{"id":13277,"date":"2016-01-13T10:53:49","date_gmt":"2016-01-13T15:53:49","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=13277"},"modified":"2016-01-13T21:29:14","modified_gmt":"2016-01-14T02:29:14","slug":"backblaze-mails-unencrypted-hard-drives","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2016\/01\/13\/backblaze-mails-unencrypted-hard-drives\/","title":{"rendered":"Backblaze Mails Unencrypted Hard Drives"},"content":{"rendered":"<p><a href=\"http:\/\/topclassactions.com\/lawsuit-settlements\/lawsuit-news\/140823-backblaze-faces-potential-class-action-suit\/\">Tamara Burns<\/a> (via <a href=\"https:\/\/news.ycombinator.com\/item?id=10881210\">Hacker News<\/a>):<\/p>\n<blockquote cite=\"http:\/\/topclassactions.com\/lawsuit-settlements\/lawsuit-news\/140823-backblaze-faces-potential-class-action-suit\/\">\n<p>Plaintiff Scott Hellervik takes issue with Backblaze&rsquo;s procedures for returning a large amount of information back to the user via an external recovery drive. When customers order an external storage drive, Backblaze then unencrypts the data that is loaded onto the drive, and ships it to the customer without added protection, according to Hellervik.<\/p>\n<p>Additionally, when shipping hard drives, the physical packaging contained very concerning private information, the class action lawsuit alleges. According to a label displayed in the court documents, Backblaze has its full name and address, drawing attention to its status as a well-known data backup and recovery company, and includes the recipient&rsquo;s name and address, of course, but also includes the customer&rsquo;s phone number and personal email address. &ldquo;USB Restore&rdquo; is listed under the department number on the label, exposing the contents within.<\/p>\n<p>According to the Backblaze class action lawsuit, &ldquo;Sending highly sensitive unencrypted personal information through the mail is reckless. By failing to encrypt customers&rsquo; personal information before mailing it (and, in fact, actively unencrypting it), Backblaze allows nefarious parties&nbsp;to target these packages (given the sensitive information disclosed on the shipping labels), intercept them before reaching the intended customers, and access their sensitive personal information.&rdquo;<\/p>\n<\/blockquote>\n<p>CrashPlan used to mail restoration hard drives using its own encrypted format. However, on January 4 it discontinued the Restore-to-Door service. Its seeding service to speed initial backups was <a href=\"http:\/\/thewirecutter.com\/reviews\/best-online-backup-service\/#comment-2352697015\">discontinued<\/a> in late 2015. So I don&rsquo;t know of any Mac backup services that get this right.<\/p>\n<p>Update (2016-01-13): <a href=\"https:\/\/twitter.com\/GlebBudman\/status\/687447071574495234\">Gleb Budman<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/GlebBudman\/status\/687447071574495234\"><p>we actually offer encrypted restore drives at no extra cost.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Tamara Burns (via Hacker News): Plaintiff Scott Hellervik takes issue with Backblaze&rsquo;s procedures for returning a large amount of information back to the user via an external recovery drive. When customers order an external storage drive, Backblaze then unencrypts the data that is loaded onto the drive, and ships it to the customer without added [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[534,146,692,209,30,32,48],"class_list":["post-13277","post","type-post","status-publish","format-standard","hentry","category-technology","tag-backblaze","tag-backup","tag-crashplan","tag-legal","tag-mac","tag-macapp","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13277","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=13277"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13277\/revisions"}],"predecessor-version":[{"id":13286,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/13277\/revisions\/13286"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=13277"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=13277"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=13277"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}