General, minimal principles





How-To Geek's "What's the Best Way to Back Up My Computer?"
Eric Griffith's "The Beginner's Guide to PC Backup"
/r/techsupport's "backuptools wiki"
Hugo Barrera's "Performing backups the right way" (Linux)
/r/Backup



If rebooting or updating OS or re-installing OS is an ordeal you dread doing, probably this is a signal that you don't have good backup/restore in place.



Paraphrased from W. Curtis Preston on Security Unfiltered podcast episode 63:
+/-
  • SaaS services (O365, GSuite, etc) do not back up your data. Read their TOS; they don't promise to preserve your data. And they don't give you a "restore" button. They have backups to protect their company and keep the service running. You are responsible for backing up your data.

  • Ransomware is now targeting backups. You need to properly secure your backups. They should be offline, air-gapped, encrypted. If you have a live backup server on your LAN, maybe use a different OS and different authentication from your main system.






Data you could back up





Good idea to save snapshots of disk configuration into files, and back up those files, so you can rebuild the configuration of your system if necessary. Maybe a (Linux) script containing:

sudo blkid | grep -v squashfs >saved.blkid.txt
cp /etc/fstab saved.etcfstab.txt
lsblk --fs --list --paths >saved.lsblk.txt
sudo fdisk --list >saved.fdisk.list.txt
sudo inxi -Fmpx >saved.inxi.txt
tar --create --file saved.dot-ecryptfs.tar ~/.ecryptfs/*
# .ecryptfs files let you use ecryptfs-recover-private to recover access

Good idea to save browser things such as bookmarks, settings of "trained" browser add-ons (such as uBlock Origin, uMatrix, Privacy Badger, CanvasBlocker), digital certificates, into files and back those up. Also export RSS feed subscriptions out of email client or RSS reader to a file that will get backed up (but list of feeds may not be enough, you may want the whole database that shows which items you have/haven't read).



If you have data spread across half a dozen laptops and tablets and phones etc, maybe start by making a list of everything. Then see if you can simplify: get rid of some devices. Also, what data can be deleted, or just not backed up ? Then consider consolidating data onto a file-server, which you then back up. Or create a server (or cloud server) that runs backup server software, and install backup client software on each device.
Lewin Day's "What Losing Everything Taught Me About Backing Up"



Have backups, don't just keep your data online

+/-
Google, from DrStephenPoop on reddit:
+/-
> BACK UP YOUR DATA

And not just what's on your hard drive.

Do not trust the cloud!

Google recently ended my account for an unidentified TOS violation. I am not sure what I did. I just logged into gmail one day and instead of an inbox I saw a message saying my account had been disabled. I lost:

8 years of email contacts

6 years of favorited YouTube videos

About a dozen videos I made with my brother that were uploaded to YouTube.

All my Drive/Doc files including original writing.

My passwords to several sites, including banking and insurance sites.

Three albums I had purchased from Google Play.

Here's the kicker: I was a google believer. I am one of the 5 or so non-developers who actually owns a first generation Chromebook. I believed in the cloud!

Use and enjoy Google's services, but do NOT rely on them. Even though you buy their computers and purchase music from them, you are STILL not the consumer with google. You are the product (sold to advertisers). So when you are shut out from their garden, you have no customer service to appeal to, or to even find out why you got tossed. You might as well be staring at an angel with a flaming sword, wondering where your pants are.

> Didn't you contact Support ?

When you get the "your account has been disabled" screen, they give you a link to voice your grievance. After submitting, you get a message that says something to the effect of: "If we find we have reason to contact you, we will contact you."

You can also go the community forums and plead for help. Sometimes someone associated with google will actually say: "I'll have people take a look at this." Despite all my pleas, I never got a response. That is as far as support goes. You are not a customer. You are the product, and you are merely a commodity. Have you ever heard of "commodity support"?
Tienlon Ho's "Can You Live Without Google?"
Gonzalo Sainz Trapaga's "A new and innovative way for Google to kill your SaaS startup"
Desirea Calvillo's "When You Get Locked Out of Your Google Account, What Do You Do?"

Facebook, from someone on reddit:
+/-
A few days ago my Facebook account was disabled suddenly and without warning. I've gone through what I thought was a fairly routine appeals process - filled in the form they link you to when you try to log in and included a scan of my photo ID as they requested to prove I'm a real person etc. However, I just received an email from Facebook saying the following:

> ... Upon investigation, we have determined that you
> are ineligible to use Facebook. ... Unfortunately, for
> safety and security reasons, we cannot provide
> additional information as to why your account
> was disabled. This decision is final. ...

This is really bizarre and quite upsetting - it's easy to forget just how much we rely on this service. If I can't get my account reactivated, that's six years of content (and memories) lost, and a huge blow to my ability to keep in contact with some friends and family.

