TL;DR; Use tarsnap to make cheap, secure backups.

The world before Tarsnap

Before I discovered Tarsnap, I used to make backups of my data on Dropbox. But the problem with Dropbox is that I don’t trust Dropbox. It’s simply a nice interface for Amazon’s S3 storage (last I checked) and they most definitely don’t provide any security besides the usual client-server SSL security. They do claim to encrypt the data at their servers before they upload it to Amazon’s servers.

Now don’t get me wrong - I have nothing against Dropbox - it’s a very useful service and it’s easy to use - it’s just that I don’t trust anyone these days with my data. If you are like me, read on …

I did still have the problem of keeping at least my sensitive documents safe (my credit card details, scans of important documents and IDs, photocopies of bank statements). By safe, I mean both resistant to data loss (hard-drive blowing up) and privacy compromises (Amazon’s leaky S3 buckets for example). So to achieve this, I used EncFS. I used EncFS to mount a file system in my home directory where I put plain text files and they would automagically be encrypted and saved to my Dropbox’s “private” directory.

(NOTE: EncFS doesn’t hide the size or the directory structure of the directory being encrypted.)

Meet Tarsnap

Then I recently discovered Tarsnap, a wonderfully cheap, trustworthy service to allow secure backups. Look at this pricing:

Tarsnap Pricing

That’s cheap! I have only around 100M of data I need to backup and keep safe. That’s about $0.025 per month. The initial $5 I added to my account will last me 16 years at this rate!

It gets better: the client code is opensource and can be audited (and is “audited”). Tarsnap has a bug bounty program which has already paid out for bugs found by the general public. The security is based on well-established and well-studied crypto primitives and designs and doesn’t roll out its own crypto.

The security is based around the client having a key that the user must keep safe and that is used to encrypt/decrypt data from the Tarsnap servers. As long as you keep the key safe, your data is safe. If you lose the key, you are f****d.

Tarsnap and I

Below is how I have my Tarsnap setup (after account creation and adding money etc.):

  1. Generate a passpharsed key. This prevents me from having an additional problem of having to keep the key safe. All I have to do is just keep the passphrase safe. The command below will create a passphrased key file, .tarsnap.key in my home directory.
    tarsnap-keygen --passphrased --keyfile ~/.tarsnap.key --user <my_email> --machine <my_machine>
  2. Next, I just create an archive (similar to how one uses tar):
    tarsnap -v -c --keyfile ~/.tarsnap.key --cachedir ~/.tarsnap_cache -f private ~/private/
  3. Next, I keep the key file safe somewhere (even somewhere it can be compromised, e.g. as an attachment in my gmail drafts, on an unencrypted USB key, on my Dropbox, give it to a friend, etc.

“But what if someone beats the passphrase out of you or …”?

Yeah, sure, someone could beat it out of me. I have other problems if that happens. If your data is so sensitive that no one can beat it out of you even if they wanted, Tarsnap isn’t for you. You are probably looking for some sort of secret sharing algorithm that requires k out of n keys to decrypt or something but only requires one out of n keys to destroy the data (in case someone goes after all the key holders one after the other). But in that case, going after all the key holders at the exact same time so none of them can communicate with the others would be the only way. But even in that case, some of them might just not give up the passphrase. And even if they do, one could have it so that a certain passphrase would just destroy the data instead of decrypting it. Okay now we are getting carried away …