Offsite Backups and Data Security

I promised myself that I would not join the crowd of people analyzing the current situation between Apple and the FBI. So many people have already written about it far better than I ever could. However, in light of the FBI’s request, I wanted to revisit my offsite backup choice.

I listen to a lot of podcasts. I mean a lot. About a year ago, it was impossible for me to ignore the barrage of sponsorships by Backblaze. They did their job. The sponsorship spots made me realize that my backup solution was insufficient.

At the time, my backup solution was a Synology NAS running RAID 5. Actually, it is running a Synology Hybrid RAID (SHR) with 1 disk redundancy, which is their improved version of RAID 5. I have been running some version of RAID 5 since the incident. You know what I’m talking about. At some point we all experience a version of the incident. My incident was the death of a hard drive containing tons of photos that lived nowhere else. Classic.

Backblaze, however, does not support backing up a NAS. Bummer. So, I did what any good developer would do in this situation. I procrastinated.

Every time I would hear a new Backblaze spot, I would think about it again and maybe do a little research. I would take a look at a couple of solutions and always find something I did not like about each of them. Then I would procrastinate some more.

I know what you are thinking right now. Is this the point where he has another irrecoverable data loss? You’ve seen Hollywood movies. That’s how it works, right? Thankfully, no. I just kept procrastinating… but each time, I would feel more and more insecure about my data.

Then, in July 2015, I listened to an interview with Stefan Reitshamer on the, now defunct, Binpress podcast. Stefan is the creator of Arq – software that backs up data.

Arq intrigued me. There are a few things about it that I liked:

  1. I could backup my NAS
  2. I choose where the data is stored (I choose Pikachu… I mean Amazon Cloud Drive)
  3. I hold the encryption key for all backed up data
  4. I would be supporting an independent developer

Point #3 is what triggered the idea for this blog post after I heard about the FBI’s request of Apple.

I should mention, Backblaze also has the option to set a user selected passphrase as an extra encryption layer. I would highly recommend users do this. To restore your data, however, you have to decrypt the data on their servers.

While I am sure they take steps to ensure that the data is safe, it simply opens up potential weak points in the entire process where data could theoretically be compromised. If a user does not select a passphrase, there would be nothing to stop Backblaze from decrypting your data, were the FBI to strong arm them into doing so.

With Arq, the encryption key stays with me. All data on my server of choice is encrypted using this key. Access to that data without the key is useless. Were I to need to do a restore, the encrypted data is sent to my computer and decrypted locally. Less points that can be hacked.

iPhone Backups

Another aspect of the story is the accessibility of the iCloud backups.

I don’t allow my iPhone to backup to iCloud. But not because I’m paranoid. I just never set it up that way. Instead, I have it automatically backup to iTunes when it is plugged into a power supply and is on the same wifi as my desktop. The backups are encrypted with a strong password, which also allows health data to be backed up. BONUS! Arq then includes these iPhone backups when backing up my entire computer to my offsite storage.

Arq does incremental backups. So the new iPhone backups do not overwrite old ones. Instead, should I have the need, I can restore my iPhone from a specific point in time.

Why Should I Care? I Have Nothing to Hide.

One argument that keeps coming up is a rehash of having nothing to hide. This should not preclude you from caring about a fundamental human right.

Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.[1]

Regardless on your personal feelings about Edward Snowden, it is hard to find fault with this stance.


This is currently the setup that is right for me. That does not mean it is right for everyone. Far from it. But perhaps sharing my experience can help someone else with their decision.

If you want to start a discussion, you can find me on Twitter. I’m @yonomitt.

Have a nice day,