Obviously we[1] sympathize with this, since we've been running a swiss ___location since 2006 - one that has become increasingly busy in the last 3-4 months.
However, I personally don't store my data there - even though I am deeply disturbed by the recent revelations and invoke all manner of security precautions in my own digital life.
First of all, it appears that intra-US Internet traffic is subject to less scrutiny and open to a much more narrow interpretation of the laws that (supposedly) allow this snooping to happen. Once your traffic leaves the US, the 4A (and other) protections seem to relax significantly. Let's set aside for the moment the bad behavior of other global and national "observers" on the network, which we have to assume are at least as bad as the US NSA ... and let's just concern ourselves with the US side of things. From that perspective, moving your traffic out of the US appears to have a lot of unintended consequences.
Second, it really shouldn't matter. SSH is SSH and duplicity is duplicity and storing a fragmented TC container is ... well you get the idea. If I have the right toolset[2], I should be able to store my data on a USB stick that I leave in the NSA lobby every night. You should ask yourself how large and unwieldy your digital life has become if you can't just trust the math.
Oh, and also ...[3]
[1] rsync.net
[2] SSL/PKI is not the right toolset. gmail is not the right toolset. Weirdo walled garden dropbox gdrive non-standard private API garbage is not the right toolset.
[3] We support synology devices perfectly, right out of the box, and right through their GUI config. Just saying.
I don't know much about rsync.net or if you guys provide a quick client-side encrypted storage method (though a quick glance at your FAQ seems to suggest otherwise).
But the reason Gmail is not being trusted is that there is some possibility the NSA has backend access to their servers via various kinds of legal arm-twisting they are not allowed to talk about. I don't encrypt the mails I send via Gmail before they hit Gmail's servers. You can't "trust the math" unless you do said math and encrypt content before you send it out. As soon as there is any unencrypted data on an external service, you've (theoretically) lost it to the grubby paws of said flunkies.
Or at least that's what I think (crypto experts of HN, feel free to correct and/or chastise me).
Duplicity is a quick, client-side method that works over plain old SSH. There are some fancier ways to do it with git that we have recipes for.
The answer to your question, though, is no - we don't have anything. We just have raw disk that you access over SSH.
So you can do whatever you want. That's the point. If any party had backend access to our servers, it wouldn't matter if you used a reasonable (and simple) toolchain.
I have a Synology device (exact same model as the article author actually, and likewise I love it).
However I'm having trouble finding a way to back it up securely. The built-in backup methods don't seem to account for encrypting the backups (even if the volume is encrypted). Any suggestions?
However I'm having trouble finding a way to back it up securely. The built-in backup methods don't seem to account for encrypting the backups (even if the volume is encrypted). Any suggestions?
Two suggestions:
A) Download the source [1], and see if it is complete and then you can port in cryptsetup and the LUKS stuff from Linux.
B) Run Linux. If you're at the point where you're worried about encrypted backups, then you should probably be running some form of Linux instead. You can get a small form factor PC that includes the motherboard and processor for not much more than the Synology box. That'll give you a lot more options for software and services too.
We're using this for all the offsite backup drives, and it wasn't too hard to get going. If you (or anyone reading this) can't figure out cryptsetup, just PM me and I'll help you out.
Actually the Diskstation runs Linux already, and I have full SSH access to it. It uses ecryptfs already, and I love the thing. I am glad I chose it over building my own (and that's not something I expected to be saying before I bought it).
My question was purely about backing it up securely. I'm guessing rsync'ing the encrypted volume is the answer, just need time to look into it.
Re: other global "observers", I think most of us are assuming that the NSA is the most capable and powerful among them. While in general this may be true, I wonder how much we don't know we don't know about other agencies.
However, I personally don't store my data there - even though I am deeply disturbed by the recent revelations and invoke all manner of security precautions in my own digital life.
First of all, it appears that intra-US Internet traffic is subject to less scrutiny and open to a much more narrow interpretation of the laws that (supposedly) allow this snooping to happen. Once your traffic leaves the US, the 4A (and other) protections seem to relax significantly. Let's set aside for the moment the bad behavior of other global and national "observers" on the network, which we have to assume are at least as bad as the US NSA ... and let's just concern ourselves with the US side of things. From that perspective, moving your traffic out of the US appears to have a lot of unintended consequences.
Second, it really shouldn't matter. SSH is SSH and duplicity is duplicity and storing a fragmented TC container is ... well you get the idea. If I have the right toolset[2], I should be able to store my data on a USB stick that I leave in the NSA lobby every night. You should ask yourself how large and unwieldy your digital life has become if you can't just trust the math.
Oh, and also ...[3]
[1] rsync.net
[2] SSL/PKI is not the right toolset. gmail is not the right toolset. Weirdo walled garden dropbox gdrive non-standard private API garbage is not the right toolset.
[3] We support synology devices perfectly, right out of the box, and right through their GUI config. Just saying.