
Ask HN: What's the best solution for secure long term storage of personal data - kylesf
Just doing some thinking on how I can go about securing my personal data on top of backing up to single drive.<p>I would like a solution that is:
- Fireproof
- Waterproof
- Corruption proof<p>Seems like the best solution is the cloud but my concern is data integrity and security.<p>I might be able to set up software to bundle and encrypt my data from a RAID array and do monthly uploads to perhaps an S3 bucket since online storage is relatively cheap.<p>What are your thoughts?
======
Nomentatus
You do want online storage. However, I feel better with an external drive
archive, too. Note that this drive should never be connected to your online
computer, ONLY to an air-gapped computer (due to ransomware that can encrypt
external drives - and perhaps online drives - too.) In theory you need to use
a fresh USB drive for every transfer to the airgapped computer, too, due to
Windows vulnerabilities that work even if executing USB files has been turned
off in the air-gapped machine.

We very badly need external drives with a hardware switch that turns off
overwriting or deletion, with the possible exception of the last file
accessed. (So maybe two switches.) Such a drive wouldn't be so vulnerable to
ransomware, and you could drop the air-gapped computer and keep it plugged
into your main computer for convenient or automated backups.

If someone would like to share a patent on such a device, lemme know.

~~~
kylesf
Sounds like a promising solution. Almost like a multi container smart drive.
New partition/vm are created on drive insertion leaving old sectors locked
down unless physical switch is active.

------
dlahoda
I was thinking like you, but given my life I think to try next:

2 back PCs (1 fan less and one my old laptop) and my 1 main laptop(producer)
connected via open source private VPN and data sync via distributed network.
One PC will be in my parents home via 4G/LTE (on any other place I visit from
time to time, like office) and another my home (usual cabled internet).

Data backed into single place or via single authority is NOT safe or proof.
This relates to all online services you use (email, chats, bookmarks, clouds,
news, etc).

Producer Laptop file system should be ReFS or ZFS or BTRFS (with integrity
checks) or RAID for duplication. Memory should be ECC on main laptop, but hard
to buy such. Encryption of all hard drives. Probably USBkill switch on 1 back
PC. May be running services in containers (VM or docker).

Some no secure info like my photos could be not encrypted on storage to make
it more cheap, i.e. should differ private vs not so data. I will backup
private keys or my crypto wallets manually onto devices which does not looks
like storage (e.g. old camera or broken mp3 player).

I am looking into next combo, but still could use other variants:

[https://syncthing.net/](https://syncthing.net/) ```

    
    
        Private. None of your data is ever stored anywhere else other than on your computers. There is no central server that might be compromised, legally or illegally.
        Encrypted. All communication is secured using TLS. The encryption used includes perfect forward secrecy to prevent any eavesdropper from ever gaining access to your data.
        Authenticated. Every node is identified by a strong cryptographic certificate. Only nodes you have explicitly allowed can connect to your cluster.
    

```

[https://www.zerotier.com/](https://www.zerotier.com/) ``` Our mission is to
directly connect the world's devices with powerful, easy, and secure network
virtualization. ```

[http://www.fanlesstech.com/](http://www.fanlesstech.com/)

------
dsacco
I backup all my data to a local SAN, Backblaze B2 and Google Drive. Restic
encrypts and deduplicates all data on the client before uploading it to the
cloud.

~~~
kylesf
Checking out rustic now. Seems like a good answer to my problem. Thanks.

------
wglb
I use [https://www.tarsnap.com/](https://www.tarsnap.com/).

