I have played with a lot of different backup software. I started to play with Carbonite. I love the idea of Carbonite, a constant streaming of changed files from your system to their servers. It is encrypted on your system, transferred via SSL, stored on their systems. It is relatively cheap at $5/mo (or less if you pre-pay), amount of storage is unlimited. It seems quite easy to use. If you delete a file, the deleted file stays on their server or a couple of weeks, giving you some time to determine the file is missing. I have bandwidth to spare and am always connected, so, this seems like a great backup solution… except…

I don’t like that they store my decryption key on their servers. I don’t think they should have any access whatsoever to my data or even my filenames. My data should be locked tightly under a key that I specify and it should be impossible (except va a brute decryption attack) for them to look at my files in any way, shape, or form. Sure they state the decryption key is stored in a database that “is isolated and accessible only to certain Carbonite employees” (from their Technical FAQ) but why should I trust even those certain employees? You were afraid of Google employees scanning your email? Now you can have “certain Carbonite employees” who can, at a whim, look up any customer’s Quicken files, list of MP3s, whatever. I can imagine terribly things just given the knowledge of the filenames.

So, needless to say, I won’t be using Carbonite.

Leave a Reply