The New Oil

The New Oil logo
Protection: Backups

Protection: Backups

Backups are critical since devices regularly fail, break, or get stolen, lost, or corrupted. To develop good backup habits, first you need to decide how much space you need. This comes in three parts: size, frequency, and range of backups.

  • Size: If you’re only worried about backing up important text files and financial documents, the size will likely be small. If you’ll be backing up videos and images, you’ll want something more in the hundreds of gigabytes or few terabytes range.
  • Frequency: In corporate environments, backups are often performed daily or multiple times per day. At home, once a week or even less may be appropriate. It’s up to you. Keep backups often enough that if your computer crashed right before the next backup, it wouldn’t be a crippling loss, but not so often that it’s disruptive to your routines.
  • Range: In a business environment, you may be required to keep certian records for a set period of time, up to 10 years or more in some industries. At home, this is once again personal preference. Do you want at least 6 months worth of backups? 12? More?

Even if your one-time backup is small, keeping frequent copies can add up quickly. I recommend creating your first backup file or folder, looking at the size, then use that information to calculate how much storage space you need based on your desired backup frequency and range.

Generally speaking, manual backups are frowned upon. It’s far too easy to forget to do them. It is recommended you use some kind of automated backup software when possible. Windows and Mac have features that allow you to automate the backup process including frequency, which files to include, and where to store them. If you decide to manually handle your backups for any reason, be sure to set effective recurring reminders so you don’t forget.

Finally, test your backups. In the IT industry, there’s a saying: if you haven’t tested your backups, you don’t have backups. After first adopting your backup strategy, test out a recovery to ensure you understand how it works and that you did both the backup and recovery correctly. Do a test recovery every so often to ensure that nothing has changed or become corrupted. Nothing is worse than suffering a data loss and finding out that you weren’t backing up what you thought you were or that the restoration process is more confusing than you expected and you did it wrong.

Note: Be sure to encrypt your backup devices - local or offsite - using the instructions in the previous section.

The 3-2-1 Rule

The 3-2-1 Rule is a guideline for considering how to organize your backups effectively. It states that you should have 3 copies of your data - 2 backups plus your live (daily in-use) copy. You should have 2 separate formats for your backups - such as an external hard drive and a DVD. Finally, you should have 1 of those copies offsite, such as in the cloud or at a friend’s house in case of physical damage or disaster at your location. I strongly recommending encrypting all your backups (and other devices), especially your remote copies. Whether it’s a close friend or a cloud provider, you’re entrusting a lot of sensitive data to that location. Perhaps your friend is trustworthy, but someone who comes over and accidentally finds your backup isn’t. In the next section, I’ll discuss some privacy-friendly cloud options.

Privacy-Respecting Cloud Backups

Generally speaking, I advise against using Google Drive, Dropbox, iCloud, or similar services, primarly because they are not zero-knowledge. The exception here is iCloud. As of 2023, iCloud can be optionally encrypted in a zero-knowledge format by enabling the Advanced Data Protection option under Settings > Account (your name at the top of the Settings menu) > iCloud > Advanced Data Protection. Be aware that this does not encrypt everything. You can get more information here. If you must use iCloud, I would consider enabling this a requirement. If you must use one of the other mainstream providers, see below.

Nextcloud logo

If you decide that your offsite backup solution should involve a cloud service for any reason, there are several secure and private cloud backup solutions. The best-case scenario is to self-host a Nextcloud server so you have complete and total control of the data on a trusted, open source platform. Nextcloud is a fully-featured office suite complete with storage, online document editing, calendars, to-do lists, and many, many more features via third-party plugins. However, this can be unrealistic to many for a number of reasons, so one option is to select a provider. (Please note that Nextcloud essentially cannot be zero-knowledge at this time. Make sure you trust the provider or use Cryptomator (discussed below) for added protection.) If this option doesn’t meet your needs, I have selected several suggestions below.

Listed in alphabetical order, not order of recommendation

  • Includes text chat feature with other users

  • Includes notes

  • Not audited

  • Not available in F-Droid

  • Concerns have been raised about their encryption implementation

  • Includes text, audio, and video chat feature with other users

  • Not audited

  • Not available in F-Droid

  • Research suggests that Mega’s code is very sloppy and convoluted, raising the risk of vulnerabilities

  • Mega is alleged to have been involved in drafting anti-privacy legislation in the EU (unproven)

  • Includes ecosystem (VPN, Mail, calendar, password manager)

  • Recently audited

  • Apps only for Android, iOS, Mac, & Windows. Web-only on Linux

  • Storage is shared with your email account

  • Not available in F-Droid

Click here to see my criteria for selecting these services

Mainstream Cloud Providers

Cryptomator logo

If none of these options work for you - or if you would like to add an additional layer of security to one of the options suggested above - then I recommend using Cryptomator. Cryptomator is an open source tool that allows you to easily create an encrypted vault in your cloud storage folder to be synced to other devices. Cryptomator is free to use on desktop, but requires a one-time license key to use on iOS or Android (the license is not transferrable between operating systems, so if you moved from iOS to Android, for example, you would need to purchase a new license). Despite the cost and the fact that other methods exist of acheiving the same result, Cryptomator is my main recommendation for this particular use-case (creating an encrypted vault within your cloud storage to be synced across devices) because of the ease of use and Cryptomator’s longstanding reputation.

iCloud’s Advanced Data Protection Program

With the rollout of Apple’s Advanced Data Protection program, there are certainly those will ask if that’s an acceptable cloud storage solution. The short answer is “probably but I’m not a fan.” First of, the Advanced Data Protection program is proprietary, meaning that there is very little transparency into the security or implementation of the security. While I personally don’t believe that Apple would intentionally insert backdoors into the program, we have seen time and time again that big, complicated code like that can easily contain bugs, vulnerabilities, and other opportunities for improvement. Closing off the source code means it will take longer for those to be found and fixed, and in the meantime bad guys might find and exploit them. Furthermore, the Advanced Data Protection program locks you into the Apple ecosystem, which makes it harder for you to take your data to a new platform if you ever decide to in the future. I prefer open source solutions that are available on a wide variety of operating systems, giving you the agility to easily pivot for any reason and the assurance of transparency. That said, if you have tried the solutions above and they don’t work for you, then turning on Advanced Data Protection is certainly better than not using it. Be sure to read up on it first and know the limitations.

If you follow the steps on this page, you should have created secure, consistent backups that will protect you in the event of a lost, stolen, or damaged device, or even the dreaded ransomware.