Report Offensive Message
evaluating privacy, security, and storage reliability
1. If your offsite backup service does not use open source software, its privacy is not verifiable by anyone but a dedicated expert (the kind of person who would probably just put together his or her own solution anyway). If you don't understand why that is, you should read Why Encryption That Doesn't Trust The User Isn't Trustworthy ( http://blogs.techrepublic.com.com/security/?p=362 ) for details.
2. Managed encryption of the sort discussed by the Mozy representative does not provide reliable security at all. An estranged wife with a court order, an RIAA label's legal team with a subpoena, or even a clerical error can get access to your data, to say nothing of the tendency of online service providers to include little "terms may be changed at any time" clauses in their privacy policies, all ready to be exploited in changes of corporate policy, business relationships, and ownership. If it is not encrypted and decrypted at your end, using a key only you have, with verifiably secure open source software, its privacy is open to question.
3. A dropbox-like service is hardly going to solve the problem of an external USB-connected drive not offering data redundancy.
In addition to all the above, despite the enthusiastic marketing behind all the references to the big-name qualities of Mozy's corporate masters and "partners", there's the simple fact that being a subsidiary of a publicly traded corporation does not actually buy you any reliability guarantees that are worth anything. In fact, the bigger the publicly traded corporation, the heavier the bureaucratic red tape in place, and the more each individual customer vanishes against the background noise. Sure, small providers are sometimes fly-by-night scam artists, or ramshackle outbuildings housing rinky-dink operations, but they are also sometimes dedicated to a level of excellence you simply cannot expect from a multinational corporation. Consider how Google, despite its size, still looked pretty good a few years ago -- then became a publicly traded corporation, and now employees are leaving in disappointment or disgust, online service users are fleeing in droves due to privacy-violating policy changes, and so on. I predicted a drop in service quality and undermining of storied company values within a few years when news of the incipient IPO made the news, and it looks like I was right.
A counter-example to the Google story is that of a company called Conformal Systems ( https://www.conformal.com/ ), and a counter-example to the problems I've identified with the Mozy model is that of Conformal's backup service, Cyphertite. Check out the Cyphertite website and compare it with the Mozy site. In one case, you have the prominently linked "Why Cyphertite" page ( https://www.cyphertite.com/why-cyphertite.php ) describing the security architecture and philosophy of the service in meaningful detail; on the other, you have mozy.com's prominent placement of links like "Products" (always working the upsell) and "Partners" (pimping out the connections rather than assuring service quality).
If you know a better service than Cyphertite for your needs, by all means use it. Don't settle for a corporate facade in place of meaningful assurances, though. I started typing something here about Cyphertite being more expensive than Mozy for equivalent storage space, but then I double-checked the Mozy pricing and realized that Cyphertite is cheaper (two dollars per month) for its lowest service level than Mozy's while still providing more storage space than Mozy's lowest service level, and while Cyphertite gets more expensive for 125GB "home" service by about $2.50 per month, Mozy doesn't offer scaling service levels by the gigabyte between the two, and above that 125GB "home" service level Mozy only offers "pro", which gets much more expensive than Cyphertite's per-gigabyte scaling. For most purposes, it looks like Cyphertite is actually cheaper -- and where it isn't, the difference is not significant, and comes with better assurances of security and privacy.
No, I don't have any particular relationship with Conformal Systems, and certainly not a financial relationship. I use a piece of software (an open source web browser) maintained by people at Conformal Systems, and have talked to one or two people at Conformal Systems about its development. I had just read the "Why Cyphertite" page recently, and was struck by the dramatic difference between philosophy there and that of Mozy's backup services.
2. Managed encryption of the sort discussed by the Mozy representative does not provide reliable security at all. An estranged wife with a court order, an RIAA label's legal team with a subpoena, or even a clerical error can get access to your data, to say nothing of the tendency of online service providers to include little "terms may be changed at any time" clauses in their privacy policies, all ready to be exploited in changes of corporate policy, business relationships, and ownership. If it is not encrypted and decrypted at your end, using a key only you have, with verifiably secure open source software, its privacy is open to question.
3. A dropbox-like service is hardly going to solve the problem of an external USB-connected drive not offering data redundancy.
In addition to all the above, despite the enthusiastic marketing behind all the references to the big-name qualities of Mozy's corporate masters and "partners", there's the simple fact that being a subsidiary of a publicly traded corporation does not actually buy you any reliability guarantees that are worth anything. In fact, the bigger the publicly traded corporation, the heavier the bureaucratic red tape in place, and the more each individual customer vanishes against the background noise. Sure, small providers are sometimes fly-by-night scam artists, or ramshackle outbuildings housing rinky-dink operations, but they are also sometimes dedicated to a level of excellence you simply cannot expect from a multinational corporation. Consider how Google, despite its size, still looked pretty good a few years ago -- then became a publicly traded corporation, and now employees are leaving in disappointment or disgust, online service users are fleeing in droves due to privacy-violating policy changes, and so on. I predicted a drop in service quality and undermining of storied company values within a few years when news of the incipient IPO made the news, and it looks like I was right.
A counter-example to the Google story is that of a company called Conformal Systems ( https://www.conformal.com/ ), and a counter-example to the problems I've identified with the Mozy model is that of Conformal's backup service, Cyphertite. Check out the Cyphertite website and compare it with the Mozy site. In one case, you have the prominently linked "Why Cyphertite" page ( https://www.cyphertite.com/why-cyphertite.php ) describing the security architecture and philosophy of the service in meaningful detail; on the other, you have mozy.com's prominent placement of links like "Products" (always working the upsell) and "Partners" (pimping out the connections rather than assuring service quality).
If you know a better service than Cyphertite for your needs, by all means use it. Don't settle for a corporate facade in place of meaningful assurances, though. I started typing something here about Cyphertite being more expensive than Mozy for equivalent storage space, but then I double-checked the Mozy pricing and realized that Cyphertite is cheaper (two dollars per month) for its lowest service level than Mozy's while still providing more storage space than Mozy's lowest service level, and while Cyphertite gets more expensive for 125GB "home" service by about $2.50 per month, Mozy doesn't offer scaling service levels by the gigabyte between the two, and above that 125GB "home" service level Mozy only offers "pro", which gets much more expensive than Cyphertite's per-gigabyte scaling. For most purposes, it looks like Cyphertite is actually cheaper -- and where it isn't, the difference is not significant, and comes with better assurances of security and privacy.
No, I don't have any particular relationship with Conformal Systems, and certainly not a financial relationship. I use a piece of software (an open source web browser) maintained by people at Conformal Systems, and have talked to one or two people at Conformal Systems about its development. I had just read the "Why Cyphertite" page recently, and was struck by the dramatic difference between philosophy there and that of Mozy's backup services.
Posted by apotheon
Updated - 20th Mar 2012
