ARQ backup data store location

Don’t you think, that it might be a difference, if the data is stored on your own Cloudspace vs. stored on the ArqPremium Cloud?
You are talking about something different to the service, the OP is referring to.

I was only pointing out that offering software and storage is a recent addition.

It doesn’t make sense to me that someone who would want to poke around in someone’s backups would wait more than 12 years before he added a service that would give him access to their files. At some point we have to either trust the products and hardware we use or retire to a simple life off the grid.

I’ve spent some time in such a place and there are times that I am tempted to go back. :wink:

That is quite easy, because it is possible to gain money from (personal) data…
And we should not simple trust the products and services we use, but instead take a look “behind the scene” to figure out, whether the service and/or product it trustful or maybe not.

There is just so much that you can learn about a company or product. I selected hardware and software for the companies where I worked for nearly 30 years. I could determine the reputation and financial health of a company. And I could read reviews of its products and test those products to see if they met our needs. But that’s where my research came to an end. At some point I had to make a decision based on my research and experience. That’s what I meant by trust.

Do you trust your information to Apple? They have basically the same privacy policy as Arq and they definitely have our iCloud passwords. And they cooperate with governments, including some that aren’t known for being the greatest places to live. For the record, I trust Apple, Arqbackup, 1Password, and Google Workspace.

And I think that’s all I have to add to this conversation. Hope you can find a backup service you can “trust”.

1 Like

This understanding is actually right:

Those “Write down your password”-Thing is just a show…

It has been my understanding that all data handled by Arq is encrypted in transit and at rest on the remote storage location. The details of how Arq handles deduplication, for example, are unknown to me but I believe feasible without having unencrypted data locally. As far as I am aware, the encrypted key exists only on the client computer and not anywhere else.

In the past, when I have emailed the developer with questions regarding Arq, he has been extremely responsive. I would imagine that if someone has a concern, he would respond to a support email to clarify this issue. For myself, I have been sufficiently confident that I have been using Arq for years and I am comfortable continuing to do so.

1 Like

@Ulli, Go back and reread the instructions a couple of times that you linked to and always set your own password to encrypt your data. Don’t rely on default use of your account password, which is different from the password you optionally set for encryption. :slightly_smiling_face:

1 Like

Good point. And along these lines - regarding general trust concepts, what about this when any company says:

We don’t store your personal data.

Well, that sounds good on at first, but did anyone ever ask their legal team:

Well you say - YOU don’t store our personal data, but do you give that storage job to a related company?

@Ulli you make me laugh :grin:

A company cannot legally promise something, “just for show”. In the UK and elsewhere (yes even in Deutschland) that would be called fraud or mis-selling. Arq would not be the long standing company that it is had it done so.

You are of course free to choose not to trust any company at all, but then you would need to go back to pen and paper and even then how do you know the pen doesn’t contain a tracking chip?

I’m happy to trust that Arq will do what they have said they will do.

on a related note…

Possible, but highly unlikely seems to be the conclusion.

If you read the information available on most of the websites of large companies they get pretty specific about data use/privacy when it comes to their paid services. For example a while back I looked at the policies of several of the email services that were being discussed here.

I found that Google Workspace is approved for use by agencies of US federal government and is HIPAA compliant. And it “incorporates standard contract clauses (SCCs), as a means of meeting the security, contracting and data transfer requirements under EU, UK and Swiss data protection laws.”

I don’t recall any of the other sites, besides Apple, mentioning HIPAA or indicating anything beyond their requirement to comply with all applicable laws.

Still, my choice to stay with Google didn’t come with any guarantees. We have to make our choices based on the available information.

Everybody should laugh at least once every day, that is very healthy, so: You are welcome!

You are not a lawyer, I assume, so you don’t see the point:
The Information, that they don’t have your password, might be correct! So they told you the truth, up to some level.
The problem behind that, they don’t need your password, to decrypt your data, because they have a kind of an “Masterkey”, that is described in the linked document.

There are a lot of companies, that you can trust by what they really do, not only by what they tell to do. But it took some time to read thru the documentations and informations regarding the solution you are looking for.

I don´t want to sell anything to anybody!
I don´t want anybody to change his mind about anybody else, by what I write or say!
This is all up to you, and if you feel comfortably with the use of a certain service (or whatever!) that is totally fine for me!

You asked in your first post, for a advise for a country, to store your data, because it seems to me that you were kind of concerned about the security of your data, and your privacy.
From that point of view, for me it would be a factor, if the data is not only save within a certain country, but if the service provider is standing for the security himself. The regulations within a country are the lowest problems, if your data might be not safe with the provider you use.
Therefore I pointed out the problems I see, with the selected service (and many more in that sector!)
If you want to trust those service, you are, from my point absolutely free to do so!
I just wanted to give you some data to base your decision on that. If you don’t want to do so, that is completely fine for me.
As there are still a lot of people trust in the use of Facebook (and affiliates), Google and companies like that, you are in a large group of people looking for security, and after all, taking comfort and a cheaper price instead, and that is the way our system still works out fine.

1 Like

I’m sorry, but I don’t get the point you are talking about?
ArqPremium don’t need your password, to read your data, they have a kind of a backdoor, and that is described in the linked article.
If you want to use their service, and you are fine with that, just do so!
But I think a well informed customer should be aware of that…

It is not my intention, to tell anybody which service he/she should use, or not.
This is absolutely not my business!

1 Like

@Ulli People are trying to tell you that the document you linked only applies to encryption based on your account password.

If you choose to set up a separate encryption password, that whole recovery process doesn’t apply to it. No backdoor, no master key.

Look for this text in the document you linked:

WARNING : If you click the Show Advanced Options button at account-creation time and choose a separate encryption password, only you know that password. If you later forget your password and your computer is lost or stolen, we cannot help you reset the password and you cannot read your backup data! Please write your password on paper and put it somewhere safe.

Your general point about trusting software providers is noted.