
Crashplan bans particular filetypes and removes them from customer accounts - rsync
https://www.theregister.co.uk/2019/05/21/crashplan_changes_file_exclusions_to_anger_of_customers/
======
Someone
If they really deleted lots of user files from all their user’s backups I
would think the company is suicidal. Users will sue, and even if (seems highly
unlikely to me) Crashplan wins every case brought against them, it will cost
them too much in money and attention.

~~~
toomuchtodo
As a user you’ve probably agreed to Ts&Cs that mandate arbitration and
Crashplan reserves the right to “downsize” your backups at any time based on
their sole judgment.

~~~
Someone
T&C are at
[https://support.code42.com/Terms_and_conditions/Legal_terms_...](https://support.code42.com/Terms_and_conditions/Legal_terms_and_conditions).

I didn’t read all of them, but could not find an arbitration clause. I did
find

 _”9.1 Exclusion of Damages. Neither Code42 nor you are liable for any lost
profits or business opportunities, loss of use, business interruption, or any
indirect, punitive, special, incidental or consequential damages under any
theory of liability. This exclusion applies regardless of whether Code42 or
you have been advised of the possibility of those damages and regardless of
whether any remedy in this Agreement fails of its essential purpose.

9.2 Cap on Monetary Liability. The maximum aggregate liability for Code42 or
you for claims under this Agreement will not exceed an amount equal to the
total fees paid or payable to Code42 for your use of the Offerings in the 12
months prior to the event giving rise to the claim.”_

I’m not sure that will hold up in court. I’m fairly sure it won’t in European
courts, given the advertising text on [https://www.crashplan.com/en-
us/](https://www.crashplan.com/en-us/):

 _”CrashPlan® for Small Business makes protecting all your files on your
devices, including external hard drives, fast and easy.

[…]

Customize File Retention

You control how long we keep your deleted files.”_

------
xfitm3
Client side encryption is critical. CrashPlan has no business having the
ability to inspect file contents.

~~~
teh_klev
Perhaps they're just looking at the file extensions, looks like they also
check the source folder paths as well:

[https://support.code42.com/CrashPlan/6/Troubleshooting/What_...](https://support.code42.com/CrashPlan/6/Troubleshooting/What_is_not_backing_up?#Admin_excludes)

And the thing is it's not practical to encrypt _every_ file such as VM images
every time your backup is scheduled to run.

And also Crashplan's client already encrypts your data client side before
squirting up to its cloud. I don't know if they store your encryption key(s)
cloudside or not, would be pertinent for them not to.

That all said, I doubt I'd be inclined to use them, preferring Tarsnap instead
I think.

~~~
bayareanative
End-to-end encryption of metadata and data costs almost nothing these days. In
terms of liability, knowing anything about clients' data or metadata present
unreasonable risks. SpiderOak, Tarsnap, BackBlaze... I still have to due-
diligence Rsync.net, iCloud and Box. Dropbox, Microsoft, Google Drive, Mozy,
iDrive and now Crashplan are no-go's.

~~~
teh_klev
> End-to-end encryption of metadata and data costs almost nothing these days.

Oh sure. But from what I can discern from Crashplan's website, the encryption
_appears_ to be end-to-end, i.e. their client side app does the encryption
(and hopefully the keys are only stored locally, so once the data is in their
cloud no-one can peek at your data - ala Tarsnap). Realistically you cannot
pre-encrypt every file on the machine you're backing up as the parent
commenter suggested (show me an encryption app that can properly handle
locked/in-use files - especially on Windows), you need to have some trust that
the backup provider you're using _can be trusted_ and be trusted not to
communicate your encryption key to their cloud as well.

But I agree, Dropbox etc...I wouldn't dream of using them "as-intended" with
their client apps because I can't trust they're not looking at stuff they're
not supposed to be. The only time I work with these products is via my web
browser.

~~~
dividuum
I guess that's why you'd want to use tarsnap, borg or restic. All of their
source code is available and ready for inspection and no trust is required if
you have the time and capability to verify their claims.

------
arthurcolle
Backup company doesn't allow backup files or VMs for their official "business
tier" plans?

Someone didn't think this through. I'd ditch the service immediately if I used
it personally. There are so many decent backup options nowadays.

~~~
gridlockd
It's the "small business" tier which they migrated some of their users to,
after shutting down the "consumer" version of Crashplan.

I'm pretty sure they ran the numbers and figured that a small number of jokers
backing up images of _live_ VMs were using up an enormous amount of disk
space. That's likely thousands of dollars of cost for a couple of dollars in
revenue per month. I can see how they need to get rid of these people.

Having said that, not notifying their customers beforehand is beyond
negligent.

~~~
shimfish
FWIW, I got an email from them months ago warning about this.

After a decade of using CrashPlan, I'm on the verge of jumping ship. Just
thought I'd check and apparently it has silently been failing to backup for
nearly two days. Also, I can't access the restore function at the moment.

------
oftenwrong
Deleting customer data without warning is probably the #1 way to sink the
reputation of your backup company.

~~~
londons_explore
My guess is they did this because storing these file types made their business
unprofitable. This might be a last ditch move to try to get into
profitability.

------
classics2
Business suicide is fun to watch.

------
bayareanative
Tarsnap and/or BackBlaze are saner alternatives.

------
Havoc
Deleting VMs on business accounts?

What joker thought that's a good idea

~~~
gridlockd
It's _small_ business accounts. Now even smaller!

