
Backify Offers 512 GB Free Online Backup Storage - vgcuwnkh
http://www.tomshardware.com/news/backify-cloud-storage-music-streaming-video-streaming-briefcase,13695.html
======
revorad
WARNING: DON'T SIGN UP.

I signed up, and as makethetick pointed out, they sent me the plaintext
password via email. I decided to close my account but first thought I should
change the password. The change password form just spits error alerts showing
the underlying html code.

I can't trust these guys with ANYTHING.

~~~
kaffeinecoma
It's because of sites like this that I started using unique passwords for
every new login. Chrome + OSX Keychain make this reasonably easy now. Looking
forward to the day when the browser will just automatically generate one for
me.

Of course, I'd not trust backing up my _data_ to a site that fails so
miserably at basic security.

~~~
s2r2

      > Looking forward to the day when the browser will just automatically generate one for me.
    

Well, almost: <https://www.pwdhash.com/>

~~~
baddox
I use pwdhash for pretty much everything. It's great, but it can be a pain for
signing into services on an application or device that doesn't support
automatic expansion.

------
matdwyer
This is a reseller account of LiveDrive -
<http://www.livedrive.com/ForResellers/Pricing>

I looked into the exact same thing to resell to my customers (non techie,
average users interested in digital preservation)

Easy for me to tell based on the "briefcase".

The reseller costs like $60 a month and has "unlimited users, unlimited space"
- so you decide if it is sustainable.

White label (which I assume they are doing) is $1100/year.

I considered doing this for $5/month, the break even is very low.

------
samarudge
I used to have LiveDrive probably 6 months ago (Whom they are reselling from),
but I found the Mac client quite buggy. Breifcase didn't work and backups took
ages, far longer than they should have done. I will give them credit for
fantastic support and no questions asked refund, which was pretty awesome.
They might have fixed the issues now, I hope they have, but still I would go
directly to LiveDrive rather than a reseller, particularly since the site
appears to have been thrown together. Someone probably thought they could make
some quick money. I only hope when they shut down, LiveDrive are considerate
enought to migrate everyones accounts.

Currently quite happily using BackBlaze for my personal computers, and working
on an open source backup tool for servers </shameless>

~~~
xd
Do you have a link to your open source backup tool?

~~~
samarudge
It doesn't work yet =)

Because I like to work to specification, I wrote a readme before I started the
project, which might show the general direction I'm trying to go with it. When
I get home tonight I'll stick it on a gist and link it

~~~
samarudge
<https://gist.github.com/1041a28fc150a2b6f6b4>

Is the readme

------
makethetick
I've just signed up and received my confirmation email along with my email and
the PASSWORD that I defined.

WARNING: These guys use plaintext passwords!!

Edit: I received the login info email after I clicked the activation link in a
previous email, this means the password must have been stored in a database
until I clicked the activation link.

~~~
mootothemax
_I've just signed up and received my confirmation email along with my email
and the PASSWORD that I defined. WARNING: These guys use plaintext
passwords!!_

It's not difficult to send a confirmation email that contains your password
without having to store your password in plaintext anywhere.

Now, I don't know whether they store passwords in plaintext, but it's unfair
to make such accusations based on the content of a registration confirmation
email.

 _Edit: I received the login info email after I clicked the activation link in
a previous email, this means the password must have been stored in a database
until I clicked the activation link._

Again, there could be a less-than-ideal explanation for this, so we don't know
100% (I was hoping to see a "forgot password" link somewhere to test this
with), but this does raise suspicions.

~~~
nodata
Who cares if it's technically possible not to store a password in plain text
even though it's in an e-mail?

If they're sending passwords in plaintext they're incompetent and not to be
trusted, especially for this kind of service. Ouch.

~~~
mootothemax
_Who cares if it's technically possible not to store a password in plain text
even though it's in an e-mail?_

For one, I do. There's a world of difference between handing a http post and
storing passwords in the clear in the db.

 _If they're sending passwords in plaintext they're incompetent and not to be
trusted, especially for this kind of service. Ouch._

I pretty much agree, but stand by my point that sending a password in a
confirmation email is the lesser of the two evils.

~~~
dlikhten
Ok for me, storing an encrypted password that is reversible is the same thing
as storing a plaintext password. Means that people at least in their company
can see my PW. Which means that if I used same PW as my email, they have it.

Lets take it a step further... If this is insecure, how much trust can you put
that your data is secure? The goal of good online backups is that the only way
to actually read data from the backup is to have the user's password. They
clearly don't have that as everything is reversible.

Dropbox used to claim to be like that, not anymore. Which is why I don't trust
dropbox with private data. Instead I store it using AeroFS with local
replication.

~~~
nodata
I don't think he meant that the password is stored in a reversible format. He
meant that the e-mail is sent out before the password is encrypted and stored.

~~~
mootothemax
Thanks, this is exactly what I meant :)

------
Yrlec
It looks a bit suspicious. There's no way they can cover their costs with
these prices. Either prices will go up or the business will go down.

------
bajsejohannes
From <http://www.backify.com/> :

> Even the employees of Backify can not access your data.

This is good news. It might be enough to make me switch from Dropbox,
everything else being equal.

~~~
cuchoperl
But they can access your password, stored in plaintext
<http://news.ycombinator.com/item?id=3110634>

~~~
bajsejohannes
Ouch. Well, based on that and other comments, this definitely does not look
like an appealing replacement for dropbox.

------
phzbOx
So, I go on the "Support" section to send them a message..:

    
    
      Hi, two things:
    
      1- The key <enter> should submit forms. (It didn't work in the signup form, the login form and some dialog box popping in).
    
      2- You sent me my password by e-mail.. which means you've got it in cleartext in the database. How can you then say it's secure..?
    

And, I get an infinite loop of javascript alert with "parsing error" and a
bunch of html in it.

Seriously, not really professional. I mean, I can understand for _other_ kinds
of apps; but this is backup and highly confidential information.. this
shouldn't happens. A little bit like you can judge a whole building based on
the bathroom, a website with flaws everywhere talks a lot about the quality of
the backend.

------
jm4
Somewhat offtopic... But does anyone know of an inexpensive backup provider
that works with rsync (or at least has Linux compatible software that doesn't
require inotify)? I'm looking for something that will run on my Synology
DS211j NAS. Crashplan was looking great until I realized the DS211j kernel
doesn't support inotify. Backblaze is the same story. I'm using S3 right now,
but it costs quite a bit more than Crashplan or Backblaze.

~~~
madmaze
It really is an issue that most backup providers do not offer a Linux client,
I am also bound to S3 at the moment, I have been tempted to try out the
windows clients in wine, but It would be great if someone would offer a
good(cheap, reliable, non evil =D ) backup service with linux support, even if
its just a commandline. Actually an API would be fantastic.. let the
openSource community build you a client.

~~~
dpark
Tarsnap? I haven't used it personally, but the guy seems open and honest about
the product. It's open-source and runs on Linux (but you have to compile).

~~~
madmaze
yes ive looked at that, but its double the gb/month cost of S3 and S3 has no
inbound traffic cost

------
tarangill3
Ok guys. This is Tarandeep from backify. First of all I want to apologize for
all the errors. We just launched a day ago, and we were not expecting 10000
visitors in one hour. 99% of the errors were caused by server (written in
nodejs) being restarted repeatedly, resulting in lost sessions. We have the
fixed the restart issue and moved the session storage from in-memory to db,
which we shud have done in first place. But again, the huge response was
totally unexpected.

About the passwords, they are all hashed (md5 with salt). they were just
stored temporarily in the session for the email, and the session was destroyed
immediately. But we fixed this issue earlier yesterday and updated on our
blog.

Rest assured we promise to provide even better support from now on. We might
stop offering free accounts soon, but the ones already signed will continue to
be free for atleast qn year, maybe longer.

Thanks again for the tremendous response and bringing the bugs and flaws to
our notice.

------
phzbOx
That may sound stupid but all these google, dropbox and now backify services
are so useless to me. Why? I sadly don't have the internet connection to
upload 100+gig on these servers. So, I can use dropbox for text files.. but
the second I have to backup bigger stuff I really need to be cautious into not
moving that into dropbox.

~~~
urza
AeroFS to the rescue :)

~~~
dagw
If they ever get out of semi-closed beta and let normal people actually use
it...

------
gsharma
Thanks for posting the warnings about plain-text passwords in the email. When
I landed on their site, the design of the site didn't look trustworthy to me.
I am not sure how to explain it best, but it doesn't give me a "secure"
feeling.

There is no contact us/address page. Also, does this mean that the domain name
is on sale by the owner? <http://www.aftermarket.com/backify.com>

------
tomjen3
Great. Except now the online backupmarket is going to be as cheap and reliable
as consumer dsl.

Which is to say pretty cheap and mostly reliable, which is okay when you once
or twice a year can't go online for a short time (clothing need to be changed
anyway) it is just not good enough when your wedding pictures gets deleted.

Or worse this crazy offer banckrupts the business and you suddenly can't
access it any more.

------
jsherry
If you're going to back up sensitive information, I'd recommend spending a few
extra bucks and using somebody reputable and established like Dropbox or
SugarSync.

As all the comments here have covered, it's a reseller account for LiveDrive
and the site itself has a number of issues, not the least of which includes
sending plain text passwords via email.

Bottom line: if it sounds too good to be true, it probably is...

------
dlikhten
DUDE!!!! They store passwords in plain text. I just received an email with my
login/password. Good thing its generated password.

Ok, they just lost my trust.

------
aberatiu
Is it me or this guys don't seem that legit? I'm not talking about the
plaintext password. let's say that doesn't matter (in an utipic world), but
the desing of the site isn't at all "professional". My advice, don't sign up!
Use Dropbox or Ubuntu One. Want more? Pay for it. That means is a product
that's worth it.

------
itsnotvalid
My crashplan subscription is still ongoing, so I have my backups covered
already. However crashplan doesn't offer file sharing features, that is a plus
for this.

Note that backed up files can be accessed through mobile apps, just that it
could be a security risk for accessing files on the go.

------
drKarl
I've seen good alternatives here like rsync.net but I wonder if a simple
Linode wouldn't be a better option if you already need one for other purposes,
because with the basic Linode you already got 20Gb, and it's only 10 cents/GB
afterwards...

------
meow
Seriously, have storage costs become this low already... funny that google
can't find the name yet... this is the direct link: <https://www.backify.com/>

~~~
gamache
Not only that, but Google goes straight to "Backupify" as a spelling
correction -- another backup-as-a-service provider already in the market.

------
user-id
With a little digging it appears they're reselling LiveDrive.
<http://www.livedrive.com/ForResellers>

------
mMark
After reading all the comments, I'll definitely be sticking with Backblaze

------
littlemerman
Anyone else not assured by the fact they are "secured by comodo"?

------
jpulgarin
No linux client :(.

~~~
makethetick
I was thinking that, I'll be trying it on Wine tonight I think.

------
xxiao
who dares to put 512GB data there?

