Backups

Breaking things safely

Listing demonstrably encrypted backup systems only, because I am not crazy. I’m only listing options where I can review the source code, because Australia has an authoritarian spyware regime known as Ass Access.

Not yet done: cross-platform local backups.

See also synchronising files.

Restic

Windows, macOS, Linux.

*Choose this if… You don’t have a compelling reason to choose something else, and don’t mind a small effort in setting up the software.

Took me a while to decide Restic was a contender because its marketing is limp. However a helpful ycombinator post explains some upsides and points out how simple it is. It’s also easy to install and minimal, which refreshes me.

Tarsnap

*Choose this if… You want to spend no effort at all on setup, but would still like a reputably paranoid service at a competitive price.

Linux, macOS, BSD etc. tarsnap is another unixy one. The client source code is public (although not open) but not the server code. Comes with a server for USD0.25/GB/month:

Tarsnap is a secure, efficient online backup service…

Tarsnap runs on UNIX-like operating systems (BSD, Linux, macOS X, Cygwin, etc)

NB all its data is stored in the USA, which is … probably ok security wise, if you trust their encryption design and server implementation and such? But also it means you can’t reduce bandwidth costs by using a local server and possibly exposes you to the wacky US legal system shutting you down if they decide to suddenly classify something you are doing as fishy.

Duplicity

*Choose this if… You want a simple no-frills backup system for macos or linux. This is the default backup system of Ubuntu and you might find yourself using it per default.

Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.

It comes with a friendly front-end called Déjà Dup. For advanced usage, try you want to use duplicity raw. There are many howtos for which are less opaque than the manual, e.g. by Daniel Hynk.

duplicati

Choose this if… You want paranoid backup that also works on Windows natively, possibly at the cost of being tedious on other platforms.

Windows, macOS, Linux.

Duplicati works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive / S3, Google Drive, box.com, Mega, hubiC and many others.

Features:

  • Backup files and folders with strong AES-256 encryption. Save space with incremental backups and data deduplication.
  • Run backups on any machine through the web-based interface or via command line interface.
  • Duplicati has a built-in scheduler and auto-updater.

The full list of backends is lengthy. Looks OK but it has hefty installation requirements, being built on .NET, and I got bored trying to install .NET on macOS so this project fizzled out.

Others I’ve seen about the place

zbackup, borgbackup, attic, obnam, arq.