The only possible reason I can think of for my account being disabled is what I was doing at the time - sending some photos to someone through the private messaging system. Some of the photos were (mildly) adult in nature (at her request!) which could be deemed a breach of the Community Standards if you look at it in strict black and white terms ("Facebook has a strict policy against the sharing of pornographic content"). However I can't bring myself to believe that there is someone monitoring private message attachments and instantly banning people if they see boobs. Beyond that, I genuinely can't conceive of a reason as to why my account was singled out for anything.

Any advice would be appreciated as to what I should do next - I am not yet willing to just give up and lose all of that content. I have replied to the email, though I doubt anyone will read it, but beyond that there's really no other contact options I can see, and Googling this problem does not produce much beyond more horror stories like this.

Google from /u/sugarbreach on reddit:
+/-
I am writing this to warn Google users to back up their data, and to realize that everything you take for granted can be taken away in an instant.

About a week ago I attempted to log into my Gmail account and was greeted with a page saying my account was disabled. It says that it was disabled due to a perceived violation of the terms of service and product specific polices. I have read and reread the google terms of service, and I know I haven't done anything to violate them. The only possibility I can think of is that someone may have hacked into my account. I have been an enthusiastic gmail user since it first came out in beta, and you had to be invited to get an account. I have relied on google apps to make my life easier. I have filled in their account recovery form, and even tried calling members of the Gmail team, but have had no luck. I also have posted on the gmail help forum, but an expert there said he contacted google and there was nothing he could do and google wouldn't tell him anything "for privacy reasons".

This has created the ultimate real-life nightmare, and has turned my life upside down, a few examples of which are listed below.

All of my contacts were linked to this account. I now do not have access to emails, phone numbers, addresses, etc.

My google voice telephone number is no longer working. I had this phone number on my business cards and email signature, and now when someone dials the number, they are given an error recording. "We could not complete your call, please try again".

My youtube account with many videos I cherished of my children are now gone.

I have all of my photos backed up to the account for nearly my entire life, as I thought this was the safest place to keep them (the cloud!) I have photos of my beloved grandparents who have since passed away, and the thought that I can no longer access these photos makes me sick. I also have thousands of pictures from vacations and of my children that I fear are gone forever.

A nice chromebook that I purchased to access all of the google apps is now almost useless since my account has been disabled.

I have multiple documents in my google drive that I have spent hours of work on, and can no longer access them.

I placed an enormous amount of faith and trust into google's products and services, as millions of people have worldwide. It is a shame that something this important in someone's life cannot even warrant a response from a live person at Google.

I have been very depressed because my entire life was encased in google's products, and now everything is gone.

Again, I am writing this to warn others that this can happen to anyone at any time, so it would be wise to back up treasured items in your google account. Ironically, google provides the means to do this through their "takeout" app, which I did not learn about until after my account was disabled. If there is anyone out there reading this that can offer any guidance for getting my account reinstated, I would sure appreciate it!

Apple, from someone on reddit:
+/-
[To someone who lost files:]

Apple has two backup options, iCloud and iTunes. iCloud backups generally do not backup content (see section 3 re: Your iCloud Backup includes information about the content you buy, but not the content itself.) from apps, including Books, but they do backup your purchase history. If any [lost]] files were purchased through Apple, you can likely recover them by re-downloading them. Files you manually store or re-direct from your Mac or iOS device in iCloud are not considered to be using iCloud backup. They are stored in iCloud drive, but they do not recover automatically as part of Apple's restore process.

Conversely doing a backup via iTunes completes a snapshot of the device in the moment, including current content. If you set up a backup cycle, iTunes uses a feature called incremental backups to ensure future snapshots only capture data that's been changed or added since the previous backup. For the future, using both in conjunction with one another is key to ensuring your data is backed up. Apple's iCloud service is useful in some regards, but on mobile devices it's only asset is syncing purchase history and device settings.

Dashlane, from someone on reddit:
+/-
Dashlane Deleted Me. A Cautionary Tale:

Consider this a word of warning to Dashlane users or those considering it.

We all have a lot of passwords to remember, right? Why not an application to remember them. You know, for all us folks out there with memory problems, or enough to keep track of already. Seems like the perfect solution, no? Not so fast:

I have an account with Dashlane, or should say they have my account. All of my accounts. I have no access. I have recently had to reformat my computer due to Windows 10 file corruption (that's another story). In the process I lost my backup passwords list. Now I am locked out of all of my important emails and accounts because Dashlane did not recognize my device. I am unable to receive the authentication token required to log in because Dashlane has all my passwords. Thus, I am unable to sign in to the email account. I have tried to recover my email account as well, to no avail (yet another story). I have tried my best to answer their customer support questions via email; one I just made for the purpose, to the best of my knowledge, and submitted my ID drivers license. All of which their customer support found unsatisfactory. You need to remember quite a bit of the top of your head and have a memory like a steel trap to be authenticated. Short of a urine sample, or blood draw, I am unsure of how I can prove I am who I say I am. (Sorry for the dramatism, but it is extremely frustrating)

