If someone is a less able, cognitively impaired, or perhaps very young - It would be good to see what advice HN would give them for protecting their data from ransomware, theft, or disaster.
You just have to find some tools and services that are "fire and forget."
This is what I do:
1. All my working files are in my Dropbox account (or my corporate Dropbox account). I did this initially to support working off two machines interchangeably, but the fact of the matter is that this creates an easy versioned backup of your "live" files. Nowadays, my Dropbox is fully mirrored on TWO backup computers here in my office (ie, a spare machine and an old machine).
Setup Effort: Minimal.
Ongoing Effort: Almost zero.
2. Because I use a Mac, I have Time Machine. It's glorious and can save your butt. It's the ONLY of these mechanisms I've ever had to use at scale (after a break-in and a stolen laptop). It worked flawlessly. Use it if you can. Every year or so, I get a new TM drive and archive the old one.
Setup Effort: VERY Minimal.
Ongoing Effort: Zero.
3. I also use Backblaze for offsite backup security. I happen to live on the gulf coast, so major storms are a concern, but there's probably some house-eating danger wherever YOU live.
Setup Effort: Moderate.
Ongoing Effort: Minimal.
4. Finally -- and this is the only part that needs actual action -- periodically I take a full image backup of my main machine's drive and archive it.
Setup Effort: Moderate.
Ongoing Effort: Moderate.
I keep my newest image and my last TM drive in someone else's house, too, but that MAY be paranoia.
1 - I need the client to use encryption and be open source
2 - It needs to run on linux
3 - It needs to backup files in arbitrary locations, including spanning several partitions (one NTFS, one ext3)
4 - It needs good filtering / curation capabilities
5 - Restore should have great granularity, and I should be able to browser the archive without having to unpack it all
6 - it needs to be easy to setup. I don't want to setup my own instance or mess with config files.
I've never found a tools that could do all that. One of those always fail, and sometimes the tool promise all of them, but doesn't even manage to backup. Some backup only partially, missing a files. Some backup, and don't restore. Some can only restore the all archive. Some don't encrypt. Some are close source, or only available on Mac and Linux. Some will store wrong files, and you can't them out of the backup.
It's crazy that in 2021, the state of backup sucks so much.
So have 2 backups on 2 different hard drives for all my files. One with "way back machine", the other one with a simple cp. Then I take essential files, and I put them on a usb drive.
You have a very particular list, so it's not at all surprising that you're having trouble finding something.
> It needs to run on linux
That right there is going to imply some level of knowledge from the user. Expecting a zero-config install for Linux is pushing it to begin with.
> It needs to backup files in arbitrary locations, including spanning several partitions (one NTFS, one ext3)
And
> It needs good filtering / curation capabilities
And
> it needs to be easy to setup. I don't want to setup my own instance or mess with config files.
Are pretty much mutually exclusive. If you want it to be powerful you'll need to do the work to configure it. If you don't want to do the work it's not going to meet your needs, period. No product exists that will meet all of these criteria, even for Windows. I don't think a product exists that would meet half of them, and certainly if it does it's not open source.
What you really want is rsync over SSH to a ZFS volume with encryption enabled, or some other CoW filesystem that lets you do snapshots and access them online.
If you want to get close, go buy a Synology NAS and set up a nightly rsync cron to it, then set it up to archive to AWS Glacier. That'll get you most of the way to your ideal, and it'll be done instead of perfect.
> Expecting a zero-config install for Linux is pushing it to begin with.
How so? Dropbox is zero config install for linux.
> Are pretty much mutually exclusive. If you want it to be powerful you'll need to do the work to configure it.
I never said zero config, I said easy to configure. Firefox has plenty of configuration nobs, but it's easy to configure it.
> What you really want is rsync over SSH to a ZFS volume with encryption enabled, or some other CoW filesystem that lets you do snapshots and access them online.
No because that's very complicated. I've done it in the past, and just the fact I have to manage a VPS to do so is more than what I want to do.
I've used rsync as well, it's again, too much scripting, meaning to much margin for errors.
Apple Time machine for linux is what I want, with remote capabilities.
You have Dropbox and it's no-config required. What's wrong with that? Is it that you have to configure it for it to do what you want, and you don't want to take the time to do so?
You don't want to set up a VPS, even though I mentioned nothing about one. I said to buy an appliance, same as a Time Capsule or whatever that Apple thing used to be called.
You think rsync+SSH+snapshot is complicated, but you don't know that Time Machine is exactly that, just hidden from you so if anything goes wrong it's a black box that you can't recover from.
You think rsync is too much scripting - what are you trying to do that requires scripting beyond `rsync -aP src dest`?
I use borg with rsync.net (and another host as a backup-backup). Works on linux. Backs up what I tell it to, I can mount any historical backup as a filesystem and copy stuff over. Uses encryption, is open source. You can point it to multiple backup locations for local and remote backups. Works for me. Takes about three minutes to do an incremental backup to two locations every evening.
I get that you want what you want, but I gently note that I see quite often in FOSS circles people decide they need a laundry list of things unsatisfied by the available offerings and determine the field is a mess.
