[lh7777]

Backblaze Personal does support encryption, but it's always been incomplete. If you supply your own encryption key, it's true that Backblaze can't read your data at rest. But to restore files, you have to send your key to Backblaze's server, which will then decrypt the data so that you can download it. They say that they never store the key and promptly delete the unencrypted files from the server, but to me this is still an unnecessary risk. There's no reason why they couldn't handle decryption locally on the client device, but they justify on-server decryption in the name of convenience -- you can restore files via the web without downloading an app. If you're concerned about this, the solution is to use B2 with a 3rd party app like Arq.

[philistine]

I actually use Arq to send my Time Machine backups and the rest of my NAS to S3 Glacier, in case the house burns down or the drives fail (whichever comes first). It works great and is very cheap!

[sneak]

Arq is closed source and proprietary and its cryptographic functioning and integrity cannot be easily audited or verified.

Why use closed source crypto for money when free software that can be reviewed is available gratis? There are much better options.

[philistine]

I can’t code. What good is it for me if the code is open source ? I can’t vouch for it and I don’t know anyone who vouches for open source code. Also, I have a Mac. Try to find open source software that runs for four years straight without a hitch on Mac. Arq has done that for me.

[ink_13]

That's not true, actually. Code for restoring from Arq backups is freely available: https://github.com/arqbackup/arq_restore

[pitaj]

I'm curious, can you share more details? For instance, which Glacier tier do you use?

[philistine]

The cheapest one. It would take either a long-ass time to restore or cost a lot of money, but I'm betting I'm not going to ever need it.

[kstrauser]

Caution: restoring from Glacier can be hellishly expensive. Poke around at https://liangzan.net/aws-glacier-calculator/ and see what prices you see given your data size.

[philistine]

Expensive external backups if I ever need it is better than none at all. It's a bet, but hey so is insurance.

EDIT: I checked your tool. It's a 1000 bucks to restore 4 TB in 48 hours. If the house burns down, insurance will cover that. I guess now I know I gotta check those drives a bit more.

[kstrauser]

Ok, cool. As long as you know about it up front! I’ve heard nightmare stories of people being very surprised by their bill afterward.

[Dylan16807]

> It's a 1000 bucks to restore 4 TB in 48 hours.

What? This tool is exceptionally out of date. Retrieval cost is $30/TB at the high end, and for glacier deep archive and a 48 hour window it only costs $2.50/TB. (Plus a few cents per thousand requests, so maybe don't use tiny objects.)

Glacier's percentage-rate-based retrieval pricing was only active from 2012-2016.

The bandwidth charge of $90/TB is still accurate. Though there are ways to reduce it.

[csnover]

> If you supply your own encryption key, it's true that Backblaze can't read your data at rest.

It’s worse than this. The private key for data decryption is sent to their server by the installer before you can even set a PEK. Then, setting the PEK sends the password to them too, since that’s where your private key is stored. So you have to take their word not just that they never store the key and promptly delete unencrypted files during restoration, but also that they destroy the unprotected private key and password when you set up PEK. It’s a terrible scheme that seems almost deliberately designed to lull people into a false sense of security.