Personal Encrypted Secure Cloud Backup - All You Need To Know

Discussion in 'Application Guides' started by InsaneNutter, Jul 9, 2017.

  1. InsaneNutter

    InsaneNutter Resident Nutter Staff Member

    Joined:
    Jun 1, 2007
    Messages:
    10,642
    Likes Received:
    2,812
    Location:
    Yorkshire, England
    cloud-backup.png

    A secure cloud backup of my documents, photos and videos is something I’ve been thinking about doing for a couple of years now, however I’ve never been able to find a solution I’m happy with, until now.

    The idea behind a cloud backup is to have a backup of my most important data somewhere other than at home.

    Think about it, if all my backups exist in one place, what happens if something bad happens at that location? i've lost everything.
    For example your PC and USB backup hard drive / NAS might get stolen, or even damaged in some sort of natural disaster like a flood.

    With this in mind I've identified what I was looking for when trying to find my ideal cloud backup solution.

    What do I want from a personal cloud backup?

    Cheap – Now i realise you generally get what you pay for, however that doesn't mean you can't be smart and get a good deal.

    I personally don’t want to pay excessive amounts of money to back my data up to the cloud, if I ever have to retrieve data from my cloud backup it’s a last resort. That doesn't mean I want to compromise on security though as i'm backing up all my digital data.

    Encrypted – I have to be the only person who can access the data I have backed up. This means it has to be encrypted before it’s uploaded to the cloud, with an encryption key that never leaves my personal device.

    Now I have nothing to hide, that said I don't feel who ever i store my data with should be able to look though it. Let's be honest with the best intentions anything connected to the internet has the potential to be hacked which is the main reason I dont think my data should be stored in a readable form on someone eases server.

    Version History – I must be able to go back and select a certain date to restore a particular file from. Lets say a file got corrupted 6 months ago and I can only restore a backup from a week ago, that’s no good as I’m restoring a corrupted file.

    Incremental Backups – I have many 100's of GB’s of data which is going to take me days to upload, after the initial upload I only want data that is new or changed to upload.

    Upload speed – I want to be able to max my upload speed out when backing up, many backup services out there limit the rate you can upload data at to a little as 1mbps. Sometimes only after you have uploaded a certain amount of data. I don't agree with that, if a service is sold as unlimited then I should be able to backup my data without restrictions. If not then set a hard limit so everyone knows where they stand.

    Backup Everything - Some personal backup providers will skip backing up certain file types, for example video, music or files over a certain size. Again I don't think that is acceptable, you should be the person who decides what to backup.

    Automated – Once setup backups need to run without any intervention from me, which to be honest every backup service out there seems to do as standard as you'd expect.

    The problem with personal backup solutions:

    Now my above desires are not hard to achieve, I could use Windows Azure, Amazon S3 or Backblaze B2 and be happy with any of these platforms. My problem is I want enterprise security and features on a home user budget. Such services are cheap from a business point of view, however from an individual’s point of view it’s not that cheap once you get a significant amount of data on there. This is not hard today with digital photos and video from good quality cameras always increasing in size.

    Encryption is a problem on consumer orientated solutions, most solutions will encrypt your data, however you won’t get any control over that encryption. Even solutions like Backblaze Personal that let you specify your own encryption key are not really any good.

    The problem with Backblaze Personal is that you are required to submit your encryption key in their website if you ever want to restore your data. After you do this the Backblaze serves goes away and decrypts the data before finally letting you download an unprotected zip file that your data… to me it seems pointless even letting users supply their own encryption key if the data has to be decrypted on their end before you can recover it.

    Upload Speed is also another issue with consumer grade services, most are sold as “Unlimited Backups” with no limits on the amount of space you can use, however try actually using that space up. I had a two week trial for Backblaze Personal, however despite tweaking the apps settings the upload rate seemed to average around 1mbps… My upload speed is not great compared to my download speed, 200mbps down and 10mbps up, however I’d expect to be able to utilize all my upload speed.