You've DQ'd the majority of backup services with your first requirement. You want what you want, but realize you're doing it.
To be fair, several options do not require changing habits or behaviors once in place, and setting them up requires minimal assistance at most for the truly technically challenged.
The problem, I think, is less in finding them and more simply knowing that keeping offsite backups is important (or any backups at all for that matter).
Edit: especially given the prompt of someone who is impared, very young or otherwise 'less able' whatever that might mean to you.
Nah. The nontechnical know people like us. I hate troubleshooting other people's computers, but I will absolutely help anyone and everyone do two things whenever practical:
What effort? It runs automatically every hour. They include that they buy a new drive on which backups are written and archive the old one. Presumably they buy drives that are big enough to have a full backup and a reasonable about of space for the diffs (a drive 50% larger than the one being backed up is typically sufficient).
Since Time Machine is in addition to other backup methods, they don't need to make an effort to keep a Time Machine drive offsite.
What I meant is, you have to physically connect the drive, unless you're using a Network drive, and I wanted to know how their setup works. I tried setting up Time Machine via Network Drive once and it didn't work so well, so I'm trying to learn.
Time Machine has been the only way I've been able to get the majority of my family's devices to consistently back up. Thankfully it's a mostly-mac house. Have an always-on Debian machine which acts as a NAS. Install and configure netatalk and avahi.
Edit /etc/netatalk/afp.conf:
[Time Machine]
path = /path/to/backups
time machine = yes
And you're done. Don't lift a finger to do backups ever again.
I run a usb cable from the back of my imac to a drive hidden underneath my desk. It is effectively zero maintenance, because time machine removes old backups to make space for the new.
For laptops I would aim for a setup where the drive is connected to whatever dock solution is in place. MacOS would backup automatically while the laptop was docked.
Using Time Machine via network is the only way I have ever used it. I initially used Apple Time Capsule (RIP), and now just use a Time Machine compatible NAS.
Even with a Time Capsule, Time Machine can be annoying. I had to turn automatic backups off because for some reason every backup was hundreds of MB. It took my 2017 MBP 15-30 mins to complete each backup, which meant that 25-50% of the time my computer was on, it was backing up. This meant the fan was going and the computer slowed down.
The current TM drive is plugged into the hub on my desk.
In these COVID times, my laptop rarely leaves that desk, but even when it does there's only one cable to plug it all -- monitors, ethernet, various other peripherals, speakers, power -- into my laptop.
not OP, but yes, I backup both our Mac machines (TimeMachine) and my Linux machine (restic) to a Synology NAS that is in turn backed up to a cloud. I ended up using the Synology cloud because the setup was easy and they have a datacenter in the EU.
My advice now to family is not to rely on anything - assume you'll lose everything and dont worry about it. Concentrate on a few things that actually matter - like photos. Buy an external drive and copy all the photos to the drive. Buy a new drive every year or two and put the old one in someone else's house for safe storage.
>assume you'll lose everything and dont worry about it.
I completely reject this premise. I'm baffled why you think it's reasonable, honestly.
In backups, even for simple people, one is none and two is one. Online services are DEAD cheap, and can provide versioned backup that protects against creeping corruption and the like.
I reject that premise on functionality. I doubt anyone would be happy losing all of their financial records, photos, personal correspondence, etc.
If digital records aren't your long term secure storage, then what is? Paper printouts? With "really important" ones in a safe or safe deposit box? That is much harder to manage - for backups, organization, and retrieval - than having a digital source of truth and a few redundant backups.
And honestly once you're getting into someone "less able, cognitively impaired, or perhaps very young" to the point where they can't even manage productized cloud solutions, then they really need someone more capable that's involved in managing their (digital) life.
One thing is people are worried about losing their old mail and statements and tax returns - its actually pretty liberating to have disk crash and realize you dont need any of that.
It’s not so great when the IRS audits you. Backups are cheap insurance. Relying on luck is not a great strategy when backups are now cheap in every way imaginable.
I think Backblaze is only great if you are looking for something cheap. It is definitely that, and I am reluctant to complain about it when it backs up my 25TB home server Mac Mini for $60 per year. (Oh, it's $84 now. But whatever, still very cheap.)
But I also set up Backblaze for most of my family members, and when my dad's iMac SSD died, even though I physically visited, and even though I had 48 hours there, there was no way to recover the (meager 1TB) contents.
I had to use the pretty-trash web UI and could only select something like 25GB at a time, from a super-slow and janky web UI, and then download those files in like dinosaur-time.
It did save the day; I could get the most important files (there were like, specific ones on the desktop that my dad was mostly really concerned about).
But in my only experience of using Backblaze in actual crisis, it disappointed.
I think (though I have never verified) that their option to FedEx a hard disk would have worked, if I had had more time, and that's cool. But I was only there for a couple days, and was trying to set him up with a new Mac Mini to replace the failed iMac.
So in the end, we said fuck it, and my dad lost a bunch of his shit.
