I’m signing up for Arq Premium backup. They will store 1 TB of data as part of this. I’m based in the UK and was wondering which location would give me the greatest privacy (including from governments). The options are:
Pragmatically, none of the above. Completely privacy is pretty much dead. If you are worried about security and privacy to this extent, e.g. from governments or others who you think might pry into your affairs, then perhaps putting data anywhere out on the 'net is not what you should do. Keep your backups offlne.
Anything within the European Community would be my preferred choice in relation of privacy protection.
But you have to be aware that you agree with Arq Premium, that your data will be transferred to the US anyway, and that there seems to be a End-to-End encryption, but those seems to be not valid for the storing of the data itself, because they are offering several services that implies that they have a readable access to the data, otherwise the services wouldn’t be working.
Additional I would get some information about the Internet connection from the UK towards the countries of the storage, as you want a rather quick connection with the storage of 1TB.
What features of Arq Premiun imply that data is not encrypted at rest?
I realize they state web access to files is available, but I don’t know how that is implemented and could (at least in theory) be done with client side scripting with a locally provided password to decrypt data (just as the main Arq app gets encrypted data from the selected storage location and decrypts it locally).
My sense has been that Arq is one of the more secure cloud storage options. I have been using it for years but with the standard app and backend storage I pay for separately.
I’m not deep into that, but they are offering e.g. a service, that deletes obsolete files from your database. As it is described within their legal notes, it seems that this is be done on their server, and therefore they must be able to read the datas, to identify the obsolete ones.
An encrypted transfer of the data does unfortunately not necessarily mean, that the data could not be decrypted, after they are received on their server.
There are a lot of services today, that transfer data encrypted, but who are able to decrypt the data on their server, to “offer additional services”.
I remember for example a banking app in Germany, that startet with “All data belongs to you”!
Then they startet offering a service to categorise your bookings. Nice service, who would mind, right?
Then they offered a Tax-Service, great!?
Now they are scanning your accounts, and offering all kinds of insurances, financial products, items to buy to be added to items you have already bought, and so on…
All of course highly secured with a “End-to-End-Encrypted-Data-Transfer”!
As @dealtek mentioned ARQ is a TNO (Trust No One) backup system. If you provide a (long, random, etc) password when you create your backup plan your files are encrypted with an AES-256 algorithm before they are uploaded. IMO it doesn’t matter where your files are stored.
Am I able to encrypt the backup with Arq premium so that only I have the encryption password and that the data is encrypted before it leaves my computer? Does Arq premium have zero knowledge encryption?
Yes, you can set up an encryption password. All data are encrypted before leaving your computer (unless you didn’t configure an encryption password for your backup plan).
So hopefully that makes the storage location a moot point.
You encrypt the data with the software provided by ARQ, right?
So, why do you think, they wouldn’t be able to know your password?
Have you read that:
I don’t think your scenario applies to the Arq Premium Backup service, else I would not use them. Their remote server is NOT running the backup. I use Arq backup software that is running locally on my Mac. My data is encrypted on my Mac and then sent to their Wasabi storage location. Any consolidation of backup files happens on my Mac before being sent.
If you do not believe this to be this case then, by all means, do not use the Arq backup service.
You seem to be casting doubt on the integrity of the Arq Premium Backup service without offering anything to support your guesses of what could or might happen. Please share any such information.
I’m not worried but I do wonder why you can’t be more specific about YOUR worries and fears concerning Arq Backup? The legalese you quoted doesn’t mean what you think it means and is standard boilerplate language for someone providing a service in accordance with their country’s laws.
Arqbackup software runs on our Macs, not the server. And besides you only need to read the metadata in order to delete a file. Originally Arq software only backed up to AWS, other services like Backblaze B2 were added later. Arq Premium is a relatively recent addition.
Setting up an account on AWS, etc. isn’t difficult but adding the Premium feature which simplifies things for regular people seems like a good way attract customers that might otherwise choose Carbonite or Backblaze.
I have no “worries and fears concerning Arq Backup”!
I just pointed out the possible problems someone has to expect if he uses a service like that.
While the OP was concerned about the safety and privacy of his data, I think that it is worth to know those problems that can occur, if the company you trust to keep your data safe and encrypted, might has access to those data.
But as Arq is doing independent qualified 3rd party security audits on a regular base (instead of just having “somebody taken a look onto it”!), shares details about its encryption, and the absence of Backdoors, and is not able to restore the password, you have used for the encryption, you are right that there are no concerns about the data security of the ArqPremium product.
So have fun to use it…