    I’m not singling Backblaze out here, this just happened to be a service that on the surface appeared to be suitable for me, however once I started using a trial I realised it had various flaws. Services like Crash Plan also suffer from extremely slow data transfers too, for both backing up and restoring data. Likewise Carbonate is supposed to throttle your data transfer speeds after a certain amount of data is backed up, with speed limits of 10 Mbps for both backups and restores. In addition Carbonate will ignore certain types of files depending on the subscription you have, which for me personally doesn't inspire confidence in the service.

    Various consumer backup solution also use a Java application to perform backups, this is another no for me. I’ve managed not to have Java installed for years, I don’t really want to install it now. To be fair to Backblaze they did listen to their customers and get rid of their Java backup client.

    Version History, Incremental Backup’s and Automated Backups are not really a problem on consumer grade services. The amount of time you can go back and download an older version of a file will vary between the services out there, however most seem to support incremental and automated backups.

    So as you can probably tell I looked at various of the most popular consumer backup solutions and found issues with most of them before even getting as far as using a trial, then the one service I did trial (Backblaze) I found to be far from perfect.


    So you have found all these problems, did you actually find a solution?

    I did!

    I found the best solution is to use a backup client that is capable of working with consumer based storage solutions, such Amazon Cloud Drive, Dropbox, Google Drive or OneDrive.

    After looking at a few different clients including Arq, Cloudberry and Duplicati I ended up choosing Arq as I felt it was the best backup client for the job, Arq wasn’t the cheapest, or the most expensive, however Arq offered everything I wanted from a backup client. Without trying to sound like an advert I really did get the impression Arq was aimed at people like myself.

    Some key features of Arq I liked were:
    • Files are encrypted before they leave your device, with an encryption key only I have access to
    • Doesn't ignore certain file types
    • Doesn’t forcibly delete old backup records
    • Backups are stored in an open, documented format.
    • Works with all popular cloud providers – Amazon Cloud Drive, Google Drive, Dropbox, One Drive
    • Also works with enterprise storage solutions including Google Nearline, Google Coldline, Amazon Glacier and Amazon S3, Backblaze B2 support is also coming soon
    • ARQ also has the ability to backup to an SFTP server or network share
    • Files can be restored to any computer
    • No speed limits on backup or restoration of files
    • Per user licence, meaning you can buy Arq once and use it on all your devices. For an extra $30 you can purchase lifetime upgrades
    • No Java - native apps for Windows and OSX are available for download
    • Files are compressed to reduce the size of data that is uploaded
    • Client-side de-duplication ensures Arq never uploads the same content twice
    • Rsync-style rolling checksum ensures only the changed parts of files are uploaded
    arq-amazon-backups.png

    Above the Arq interface, simple, however very user friendly in my opinion.

    I didn't go with Cloudberry as Cloudberry limit the data you can backup to cloud storage you are paying for. To backup more than 1TB of data you need Cloudberry Unlimate, which is £306.26 per computer. After a year to get a new version of Cloudberry Ultimate you need to pay a £57.60 maintenance fee.

    Duplicati 2 looks promising and is opensource / free, however is still classed as "experimental" which doesn't inspire confidence when it comes to reliable backups. The original Duplicati hasn't been updated since 2013. I do think once Duplicati 2 gets a stable release that could become a free viable alternative.

    Arq is $50 for an Arq 5 licence which you can use on as many computers as you own, both PC's and Mac's. For an additional $30 you can also upgrade to a lifetime licence which grants you all future upgrades for free. So for $80, around £62 you have a great backup client that you will get free future updates for, leaving you to only worry about paying for some cloud storage.

    What cloud storage did I use for Arq to backup to?


    I chose Amazon Cloud Drive (UK) as Amazon offer truly unlimited storage for £55 a year, so I can backup everything for the equivalent of £1.06 a week. Amazon Cloud Drive is based on Amazon S3 so you are getting the same reliability as you would do with Amazons enterprise offering, without the cost associated.