OTOH, 5 or 8 years ago (?), my laptop corrupted my iPhoto library. (Yeah, back in iPhoto time.) I happened to be on a Japanese bullet train from Osaka to Tokyo at the time (editing a Printed Book composition for a gift, and that seemed to be what irrevocably corrupted the iPhoto library). I restored the backed-up iPhoto library (maybe 250GB back then, a tenth of what it is today) to my home Mac and it was restored by the time I got home from the 2.5 hour train ride.
But it also cost me something like $180, because I had Arq configured to use AWS Glacier storage, which (at least back then — does it even still exist?) was cheap to put data into and very expensive to get data out of quickly. (IIRC Arq even paused automatically, to avoid this, but I pressed the Continue button.)
(Developer behind Arq here) Nowadays many folks have lots of free cloud space in Google Drive/Dropbox/OneDrive and use Arq to store their versioned encrypted backups there, which makes restoring/downloading free.
I think you're making unfair criticisms of Backblaze due to your specific situation. Backblaze offers two primary restore options; one through the GUI and the other by sending you a hard disk in the mail. The GUI isn't really meant for restoring a whole hard drive; it's designed more for file level restores. Your father has a slow internet connection (as you mentioned below), and that makes the GUI even more difficult to use. You should have had Backblaze ship you a drive with his data. It might not arrive as fast as you'd like, but at least you'd have the data.
For large amounts of data over a slow internet connection, the overnight shipping option is the best choice. Using the web ui to get individual files for individual recoveries works, but it doesn't really help if you want to do some giant recovery (as you found out).
That's an interesting anecdote about Backblaze, with restoring being such a pain. But could you not have continued downloading 25GB chunks remotely, until everything had been transferred? It seems like you'd only give up if you didn't really care about the rest of the files.
Yes, we almost certainly could have. But it would have been a process that stretched out over many days. So in the end we did give up — the files weren't worth the hassle. But the hassle was considerable.
Yeah, I agree, and even would have done so in this case (despite the files not being that "important") but it wouldn't have arrived in time.
While I wouldn't say my dad's "not smart" like the title of this thread, he is 70 or whatever, and not technical, and would probably not be able to convert a fedexed HDD from his old iMac to a working setup on his new Mac Mini.
I don't know how your relationship is, but when I was in your position, I set up a remote access solution. For me it was tinc+ssh, but I'm sure there are many equivalent solutions in GUI land that will let you login remotely.
It's easy to talk someone through physically plugging in a hard drive, and then you can do the copying yourself.
This of course relies on your dad not expecting his computer to be private from you, but I doubt there are many people who aren't technically engaged but expect the utmost in digital privacy.
No, he is fine with me having remote access, it's just that he lives in USA and the internet there is so bad (not everywhere, but where he lives there was only AT&T 2.5Mbps DSL and "12Mbps" (it wasn't) Comcast.
So the remote option technically did exist, and if my dad was gonna die or something if we didn't recover those files, I could have done it. But there was like 20-30 second menu latency with remote access (partly Apple's fault, the Windows machine is 5x better with the same connection, but it seems macOS can't forego its stupid animations no matter what).
I didn't mean to continue pushing you on why you didn't restore the backups, just making a general suggestion. As technical people we've got this tendency to think that we can set up systems for people to take care of themselves and then walk away. And that's great, but sometimes you just have to stay fully involved and take things over.
On the technical side, it's probably because RDP is well optimized. There has got to be something for Mac that works similarly well, but I can't give you any pointers. I was dealing with DSL as well (6M/384k), so ssh was an advantage.
Also, although I recently moved off of Mac to Linux for most desktop computing, I think I tried every single remote desktop solution for macOS over those years.
The best thing I ever found (in terms of being able to remote desktop into a 5K display and have usable latency and at least eventually show the screen at full resolution) was AnyDesk.
For my last year on the Mac, that is what I recommended for remote desktop. (It does work on Linux too, but on Linux I find xrdp works fine, just like on Windows.)
One tip: If you are connecting from macOS, using Microsoft Remote Desktop, that app crashes with 6K and 8K screen sizes. But there is an app called Royal TSX which can be an RDP client, and it handles those resolutions fine.
I almost went with Backblaze, but there does not appear to be a way to restore an encrypted backup without having the decryption take place on their servers [1]:
> When you request a data restore, we do what is known as a cloud restore. This simplifies the data restoration process. For example, let’s assume your hard drive crashes and you get a new hard drive or even a new computer. To restore your data you first log in to Backblaze using a web browser by providing your Backblaze account information (email address and password). Once you have logged in to the Backblaze secure web interface you can request a restore of your data. You do not have to install Backblaze to get your data back. To make this work, we decrypt your data on our secure restore servers and we then zip it and send it over an encrypted SSL connection to your computer. Once it arrives on your computer, you can unzip it and you have your data back.
That's if you are just using the default setup, which encrypts using a private key that Backblaze generates and manages.
You can optionally protect the private key with a passphrase. If you do that, restore changes:
> The data restoration process is a cloud restore, similar to the process previously described but with a few differences. To decrypt your data, you are required to enter your passphrase on our secure website. When you do so, it is passed over an encrypted connection to our datacenter where it is used to decrypt your private key, which in turn is used to decrypt your data. Your passphrase is never saved on disk and it is discarded once it is used. As before, once we decrypt your data on our secure restore servers we then zip it and send it over an encrypted SSL connection to your computer. Once it arrives on your computer, you can unzip it and you have your data back.
