I’m pretty sure this isn’t the case with CrashPlan. The client decrypts the data locally. If you use the web site to restore your data, my understanding is that the browser loads code from CrashPlans website, but that code then runs locally in your browser to do the decryption on your computer. So the password never goes to CrashPlan’s servers, and they never have the ability to decrypt your data. I could be wrong, but that’s what I thought. @glennf might be able to confirm.
Thanks for the reply!
I think it’s highly likely that you’re correct.
But short of knowing for sure, my point is that it’s much more likely that a desktop client, like Arq, that has no server-side logic but treats the Cloud purely as an IaaS storage platform seems much less likely to give Big Brother access to your data than the alternatives.
No one with a single computer would want to do this, but it you have multiple computers, Backblaze gets expensive pretty fast. (For us it would be six Macs, $30/m $360/yr).
I’m curious about Glenn’s advice to use a password manager rather than writing down an encryption key for a backup. Normally I would agree, but if you need to restore from an offsite backup, there’s a good chance some disaster has struck. Your computer and TM drive might have been stolen or damaged, which means your password manager’s database would be gone. Even a written key left at your home could be gone. The only way to access your offsite backup once you were ready to restore would be to have a copy of the key stored safely offsite or maybe in your wallet.
If you use a good one, in which you can sync data across your devices and even hold a backup that you could access by installing another copy of the software on another machine should all your devices be destroyed, you’re set. With 1Password, for instance, you can use Dropbox to sync an encrypted archive without ever using 1Password.com. I have the same password data via Dropbox on two Macs, an iPhone, and an iPad. They are all strongly encrypted, and I have that key memorized. It’s possible all of those devices could be destroyed, of course.
As long as I could obtain access to my phone number with a new phone (very probably after a disaster or theft with AT&T’s help), and my Dropbox account from another computer (I could reset the password so long as I can receive an SMS and access email), I could download 1Password on anyone’s machine or mobile, and restore my password safe. And it wouldn’t be accessible to that person, even, once I locked the safe. (Unless the person I trusted had a keystroke logger installed!)
It’s still not perfect, of course, because I use two-factor authentication with my email and Dropbox, and a PIN with AT&T in addition to my password. Most properly, I need to memorize a PIN with AT&T, my Dropbox and email password, and my 1Password vault password. With all of that, I would be able to restore SMS two-factor authentication and log in.
In addition to Glenn’s splendid answer, I also on a monthly basis Export my my 1Password database to USB stick where it is held encrypted (I know the key). That USB stick is then securely stored in another location.
Thanks to various folks here for helping me think through this more carefully.
One reply to the “I know the key” and “I need to memorize…”. That works fine, until you die or become incapacitated. And if you have dependents, the potential fallout becomes even greater. How will my wife and/or kids be able to figure out or access anything if I’m not around?
So I keep my 1P vault key written on paper in a “safe place”. What I didn’t think to do was to also store the password for Dropbox on paper, in case none of my devices are accessible, since that is where my 1P vault lives. I could occasionally copy the value to a USB stick, like Richard did. But since it’s already encrypted, I would not see the need to further encrypt the USB stick. But if I did, I would write that password down on paper somewhere safe, too.
Am I missing something?
Dave
My wife and I have done a mutual exchange (via 1Password for Families) of our important information, but there’s probably more to be done. I trust a family member with my life, and I should give him a sealed copy of my password with no identifying information for outsiders, and he could stick in a safe deposit box.
This reminds me to talk to my dad about his passwords…
Yep, that’s a start.
There is a really great Take Control eBook “Take Control of Your Digital Legacy” by Joe Kissell that really got me to thinking about all this stuff. I need to read it again and actually implement some of the ideas, but just as a source to get the juices flowing in an arena most of don’t think about, it’s excellent.
1 Like
My eldest son and I know each other’s 1Password main password. When my brother in law passed away my son and I spent a few days guessing passwords for his Mac. He eventually got in as it was relatively simple. But we both swapped our 1P login after that experience.
Yea, that’s good. The piece I didn’t think enough about wasn’t the main 1P password, but rather having access to the Vault itself, which lives in Dropbox 
So assuming that when I die or become incapacitated, my iPhone or Mac (running Dropbox) is still available, then my survivors would also need the password to get into one of those devices to get to my Dropbox which has my Vault.
