Archive for the ‘encryption’ Category

Arq Backup to AWS Frankfurt Region


October 28th, 2014

Amazon Web Services just announced their new Frankfurt region 5 days ago, and now Arq supports it!

So if you’d like your data to stay in Germany, give Arq a try!

Starting with Arq in Germany

To get started, download Arq and launch it; choose Amazon, and choose the “EU (Frankfurt)” region:

Backup to AWS Frankfurt

Then enter your key pair, and that’s it! Arq will, by default, back up your home folder. (You can add other folders if you wish.)

Adding Germany to Arq

If you’re already using Arq, pick “Check for Updates” from Arq’s menu to get the update. Then go to Arq’s preferences and add a destination; choose Amazon and choose “EU (Frankfurt)” for the preferred AWS region:

AWS EU Frankfurt

Then choose a bucket name:

EU Frankfurt bucket

Back in the main window, pick “Add Home Folder to Backups” from the menu, or select “To Amazon Frankfurt” and click “Add a Folder to Backups” to add specific folders:

Add Folder to AWS Frankfurt

It’s not about the encryption. It’s about the encryption keys


October 16th, 2014

There’s a lot of talk on the interwebs about encryption. Encryption is a necessary but not sufficient condition for maintaining control of your data. Controlling access to the encryption key is just as important.

Lots of articles that reference encryption fail to mention this, and that’s confusing for people who are not crypto experts. For example, a recent TechCrunch article about Edward Snowden and Dropbox paraphrases Snowden recommending SpiderOak because Dropbox “doesn’t support encryption.” In the very next paragraph it quotes Dropbox saying all files “are encrypted while traveling and at rest on Dropbox’s servers.” Then it says the difference between SpiderOak and Dropbox is that SpiderOak “encrypts the data while it’s on your computer, as opposed to only encrypting it ‘in transit’ and on the company’s servers.” It circles around the key issue but never says it explicitly.

When you read things like, “All files sent and retrieved from Dropbox are encrypted while traveling between you and our servers”, that’s good and it guards against eavesdropping in transmit, but it misses the point. “Encrypted” is meaningless if it can be decrypted.

It’s about who controls the keys. It’s about giving keys/control to a third party who can then be compelled to give control to a government agency. If you give your unencrypted content to a third party, you’ve lost control of the content, and that’s irreversible. But if you give your content to a third party in encrypted form and also give the third party the keys (as in the case of Dropbox), you’ve still irreversibly lost control of the content.

Keep the Keys to Yourself

Encrypt your data with a key that only you know. Then send your encrypted bits to the third party. The third party only has unreadable random noise (the encrypted data) and no way to turn it into files (decrypt it).

Arq (our backup app) has been designed from day one to make sure you keep the encryption key. It asks you at setup time for an encryption key, stores it securely in your computer’s keychain, and never transmits it anywhere. To restore files to a new computer, you’ll need to use the Arq app to decrypt and you’ll need to supply it with that encryption key, or else it can’t decrypt the data.

When you read about products that include encryption, always ask yourself who has the keys.