Instead, I decided to buy Arq and use a generic cloud storage service instead of a backup service. I was going to go with Backblaze's B2 for that but then realized that (1) I had 1 TB of OneDrive as part of my Office 365 subscription which had almost nothing on it, (2) OneDrive has an API allowing its use as a generic cloud storage service, and (3) Arq supports that API.
I've now got 3 years worth of backups of my 1 TB iMac on OneDrive, using about half of my 1 TB of OneDrive storage.
I almost went with Backblaze, but there does not appear to be a way to restore an encrypted backup without having the decryption take place on their servers [1]:
So encrypt it yourself before they encrypt it for storage.
I may have been unclear. I'm talking about Backblaze's personal backup product/service, not their generic cloud storage service (B2).
With the former you install some of their software on your computer. That software reads your files, encrypts them with the key Backblaze generated for you, and stores them on their servers.
The Backblaze software sees the same data that applications on your computer see. It is hard to see a reasonable way to impose your own encryption there in a way that would make Backblaze's software see the encrypted data.
If you are using a whole disk encryption system or whole partition encryption system, applications on your computer (including Backblaze's) see unencrypted data.
You could do file level encryption yourself with GPG or age or similar, but that would generally be in enormous pain in the ass because every time you wanted to use a file you'd need to decrypt it and if you modified it re-encrypt it. (And when you decrypt a file to use it you'd have to be careful that an incremental backup doesn't happen while you have the file decrypted).
I suppose you could get a drive specifically for local backup, use local backup software to maintain an encrypted backup on that drive, and use Backblaze's personal backup service to back up just your backup drive.
Personally I've never had an issue just using encrypted containers but I'd be interested in a solution that behaved like Windows EFS while letting you define a blacklist of programs that aren't allowed to see the decrypted file content.
Why is that? Is there a history of losing photos from Google or iCloud? Buying a flash drive every year means you don't have a backup between the time you take the photo and your next flash drive, and if your risk profile is dropping your phone down the toilet, that sounds like a bad idea to me.
edit: leaving my original comment but I realise that the parent called for buying a new drive every year, not just backing up every year - my bad. That said, with this approach you still need to track where your backups are and when they were last backed up. That's definitely going to be more error prone than an automated system.
That is an alternative. However like you say, Google or iCloud - once you've decided its very difficult to change. Also I think most people aren't used to paying for cloud services like photo storage. I'm not sure what happens if you miss a few payments - do you lose your photos? If you die can anyone else get access? Maybe younger generations are more used to that.
Incidentally Google Cloud has lost some of my photos.
> once you've decided its very difficult to change.
Can't speak for iCloud, but getting your data out of Google is pretty straightforward - it's well documented at [0]. How often do you want to do this though?
> I'm not sure what happens if you miss a few payments - do you lose your photos?
A quick google answers this question [1], if you stop paying and ignore the messages for 2 years your data _may_ be deleted.
> If you die can anyone else get access?
Again, a quick google says yes, if you set it up [2].
> Incidentally Google Cloud has lost some of my photos.
What do you mean by this? Google cloud or Google Photos? I would love to hear more about google photos losing data, I've _never_ heard of it (yet I have witnessed bit rot on physical media, or flash drives just getting lost).
I should say that the advice is not just for the cognitively impaired but also regular people, and even smart, technically adept people.
As an analogy, you might be the greatest surgeon in the world but you may still want to ask a nutritionist to help you make sense of the varying, contradictory studies that come in.
The problem you have identified also effects the cognitively overwhelmed which is all of us.
What do folks use to ensure integrity? I messed around with CRC32 in the filename for a while, but that's a pain to keep up with. Lots of fiddly custom scripts involved. It's dead-simple if everything is on ZFS all the time, of course, but if you want to ensure that files haven't been damaged after 20 copies across as many drives and "cloud" services, ideally without having to drag two or more other copies out of wherever they're stored, what's the solution? Some formats (Flac, I think) embed a hash in the metadata, but most don't. Hell, I've considered putting everything in IPFS just so I get consistency hashing across all filesystems "for free".
More generally, I guess the problem is that there's a lot of pain and duplicated effort all over the place due to there still not being a really good, well-supported, cross-FS and cross-OS file metadata scheme.
I steer people who don't know technology to Apple and mac. Enabling and paying for iCloud backup is probably the easiest. We're basically to the point where you can throw your phone off the bridge, walk into the Apple Store, log into a new phone and be back where you started. For a laptop I like the ease of the Time Capsule and time machine.
More broadly I think this speaks to the power of defaults. I recently had a family member lose everything (house fire) including all of his iDevices. He thought he'd lost the photos on them - he didn't even know he had iCloud backups - but as soon as we got a new device on his account, there they were.
Syncthing helps prevent against theft and disaster. Syncthing with an offline backup policy helps mitigate against ransomware, but unfortunately any policy that moves bits from one place to another allows an attack vector for malicious bits to infect the target device to which bits are being transferred.
