Duplicati: How to create your own secure online backup for free

One thing that almost all online backup solutions (e.g.. Dropbox, CX, Memopal, etc.) have in common is that they don’t allow the user to store encrypted files on their storage. They encrypt the connection from user’s computer to the cloud service, but once the files are there, they will be stored either unencrypted or encrypted with a key that the service provider has. This practice allows the provider to index the files and check their checksum. Once a file has a known checksum (usually SHA1) it will no longer be uploaded to the storage, it will be only referenced, in order to spare some space.

Although this allows the provider to massively optimize the storage, this has a major drawback: zero privacy for the user. If somebody hacks the storage (see Dropbox’s privacy problems in the past) then your files will be available unencrypted to the attacker. In the light of the NSA surveillance, this means that they can get their hands on your files without any problem at all.

In the last two years it seems that the problem started to be solved by some providers (e.g. Wuala) which saw the opportunity and offered upload of the files which are first encrypted on the user’s device.

Although services exist, they are rather expensive for home users and micro and small businesses. Fortunately, there are other ways to achieve this at no cost.

All what you need is to have an online storage account (free) and a special software, which is free and open source.

The software is called Duplicati and it is available here for Windows, Linux and MacOS.

Duplicati is a free backup client that securely stores encrypted, incremental, compressed backups on cloud storage services and remote file servers. It works with Amazon S3, Windows Live SkyDrive, Google Drive (Google Docs), Rackspace Cloud Files or WebDAV, SSH, FTP (and many more).

The security is implemented in Duplicati with built-in AES-256 encryption and backups can even be signed using GNU Privacy Guard. A built-in scheduler makes sure that backups are always up-to-date. Last but not least, Duplicati provides various options and tweaks like filters, deletion rules, transfer and bandwidth options to run backups for specific purposes.

Duplicati is evening providing How-Tos for many providers of online storage, including 1und1 in Germany (it offers 1 TB online storage via WebDAV), Google’s Drive, Skydrive, Box.com and others.

The advantage of using this method instead of purchasing some space to some provider is that you are in control of how much you backup, what you backup, when you backup and most important of all, where you backup.

Here is how you set up a backup using Box.net, which offers 50 GB for free to any user.

Click on the pictures of the gallery and read the description.

[nggallery id=1]


How to perform backups for more users

If you are a small business with a few users, you can perform backups in the same way, even using the same account. You have to take care to give the backups different name. For example, you should call the backup with the same name as the computer which is backed up.

It would be preferable to schedule the backups at different hours during the day (or night) in order to not slow down the network and not to have the Internet connection’s upload rate as a bottleneck.



If you have critical data, customer information, I strongly recommend to use professional backup systems which come with SLA. Using a free account is in general ok for private data, but if you want maximum guarantee for your data then it is recommended to purchase space at a provider.




© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .
%d bloggers like this: