I store my files and why you should not rely on fancy tools for backup

1

have i been pwned?

> How common an occurence is that? How often is an unimportant, middle class person's data at risk, really? My online accounts have been compromised 16 times in the past 5 years, according to https://haveibeenpwned.com/ including sites like Android Forums and Linux Mint Forums. There are plenty of other better known platforms on there, too, so it's safe to assume that most of the data on said sites would have also been accessible to the attackers. In contrast, my current self-hosted software accounts have been compromised 0 times in the past 4 years. Maybe 1 time, if you count a throwaway node's Docker socket being exposed to the network accidentally and a crypto miner getting launched on it. Why is that? Because although many of the online platforms have dedicated security specialists (hopefully) and manage to fight off thousands (or more) attacks daily, all it takes is one good attack to compromise thousands (or more) users and their data in one large batch. Furthermore, those are far more of an interesting target to attackers, possibly due to financial incentives. Unless easily automatable (like the aforementioned Docker crypto attack), attacking self-hosted software is far less lucrative. It would probably be far easier to hack John Doe's Nextcloud or ownCloud instance, yet the financial gain from that would likely be far lower than stealing a bunch of different users' data on a lesser known and less secure cloud platform of some sort, and selling it or doing something else. To that end, I see two strategies for protecting one's data: <pre><code> A) make your defenses better, which is truly feasible in large orgs and cloud platforms.

#Data Breach #Security & Privacy #Cyber Security 3668 social mentions

2

KeePass

Oh, and use 2FA where possible (especially in regards to the online services) and use something like https://keepass.info/ for managing passwords - to have them be sufficiently long and different for every site or platform that you use.

#Security & Privacy #Password Management #Password Managers 206 social mentions

3

Perkeep

My understanding is that there are two issues. First, modern deduplicating backup software like borg/restic/duplicacy store data in a repository in unique chunks. This avoids the issue that incremental backup software like duplicity have where they can create long chains of incremental changes which is slow to restore and increases the likelihood of errors on restore. Second, both deduplicating and incremental backup solutions aren't suggested for long-term archiving as they chop your files into lots of little pieces and the chances of not being able to read the repositories 10 years down the road are high. For that reason it's good to have a local backup in a simple, standard format like tar/zip or just a folder. As an example, see criticism of the Perkeep software [1] which is marketed as long term storage, but uses chunking deduplication for no particularly good reason. [1] https://perkeep.org.

#Documentation #Cloud Storage #Bookmarks 16 social mentions