I personally found Syncthing too complex, unpolished and confusing to be worth it, and I am an experienced software engineer in my 30s. And you’re recommending it for people who are “cognitively impaired, less able” etc? Absolutely silly.
Are you serious? Syncthing's setup comprises of quite literally two steps:
- getting both devices on the same network
- scan the QR code on one device with another
After that, I've also found that it "just works" on the level of Dropbox or Google Drive. Honestly, I've had more problems trying to get iCloud or OneDrive to work as WebDAV.
Absolutely serious. I’m puzzled by your assertion that it’s easy. I guess you were lucky and it just worked. It didn’t for me - files started getting duplicated and corrupted in weird ways. The completely awful UI made it really confusing trying to figure out what was going on, and there was no support. It’s clearly a tool for power users and enthusiasts. I went back to Dropbox because I wanted something that just works.
> The .stignore file itself will never be synced to other devices, although it can #include files that are synchronized between devices.
So you might have a synced work folder, where some large but unimportant throwaway files will be created on Host A, you exclude them to avoid having them replicated when syncing to your Host B (and C, D, E, ...). But then, ignore rules don't sync so... surprise! those throwaway files when generated in the other Hosts will show up in A and everywhere else.
Am I being too unreasonable here? Yes, you can sync a common ignore file and #include that everywhere. But the idealistic way I see computing, that's a totally superfluous step that users should not even have to worry about doing. The kind of subtle technical detail that makes me agree with the phrase "too complex, unpolished and confusing".
Still, I use Syncthing every day. I think it's great. But I'm a developer and Git taught me ways about the logic and behavior of writing ignore files; it's not an apt solution for "less able, cognitively impaired, or perhaps very young" people.
The issue seems to be recognized [1]. But what can I say? the improvement proposal was outlined in 2015 and it's still unresolved 6 years later [2]. I wouldn't hope that it will get much more approachable for less technical people anytime soon.
I actually didn't know about this, nor largely about ignore functionality. Thank you for the write-up, it definitely gives me more appreciation for what the previous contributor meant.
I'm not sure what your experience was or how long ago, but syncthing is one of very few programs I've ever had 'just work,' like absolute magic. sudo pacman -S syncthing, syncthing was all it took to stand it up, followed by extremely minimal in-app setup that was no more complex than working a modern music player. It keeps everything synced across my PCs and my mobile without any intervention on my part.
Old school: get an external SSD, drag and drop files.
New school: get a Macbook and an iPhone and use iCloud.
For programmers: Make an auto-backup script to an S3 bucket for very cheap storage, backing up only what you want (e.g. adding a flag to ignore node_modules when backing up your computer).
Configure cron jobs to run automatically so they dont have to do anything on their end. Even if you're on a mobile device, you can install a terminal emulator and run rclone there.
Im a professional tattoo artist and and I've been collecting pictures data in particular pretty extensively for over a decade... I have roughly 2tb cloud storage on each cloud service.. One drive and Google drive. Photos and videos and various graphic file extensions like.. Psd .Tiff .Actn etc... I've grown a bit professionally and so now instead of just dumping new art and photos of my tattoos and marketing graphics etc... I'm in desperate need of spring cleaning I plan to metatag all photos running them all through lighten cataloging them all and maintain upkeep moving forward from there. As you know both these services are as useless as tits on a bull, but it is what it is I have to work with one or the other or both.
Folder to Folder transfers need to be fast or this is going to be impossible ... Should I do all moving around if files folders etc. On an external HD? then re upload? And please for the love of God someone tell me that there is a tool service or software or poor unfortunate slave out there that can be used to automatically Catagorize photos... One that optically, can analyze each one and determine if it's a photo of a tattoo on a person's body, differentiating from photos of graphics, artwork, objects... Etc. Please help!! my poor habbits have ruined my digital existence.... MUST LIVE AGAIN!!
I will go on a limb and say: buy them an iPhone and a Macbook and teach them how to use iCloud for backups. For cognitively imparied people you cannot do much better than that.
Encrypted Time Machine on Mac OS is a good start. By no means a perfect solution, but it's free if you have an external drive (even an older one). If the drive is clean, the setup process will take under 5 minutes. I just run it once a month, putting an event in calendar to remind me to do the next.
If money isn't an issue, BackBlaze's options are interesting. Check out Arq backup too. Once you get either Backblaze or Arq backup, you can backup your backup drive of time machine images. Not terribly efficient, sure, but again, doesn't really require too much configuration. Minimizing friction for each step and trying to automate them are the best paths to success.
If this is a mobile device, iCloud for photos is a good enough options for most people. Yeah, apple's gonna scan, but so is Google Photos, or any other service that uploads images to the internet.
I really wish apple would do an E2EE time machine to the cloud one day! That would really unlock backups for a lot more less technical people.
Supposedly part of the on-device CSAM stuff was so they could do End to end encryption on iCloud backups. I get why people were upset about it, but I worry it comes at the cost of that E2EE feature.
This is what I do for our family computer. All our photos and videos are on the family computer, it continuously backs up to backblaze with forever history and we push all our photos and videos to Google Photos, too.
