New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Recommend Tarsnap #555

Closed
nimdahk opened this Issue Aug 24, 2013 · 9 comments

Comments

Projects
None yet
8 participants
@nimdahk

nimdahk commented Aug 24, 2013

Tarsnap's server may be proprietary, but this does not matter, because files are encrypted client-side.

@hasufell

This comment has been minimized.

Show comment
Hide comment
@hasufell

hasufell Aug 24, 2013

Contributor

It does matter. How are they encrypted, what happens with my metadata, why is it hosted on amazon server and why should I use a proprietary service at all when it's relatively easy to store encrypted data in either a cloud service which is REALLY free or on my own server.

Contributor

hasufell commented Aug 24, 2013

It does matter. How are they encrypted, what happens with my metadata, why is it hosted on amazon server and why should I use a proprietary service at all when it's relatively easy to store encrypted data in either a cloud service which is REALLY free or on my own server.

@nimdahk

This comment has been minimized.

Show comment
Hide comment
@nimdahk

nimdahk Aug 24, 2013

In the world of NSLs, you can't be sure that provided server-side code is even actually running. We know that even Lavabit complied silently with target government requests before the shutdown.

In other words, if Tarsnap provided server-side code, with no guarantee that it's what they were actually running, would you add it?

nimdahk commented Aug 24, 2013

In the world of NSLs, you can't be sure that provided server-side code is even actually running. We know that even Lavabit complied silently with target government requests before the shutdown.

In other words, if Tarsnap provided server-side code, with no guarantee that it's what they were actually running, would you add it?

@Zegnat

This comment has been minimized.

Show comment
Hide comment
@Zegnat

Zegnat Aug 24, 2013

Collaborator

The encryption can be checked (since the client is only downloadable as source) and as this seems to be by the same person as scrypt at least it seems to be done by capable hands.

The software’s copyright isn’t really compatible with PRISM Break’s ideals though:

Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Colin Percival
All rights reserved.

Redistribution and use in source and binary forms, without modification,
is permitted for the sole purpose of using the "tarsnap" backup service
provided by Colin Percival.

Collaborator

Zegnat commented Aug 24, 2013

The encryption can be checked (since the client is only downloadable as source) and as this seems to be by the same person as scrypt at least it seems to be done by capable hands.

The software’s copyright isn’t really compatible with PRISM Break’s ideals though:

Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Colin Percival
All rights reserved.

Redistribution and use in source and binary forms, without modification,
is permitted for the sole purpose of using the "tarsnap" backup service
provided by Colin Percival.

@mzs114

This comment has been minimized.

Show comment
Hide comment
@mzs114

mzs114 Aug 25, 2013

What about cyphertite?
It's BSD licensed.

https://www.cyphertite.com/

mzs114 commented Aug 25, 2013

What about cyphertite?
It's BSD licensed.

https://www.cyphertite.com/

@nylira

This comment has been minimized.

Show comment
Hide comment
@nylira

nylira Aug 25, 2013

Owner

If Colin Percival is forced to shut down the Tarsnap service due to government interference, is there any recourse? The user would lose all of their backups and the Tarsnap client would be rendered useless because it's only keyed to work with one particular service. A fully free service is preferable here as you can rebuild your backup infrastructure on a new server.

Even if metadata about your usage is not stored by Tarsnap, the only way you can pay is with PayPal or Stripe, both of which are known to retain information about you. If a government wishes to get a list of people who currently pay for Tarsnap, they will have an easy time doing so. PayPal is known to funnel information to law enforcement to aid in catching terrorists.

Stripe ToS: https://stripe.com/us/terms#suspicion-of-unauthorized-or-illegal-use

Owner

nylira commented Aug 25, 2013

If Colin Percival is forced to shut down the Tarsnap service due to government interference, is there any recourse? The user would lose all of their backups and the Tarsnap client would be rendered useless because it's only keyed to work with one particular service. A fully free service is preferable here as you can rebuild your backup infrastructure on a new server.

Even if metadata about your usage is not stored by Tarsnap, the only way you can pay is with PayPal or Stripe, both of which are known to retain information about you. If a government wishes to get a list of people who currently pay for Tarsnap, they will have an easy time doing so. PayPal is known to funnel information to law enforcement to aid in catching terrorists.

Stripe ToS: https://stripe.com/us/terms#suspicion-of-unauthorized-or-illegal-use

@nimdahk

This comment has been minimized.

Show comment
Hide comment
@nimdahk

nimdahk Aug 25, 2013

OK.

  • Copyright
  • Paypal & Stripe only
  • Centralization

How about putting any / all of these as the reason instead of "we'll add it once they open-source the rest of their codebase?"

nimdahk commented Aug 25, 2013

OK.

  • Copyright
  • Paypal & Stripe only
  • Centralization

How about putting any / all of these as the reason instead of "we'll add it once they open-source the rest of their codebase?"

nylira added a commit that referenced this issue Aug 28, 2013

@nylira nylira closed this Aug 28, 2013

nylira added a commit that referenced this issue Dec 23, 2013

@samer

This comment has been minimized.

Show comment
Hide comment
@samer

samer Apr 15, 2014

Tarsnap now accepts Bitcoin via Stripe.

samer commented Apr 15, 2014

Tarsnap now accepts Bitcoin via Stripe.

@josephholsten

This comment has been minimized.

Show comment
Hide comment
@josephholsten

josephholsten Dec 4, 2014

Contributor

Seems like the current language should be something like:

Contributor

josephholsten commented Dec 4, 2014

Seems like the current language should be something like:

@kevinSuttle

This comment has been minimized.

Show comment
Hide comment

nylira added a commit that referenced this issue Dec 12, 2015

Merge pull request #1458 from josephholsten/patch-1
update that tarsnap now accepts bitcoin #555
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment