Hacker News new | past | comments | ask | show | jobs | submit login

You can delete user data from backups much more quickly than that:

* Encrypt each user's data to a user-specific key

* Keep the key in hot replicated storage

* When you get a deletion request, delete the key




You still need to back up the keys? How does this solve anything?

Backups aren't just about replication/redundancy, they also protect you from bugs and other sources of corrupted data.


You can back up the keys in ways where it's very easy to purge them: no tapes, easy to recall and edit.


The fact that backups can't be accessed and modified easily for a long period of time is a feature, not a bug, regardless of the actual mechanism of implementation (like tapes). That's what stops e.g. ransomware from affecting backups in addition to the primary storage.

A backup that can be edited to delete data like an encryption key instantly when the user tells it do is also a backup that can be easily lost or corrupted.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: