> Just have the client use a cheapish symmetric key (AES256 perhaps)

We do use AES to encrypt the files. We used a well known design where we use the public key to encrypt the AES256 key and FEK, then we use the AES key to symmetrically encrypt the file. Then we can use the passphrase to encrypt the private key. So it's kind of an onion, you use the passphrase, decrypt the private key, which is then used to decrypt the AES key and FEK, which is then used to decrypt the file. (We didn't invent this flow, it is used in several encrypted filesystems because it's a great design.) This was it is FAST (symmetric AES) plus has the total awesomeness of pub/private keys and all they imply (the idea that you can encrypt data with the public key that nobody listening can decrypt because they don't have the private key is really quite powerful).

We then use HTTPS to post this data from your laptop to our datacenter. From time to time this "double encryption" of both encrypting on the client and sending the already encrypted data through HTTPS anyway has helped keep our customers safe when HTTPS has been broken for a little while.

> Private keys (stored on their owner's PC where they should be) are still encrypted
> with passphrases in case the PC is hacked. That's how important keeping the
> private key completely private is.

The flaw in your design is that when the PC dies, you can no longer decrypt the backup because you just lost the private key.

Some online backup companies in the past have solved this by having you store your private key in yet a 3rd party "escrow" location, so you don't have the only copy and yet the company with your backup data does not have the private key either. In essence that is what Backblaze does, just in an "easy to use" way. We store the private encryption keys on one particular server, completely separate from your data. The data is all on "pods". Is it as secure? I don't think anybody can claim 100 % security, we do the very very best job we can.

I leave you with the following thought -> if you would use encryption (like TrueCrypt) on your most sensitive data, *THEN* back up the TrueCrypt image to Backblaze, even if Backblaze wanted to read your data or if the NSA put their processing power on it and cracked your passphrase, they would have nothing, because you encrypted it BEFORE it was encrypted by Backblaze and sent through HTTPS to our servers. Maybe that would allow you to sleep soundly at night?

> I'm surprised Backblaze has published so much without getting into lawsuit trouble already.

Hopefully "the truth" is a valid defense? :-) Plus I think the drive companies are aware of the "Streisand effect" https://en.wikipedia.org/wiki/... and don't want to call even more attention to the fact that every hard drive is fully expected to fail eventually.

> retail at the 10,000 drive order level

You might be surprised how little discount we get. Our last purchase of 4 TByte Hitachi drives (960 drives in one purchase) we paid $135 each before tax and shipping. "B&H Photo" sometimes wins the bid (I don't know how or why), but you can basically get that same price within a couple bucks in units of 1 or 2 from their website. Note: we have no affiliation with B&H other than satisfied customers, and B&H do not win the bid every time.

With that said, if anybody knows how to get more than $2 off "retail" please PLEASE let us know!!

> Their backup scheme require them to have access to your private key (the one you encrypted your backup with).

Disclaimer: I'm a Backblaze engineer who wrote a lot of that code.

Your statement is a bit misleading, there are two levels of security in Backblaze. Data is always encrypted, and the "private key" is a totally standard OpenSSL PEM file that yes, we store for you. By default, this PEM file is secured by a passphrase that Backblaze knows, so your data is essentially only secured by your email address and password and you can recover your password by email. This is pretty light security (if somebody has access to your email they can recover your password), so it's best for backups of stuff you wouldn't mind too much if somebody got ahold of it, like say pictures of your cat. Don't laugh, I backup my public website on Backblaze servers, there is valuable data in the world that does not need encryption, that would be info you don't want to lose but is ALSO publicly readable.

So if you are concerned at all about security, you can set your own personal "passphrase" on that PEM file that Backblaze absolutely never writes to disk - we don't store it. But if you do this you MUST remember that passphrase or your data is GONE. Without that passphrase, nobody will ever retrieve your data, not you, not the US government, not the NSA, NOBODY. You cannot "recover" that passphrase, and we don't know it. This is a good mode of security if you would be arrested on the spot for the contents of your files if the NSA got ahold of your data, because we really don't think it is breakable.

Disclaimer: I'm an engineer at Backblaze.

We do these drive statistics and observations originally for our own selfish internal reasons - this is information that is important for running our business. When we then release this kind of information, the info release is largely because it helps people hear about our company (and also maybe a little of "good for humanity" motivation thrown in there, we're Slashdot kind of people, we work in technology in Silicon Valley). But let me be clear: the information is as accurate as we can possibly make it, and we aren't pulling any punches and we aren't "in bed with" any drive manufacturers. I see this as a WIN-WIN. You get accurate and free information, and a few people hear our company name and look into what we do and maybe we gain a few customers. These posts are often written by the engineers working on the system and are trying to be as straight-forward and non-marketing as we can be.

> recreational photos take 100 GBytes per month

Are you sure? An average iPhone JPEG is only 2 MBytes or so, right? That means your wife is taking 50,000 photos a month? That's 2 photos per minute every minute she is awake, if I did the math correctly.

Disclaimer: I work at Backblaze.

> They've repeatedly published their research openly... just in case anyone cares.

"Research" sounds too official, more like "observations in our environment", but THANK YOU for the kind words. What baffles me is why nobody else publishes these sorts of drive statistics. Why is Amazon silent? Why doesn't Google name drive names and failure rates? And if the answer is: "Google gets a great price on drives in exchange for their silence" then why hasn't Backblaze been offered a deal to keep quiet yet?! I'm serious, how big do you have to get before you get the better prices on drives? We essentially pay "retail".

> the amount of cheerleading for Uber is ridiculous

Or maybe Uber is that much better than the old days (10 years ago Taxi situation)? Seriously, when I hear person after person rave about how a service or restaurant is good or convenient, I give it a try. So I tried Uber, and it was wonderful. Now I've had better and worse Uber rides, I'm no Uber shill. But over all it simply is better than Taxi service was 10 years ago, it solves ALL my main complaints.

Now I've heard the Taxi services admit they had dropped the ball and they are addressing their issues, I even heard they have Smartphone apps now. Well to some extent: screw them! I'm loyal to Uber now. Taxi's made their bed, they can lie in it and die as far as I'm concerned. As long as every time I call an Uber it shows up on my smartphone and I can watch it approach me - I'm ordering Uber. Now, if Uber service starts sucking as bad as Taxis did then I'll evaluate my choices again at that point.

Disclaimer: I work at Backblaze. Essentially this is what we did. We don't care at all if one drive dies, so we left it in an environment where we can read and write them all day (the storage pods with live customer data) and when they failed we calmly replaced them with zero customer data loss and produced this blog post. :-)

> power-cycling the drive can have an effect on its lifetime and/or reliability

Yes, exactly, why are you calling this stupid? It is interesting because it might affect your behavior - if you power cycle the drives every day, maybe you should consider leaving them powered up, if electricity is cheaper than replacing the drive. It's just an observation, leaving it out seems.... irresponsible? Disclaimer: I work at Backblaze.

Disclaimer: I work at Backblaze.

> SMART values they expected to be an indication on drive wear showed no correlation with failure

Exactly. Also, some people care more than "approximately correlates" vs seeing the actual data of exactly how correlated it is.

Neither Apple nor Microsoft have popup warnings built into the OS you get from the factory telling you anything of value that the drive in your laptop has actually lost data, or might lose data. Heck, without a bunch of configuration I don't think Linux does either?

I just cannot imagine how Apple and Microsoft can justify not warning users when they are about to lose a drive, or when data was ACTUALLY LOST but they just keep pretending the disk was fixed up and don't tell you what was lost. Meanwhile they provide silly rewrites making the GUI more flat, a purely cosmetic change. How about providing real value and more data integrity at a file system level?

> TL;DR: Buy whatever is cheapest, the odds are always the same.

Disclaimer: I work at Backblaze. I'm going to completely agree with you wholeheartedly, and say in addition you must have a backup. You don't have to use us, I'm just saying if a drive has a 1 percent chance or a 30 percent chance of failing, the actionable item is the same - keep a backup and buy the cheaper drive and restore from backup when it happens.

> over the past 10 years, I've never had a hard drive die in any of my computers while in use.

Professionally we lose something like 10 (?) drives every single day at Backblaze, but *PERSONALLY* I had a LOT of luck for a number of years, but about 3 years ago I finally lost one drive. I'm more backed up than most people, so it was a completely relaxed event. Not a bit of stress. Replace the drive, re-install the OS, and restore the data. Yet something like 95 percent of people never backup their data. IT professionals backup up their family computers, but once you are out there in "normal computer user" land, it's a horror show.

> an entire plane of people yakking on the phone

What old world do you live in? Everybody text messages now (or uses Snapchat or Whatsapp or whatever), very few people ever "talk" on a phone. Watch what happens today as the plane lands and the announcement goes out that it is ok to use phones. Of 100 people, maybe 50 quietly text their friends to come pick them up at baggage claim, and one old guy makes a fast, quiet actual call saying in an embarrassed tone "Yeah, it's me, I just landed." Then he hangs up.