Tuesday, July 01, 2008

Two benefits

First, it keeps your data safe; second, it makes sure that the CIA has no reason to kidnap me.
Colin Percival's encrypted online snapshotted backup system tarsnap is in beta testing. Seems excellent. I might switch to using it for my customers, providing the friendly front end as usual.
Tarsnap is an encrypted snapshotted backup service designed to match my concept of an ideal backup system. The back-end storage used by the service is Amazon S3, but the client code never talks to S3 directly -- the API provided by S3 is too weak to be directly useful, so the tarsnap client code only communicates with my tarsnap server. The tarsnap client code doesn't trust the server to do anything except store bits and hand them back when requested; all the data is encrypted by the client, and one of the design principles behind tarsnap is that the NSA (and other less capable adversaries, of course) should be unable to access your data or learn anything significant about it, even if they force me to cooperate with them. (This has two benefits: First, it keeps your data safe; second, it makes sure that the CIA has no reason to kidnap me.)

Some notes about the beta:

1. The tarsnap client code currently runs on FreeBSD and Linux. There is also partial support for OS X -- the code will run, but it won't back up resource forks or ACLs. Windows is not supported at present.
2. This is currently a free beta, but at some point it will stop being free. At that point beta testers will have 30 days to decide if they want to start paying or stop using tarsnap.
3. When the free beta ends, tarsnap will probably cost $0.30 per GB of bandwith (incoming + outgoing) plus $0.30 per GB per month of stored backups (after compression, of course -- the tarsnap client compresses data before encrypting it, and the tarsnap server can't tell how much data you had before compression). This is slightly more than what I was hoping for when I starting working on this 18 months ago... I hope I can bring these prices down later.
4. This is a beta. I don't expect to lose anyone's data, but it could happen. More likely is that there could be occasional outages when the tarsnap server isn't available. Neither of these have happened yet -- but there's enough risk that I don't recommend using tarsnap to operate a nuclear power plant.
5. Use of tarsnap is at your own risk. It might break. It might eat your dog. It might be slippery when wet. If you use tarsnap, you're agreeing to not sue me if anything goes wrong. (I hate software exclusion-of-liability boilerplate. I wish it wasn't necessary. I think my friends in law school might kill me if I didn't include it.)
Windows support isn't an issue for me. My clients mainly use Windows desktops and laptops, but we use FreeBSD servers for their LANs and internet services and enforce a policy of data only ever being stored on secure servers. No Local Data Ever!

Imagine, if certain UK government agencies used us, they'd have been spared quite a lot of recent embarrassment.

No comments: