[gentleman11]

My main concern with third party backups is the privacy aspect. I never want to worry that some silent TOS change means that ad companies are scanning all my documents. Does backboaze have any options for e2e encryption or some sort of iron clad privacy policy without a “we can change it at any time” clause?

[luma]

If your 3rd party storage provider plays any role in your encryption strategy then I would suggest that you’re probably doing it wrong. Data should be encrypted before it leaves your world and not decrypted until it comes home. That way, I don’t care a whit what they do to my data so long as it’s there when I ask for it back.

[bronco21016]

Several backup tools have encryption in place so that your data can be encrypted before it leaves your device. Rclone for example has encryption and Backblaze B2 capability.

[gentleman11]

I looked at rclone once and didn’t find any information about encryption. Thanks for mentioning it

[geostyx]

Crypt will encrypt all files before they leave your device, yes.

[gravitas]

To the non-rclone users, this refers to one of the targets of rclone; the crypt backend wraps the real backend by chaining them together, e.g. localdata <=> crypt <=> providerstorage (basically like a bi-directional filter). https://rclone.org/crypt/

Edit: I use rclone as the backend for duplicity, so you can also chain it through another tool with different encryption and use rclone as just the transfer engine, getting all the benefits of rclone's providers with the benefits of duplicity's backup strategies.

[akersten]

I use HashBackup[0] (I think the author is on HN) and it has a B2 option. It encrypts your data by default, and you can set up an intermediate backup (like an external HDD) to sit between your live system and B2 so you have multiple layers of backups.

If you're comfortable setting up a cron job, it's a great fit. I use it to back up a 1.5TB Samba directory and wind up paying about $5/m for B2.

[0]: http://www.hashbackup.com/

[tuatoru]

> My main concern with third party backups is the privacy aspect.

You want tarsnap.[1]

Edit to add: Colin Percival is the author of scrypt[2] and has worked extensively with FreeBSD's portsnap, so he knows what he's doing.

[1] http://www.tarsnap.com/

[2] https://en.wikipedia.org/wiki/Scrypt

[cperciva]

has worked extensively with FreeBSD's portsnap

To be more precise, I wrote FreeBSD's portsnap. (Also, freebsd-update.)

[ewams]

They have an option in software to enable encryption. You provide a key and supposedly the encryption happens at the client in your end. Obviously you have to trust their software and terms like you mentioned. Though backblaze has a great track record and is very open. If you don't want to trust them there are other softwares you could use to encrypt your data before giving it to backblaze.

But one of the benefits of backblaze is the simplicity. Simplicity of setup, backups, and restores. If you muddle with that by encrypting before giving to backblaze you lose out on part of the value.

It also usually seems when people roll their own it opens up risk of forgetting something. BB is easy, set up their encryption and you should be fine.

Just some thoughts.

[tzs]

> They have an option in software to enable encryption. You provide a key and supposedly the encryption happens at the client in your end.

For restore, though, decryption happens at the server end. You have to supply your key to their server, which decrypts the data at their end, then sends you the subset you are interested in restoring.

See [1].

[1] https://www.backblaze.com/backup-encryption.html

[vorticalbox]

Is here a reason they don't just supply you with 5he encrypted data and give access to a tool to decrypt it?

This is the only thing putting me off backblaze

[gentleman11]

That is strange. The encryption, in that case, only really offers protection against data breaches

[treymo54]

I've been using Backblaze B2 + restic for automated backups of my working documents and photos. restic backups are encrypted by default and Backblaze B2 is one of the supported backends.