Recommend Tarsnap #555

Closed
nimdahk opened this Issue Aug 24, 2013 · 9 comments

Projects

None yet

8 participants

@nimdahk
nimdahk commented Aug 24, 2013

Tarsnap's server may be proprietary, but this does not matter, because files are encrypted client-side.

@hasufell
Contributor

It does matter. How are they encrypted, what happens with my metadata, why is it hosted on amazon server and why should I use a proprietary service at all when it's relatively easy to store encrypted data in either a cloud service which is REALLY free or on my own server.

@nimdahk
nimdahk commented Aug 24, 2013

In the world of NSLs, you can't be sure that provided server-side code is even actually running. We know that even Lavabit complied silently with target government requests before the shutdown.

In other words, if Tarsnap provided server-side code, with no guarantee that it's what they were actually running, would you add it?

@Zegnat
Collaborator
Zegnat commented Aug 24, 2013

The encryption can be checked (since the client is only downloadable as source) and as this seems to be by the same person as scrypt at least it seems to be done by capable hands.

The software’s copyright isn’t really compatible with PRISM Break’s ideals though:

Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Colin Percival
All rights reserved.

Redistribution and use in source and binary forms, without modification,
is permitted for the sole purpose of using the "tarsnap" backup service
provided by Colin Percival.

@mzs114
mzs114 commented Aug 25, 2013

What about cyphertite?
It's BSD licensed.

https://www.cyphertite.com/

@nylira
Owner
nylira commented Aug 25, 2013

If Colin Percival is forced to shut down the Tarsnap service due to government interference, is there any recourse? The user would lose all of their backups and the Tarsnap client would be rendered useless because it's only keyed to work with one particular service. A fully free service is preferable here as you can rebuild your backup infrastructure on a new server.

Even if metadata about your usage is not stored by Tarsnap, the only way you can pay is with PayPal or Stripe, both of which are known to retain information about you. If a government wishes to get a list of people who currently pay for Tarsnap, they will have an easy time doing so. PayPal is known to funnel information to law enforcement to aid in catching terrorists.

Stripe ToS: https://stripe.com/us/terms#suspicion-of-unauthorized-or-illegal-use

@nimdahk
nimdahk commented Aug 25, 2013

OK.

  • Copyright
  • Paypal & Stripe only
  • Centralization

How about putting any / all of these as the reason instead of "we'll add it once they open-source the rest of their codebase?"

@nylira nylira added a commit that referenced this issue Aug 28, 2013
@nylira improve note about Tarsnap #555 3e11714
@nylira nylira closed this Aug 28, 2013
@nylira nylira added a commit that referenced this issue Dec 23, 2013
@nylira improve note about Tarsnap #555 03d794a
@samer
samer commented Apr 15, 2014

Tarsnap now accepts Bitcoin via Stripe.

@josephholsten
Contributor

Seems like the current language should be something like:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment