Open ended questions: where do you store and backup your personal data (S3, Google Drive, etc)? How do you run your backups? How do you manage encryption keys, etc? What considerations drove your solution?
I store everything on my laptop, full disk encryption.
My phone is synced to my laptop via Syncthing so I have a copy of everything.
Passwords in keepass, Syncthinged.
I back everythinhg up every month or two on a USB drive using ansible by creating a big gpg encrypted archive. The process is automated for both archiving and restoring; had to use restore I think 3 times in the past.
This works for me as I don't keep around things I don't need. Every once in a while I look around and delete things that have no use for me, and reorganise information. Especially pictures!
I don't trust any "cloud backups" as security for me has 2 important sides: 1. Phisical access. And 2. Encryption strength. Sacrificing point 1 for convenience is unthinkable to me as that is the most important part I consider.
* Selfhosted Nextcloud on dedicated Hetzner server, connected to computers and phone.
* Daily backup of Nextcloud to another Hetzner server about 2500km away, and to another server at home.
* All data encrypted at rest.
* All encryption keys and creds in keepass file.
* Also, encrypted 400G MicroSD card with a full Linux installation and most of my data (up to a point) in my wallet. Ready to go if I'm travelling and Laptop gets stolen or breaks.
That last point is fascinating. What does your process look like for keeping that up to date? Do you plug it in weekly or a similar set schedule to refresh the data on the card or is it a more adhoc thing?
I started carrying it a few weeks ago. Ideally I don't have to use it, but if I do, the Nextcloud client will just take care of syncing my data after going online. Another "apt upgrade" and it's ready to go.
I could even start from another Linux USB system and copy the entire SD card disk via dd to a (potentially) new laptop.
I use Mega Sync. It's the best service I've ever used for a "Dropbox" solution. Has support for every OS and mobile imaginable, plus web client is good. It also has a terminal application in which you can set up a WebDAV server, etc. etc. and really "get behind the wheel" if you want. If you don't, the device applications are great! Too many features to list. oh, and it's cheap! I keep everything in the default folders on a Mac / Linux fresh install (documents, music, videos, templates etc.) and sync the whole thing across computers except for desktop folder and downloads folder.
My mailbox.org account came with a few GB of cloud storage. I'll put encrypted documents on there (like tax return) because it's soo easy to encrypt / decrypt on a browser with your GPG key with their web application.
I use Mac devices (iPhone, Mac book) and have a Linux workstation.
Everything stored on encrypted ZFS. Backups are done using syncoid in rend-mode, so the remote gets the encrypted version. I make backups to a couple friends' servers who also use ZFS, and they make backups to me.
The encryption key is stored in my KeePass password database, which is synced locally to all my devices. I back up the database separately by sending it to friends, so that if I ever lose access to all my devices I can still get my database with the key I need to get the rest of my backups.
If all that fails, like if I die or for some medical reasons suddenly forget my passwords, the encryption key is written down on a piece of paper. Stored somewhat secretly, some people I trust know where.
I do the same, but also manually export takeouts every month or so with the most important stuff. And every once in a while I create a named revision for my most important docs (which gets exported as part of the takeout).
Borg/Vorta for encrypted incremental backups to several cloud providers as well as a local NAS. Some files I don't backup with this because they might get changed too frequently.
Rclone (with Crypt command for encryption) for encrypted cloud sync to a single cloud provider. This is for files less suited to incremental backups e.g. large binary files that may get modified like games, movies, phone app backups etc.
- Dropbox - all important docs and media (yup, I know it’s not encrypted — I have two encrypted disk images on Dropbox so I keep important docs there)
- Borgbase via Vorta (a borg client) - all of it
- Tarsnap - some very important ones only because it’s much costlier
- Monthly or so copy/sync them to my external hard disk - encrypted.
- And to a pen drive as well - encrypted.
I keep pruning/cleaning my data, so they’ve not ballooned out of hand yet. Touchwood!
(I also used restic but since it never had a GUI I gave up. I am partial to simple GUI tools compared to cli for intimate purposes like backup)
What I don’t do:
- Only my personal data is “my data”. Music, films, books etc which can be bought, borrowed, “procured” again are not the things I rack my brain for.
- I use none of the Apple ecosystem services - I just use their devices - Apple is the worst of walled gardens out there.
- I don’t use any services by companies that combine a lot of services/interface in one account and one of those might be enough to block your account at some point.
Acceptable, provided they are encrypted. I'm not in a flood zone myself, so floods have a very remote risk of occurring. Fire is always a possibility, albeit also low on the risk scale. Depending upon your risk tolerance mitigating 'fire risk' could involve backup to a cloud service (#), or backing up to a portable disk that is swapped for another at a secondary location on some periodic basis.
(#) the /necessity/ of needing 'off-site' for mitigating fire risk means one may have no choice but to utilize 'other people's disks' to obtain the 'off-site' aspect. You do have to make sure you can recover the encryption keys for the 'off-site' data in the event of the need to recover using the off-site data, so that adds some complexity to 'key management' (i.e., if all your copies of the keys go up in the fire, the off-site data may as well not exist).
I have a second ssd that I backup to, and otherwise I use Dropbox. The backups are the last resort, should something else fail, and the drive is not mounted usually. Sometimes I copy very important things into a zip then password encrypt it with something secure and save it on friends devices, like for my key backups and passwords.
For actively used files: Seafile on my vps which is encrypted by clients locally. You can access online and enter the decryption passphrase but I try to avoid this. I don't use the real time backup feature to a second running server as I prefer a snapshot back home to my nas to restore if needed. I really dig seadrive with subst as everything is just on drive z: on all our machines.
For a read only archive of pdfs and scanned papers, mail, receipts, etc: I use paperless-ngx on a nas. I'd run it on the vps but don't want that unencrypted data there. It does ocr, tags, and some learning to autotag stuff. My printer duplex scans straight into it with a few button presses, I save to a watched folder, or I email the pdf to scan@mydomain.tld. A backup is pushed out with cron encrypted to the VPS via borgbackup and sshfs along with my photos and nightly phone DCIM folder backups into \owner\yyyy\mm.
My most important Docker container volumes are backed up to my Dropbox account via rclone and docker-volume-backup[0] - my Documents folders are also mirrored to Dropbox.
Nextcloud server running on a KVM vm on a server at home. I take vm snapshots and backups and store them on a NAS as well as on a storage box off site.
For stuff that needs to be very secure such as password manager databases i use encrypted syncthing with simple file backups on every node.
I put my financial documents in Git version control. This includes monthly bank statements, utility account statements, and all tax-related documents (slips, forms, tax returns, letters, receipts). The vast majority of these documents are native PDF files generated by the provider, which are clean and small (~100 KB each). Some are scans of papers, which are large (~5 MB each).
Git is a great fit for this use case because these accounts are long-lived and the history is worth tracking, I can detect all accidental manual changes and machine corruption, and I can synchronize repositories between different machines and storage drives. The contents of these Git repos only ever pass through my computers, USB ports, and LAN; they never get uploaded to the Internet, GitHub, or any cloud service.
- duplicity for daily backups to the S3 cloud encrypted with PGP (about 1GB in the bucket, excl. most photos)
- weekly Time Machine backups to two different alternating disks (one rotational, one SSD)
I've been backing up for ages. I used to use floppies. Then R/W CDROM. Then I switched to RAID. Then I switched to cloud. When I discovered how awesome time machine is when switching to a new mac, I started using that about 8 years ago.
Storing valuable data on site with physical media is just far too risky.
My critical docs are in a single folder. It is about 1GB of data. Mostly docs, but some really important audio, video, and image files.
My photos aren't considered critical (well, some are), so they are on the time machine backups.
- Daily Duplicity / Duplicati backups to local NAS
- Local NAS rsyncs[0] encrypted backup files to a friend's NAS off-site
- Backup encryption keys carried on my person on my phone
- Password manager (pass / gopass) synced between devices with git
- Photos and videos are on local devices and occasionally synced to the NAS[1]
[0]: I'd like to improve on this since any corruption or deletion would result in propagating to the remote copy. It's the simple solution right now though.
[1]: This also needs improving but it's a lot of data.
I use BackBlaze, with the defaults turned off so that it saves everything, I got burned previously by their space-conservative defaults.
Really important documents go in the safe deposit box in the bank.
I've lost stuff way too many times because I didn't care in the past, before I took up digital photography. I lost my personal history up to about 1997 as a result. Since then at least I have my pictures and a few videos. I turned off bitlocker, and have never used disk encryption. Losing data is far more likely than theft in my instance.
Local versions are on a Synology NAS. Which gets backed up more-or-less monthly to external hard drives using Truecrypt. One set of drives is saved at the house in a fire safe, and the older set is stored offsite at the office (which if I get fired can be abandoned without fear of disclosure).
Insurance documents are printed out and stored in a plastic tote. Along with the car title & house deed, some cash, passport and other important documents in case I have to evacuate for a hurricane. I can grab it and the cat carrier, and out the door I go.
Do you use cloud backups at all? I just got a Synology NAS and was looking into AWS Glacier. I'm not yet ready to manage my own offsite hardware, but maybe I'll get there eventually.
Transip Stack cloud storage, 6 euro/month for 1 tb of storage. Not as polished app and experience as Dropbox, but gets the job done for a descent price. They support both webdav and sftp, i use the latter for editing my markdown notes on my phone. https://www.transip.nl/stack/
Im thinking of giving nextcloud a try to see how it compares.
Oh and Bitwarden. It's great that I can share passwords with my partner that way.
For near-line stuff and long-term storage, a HP Microserver with software RAID5 array via Linux mdraid. No inbound access from outside the network. Powered on as necessary. I've replaced the entire disk array once so far, as the disks neared end-of-life.
For online, accessible-anywhere data, a largely geo-blocked self-hosted Nextcloud instance running on a Partaker mini PC, backed up nightly with restic to encrypted blobs on B2, which are browseable with the wonderful restic-browser.
Encrypted everything, keys in a password manager, backup (also encrypted) using DeDuplicati to an off-site drive weekly. Loosing access to my devices all at once means I'm not getting any data back, as I don't wish anyone but me to access it, no exception.
I use no cloud storage (except OneDrive for occasional sharing) and I move my e-mails from the server to a local mailbox after a few months to limit what an unauthorized party would see in case of a breach.
Hi, kinda basic answear, but I like to use OneDrive. It's easy to setup and works everywhere I need (windows, android, linux). I have stuff like KeePass db on there and it works like a charm. As for backups, if it's something really important/secret, separate drive looks like the best solution for/to me. Nothing fancy. Althought, some people I know, use next cloud and it looks really nice, never made time to set it up.
> How do you manage your important personal documents and other data?
A: Poorly! Two, getting ready for a third, of those old school expanding/accordion style document folders under my bed. I should improve on that.
Data is scattered across dropbox and a couple external hard drives. Near term I have a project to build a NAS to keep things on and mirror the important bits to dropbox.
Docspell on a spare x86 for documents indexing. Currently running with a Postgres backend, backed up through good old pg_dump. Dumps are whisked away to local NAS, Backblaze and rsync.net. Keys kept in password store.
Waiting for a free weekend to migrate over to a raspberry pi and a minio-backed storage and set up a separate s3-level replication.
I used to use zoho docs with a local copy and just mostly trust them. After they merged docs with drive and messed up the tagging, I'm moving to local nextcloud with a Borg backup to rsync.net. Using passwords in a password manager because they're still random but easier to deal with than large keys in an emergency recovery.
superduper for MacOS makes an image of my hard drive every night to an external portable drive.
The thing I really like about this is if my hard drive goes kaput, I can boot up the external drive and be back in business in short order. Otherwise, I spend the whole day getting a replacement hard drive or computer and setting up my dev environment.
Home server, occasional rsync to external disks. Encrypted of course. Yes, at present, a house fire would fark me over, or so would a stroke b/c the pass phrase is in my head. Or, it would allow to start over with life without the balast of the past, depending on your point of view.
Encryption on backups is a massive foot-gun. Frankly a padlock works better for most normal people.
I'm similar although I like to buy clearance external HDDs, fill them up, and put them somewhere safe with some desiccant packets. Get a new one every 10~ years, copy the old to the new, then use all the additional storage for new content. Leave the old in the box with the new (even if it is less reliable, it is just "bonus backup"). Just make sure you label which year is which.
A shoebox could hold a lifetime's worth of HDDs with this strategy, and each new one is around $50~ with every increasing capacity.
Depending on the files and their sensitivity, I store them on GitHub, on my Gmail in a draft, on other computers. I just use seven zip end copy the archive.
No clouds. No encryption (if needed I just use password protect feature of compression software). Copies in separate internal HDD. One copy in an external HDD. Many CDs and DVDs.
My phone is synced to my laptop via Syncthing so I have a copy of everything.
Passwords in keepass, Syncthinged.
I back everythinhg up every month or two on a USB drive using ansible by creating a big gpg encrypted archive. The process is automated for both archiving and restoring; had to use restore I think 3 times in the past.
Code here: https://gitlab.com/sdwolfz/dotfiles follow the rabbit hole from `make backup`.
This works for me as I don't keep around things I don't need. Every once in a while I look around and delete things that have no use for me, and reorganise information. Especially pictures!
I don't trust any "cloud backups" as security for me has 2 important sides: 1. Phisical access. And 2. Encryption strength. Sacrificing point 1 for convenience is unthinkable to me as that is the most important part I consider.