Backup, sync, and security - my thoughts on how we store our online lives

In the course of looking for large amounts of online disk access for my own backup needs, I've scene a lot of blog posts and articles with names like "The 10 best backup solutions", "Best backup and sync solutions", and "Best free backup tools". While I don't intend this article to serve as my take on "the best...", I do want to express my thoughts on backup and sync solutions, as well as my thoughts on the two in general and their security.

Backup

So recently, I've been looking into backup solutions - what do people I know use, how much data do they store, do they like it, etc... And what I've found... Surprised me. Most people don't back up their devices unless they come with a default setting that is literally just an "On or off switch", usually asociated with an account with Apple, Google or Microsoft. This worries me, a lot. As the old phraise goes, "IT isn't when your disks will fail - it's when". Keeping that in mind...

Local on disk backups

To be honest, I haven't been keeping backups. It's not that I'm unaware of the horific consequences of not keeping them - quite the opposite, I just haven't found something I like yet. There is always the tried and true "Plug in my external harddrive and start a 3 hour copy of all my stuff", but this is really clumsy if you think about it - it needs to be done manually, often (to ensure good backups), you need to delete old copies... It's just not worth it. You can, of course, make a script to do it for you, but you then have to solve problems like "what if my external isn't plugged in when the script runs?", "How can I make sure that the script coppies to the right disk?", "If I start it when my drive is plugged in, I still have to do it manually - this does the same thing, but just with less button pushing...", and more. The simple solution here is... Don't use this solution - it's not one!

If you don't use manual backups, then (most likely), you'll be wanting a program that automatically does it for you. Even with specialized software, an on disk backup still presents you with the problem of needing an external drive plugged in to perform your backup. Though, I only really use my macbook, so if you use a desktop, this might not be a problem at all. The advantage in this case is that the software can take care of issues such as needing to delete old backups (maybe by making them incremental), managing free space, backing up automatically, etc.

Online backups

All this begs the question: in this age of "just shove it onto a server on the internet somewhere, I don't really need it on this device and I can access it from anywhere once it's uploaded", why haven't I opted for a backup service like Crash Plan? In short, because I try not to upload anything not necessary to the cloud, and this definitly means backups. While crash plan's security is probably top-notch and their claim of "unlimited storage" is tempting, I have an aversion to uploading all the data, on all my computers, to the cloud. It's not the average hacker I'm worried about, their hole business model depends on not letting just anyone open up your account - it's big brother.

This is the point where most readers will probably stop, roll their eyes and exclaim, "The government doesn't care what you do, you dumbass! Quit writing posts based on your paranoia and go get something like Crash Plan like the rest of us!" And on principal, I'd have to agree. However, I would like to point out that there are still heated debates on the subject of if the public should have access to strong encryption. I'm not particularly afraid that law enforcement or the government could ever truely "ban strong encryption", but backdoors are only backdoors if nobody knows about them, and for cases like Crash Plan, where so many people keep absolutely all their data, you could never be sure it's not being rifled through. And as your paranoidmeter yet again starts clicking twards 10, take a look at this article, and ask yourself why it even exists.

So if comercial online backup is so bad... Then what?

I tend to say this about everything, but my answer? Self-hostable services. Don't rely on a company you don't really know, using security practices you hope they actually employ fully. Go grab a server, set it up with full disk encryption, and host it yourself.

In the case of backing up data, the only solution I'm completely happy with is UrBackup. It's basically all the features of crash plan, minus backing up to a local disk, plus a few more. It's also open source, with it's code for the client and server on Github. It supports full disk backups, incremental backups, multiple computers, groups with permissions, has a web interface... It's awesome. I'm also pretty sure you can run the server on a raspberry pi, so if you've got one lying around and some extra hard drives (your gonna need to use RAID), that could be a cheap backup server right there.

The catch: you've got to have enough space for it to put all that data. Currently this is the only limitation preventing me from setting up a backup server myself - I have yet to find a provider that will let me pay for raw disk access I can mount on a linux server, other than perhaps amazon. If you don't have much space used on your computers, or you have access to large amounts of disk space, this might be the way to go for you if your paranoid like me.

Syncronization

Some people think "backup" and "syncronization" are the same thing - they're not. Backup is taking all your data, and storing it safely, where syncronization is keeping the directories you choose up-to-date on the devices you want. This is usually to share a folder with friends or your other devices - as soon as you or someone else drops anything in a synced directory, it gets sent to everyone else sharing that folder.

Many people use dropbox for this, and (to an extent), so do I. It's fast, easy to share folders with people, and runs in the background. It still has the drawbacks I pointed out above, however, so this means that pretty much anything you put in dropbox can be accessed if they're determined (I'm not even sure if your data is encrypted on the dropbox end). This also goes for similar services like Sugar Sync, Google Drive, Microsoft's One Drive, etc. And in the case of One Drive, Microsoft sneakily enables it for windows 10 users - so there goes all your personal data, streight to Microsoft and whoever they want to give it to, and they can, (by the way, you clicked agree on their terms if you use windows 10).

Solution

In my opinion, there's only one solution to this, but I'm biased twards open sourced software.

For almost a year now, I've used Syncthing, and I love it more with each commit. This isn't marketing hype, I don't work for the devs or anything - it's just that every feature is exactly what I feel like a free file syncronization tool should have. Syncthing runs on Windows, Mac, Linux, Android, and there is a partial iOS client called "FSync" that may or may not be up to date. You can share folders with any number of devices, use as much space as you can handle, everything uses encryption, it's fast, levraging peer to peer communication, it has a nice web interface as well as a gui, and everything, literally everything is self hostable (There is syncthing, the discovery server which handles devices finding each other, and relay servers which act as relays for devices that are firewalled). It has extensive documentation on the open source protocol, API, UI, firewall setup, and more. If your looking for a way to securely sync files or folders between any number of people, syncthing might be what your looking for.

In contrast, I used to use Bittorrent sync, which roughly accomplishes the same thing, but doesn't provide sourcecode, has a closed protocol, and now has a paid option for extra features... Plus, I don't think I would trust my data to a piece of closed-source software from a company that likes to sneak bitcoin minors into it's apps.

Wrapping up

That's about all I can think up for this post, I hope it made you think about your backup solution (if you have one), made you a little bit more paranoid about what you casually toss on the internet, and maybe introduced you to something you might use in the future.

Comments