Ask HN: How do you manage your important personal documents and other data?
Open ended questions: where do you store and backup your personal data (S3, Google Drive, etc)? How do you run your backups? How do you manage encryption keys, etc? What considerations drove your solution?
63 comments
[ 3.3 ms ] story [ 123 ms ] threadA RAID array of physical drives in a local PC.
> How do you run your backups?
rsnapshot (https://rsnapshot.org/) driven from cron.
> How do you manage encryption keys, etc?
Stored in files on plural disks plus a printed to paper backup.
> What considerations drove your solution?
Must be 100% under my control -- "someone else's disks" must not ever be the primary backup medium.
(#) the /necessity/ of needing 'off-site' for mitigating fire risk means one may have no choice but to utilize 'other people's disks' to obtain the 'off-site' aspect. You do have to make sure you can recover the encryption keys for the 'off-site' data in the event of the need to recover using the off-site data, so that adds some complexity to 'key management' (i.e., if all your copies of the keys go up in the fire, the off-site data may as well not exist).
Someone else's disks are far better managed than your disks and aren't susceptible to any local accidents.
I make backups from laptop to external hard drives manually via rsync twice per week or so. I don’t store personal/sensitive data on the cloud.
On Google drive, iCloud, Dropbox and similars I keep a copy of my mp3s, wallpapers, ROMs, book PDFs, etc. But I don’t mind losing these files.
I'm similar although I like to buy clearance external HDDs, fill them up, and put them somewhere safe with some desiccant packets. Get a new one every 10~ years, copy the old to the new, then use all the additional storage for new content. Leave the old in the box with the new (even if it is less reliable, it is just "bonus backup"). Just make sure you label which year is which.
A shoebox could hold a lifetime's worth of HDDs with this strategy, and each new one is around $50~ with every increasing capacity.
For online, accessible-anywhere data, a largely geo-blocked self-hosted Nextcloud instance running on a Partaker mini PC, backed up nightly with restic to encrypted blobs on B2, which are browseable with the wonderful restic-browser.
The encryption key is stored in my KeePass password database, which is synced locally to all my devices. I back up the database separately by sending it to friends, so that if I ever lose access to all my devices I can still get my database with the key I need to get the rest of my backups.
If all that fails, like if I die or for some medical reasons suddenly forget my passwords, the encryption key is written down on a piece of paper. Stored somewhat secretly, some people I trust know where.
- duplicity for daily backups to the S3 cloud encrypted with PGP (about 1GB in the bucket, excl. most photos)
- weekly Time Machine backups to two different alternating disks (one rotational, one SSD)
I've been backing up for ages. I used to use floppies. Then R/W CDROM. Then I switched to RAID. Then I switched to cloud. When I discovered how awesome time machine is when switching to a new mac, I started using that about 8 years ago.
Storing valuable data on site with physical media is just far too risky.
My critical docs are in a single folder. It is about 1GB of data. Mostly docs, but some really important audio, video, and image files.
My photos aren't considered critical (well, some are), so they are on the time machine backups.
Music is 100% Spotify.
Don’t over complicate things, unless you’re on Linux.
I love this comment.
At the end of the day I pay the tax and buy Apple.
I back it up to a USB drive every six months, via Takeout, simply protected via password in MacOS.
For a read only archive of pdfs and scanned papers, mail, receipts, etc: I use paperless-ngx on a nas. I'd run it on the vps but don't want that unencrypted data there. It does ocr, tags, and some learning to autotag stuff. My printer duplex scans straight into it with a few button presses, I save to a watched folder, or I email the pdf to scan@mydomain.tld. A backup is pushed out with cron encrypted to the VPS via borgbackup and sshfs along with my photos and nightly phone DCIM folder backups into \owner\yyyy\mm.
Insurance documents are printed out and stored in a plastic tote. Along with the car title & house deed, some cash, passport and other important documents in case I have to evacuate for a hurricane. I can grab it and the cat carrier, and out the door I go.
Encrypt it?
- Borgbase via Vorta (a borg client) - all of it
- Tarsnap - some very important ones only because it’s much costlier
- Monthly or so copy/sync them to my external hard disk - encrypted.
- And to a pen drive as well - encrypted.
I keep pruning/cleaning my data, so they’ve not ballooned out of hand yet. Touchwood!
(I also used restic but since it never had a GUI I gave up. I am partial to simple GUI tools compared to cli for intimate purposes like backup)
What I don’t do:
- Only my personal data is “my data”. Music, films, books etc which can be bought, borrowed, “procured” again are not the things I rack my brain for.
- I use none of the Apple ecosystem services - I just use their devices - Apple is the worst of walled gardens out there.
- I don’t use any services by companies that combine a lot of services/interface in one account and one of those might be enough to block your account at some point.
My mailbox.org account came with a few GB of cloud storage. I'll put encrypted documents on there (like tax return) because it's soo easy to encrypt / decrypt on a browser with your GPG key with their web application.
I use Mac devices (iPhone, Mac book) and have a Linux workstation.
Git is a great fit for this use case because these accounts are long-lived and the history is worth tracking, I can detect all accidental manual changes and machine corruption, and I can synchronize repositories between different machines and storage drives. The contents of these Git repos only ever pass through my computers, USB ports, and LAN; they never get uploaded to the Internet, GitHub, or any cloud service.
Rclone (with Crypt command for encryption) for encrypted cloud sync to a single cloud provider. This is for files less suited to incremental backups e.g. large binary files that may get modified like games, movies, phone app backups etc.
The thing I really like about this is if my hard drive goes kaput, I can boot up the external drive and be back in business in short order. Otherwise, I spend the whole day getting a replacement hard drive or computer and setting up my dev environment.