As I covered in a previous post, I use an online backup service as part of my backup strategy for my laptop. When I wrote that post I was having horrible problems with Mozy and decided to evaluate other options.
After considering a number of factors I decided on Backblaze and so far it has worked exactly as promised without excessive resource and CPU usage like the old mozy client. However, the problem is that now only my laptop is protected from dataloss. I still have a linux machine (Debian) that needs to be backed up and I have been searching for a product that would allow for unlimited storage and secure backup.
Enter SpiderOak. As I mentioned in my older post, I looked at spideroak and thought it looked like a really good solution. I mean who wouldn’t like true zero knowledge privacy (unlike Mozy) and clients for Windows, Mac and Linux?
While doing some more testing tonight I realized that the SpiderOak client does not verify that you know your current password when you go to change it. What does this mean? Well, if someone steals your computer and wants access to your data on SpiderOaks servers, all they have to do is change your password and they are in. In addition to this, you don’t have to know the current password to restore files from any computer in your “network”. What does this mean? Anyone with physical access to your computer has access to everything you have backed up with SpiderOak. No thanks, until this glaring security hole is fixed I’m not going to be using SpiderOak for anything sensitive.
So what am I using to backup my Linux box? Duplicity+S3. Duplicity has it’s own issues, primarily that it requires a large number of arguments and has no graphical restore functionality, but it’s working well for me.