Why does the Backblaze website need my private encryption key to restore?


I understand.  What you are describing is conceptually perfect and probably more secure than what Backblaze provides, unfortunately, it is not easy to use.  

Backblaze focuses on ease of use.  It is backup for people who need backup and "pretty good security" and who aren't computer professionals.  It is not a perfect choice for all users on earth.

Take our default security model -> it is about as secure as a Facebook account.  It uses a username and password.  You can recover (reset) your password if you have access to your email. That mode is good for many, many people on earth, people who have pictures of their children they don't want to lose.  Music they would rather not repurchase.  And a few Quicken docs that they would not like a malicious person to have, but they will not *DIE* if somebody reads them.  And it's SUPER convenient to recover their password.  What a great system!

Our second level is really, really much more secure.  You cannot recover the password. If you have access to your email account this does not give you access to the backup, and even a malicious hacker in our datacenter could not possibly compromise your data.  Now while it is more secure, it is also harder to use -> if you forget that password you have actually lost the backup, your wedding photos are gone forever.  That's very secure, but it's not as secure as what you describe.

We stand by our reputation as trustworthy, careful programmers who have worked in the security field for over a decade.  You can check us out on LinkedIn, through colleagues that have worked with us, through the publicly traded companies that have acquired our companies in the past. Here is our team page: https://www.backblaze.com/team.html  We live and work in Silicon Valley, we've been here for 20 years, and we plan to keep doing this for a long, long time, and therefore we have *LOTS* of interest in keeping our reputations rock solid and utterly clean.  

Have more questions? Submit a request


Article is closed for comments.
Powered by Zendesk