We print the photos we really like and put them in albums. If our house burns down and we lose the albums and computer, we still have Google Photos and backblaze. If either Google or backblaze end their relationship with us, we still have our local copies and albums (and the other service).
We do pay for Google storage and for backblaze, but I think it comes out to around $12/month.
- Data is abused (somebody uses it against you in some way)
Disaster destroys, theft & ransomware destroys and/or abuses your data
Security against "abusing your data" is afaik: encrypting your data, using different passwords, never trust a link in an email (allways use the links you commonly use). BUT: this is difficult and unlikely done even by a average user.
Security against losing data is: backup or sync : backup is done best to my knowledge in apple devices. it also features sync. othervise i'd recommend dropbox, it can also recover some of the data you accidentially delete.
printing things is also still a good backup of important data
It depends so much on the devices. The easiest option is going to be the one that's built into the device/OS/etc. That's not maybe a very useful answer, but there you have it.
This is how I do it and my work does too, with Druva. You don't have to think about a single thing except telling it if you store files in weird places. Could not be simpler.
With web applications, this question is significantly harder to answer.
Assuming they're using files on a desktop computer, find a magic backup or sync product. They all have pros and cons.
I used to develop Syncplicity. It could backup "My Documents" and "Desktop" automatically, but you still had to manually add folders outside of those defaults. It was useful for a "magic backup" of things that could upload and download easily; but it wasn't going to just snapshot an entire computer.
If you want to snapshot an entire computer, a lot of posts in the thread recommend Time Machine for Mac. Just understand the tradeoffs: Do you want to snapshot the entire computer, but you don't care about "cloud" features? Do you want "cloud" features like sharing, backup even when you're not home, but you don't care about restoring a computer to an exact point in time?
> hook up to computer via spare USB port on the back
> set up automatic backups
> done!
It's my go-to for "not techie" parents and grandparents and never failed me with less than 10 minutes of active work. Pretty easy to migrate into new computers too.
(1)I distrust anything connected to the cloud more than I do stuff I can own.
General idea should be to treat the computer as a dispensable unit, kind of local cache of primary data which is remote. It is backwards, but this entrusts the "data" into more able and knowledgeable care.
As an example, look no further as mobile/smartphone etc. platforms. The locally acquired data is automatically transferred to some online cloud. All needed for that is a steady and fast internet and suffucient quotas.
Should the disaster hit, at least the bulk of "data" would be duplicated in the cloud(s). Assuming the cloud providers are mainstream, chances are the data could be retrievable from the new/repaired computer.
All comes down to the definition and the value of the "data".
Also, makes sense to have a practical way to keep an inventory of the installed and used applications and obviously the accounts/passwords.
Time Machine is among the easiest backup solutions I've ever used. Just enable it, point at a USB hard drive or compatible network share, and it just works. Restoring files or rolling back the state of the whole machine takes just a few clicks. Of course, if the backup media is in the same location as your mac, it's susceptible to theft, fire, etc. And you need to be using macOS.
If you just want to keep files and don't care about your OS, most cloud providers desktop clients work fine - Dropbox, Google Drive, OneDrive, etc. And they have the added bonus of keeping things in sync across multiple machines, which allows for working across multiple devices, and also each instance is another backup of your files (provided it's set to actually download synced files immediatley, rather than on-demand, as OneDrive defaults to).
I have more experience with OneDrive than other providers, since I use it for work.
Pros:
- Two-stage recycle bin. If you delete a file, it goes in a recycle bin. If you delete it from there as well, it goes into another recyle bin & can still be restored.
- Can sync your Documents, Pictures and Desktop folders in addition to the OneDrive folder, at least on Windows.
Cons:
- Doesn't handle large numbers of files well. Syncing 1000+ 500KB files can take the better part of a day.
- Only downloads to the local machine on demand by default (but you can change this).
As a set-and-forget solution with a little more setup effort, a commercial NAS (think Synology, QNAP, etc) & their software for backing up your PC should work well. Many NAS's have a feature to back up your NAS (or a portion of your data) to a friends NAS - and they can back up their data on yours. Buy one for youself and your parents/grandparents, and then you all have offsite backups for the family photos. LTT has a good demo of this, https://www.youtube.com/watch?v=mpxBmxj5mP0
I think there is a minimum level of computer proficiency needed to utilise a backup solution. So many people don't understand the concept of files and folders, or a filesystem, and I imagine the managing backups would be a stretch for them, unless they spent some time learning about these concepts. If a university student can't understand that their work is saved in a folder and not in Word, they're going to have a hell of a time trying to use OneDrive.
To the people recommending iCloud. I don't think that iCloud should be considered a backup. You can far too easily delete stuff from your phone that also gets deleted from iCloud when you do. For people not prepared for this, they will have just lost something important.
If your most important of important files don't exceed 2GB then a Dropbox free account is a no-brainer.
If you have important files that are roughly ~100GB, Google Drive is only EUR 20 per year to upgrade from their 15Gb free tier to their 100GB offering. Again, a no-brainer.
If you're concerned about the privacy of your files on cloud services, then use Cryptomator[0].
