I did a blog post on a project using AWS EC2 for hosting a network block device that you can mount
and wrap with cryptsetup.  Full encryption without the provider having any access to crypto keys, or
any metadata (e.g. luks headers).

http://cdf123x.blogspot.com/2017/09/bulletproof-encrypted-cloud-storage.html

I use it for more sensitive and smaller backups like local git repos, gpg, keepass dbs.

But the storage is too expensive for my main backups (1.2T currently) so I also signed up with
IDrive.  I can't beat their price.  They have a linux backup application, but I kept getting
dependency issues with it, and I'm not sure I trust it being closed source.  But I also don't want
to have to deal with encrypting all the files before the backup, then backing up the files through a
browser and their web interface.  My server is headless so I'd have to do all of this over nfs or
sshfs from my desktop.

I've been planning on doing some small transfers while capturing the traffic through a proxy, then
hopefully using something like python to automate the whole upload.  If I can get it working, I
should be able to throw in some crypto library and be good to go.  Just need the time to actually do
it, which is always the hard part.

On 11/14/18 07:42, Jeff Jensen wrote:
> I went through a few products,including BackupPC, then CrashPlan, and then
> evaluated some and chose IDrive.  SpiderOak is a close second but is a
> little more expensive.  IDrive is not an awesome product (the occasionally
> apparent missing UI feature), but it works well and has the best pricing I
> found for feature/function.
> 
> I've done AWS and S3 work so am comfy with that approach, but the time
> value of that self managed approach vs a turnkey product made me choose a
> product like IDrive.
> 
> 
> On Wed, Nov 14, 2018 at 5:20 AM Jon Schewe <jpschewe at mtu.net> wrote:
> 
>> Some backup software that I've been fairly happy with is Duplicati. It's
>> 2.0 release is still in beta, but it's been quite stable. It can talk to
>> multiple backends for storage.
>>
>> On Mon, Nov 12, 2018 at 10:51 PM gregrwm <tclug1 at whitleymott.net> wrote:
>>
>>> i'm considering prospects for offsite backup.  your comments are most
>>> welcome.  what options are available and sensible?  requirements specify
>>> metadata, filenames, and paths should be encrypted prior to sending to the
>>> offsite archive.  encrypted communication together with encrypted storage
>>> might satisfy.  perhaps it's silly picky to point out there's a moment in
>>> between when it's unencrypted.
>>>
>>> an attractive solution would be a vps with mega cheap storage.  but i
>>> doubt they can come anywhere near the capacity and prices of the likes of
>>> rsync.net.  or can they?
>>>
>>> backuppc is doing well on-site.  i like that it does not re-transfer
>>> files already backed up, even when doing a full backup.  however it must
>>> run on the backup storage server.  i doubt that's possible with services
>>> like rsync.net.  or is it?
>>>
>>> a strategy that comes to mind is to rsync the backuppc storage heirarchy
>>> (can omit the ?(c)pool).  last i knew, asking rsync to mirror such a sea of
>>> hardlinks caused it to demand obscene amounts of ram.  who knows, might
>>> work, might not.  newer versions of rsync might do better, i dunno yet.
>>>
>>> duplicity certainly is popular, and provides encryption.  i doubt it is
>>> as efficient about bandwidth, or storage, as backuppc, particularly
>>> regarding full backups.  or is it?
>>>
>>> if there's a trove somewhere that addresses such questions, please point.
>>> tia,
>>> greg
>>> _______________________________________________
>>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>>> tclug-list at mn-linux.org
>>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>>>
>>
>>
>> --
>> http://mtu.net/~jpschewe
>>
>> _______________________________________________
>> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>> tclug-list at mn-linux.org
>> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>>
> 
> 
> 
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>