![]() ![]() Many of our customers are naive (not computer expert) customers, and many, many, many customers find this particular security level, convenience, and tradeoff useful. ![]() While there is that tiny exposure if the restore servers were ACTIVELY hacked during the 20 minutes while the restore is being prepared, some customers (especially if they are just storing wedding photos and cat pictures and public websites) prefer this option. Now, the reason we allow the customer to provide this passphrase is it is STILL relatively friendly, and we can prepare 8 TByte USB restore drive (that is encrypted) and sent to the customer's home. An alternative strategy is if you have some particularly sensitive files, like incriminating evidence of your crimes or your tax returns or a file with all of your passwords to your bank accounts, put these few files in a small encrypted file on your laptop, and EVEN IF you prepare a restore the FBI (or Backblaze, or hackers) cannot get the contents of those files. If you are under arrest -> just don't prepare a restore, and the FBI simply cannot get the contents of your files. Now, as long as you don't forget that passphrase, then years later when you actually need to prepare a restore, there is a security "window of exposure" for as little as 20 minutes ONLY IF (and when) you go to restore. You cannot recover them, Backblaze cannot recover them, the CIA or FBI cannot recover them - they are GONE. If you choose this level of security, DO NOT FORGET that passphrase because there is no possible way to "recover" it, and without it your files are GONE. For years your files are encrypted at rest where even if Backblaze is ordered by government subpoena to hand over your files Backblaze cannot comply even if we wanted to, we have no way to decrypt your files. You only provide the "passphrase' in the event of preparing a restore, and then your passphrase is never stored on disk anywhere at Backblaze, it is held in RAM. Without the passphrase your files cannot be decrypted. In this mode, your account is protected with your username, password, 2-factor like the above "security level 2", but also an ADDITIONAL "unrecoverable" passphrase that Backblaze does not know in any way, shape, or form for years. Security Level 3 - Backblaze Personal Backup with a "custom" unrecoverable private encryption key. Some things you want BACK more than you want to destroy the files in the event of a hacker breach, or if you forget your password. It errors on the side of being able to recover the data no matter what. This is a good choice for a customer who is not super overly concerned about hackers possibly getting their data, and just wants to backup a public website like (which anybody could get from the website anyway), or some photos of their wedding. If you use 2-factor (like we recommend), a hacker with your username and password will STILL not be able to gain access to your files. This particular level of security has the advantage (or disadvantage to the security sensitive) that if you forget your password, you can "recover" it through your email account. ![]() You can ALSO prepare an encrypted USB restore hard drive to be sent to your home. In this mode, all it takes to decrypt your backup is to sign into the Backblaze website with your username and password, and 2-factor verification, and you can prepare a ZIP file restore to download. In this level of security, your Online Backup is secured by your username and password, and every file is "encrypted at rest" (all the files are always encrypted when stored on disk). This is a good choice for the customers who would rather error on the side of recovering their passwords than losing all their backups. Security Level 2 - username/password/2-factor. These are totally open files for anybody to download. Backblaze B2 can serve public websites, on purpose, the way stuff that you want to go viral and share with everybody. Here are the four levels of security Backblaze offers, most of this is from this post 18 days ago I wrote. If you want zero knowledge, choose it at Backblaze! But some customers have other requirements, and you are insisting that we remove part of our product line up that is very useful to other people. If you read YOUR TOP LINK from TWO YEARS AGO I explain that Backblaze specifically offers 4 levels of security, one of which is Zero Knowledge, and we think that is a perfectly valid decision for some customers. This is not our position, and I feel it is disingenuous of you to say that. > Zero-knowledge encryption? You don’t need that. Disclaimer: I work at Backblaze so you should check up to see if what I say is true and keep me honest. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |