BackBlaze Reviews

Encryption is a lie

about BackBlaze · · Helpful Not helpful 3 Helpful Report as spam

Long story short: for all of Backblaze's marketing talk about security and end-to-end encryption, that is only the case if you never need to restore anything from your backup! Which is, of course, not the point of doing backups.

The idea behind end-to-end encryption is this: you use a private key to encrypt your files locally, before sending them to Backblaze servers. They only ever store the encrypted data, and, since they don't know your private key, have no reasonable way to decrypt it – neither would any malicious attacker that in some way or another gains access to your backups. If you request back your files, you get the encrypted version, that only you can decrypt again with your private key, which is supposed to never leave your computer and control. Never sharing your private encryption key with anyone is the whole point of end-to-end encryption.

Backblaze pretends to uphold this while backing up your data. You enter your private key in the client, your data is encrypted locally before transmission. That is, as long as you trust that that's really what their closed-source client is doing behind the scenes.

I have been happy with this – until I actually needed to restore files from a hard drive that died. In short: there doesn't seem to be a way to restore your files without first sending your private encryption key to Backblaze, letting them decrypt your data on their servers, and send the restore to you. Backblaze claim to have years of experience in implementing security. And then they do that! Sharing your private key with anyone is the absolute biggest "no-no" in information security. It should never, ever be done. But this is exactly what Backblaze requires you to do if you want to retrieve your backed up files.

You have the option of either downloading a backup as a ZIP file, or having it delievered to you on a USB drive or hard disk. In the ZIP method, you request your backup through the web interface. You supply your private key, select what to restore, then wait for Backblaze to prepare an unencryped, not even password-protected, ZIP archive of your files on their servers for you to download. If you choose the USB method, you still have to supply your private key. They will decrypt your data, and actually re-encrypt it on the USB drive for some semblance of security in transit of the drive to you, but it will be with a separate encryption key that is displayed to you in your account. Hence, Backblaze still handles your data on their servers in unencryped form.

All of this turns the entire concept of end-to-end encryption into a fake, a completely pointless exercise. Because you'll have to undo the entire security effort the moment you want to get back any of your files. And why would you set up a backup solution if you never intended to retrieve any files from it?

This may sound harsh, and since I don't store any really sensitive data with them I'm kind of fine with still using their service – the price is good, the servers fast, the client nice. But I really hope they'll step up their game and actually follow through on their promises of security and encryption. Looking at their marketing talk on the website now, it all seems like one big lie. I believed in the lie for more than two years, because only when you get to the point of needing to restore files, you realise that none of it was true.

If you care about encryption, CrashPlan is probably the better choice for now. Their servers may be slower, their client harder to use, and generally less stable and performant (Java! Ugh! Who still uses Java for productive software?) but they seem more concerned about letting actions and processes follow their promises. Technically, you still need to trust a closed-source client, so for the really security-aware it's still not an option. But their solution seems much clearer and thought-through. For reference and comparison, here are CrashPlan's promises on private key encryption: "Encryption key exists only on source computer. Your custom key is never cached at any remote location. The custom key is held in memory for the purpose of restoring files; it is never written to disk. The custom key is flushed from memory once files are restored."

All of these promises are fundamental for encryption to make any sense at all. Backblaze breaks all of them. If CrashPlan at some point does the switch to a native client, which they've promised for many years now, Backblaze will have a very tough stand. And if they actually made their client open-source to make independent security audits possible, that would pretty much enable them to beat all of their competitors. Let's see how things develop on both sides.

[Edited by Anamon, January 07 2018]


Beware of long-term usage

about BackBlaze · · Helpful Not helpful 2 Helpful Report as spam

I have had Backblaze for a few years now, and at first I thought it was perfect. It still works... kind of. But after I reported slow backups, a tech support guy revealed to me that the lists of backup history are kept INSIDE the app folder, and they grow larger and larger as time goes on, and this slows the app down. The only way to fix the problem is to start a NEW backup, which means spending some time building up to a fully backed-up state again, during which time your files may be vulnerable.

To give you some idea of the size of the problem: my regular backup runs nightly between 0000 and 0700, and tonight I'm up after midnight so I'm watching the status on the preferences pane. It is now 0051, and it still says "Producing file lists" in the status. This means that it has spent almost an hour JUST DECIDING what to back up. Not a single file has been backed up yet. The thing is pretty much impossible to use during the day now because my whole machine slows down during that phase, which is why I schedule it overnight. But it's struggling, and sadly I think I may have to put it out to pasture and find an alternative system in which the designers have thought things through a bit better.

about BackBlaze and CrashPlan PRO · · Helpful Not helpful Report as spam


  • 2x4TB, 2x2TB, 4x1TB and some SDDs as network connected drives. BB?


  • no individual files / folders backup / just drives backup
  • it's either the C:\ (no un-select) or everything else is a problem (usb hdd did not back up).
  • (private) no network drives is a problem / local only and "unlimited amount of files" just do not rhyme, so... ridiculous marketing. (Compare Business Plan 1 x 4TB hdd will cost you 20€$/$+ per month, that's the true pricing of BB)
  • no customized install
  • some of the preferences and adjustments for backups are online, which is inconvenient
  • NAS backup to pricey

So, pricing, limited tech is what one would get. Also you should read up what will be backed up (personal backup), it's not that much


  • bootdrive restore is an amazing option if it works (I could predict that multiple bootups will be a problem if it's not a partition backup);
  • options to backup right from the NAS and other backup solutions


  • gonna save for additional drives and make a local backup

Won't install

about BackBlaze · · Helpful Not helpful Report as spam

Looks like a good solution, but won't even install on my Windows 7 64-bit machine.

ERR_ERROR: something went badly wrong in Installer_CallBzTransmit_
AtInstallTimeCreateAccountAndAddHost so exiting installer.



The perfect solution for stubborn mates

about BackBlaze · · Helpful Not helpful Report as spam

This is the program I suggest to family and friends. For some people, simply connecting an external drive and clicking "backup" once a week is too much work. Backblaze is cheap, only $5 a month for unlimited backup. It's simple, just install and it backs up everything, which means there's nothing to configure. It's automatic, always running in the background. It's the perfect solution for stubborn mates.

I recently switched to this from Spideroak. I set a private encryption key, and my only nitpick is that you must provide this password if you wish to restore your files.