16 comments

[ 3.3 ms ] story [ 45.8 ms ] thread
The only problem with tarsnap is that it uses AWS, or did as of the last time I talked with Colin. I would love to see it move off onto a less personally annoying service, but its service to do with as he pleases.
Why do you find it annoying? I think Colin encrypts all user data if privacy is a concern... Im using Duplicity but am looking at tarsnap.
the tarsnap client running on your box encrypts the data before it's ever transmitted, that's part of what makes tarsnap cool (along with the deduplication)
Because AWS is part of the problem, not part of the solution (right now) and I'd prefer not to give them money indirectly if I can help it. If there was an "anything but AWS" option, I'd gladly take it.
I would say lets make one. Backblaze have shown what you can do with commodity hardware.

Then you just need smart client that splits data 3-way into 3 different national jurisdictions. The data for each file is split in 2 and send to two different nations and the encrypted keys for decrypting each file are stored on 3rd with optional self destruct/dead man's switch. Everything is done client side. The hardware costs seem reasonable. And if someone is to subpoena the data needs to fight the legal system in 3 countries and obtain the master key.

IMHO backblaze is not a good example, because their design is prone to a few kinds of onerous failures due to the poor hw design of some of their components. Its much smarter to build this sort of thing with an actual JBOD chassis and a SAS controller

> Then you just need smart client that splits data 3-way into 3 different national jurisdictions.

This actually doesn't help much.

AWS is incidental to both the problem and solution because the problem is an authorized and legal government program. No matter who holds your data, it will be subject to the same access if the government wants it.

There are only two solutions:

1) Encrypt your data before sending to the cloud, so that server access becomes irrelevant. (This is what Tarsnap does.)

2) Change the law to stop or change the programs.

Neither can be accomplished by Amazon or any other single provider.

> Neither can be accomplished by Amazon or any other single provider.

Not true at all, many storage services operate without government interference, rsync.net is a great example. Just because $largeprovider is trojaned doesn't mean everyone else will be.

If a company operates inside the borders of the U.S.--and rsync.net does--it is subject to U.S. law. If they receive a FISA letter they will give up the data because U.S. law says that they have to, or go to jail.
> If they receive a FISA letter they will give up the data because U.S. law says that they have to, or go to jail.

A bullshit artist should never make an empirical claim lest they be asked to prove it.

> Existing and proposed laws, especially as relate to the US Patriot Act, etc., provide for secret warrants, searches and seizures of data, such as library records.

> Some such laws provide for criminal penalties for revealing the warrant, search or seizure, disallowing the disclosure of events that would materially affect the users of a service such as rsync.net.

> rsync.net and its principals and employees will in fact comply with such warrants and their provisions for secrecy.

http://www.rsync.net/resources/notices/canary.txt

I know scrypt is awesome, but isn't encrypted traffic still problematic if all traffic is being recorded? If the NSA Rubaiyat has virtually unlimited resources, doesn't tarsnap eventually break down as a safe way to backup data? I'd love to hear Colin chime in.
Depends what exactly you mean by "virtually unlimited". A direct attack on the crypto in Tarsnap is ~ 2^128 operations, which is beyond even the wildest guesses of NSA's computing capacity. In practice, they would attack in another direction -- e.g., exploit a vulnerability in your web browser to take over your computer and steal your keys.