Cryptomator is for more advanced users and you need to read the DOCs before using it. Personally though, I found the interface intuitive and I don't consider myself that smart (depending on your definition of that term).
I just go off backblaze and gut feeling. Basically I have backblaze backup my data daily, if theres anything I really want to make sure is safe, I back that up elsewhere, and if its something I REALLY want to make sure is safe, I'll also put it on a local disk. If I ever got to the point where I REALLY REALLY want to make sure its safe, I'd probably try to keep a local version in someone elses house, but it hasn't come to that yet.
I know many here will say thats being negligent or whatever, I don't really care too much, I'd rather just get on with my life than jump through a load of hoops for data that I'm not too fussed about losing.
We have a high-end NAS and all devices (laptops, desktops, tablets and phones) back up to that. That NAS then backs up to the cloud overnight, every night. We're also getting a second NAS which will do an offsite mirror of the first in a remote location.
Setting this up is simple: the NAS manufacturer has an app for every OS. Install it on each device and follow the instructions. It's similarly simple to set up the cloud backup; just open the app on the NAS and enter the cloud storage credentials (it works with almost every provider).
I shelled out >600€ for a Qnap and good disks, but I never managed to make it "just work", not even for simple backup of data from two phones. Maybe its a me-issue or a Qnap-issue but this really turned me off NAS.
Right now I just have Dropbox, but soon I plan to get a NAS and just have it sync to Dropbox. That way I get the convience of Dropbox while also still having a backup if Dropbox fails.
No matter what advice you ever see (even good ones) — the weakest security point of failure is always a human being.
As a simple advice for protecting files from hard drive breakdown:
1. buy mac and use built-in timemachine backup (can be encrypted). Works like a charm, nothing to think about, nothing to worry (except keeping your backup drive in safe place).
2. sync important files to cloud (dropbox, googledrive whatever). But be aware that this way you create additional door to steal your data.
Configure a peripheral to be recognized as both keyboard and storage device e.g. a PiZero with https://github.com/darrylburke/RaspberryPiZero_HID_MultiTool and have it copy data to its SD by injecting a bunch of keystrokes, low effort and cheap (and fun?) Just tell your digibete friends to plug it and store the SD, they can pass it on to each other
If you don't care about privacy and allowing some company holding it, just use free services like Google Photos or Dropbox, any cloud storage would be fine.
Preferably they won’t be using devices vulnerable to ransomware. So have them run a tablet with iPadOS or Android. But make sure it’s from a manufacturer that quickly provides security patches (Apple, Google Pixel, etc). Then if you can lock the device down to child safety mode and combine it with corporate security settings. Then enable iCloud backup (or whatever the Android equivalent is.)
And then after 4 years of backing up (and paying) you find out that BackBlaze silently changed their password requirements and you can no longer log in. Happened to me, lost 2 TB of backed family photos. Their response: "you remember your password wrong". Fortunately I had backups on secondary external drives as well.
My password was correct but included accented characters. They changed the acceptable characters silently in their clients sometime later. After my backing machine finally crashed I was not able to log in again. Unfortunately the support guys were not able to do anything about it.
Any more ideas for Android?
I find it more and more complicated to back up my personal data from Android without having to upload everything to Google.
The absolute simplest option that i can think of: have a few large HDDs or SSDs that you connect to your device with an USB enclosure and copy over all of your data.
It's also reasonably simple to automate that process with something like cron and rsync. If it's not possible to automate that process, or it's too cumbersome, then just do it manually and keep a log somewhere.
Example:
2021.10.01 - copied over /home and /data to HDD1
2021.09.01 - copied over /home and /data to HDD3
2021.08.01 - copied over /home and /data to HDD2
2021.07.01 - copied over /home and /data to HDD1
2021.06.01 - copied over /home and /data to HDD3
2021.05.01 - copied over /home and /data to HDD2
...
Pros:
+ doesn't take any advanced knowledge of software, software packages, or even require a specific OS
+ the backups are just files that you can view and copy just like you would with any other disk
+ if the devices have cloud storage clients installed, you can transparently also back up those
Cons:
- somewhat tedious, especially if you don't set up a calendar reminder on your phone or something
- if you want redundant backups (say, on HDD1, HDD2, HDD3), then you'll need to copy the files multiple times
- all of your backups are probably in one place with this approach
If a slightly more complex solution is okay, then you might use some of the software that's out there, built with the purpose of automating backups. Some of the solutions are paid, others are free, but the general idea is the same - you set up some directories which you'd like to backup, you set a schedule and perhaps some rules on what to back up and how and let the software run whenever.
Example:
https://bvckup2.com/
https://bvckup.com/
Pros:
+ allows automating backups, so human error is less of a factor
+ minimizes complexity as the amount of data that you need (or the count of locations) to backup increases
Cons:
- depends on the platform, each OS will have their own pieces of software for something like this
- still not networked, unless you use a NAS or something similar (which you might consider at this point)
OPTION #3 - A SERVER FOR BACKUPS, OVER THE NETWORK
Now, this is a bit more complicated, but since any regular computer can become a server and since HDDs are pretty cheap anyways, spending a few days setting up a backup solution can sometimes be worth it, if the people can spend some time following guides or reading the documentation.
