Hi everyone,

I’ve started pushing backups of media important to me (family pictures, video etc) to backblaze with client-side encryption.

However, are they a reliable storage provider? I can’t help but compare them to something like Amazon who likely has a better chance of maintaining my files but they are so expensive that I don’t even bother.

What do you think? Yes, I’ve heard of 3-2-1, however for now I only have backblaze and a local backup. I’m trying not to spend too much on this.

Thanks!

      • smiletolerantly@awful.systems
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        6 months ago

        I’ve recently switched from Backblaze to a Hetzner Storagebox. 5TB for only slightly more than I was paying for Backblaze.

        They support BorgBackup out of the box, so super simple to set up encrypted, differential backups

        • Findmysec@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          Is there an SLA on the Hetzner storage boxes? What do you think about their reliability (will they recover if their underlying hardware fails?)

        • a Kendrick fan@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          there’s also the 14 eyes, when you consider this, you don’t even want to do or put anything online as everyone and everything wants to violate you for some profit

          i’m now considering South America and Russian services as alternatives, but of course I’ll be encrypting my data before it leaves my device

      • 03ari@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        6 months ago

        not the op of this comment. I know there’s Infomaniak that is an independent host based in Switzerland, and they have a service called Infomaniak Swiss Backup. I might use their services in few times, so will come back to this comment to tell what I think of them in a few weeks if you wanna know

        You could still encrypt your backups tho to make them private.

        • philpo@feddit.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          6 months ago

          Just saying, but swiss privacy laws are a huge marketing hoax and amongst the worst in Europe.

          • sunbeam60@lemmy.one
            link
            fedilink
            English
            arrow-up
            1
            ·
            6 months ago

            I know - it’s unreal how much people confuse Swiss banking privacy with Swiss privacy laws in general. FADP is weaker than GDPR IMHO.

            • philpo@feddit.de
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              6 months ago

              A few (German language)sources: https://www.tagesanzeiger.ch/der-geheimdienst-will-auch-die-internetkabel-anzapfen-895734682308

              https://www.republik.ch/2024/01/09/der-bund-ueberwacht-uns-alle

              Basically: The Swiss Intelligence Agency do monitor all traffic going in and out of Switzerland(including incountry routing that uses external routes)and have the right to safe as much traffic as they want for 18 months- and can force swiss companies to give them access to their infrastructure even when they do not provide a service for non-swiss customers. Coming from a Intelligence agency that had the highest amount of files of their citizens of all democratic nations once (see Fichenskandal) it is more than troublesome.

              Additionally swiss privacy law itself,while improved in 2023 after years of doing nothing, is still inferior to the GDPR. Unlike the GDPR it is not necessary for a person to explicitly consent to data collection unless the data is deemed especially sensitive. Unlike the GDPR there is no time-limit to notify authorities of data breaches and it is only mandatory for high risk breaches. And the right of data deletion is severely limited as the company can refuse to delete the data if it is still deemed “necessary” for the original purpose.

              For me this is also why I can’t take Proton and Threema seriously. Whoever uses “swiss privacy law” as a marketing catchphrase without lobbying for improved laws (especially before 2023). And Proton openly lies on their “Why Switzerland” page.