    In certain countries including the USA Amazon Cloud Drive is no longer unlimited, instead you will get 1TB of space. For me even 1TB would be enough at present, however it’s nice not to have to worry about storage at all. If you can get an Unlimited Amazon Cloud Drive it certainly makes sense, Google's G Suite also offers an unlimited option for around £10 a month, which would be £120 a year. You are supposed to have 5x users on the account to get unlimited space, however this is currently not enforced, see: Google's G Suite Pricing

    The best storage deal will depend on your location and the amount of data you need to backup, however with ARQ you have the option to backup over SFTP which makes dedicated servers or backing up to a friends or family members NAS in another location a possible option.

    At present im backing up my personal documents and family’s digital photos / videos. The total these files take up locally is 852 GB, however due to ARQ’s compression and client-side de-duplication the amount of data I’ve uploaded to Amazon is 667.5 GB, saving me uploading 184.5 GB!

    Pretty good to be honest:

    amazon-cloud-drive-usage.png


    What do Amazon see?


    Not much just a load of encrypted files which as useless to them. My encryption key never leaves my local machine both for backing up and restoring the files making my data useless to Amazon.

    arq-amazon-backups-3.png

    Will Amazon Care?

    No, Amazon don't care if your data is encrypted or not. Arq is approved to connect to Amazon Drive via Amazon’s API.

    Some Arq features that i like:

    I can backup multiple devices to one Amazon Cloud account, in addition Arq is licensed on a per person basis, so you only have to purchase Arq once to backup all the computers you own. It gets better, if you pay an extra $30 when purchasing Arq you can upgrade to a lifetime licence, meaning you will get future versions of rq at no additional cost.

    As you can see below if I enter the encryption key for another device I’ve backed up, I can restore the backup to a different device if required.

    arq-amazon-backups-4.png

    Its possible to enforce a certain backup size, so once your backup got to 1TB for example Arq would start removing older backup revisions to keep your data in budget, so you don’t get charged for storing additional data.

    Checks can also be run to validate your backup data for extra piece of mind, along with how often backups and watch time backups should be performed at.

    arq-amazon-backups-5.png

    From the Arq user interface it's very easy to go back in time and browse backups from a certain date or time, you can even search the backup data if desired. When browsing a backup it's also easy see which files have changed between backup revisions:

    arq-amazon-backups-2.png

    Overall im very impressed with the Arq / Amazon Cloud Drive backup combination, I’m confident my data is safe and I’m the only one who can decrypt it. I also know I have the flexibility to move to other cloud storage providers in the future if my requirements were to change. In addition I’m able to max my internet connection out both uploading my data and restoring it, something other

    I’d certainly choose Arq & Amazon Cloud Drive over Backblaze, Carbonate, Crash Plan and other popular cloud backup providers. Even for someone not that experienced with computers I would be easy enough to setup a reliable backup.
     
    Nimrod and Dark Scyth like this.
  2. Adela

    Adela New Member

    Joined:
    Aug 27, 2017
    Messages:
    2
    Likes Received:
    0
    Hello InsaneNutter and thank you so much for your explicit opinion of "clouds". I'm no computer tech at all, but I'm also looking for a place for backups that's secure and doesn't charge too much, and after reading your great article may I ask: why a combination of 2 clouds? Then maybe Arq acts like an agent offering other sites like Amazon, etc.? Following another opinion article, I took a trial with CrashPlan but...they're discontinuing the Home Plan so I'm right back looking for one. I don't know how much GB I have, is there a way for me to know it and could you, maybe, tell me how to find out?

    I already lost everything to a virus (though I had, still have, Avast) so now I don't have a lot to lose but do want to keep what little I have left. I was considering Carbonite but you and others didn't think it was that good. If I understood more clearly what's Arq (and its affiliates) about, I should consider it. I will try to see if I can understand it by going to their website.

    Thank you again for your openness and generosity in sharing what you know about this sensitive matter. :)
     
    Last edited: Aug 31, 2017
  3. InsaneNutter

    InsaneNutter Resident Nutter Staff Member

    Joined:
    Jun 1, 2007
    Messages:
    10,642
    Likes Received:
    2,812
    Location:
    Yorkshire, England
    I'm not actually using two different cloud providers.

