How (un)safe is web restore? How does it function?
Currently I'm investigating Acronis Online Backup as my new online backup solution. I have chatted more than an hour with a friendly customer support engineer, but unfortunately (s)he was unable to answer my questions. Hopefully someone on this forum can.
Private/local encryption/decryption of my data is extremely important to me. Much to my surprise Acronis Online Backup asks for my encryption key (in the browser) when I want to view my backup (even before restoring files).
Currently I use Mozy Home. They allow me to view folder/file names online and download those files which are "garbage" until they are locally decrypted using a small executable that asks for my encryption key. This is safe enough for me. Files are only transferred (and stored) from/to (on) the internet in encrypted format.
However, I'm not sure Acronis Online Backup is as safe as this, as I have to enter my private encryption key in the browser. Since the browser obviously does not know how to decrypt files with that key, the decryption seems to happen server side.
Is it really true that:
1) Acronis gets my private key? (allowing them to view everything in my online backup!)
2) Files travel decrypted over the internet when using web restore? (allowing hackers to eavesdrop)
And for completeness: what happens if I use the client software only? Where does decryption happen then?
Are they transferred over https all the time?
I hope someone can tell me/us.
I'm not going to test this feature (entering my private key in a browser?!) without knowing what's going to happen (with the key).
Are there developers on this forum that can explain the (security) architecture?
Just remembered that I'm still in trial and did not upload any sensitive data.
Therefore, I will investigate web restore and use a new encryption key if I choose Acronis Online Backup.
Unfortunately I just discovered that the online storage is currently unavailable...
Service is up again.
After entering my private encryption key in the browser (yikes) I see an interface similar to the Windows client. The file selected for restore is downloaded as a zip file that can be extracted without a password and is already decrypted. So decryption indeed does seem to happen server side.
This is a real disappointment for me...
So I'm not going to use this web restore feature ever. However, if I only use the client, can I be sure that files are always encrypted/decrypted locally and my private key remains private?
I'd really like an answer from a knowledgeable Acronis employee!
My trial license expired. Now I can't even contact Acronis about this?
How can I get an answer to my question now?
I'd really like to have an answer before subscribing to this service.
My trial license expired. Now I can't even contact Acronis about this?
How can I get an answer to my question now?
I'd really like to have an answer before subscribing to this service.
Acronis Online Backup is extremely unreliable. Stay clear!