 MxxCon
join:1999-11-19
Brooklyn, NY | reply to Da Geek Kid
Re: For Online Backup... I don't give a fuck about what Blackblaze does.
We are talking about CrashPlan here.
A few month ago I contacted CrashPlan support. Request #141900
I asked them:
If I setup an offsite/peer-to-peer/friend only backup and for whatever reason your servers are not available, what's going to happen to my backups? What about situation when I setup private encryption key? Michael W. of CrashPlan replied:
You would not be able to process a backup or restore without being able to communicate with the servers, we do this as a security checksum. If we were to go out of business, or discontinue the software for any reason (which is unlikely) then we would remove that requirement from the software. I asked:
So I must be able to communicate with your servers even when I do local backups/restore? I am worried about some situation during a catastrophic failure/outage that I need to recover my data without internet connectivity. His reply:
Yes, you do need a connection to the internet to backup or restore any files with the software, even if it is a local backup.
I also asked him
What functionality/tools/proof do you have that you are doing what you claim you are doing? How can I confirm to myself that you are encrypting my data only with my private key and there's nothing going on such as you don't include your own key in there? He replied:
While we do not furnish any direct "proof" you can test those scenarios on your own. If you use the data key encryption and someone tries to use the wrong key to access your data from a remote system, it will wipe the archive. I followed up:
I'm not so much worried that somebody will try to use wrong private key to access my data, but rather than you are encrypting my data with my private key and not your key to which you have access.
I'm looking for a technical analysis similar to what was done with LastPass here »blog.tinisles.com/2010/01/should···ass-com/ He did not reply.
So it's safe to assume they don't do proper security on your data, and they REQUIRE connectivity to their servers, even if you do local backup.
--
[Sig removed by Administrator: signature can not exceed 20GB] |
|
|
|
| props on that... now, with all that in mind, how do you presume, Cisco, Google and others trust them enough to use crashplan as their solution? |
|
MxxCon
join:1999-11-19
Brooklyn, NY | I question that claim that Cisco, Google and others trust them a whole company.
I wouldn't be surprised if it was just a single purchase for a single license for personal use or just for a sake of completeness of during evaluation process.
I can claim my website is "used by Google" if I see just 1 hit from Google's IP.
We don't know and they don't say specifics of how it's used at Cisco or Google. Maybe they back up their spam folders and don't care about privacy or integrity of that data. 
--
[Sig removed by Administrator: signature can not exceed 20GB] |
|
