need the linux kernel, it runs where a linux kernel (modern enough, 2.6.38+) run, including inside VMs, so you can run them on amazon, google app engine, linode and a lot more.
What docker adds over LXC (Linux Containers) is using a copy-on-write filesystem (so if i get the filesystem for i.e. ubuntu for an app, and another application also tries to use the filesystem of ubuntu, the extra disk use is just what both changed, also cached disk works for both), using cgroups to be able to limit what resources the container can use, and a whole management system for deploying, managing, sharing, packaging and constructing. It enables you to i.e. build a container for some service (with all the servers it need to run, with the filesystem of the distribution you need, exposing just the ports you want to give services on), pack it, and use it as a single unit, deploying it in the amount of servers you want without worrying about conflicting libraries, required packages, or having the right distribution.
If you think that is something academical, Google heavily use containers in their cloud, creating 2 billon containers per week. They have their own container technology (LMCTFY, Let Me Contain That For You) but has been adopting lately Docker, and contributing not just code but also a lot of tools to manage containers in a cloud.