Essentially, you'd set up your own server, with an OS of your choice (personally i'd suggest Debian or Ubuntu LTS) and would install some software package, that could connect to the devices that you'd like to back up and would pull data from them at a set schedule. Alterting options are also available should anything go wrong.
Example:
https://backuppc.github.io/backuppc/
Pros:
+ this can be a proper networked solution, which allows you to host it anywhere, away from your physical location
+ there can be some pretty useful deduplication functionality built into the software, as well as support for various connection methods
+ this can also give life to your old electronics, as opposed to contributing to e-waste
Cons:
- if the backups work with a "pull" model, you'll need to configure access to all of the devices that you'd like to connect to, which can be troublesome
- furthermore, depending on how all of this is set up, security becomes more of a concern, as it is with any networked solution
- at this point, you're basically maintaining a server of your own
ADDITIONAL THOUGHTS
There are more complicated setups out there, such as file systems with snapshotting, RAID to avoid individual disk failures, storage pools etc., which may or may not be worth it, based on the complexity vs the benefit that they provide.
NAS solutions and cloud solutions for storage can also be explored, as long as security isn't forgotten about - for most people, both of those can be good options and can be combined with any of the alternatives.
Integrity is surprisingly hard to get right and as long as you have multiple backups of the same files over time, it's not always worth it to worry about it too much. Ideally, check the files that matter to you in the backups manually, like whether your master's thesis was backed up correctly.
Version control systems are also surprisingly nice for smaller files, like the aforementioned thesis - with something like GitLab and the aforementioned server backups, that introduces more redundancy and versioning in the mix, with tools that most developers will be familiar with.
Restoring backups is important, yet not often considered much. If you use something like BackupPC, you absolutely need to test whether you can properly download or restore the files that you've backed up into it, otherwise it's useless.
Lastly, you should remember the 3-2-1 rule of backups:
> The 3-2-1 rule can aid in the backup process. It states that there should be at least 3 copies of the data, stored on 2 different types of storage media, and one copy should be kept offsite, in a remote location.
In my experience, that's why file/archive based solutions are perhaps the best option, because they're easy to carry over to other storage mediums.
Not only that, but the above options actually combine with one another rather nicely. Right now, i use manual backups of the data that matters to me on my phone (connect through USB, transfer files monthly), use the backup software to automatically propagate my files across multiple drives, then use BackupPC to pull my files to a backup server, which also has multiple mirrored drives that incrementally synchronize with rsync and cron. Then i also use a few Nextcloud instances which copy my local files to my own VPSes, which coincidentally are also pulled down by BackupPC. And then i also copy some of my keychains and other important files on local storage mediums - SD cards or memory sticks, as well as encrypted containers on almost every device that i use (VeraCrypt). In my eyes, the simplest solutions that don't require specialized hardware are perhaps the best ones.
Thus, my risk analysis looks like this:
- if one of my HDDs/SSDs fail, i can pull a backup off of the spare drive
- if one of my devices fail (power surge etc.), i can pull a backup off of my backup server
- if my backup server fails (power surge etc.), i still have the most important data in Nextcloud, on my cloud VPSes
- if my cloud VPSes fail (banned etc.), i still have the data in various SD cards strewn around the place (as long as i can get VeraCrypt or KeePass working somehwere)
- if my cloud VPSes fail (banned etc.) and all of my local devices fail and my SD cards fail (house burns down etc.), i still have the cached Nextcloud data and encrypted stuff on my smartphone, which i keep with myself
And it's also possible to plan further contingencies, if needed:
- if all of the above were to fail, then it'd also be possible to just give a third party (trusted person) backed up drives every now and then
- if no such party is available, then it's possible to just upload encrypted backups to all of the cloud providers that you know of, for redundancy
- if all of the cloud providers have also failed, then you probably have bigger problems and backups are no longer relevant
You just have to find some tools and services that are "fire and forget."
This is what I do:
1. All my working files are in my Dropbox account (or my corporate Dropbox account). I did this initially to support working off two machines interchangeably, but the fact of the matter is that this creates an easy versioned backup of your "live" files. Nowadays, my Dropbox is fully mirrored on TWO backup computers here in my office (ie, a spare machine and an old machine).
Setup Effort: Minimal. Ongoing Effort: Almost zero.
2. Because I use a Mac, I have Time Machine. It's glorious and can save your butt. It's the ONLY of these mechanisms I've ever had to use at scale (after a break-in and a stolen laptop). It worked flawlessly. Use it if you can. Every year or so, I get a new TM drive and archive the old one.
Setup Effort: VERY Minimal. Ongoing Effort: Zero.
3. I also use Backblaze for offsite backup security. I happen to live on the gulf coast, so major storms are a concern, but there's probably some house-eating danger wherever YOU live.
Setup Effort: Moderate. Ongoing Effort: Minimal.
4. Finally -- and this is the only part that needs actual action -- periodically I take a full image backup of my main machine's drive and archive it.
Setup Effort: Moderate. Ongoing Effort: Moderate.
I keep my newest image and my last TM drive in someone else's house, too, but that MAY be paranoia.