But if I want to plan for the situation where all my devices are also gone, then, if my Dropbox password is written down beside the 1P password, then, like Glenn said, my survivors could log into Dropbox.com from their own computer, install 1P, point it to my Dropbox, and then get access to all my passwords.
But hmm, could they figure all that out? That would take a document with instructions and might be challenging for them.
I guess this is perhaps the best selling point of the 1Password.com hosted service. I’m not very familiar with it, but my guess is that it removes the need for Dropbox or another cloud-based syncing service? If that’s the case, then perhaps that would truly be a solution that would only require “one password”.
1 Like
It’s about time for me to make my change to Backblaze. I notice their one computer plan (which is all I need) includes external drives. Do any of you bother backing up your Time Machine and Carbon Copy Clone external drives with this plan, or does that not make sense?
Thanks,
doug
Never mind. I see the answer in the Backblaze help section. Backblaze automatically excludes Time Machine volumes, and current versions of Carbon Copy Cloner automatically exclude certain Backblaze data, to avoid conflicts and duplicated data.
Doug, be aware that the external drives should remain connected to your Mac. If they are disconnected for 30 days then Backblaze will delete the data in the Cloud. Backblaze will prompt you to reconnect after a number of days before warning about possible data deletion. If your computer is shut down then six months is the limit.
Well, I’ve been testing Backblaze this past week - my Crashplan subscription expires in a few weeks. It seems “basically ok” but I have a few issues with it.
The main issue is there doesn’t seem to be any way of telling whether an item is truly finished backing up or not.
My entire MBP’s initial backup took about 2 days. I have a fast network.
Then I noticed that Backblaze excludes the Library. But Library/Parallels is where my Parallels VMs are. So I moved the Parallels folder into Documents (as per a suggestion from Parallels) and removed all file type exclusions. After a while Backblaze started backing up the Parallels folder, and after another day the folder and contents showed up in the file viewer at the Backblaze site.
A Backblaze support person told me if an item appears in the file viewer it is backed up. But the sizes are crazy different. For example, if I select just the Windows 10 VM item then the file viewer says Selected: 1,221.55 MB. But that item on my Mac is 59.68 GB.
Backblaze says 0 files and 0 MB are waiting to be backed up.
My main issue is that I just can’t figure out if something is completely backed up or not. With Crashplan, you could check the history, you got notifications that backups were done, etc. But with Backblaze it seems you just don’t know if things are really backed up or not.
Are there other competitive alternatives to Backblaze which are a bit more reassuring in this aspect?
I have to say, every time I hear a comment about Backblaze it seems to involve choices that Backblaze is making (forcing on you?) about what it thinks or allows to be backed up.
Leaving out some cache or log files is one thing, but I don’t need The Man telling me what to back up.
On a side note, I am trying out Arq+Wasabi right now. Got the Wasabi idea from Jeff’s article, and Arq from here. Both products seem to generally be “hands off” and let you do what you want, work fast, and have good pricing. But I’m reserving judgment to report to you guys until I see how it goes.
Meanwhile, CrashPlan is running in parallel! As well as Time Machine and Carbon Copy Cloner! Ugh!
Anybody try iDrive? I was just looking at this review. The top two winners are iDrive (first) and Backblaze (second).
I’m trying iDrive now. They don’t have a 14 day free trial like Backblaze does, but (1) They do have a 15 day money back guarantee and (2) Though they are a bit more expensive per year than Backblaze, using the link in the article above the first year is just $13.90 - so it would take quite a few years to notice a difference.
Right now both Backblaze and iDrive are running on my MBP. iDrive is still scanning.
Two things I like so far about iDrive are: (1) there are no “forbidden” drives or folders like there are with Backblaze. That makes sense, I guess, because there is a 2 TB limit with the lowest cost package and Backblaze is “unlimited” so it restricts you in other ways. (2) Also, there is 24 hour chat support. Backblaze doesn’t have that.
The other major obvious difference is that iDrive allows the backup of unlimited computers and devices, and also has a sync feature between them while Backblaze is limited to one computer.
I’ll report how well it goes after the first backup is complete.
Thanks for keeping us posted!