[digiKam-users] Best practise for DigiKam backup?

Jonathan Kamens jikamens at gmail.com
Sun Nov 28 17:09:29 GMT 2021


On 11/28/21 08:29, Henrik Hemrin wrote:
> I have always considering someone else cloud as one backup. But if so, I want for privacy have my own encryption on that storage. How do you do?

My home-grown backup solution which I mentioned previously encrypts both
file contents and file names before upload. This makes maintenance of
the cloud backup somewhat more complicated, but I view it as worth the
privacy.

Many of the available off-the-shelf cloud backup solutions support
similar client-side encryption which makes it impossible for anyone
without the encryption key to read the data in the cloud. Just don't
lose your encryption key! I keep mine in my password manager
(Bitwarden), and I back up the contents of the password manager monthly
(yes, I am very paranoid abut things like this). See, for example,
Backblaze's personal backup solution
<https://www.backblaze.com/cloud-backup.html>, which says, "You can use
a private encryption key for additional security, ensuring only this key
can unlock your backup." CrashPlan and iDrive also support encryption.

> One reason for having backup, is physical failure of the main drive, fire etc. But another is infection, ransomware and so on. And considering infection, I wonder what you think about that infection may propagate to backup-copies (directly connected, via local network or external cloud)?

Backup drives directly connected to your computer are definitely at risk
if you fall prey to a ransomware attack. You should make sure that your
cloud backup solution saves previous versions of files and supports
point-in-time recovery. I believe Backblaze, CrashPlan, and iDrive all
support that, though they all have different policies for how many old
versions of files are preserved and for how long, so you should
carefully before purchasing.

Some backup solutions also support immutable backups, which guarantee
that even if an attacker goes so far as to access your backup's cloud
storage they won't be able to delete old backups. The one that comes to
mind first with this functionality is rsync.net
<https://www.rsync.net/resources/howto/snapshots.html>.

  jik

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/digikam-users/attachments/20211128/4005ddf8/attachment.htm>


More information about the Digikam-users mailing list