Hi,
I have an external hardrive for my Mac, but upon wanting to use Dropbox sync with my iPad, I wanted to have a backup directly for my iPad, in case Dropbox doesn’t sync properly.
The only way I’ve heard of accomplishing this would be an offsite subscription backup service like backblaze. Now someone told me that wasn’t a safe option: “Do you know how many people handle those files, anyone of them could access them”
Are they right, is it not safe?
Also, if you know of any better than backblaze please let me know…
That argument is neither valid nor invalid. It is not valid in the sense that no one individual is doing anything with your files as part of “normal operations” so your exposure to snooping is pretty small. But, all those services do have admin staff to keep the service running, and these folks WILL have the ability to see files should the choose to do so. You have to think about this like renting a hotel room. Lots of folks have a key, but very rarely are there complaints of inappropriate use by the hotel staff (think percentages not absolute cases from bad hotels).
The answer to your question comes down to answering a completely different question. How much faith you have in the humanity around you?
If you are like me that means you don’t use backup services without first using onsite encryption to make the files unreadable by anyone else.
A safe service would be one where your data is encrypted in transit and on the service’s servers.
A really safe one would do that, plus you would hold the encryption keys.
Read the Terms of Service for whatever service you pick. Generally speaking, they will say that they’ll surrender your data in response to a legitimate law enforcement request, but for no other reason. (What constitutes a “legitimate” request should be spelled out. You want them to require a court order.) And they have to have permission to copy your data from place to place in order to make the service work. If they hold the encryption keys, they should also talk about the measures they take to keep the key store secure.
Whether you need to worry depends on your data. Randomly poking around in user files is going to be a firing offense at any legitimate company, so you mostly need to think about whether someone with the ability to get to it might be interested in your data specifically. If you’re an independent journalist or a political dissident under a repressive regime, be very very cautious. If you’re an ordinary novelist in a liberal democracy, probably not a huge concern.
Note that all of these considerations apply to Dropbox, too, not just to your backup service.
Katherine
Backblaze lets you set a private key. If you lose it you are SOL but/because they can’t read your files.
But it won’t backup straight from your iPad…
Do you know if the drawbacks that offsite backup services and Dropbox share also apply to personal cloud drives?
Such as: PROMISE 2TB Apollo Personal Cloud Storage
Well, on the one hand, you don’t have your data sitting in a massive data center outside of your control. On the other hand, you don’t have a massive team of employees who are paid to make sure all the security patches are up to date.
As before, it depends on the data you are trying to protect and who might be looking for it.
Katherine
Slightly OT. I know that many are using Dropbox both for syncing AND for backup. I’d never do that. The live copy of the project works as a sort of backup, if something happens to my computer. Additional, historical backup I’d rather have saved somewhere else, in my case on iCloud. I know that the subject of the thread is more geared towards safety in the sense of integrity, avoiding the risk of snooping, but whatever …
The key is “cloud drive”. If the claim is you can access files anywhere then the same issues exist but less due to where the data lives and more due to who has the ability to access it indirectly.
I’d says “yes” as the simple answer.
So, if one wants the most secure way possible(I’ve dealt with viruses before, that’s why I like to work on my iPad. Also gives you some perspective into my mistrust of Dropbox.) How would you recommend going about it, and what to use?
There are two forms of security. “No one can steal my data” has different requirements from “my data won’t go missing.”
To make sure no one can steal your data, keep it off the internet entirely. Use a physical wire to connect your iOS device to your desktop. Backup to an external hard drive that you personally control. Air gap the desktop: do all internet activities on a physically separate machine. If you think you personally might be a data theft target, you need to be really really paranoid.
To make sure your data can’t go missing, though, you want to distribute it as widely as possible. Use Dropbox to share between the iOS and desktop devices, then use iCloud to store your automatic backups, and then a cloud backup service for your critical information. Keep a local backup, but recognize that it is vulnerable to physical destruction or theft, and keep an offsite backup as well.
Katherine
Does the discrepancy between the two exist because of the possibility of eternal hard drives crashing, and/or becoming damaged?
The discrepancy exists because they are different goals with different requirements.
To prevent data theft, limit the number of access points. To prevent data loss, make multiple independent copies and put them in independent locations. If your house burns down, an external hard drive buried in the rubble isn’t as useful as a copy off in a data center somewhere. If the men in black helicopters are looking for you, the data center might be a terrible idea.
What is your risk model?
Katherine
Suppose so. And the fact that external hard drives, at least during backup, must exist in a certain proximity to the computer. If you don’t have a habit of lugging your computer around to a number of different locations where you back it up to different hard drives, or make sure to distribute your hard drives to different addresses after each backup, there is always a risk that, in case of a break in or fire, you lose both the computer and its back up disc. That is the reason I wouldn’t rely solely on the hourly Time Machine backup on a hard disk hard wired to the computer—even if the hard drive was “eternal” 
—but also upload my backups to the cloud.
Of course this means that I’m exposed to the theoretical risk that someone is reading my texts. What the hell, it’s just another reader, I don’t have to many of those. And I’m neither a spy or J.K. Rowling …
Alternately (and not applicable easily for iDevices) is the idea of encrypted local stores. Basically the UI does a transparent encrypt/decrypt for the owner. Most backup routines will run as some UID other than the owner meaning that the cloud file is not readable. Dropbox can be used this way.
I believe this will break iDevice sync though.
Yes, it will. – Katherine