8/14/2023 0 Comments Backblaze scam![]() ![]() There is zero reason to not allow the local client to handle the decryption. Yes, we know, it's all handled by computers and no one at Backblaze supposedly "sees" the private encryption key, but that really doesn't mitigate the OP's (and all privacy minded folks) concern. Calling it a "Private" key is, at best, a misnomer considering that we are required to hand over that key to you when we need to restore. Because, as you know, when you actually need to restore your data, you are REQUIRED to provide that (no longer) "Private Encryption Key" to Backblaze in order to restore. There is an important caveat to this though, which I think in all fairness you really should have disclosed considering the original posters stated reluctance in trusting a 3rd party with their data. If you come here to our offices (San Mateo, California), I'll buy you a cup of coffee and tell this to you face to face. If you can find somebody who knows us personally, they will tell you we are stand up people you can trust. We are totally customer focused and all around good people, ask ANYBODY. Previously we fought phishing fraud, fought email viruses, and fought spam at a company called MailFrontier. Here is our team page: We live and work in Silicon Valley, we've been here for 20 years, and we plan to keep doing this for a long, long time, and therefore we have LOTS of interest in keeping our reputations rock solid and utterly clean. You can check us out on LinkedIn, through colleagues that have worked with us, through the publicly traded companies that have acquired our companies in the past. We stand by our reputation as trustworthy, careful programmers who have worked in the security field for over a decade. ![]() I typed this to a customer in a private email in 2011, and I still believe it today: We could just be lying to you and the data is stored in plain text being reviewed by the NSA. Now, at some point you have to trust the company telling you all this. The datacenters can delete the data, the datacenters can store the data, but they cannot read it. The data is encrypted on the client, then the encrypted data is sent through HTTPS to the Backblaze datacenters. Backblaze cannot even know the names of the files with the Private Encryption Key set. So you MUST remember it, or your data is gone, gone, gone. No matter how much you plead with us later, or even under a subpoena from a government, NOBODY can read your data without that key, it just isn't possible to crack, and it cannot be recovered in any way, shape or form. Just so you understand, there is no way ANYBODY can recover the Private Encryption Key. If you have concerns, I would recommend you set a "Private Encryption Key" (a setting in the client). I need to be sure they do not look at any of my data ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |