I have a 56 TB local Unraid NAS that is parity protected against single drive failure, and while I think a single drive failing and being parity recovered covers data loss 95% of the time, I’m always concerned about two drives failing or a site-/system-wide disaster that takes out the whole NAS.
For other larger local hosters who are smarter and more prepared, what do you do? Do you sync it off site? How do you deal with cost and bandwidth needs if so? What other backup strategies do you use?
(Sorry if this standard scenario has been discussed - searching didn’t turn up anything.)
No shit. But encryption isn’t the same as zero-knowledge. Where by the time they handle the data in any way whatsoever, it’s already encrypted, by you.
Do you not know what zero-knowledge means? Or are you so focused on my mentioning they’ll ship data to you physically that what I actually said went over your head?
From the page you just linked:
It’s not zero-knowledge!
That’s really not an issue though.
Yeah. It’s almost like I literally said that in my second comment.
What gap in my knowledge are you trying to fill here?
I didn’t even mention encryption in my second comment. Just that their backup plan isn’t zero-knowledge.
Strongly disagree.
With what?
That self hosting admins on lemmy probably care about their backups not being accessible to third parties?
I don’t think you can claim that they wouldn’t.
You can claim that YOU don’t mind. But that’s a sample size of one. And I’m not denying there are people who don’t care.
I just don’t think they’re the type to be self-hosting in the first place.
And that still doesn’t answer why the fuck you set out on this series of “well achuallys”?
It seems to me, you’re still looking for something to correct me on.
Define “accessible” here. They’re encrypted ……
Being able to download an encrypted file is not the same as being able to download it and unencrypt it, which they can’t do.
…
Sure they can. How else do they enable providing access to the content without the user password?
The data is secured against unauthorized access, but unlike zero-knowledge setups where the chain of custody is fully within user control, the user is not the only one authorized. And even if you are supposed to be, you cannot ensure that you actually are.
OF-FUCKING-COURSE the physical drives, and network traffic are encrypted. That’s how you prevent unauthorized physical access or sniffing of data in-flight. That’s nothing special.
But encryption is not some kind of magic thing that just automatically means anyone who shouldn’t have access to the data, doesn’t.
For that to actually be the case, you need solid opsec and known chain of custody. Ways of doing things that means the data stays encrypted end-to-end.
The personal backup plan doesn’t have that.