    ARQ is the backup application that you install on your PC, ARQ then scans your files and uploads (backups) any new or changed files to Amazon, or another cloud provider of your choice.

    ARQ is used because it allows you to encrypt your files with a password of your choice. Only you know this password, meaning only you can ever recover your files. Say for example if you backup to Amazon, Amazon will be able to see and look at all your files. However because you use ARQ to encrypt the files with a password before uploading them to Amazon, that means Amazon can't look at your files because Amazon do not know the password to decrypt and view your files.

    This is why i think ARQ + Amazon, or ARQ + Google, OneDrive or any other supported cloud provider is a better solution than CrashPlan (which as you say is now discontinued) or something like Backblaze. You are in 100% control of your personal files, however they are still backed up somewhere other than on your own computer and in your own house which i think is important.
     
  4. Tangeek

    Tangeek Member

    Joined:
    Aug 17, 2017
    Messages:
    8
    Likes Received:
    0
    Location:
    Belgium
    May I add my grain of salt to this thread ? :) I'd just like to recommend two FOSS solutions that I like. I know it's not for everyone, but in case someone is interested to learn more about the free solutions available.

    EDIT : After re-lecture, I realize I sound like a salesman. I swear it's not intentional. :D Just passionate about the subject. ^^

    The solution I prefer (though is trickier to set up, I grant you that) is to pay for a VPS, not a storage out-of-the-box which is often pricier, and then use BorgBackup. I prefer it because you can use it on the command line directly (useful for automation), and it actually does full backups BUT its storage is duplicated. So you have all the benefits of an incremental backup (the following backups are crazy fast) but it uses less storage space overall (for example if you delete a file then recreate it, on an incremental solution that file gets re-written a second time, but not here) and all the archives are independent. Think about it : in an incremental solution, if by any chance one of your backup, say the one on Wednesday, gets compromised due to storage failure, *all* the following backups are lost (goodbye my backup on Friday with the week work completed). With a solution like Borg, it is true that you lost whatever sector is damaged on all archives, but you still have all the rest that came later. Which is why the method I recommend is to use a Borg repository on a personal local drive and another on a distant site. I have the same config on both, I just run the program twice and change the target.

    Another advantage is that those Borg repositories are just plain old directories on the drive. You can transfer those to whatever storage space you want, and it doesn't need a particular file system to work. Of course it's encrypted and you can keep the keyfile on your local system (though by default that keyfile is encrypted by a passphrase then stored in the repository, you have to use an option during the creation to disable that and store it locally).

    I should be explicit here : you don't have to actually buy a VPS or any server to use it. BorgBackup works as well on any USB hard drives/flashdrive/NAS/... you can think of. If you don't want to pay for anything, fine, it's understandable, but I really advice to at least backing up with a similar software on something you own.

    That said, it has a HUGE drawback : it doesn't have a GUI and there isn't an official port to Windows systems. It exists, but it's not officially supported. So I'll admit it isn't for everyone. If you want a GUI and support for Windows/Linux/Mac/Android/... I'd recommend Seafile, which can be self-hosted (or hosted manually on a VPS). It's a plain alternative to Cloudbox and the likes, but, you know, with FOSS. It's a service that runs behind a webserver, and I like it because just like borg, it actually uses a duplicated storage system, which is even shared among users if they have unencrypted libraries. There's of course a full history of the changes, and the possibility to restore a snapshot with the blink of an eye (which is then synchronized with the devices, you know how it works).

    What I do is use Seafile on my personal devices (laptops, workstation, even the smartphone) to backup everything in one place (my self-hosted server), and then I BorgBackup the shit out of it into a VPS and into a local hard drive used only for backups.

    EDIT : There's also Areca that does classic incremental/differential/full backups with metadata/delta options, compression, encryption, and so on. It has everything in the GUI and is multi-OS. I think it's perfect for the everyday user. And of course, FOSS.
     
    Last edited: Aug 31, 2017

Share This Page