I know my circumstances may seem a bit extraordinary. The perfect storm, if you will. however, I am certain I am not the only one. Nor will I be the last. Nevertheless, now I am locked out of all other accounts, financial and social. All due to not having access to my passwords. And absolutely no further recourse. I am exploring legal recourse, and I will update you on this when I'm done talking with my lawyer. This is financially devastating. So consider this a word of caution, users. Don't fall as hard as I am falling right now. I have been digitally deleted, all in the name of and despite security reasons. So don't make the same mistake I did, I recommend writing down your passwords and keeping them in a safe place.

Credit-card chargebacks on Google and others, from justAnotherLedditor on reddit:
+/-
So early Black Friday sales happened last month and I picked up a Google Pixel 7 since my previous phone was nearing 6 years old and starting to die every few hours.

Due to some funky error, whether I accidentally put two phones in the cart, I don't know or remember. I ended up getting double-charged and realized I got shipped two phones.

I contacted Google Support to start a return for a refund on one of them, and the first support person was great ... up until the next dozen support staff throughout this stupid journey.

Turns out that the package I shipped back to them never made it back. I spoke with support and I got the most generic responses ever from a person that doesn't speak English (once they stopped making generic replies, it was quite evident).

They escalated the problem to a supervisor. The supervisor told me that they would do an investigation, would take about a week.

Beginning of this week, investigation ended. They say the package was indeed most likely lost but the representative I spoke to said I could just chargeback with my credit card. So I did.

Today, my Google account was banned. 15 years of history gone.

I went on the support chat for the umpteenth time and they told me because I did a chargeback, the rules are that my account will be banned. I asked why they suggest for me to do a chargeback, when they could have just refunded themselves, and they said the support I spoke to should never have suggested it but rules are rules.

Been trying to fight this but looks like Google support is utter trash. After looking online, it seems like this is their most stupidest policy, and it exists across most other platforms too. [Other people say same at Steam, EA.]

Jon Christian's "Deleting the Family Tree"
DanDeals' "PSA: Don't Mess With The Google!"
Alex Hern's "Pixel phone resellers banned from using Google accounts"
"A few reasons not to organise on Facebook"
Killed by Google

Matthew Miller's "SIM swap horror story: I've lost decades of data and Google won't lift a finger"
David Murphy's "I Lost Nine Years of Photos by Locking Myself Out of My Google Account"
Leo Notenboom's "A One-step Way to Lose Your Account ... Forever"

Paraphrased from someone on reddit 11/2019:
"As a prank, a friend changed the name of our WhatsApp group to something obscene. WhatsApp then banned the group and the accounts of everyone in the group ! My account has been banned !"
[Related: don't let unknown people add you to groups; you could get suspended or banned for being added to a malicious group. In Android app, relevant setting is Settings / Account / Privacy / Groups.]

Paraphrased from someone on reddit 12/2019:
"My Facebook account got banned (maybe for creating two accounts ?), and then a week later my WhatsApp account got banned too, I assume because my Facebook account got banned."

What happens to your Android phone if your Google account gets banned ? Your phone is logged in to that account all the time.

New Google TOS quoted by someone on reddit 11/2020:
"If your account is inactive in Gmail, Drive or Photos for more than two years, Google 'may' delete the content in that product. So if you use Gmail but don't use Photos for two years because you use another service, Google may delete any old photos you had stored there. And if you stay over your storage limit for two years, Google 'may delete your content across Gmail, Drive and Photos.'"

Some photo-storage or photo-gallery sites feel free to downgrade the resolution of large photos or all photos, assuming that human viewers won't be able to see the difference. Know the exact policy of the site before using it, if this matters to you. The downgrading may happen as owner uploads, or may happen when a user "views" and/or when the owner "exports". You may have to test carefully to understand what is done.

Cloud-connected devices maybe can be remote-wiped or have files deleted by the manufacturer.
WD My Book Live disaster



If you lose a cloud account, you can lose stored data, your calendar, remaining time on a subscription, any accumulated credit or "reputation" or gift cards, network link that makes some device (such as Amazon Echo, Google Home, etc) work, playlists, contact list, media you had bought or stored there, etc.

Do NOT use Facebook or Google or Apple or Microsoft as your login to lots of other web sites. Not only does it let your activity get shared to Facebook or etc, but if Facebook or etc ever deactivates your account for some reason, you've lost access to those other sites too.

Do NOT use Google's online password manager (holding passwords you've saved in Chrome or Android). If Google ever deactivates your account for some reason, maybe you've lost access to those other sites too, I'm not sure.

Do NOT use Facebook or Google or Pinterest or Amazon or etc as the sole, critical host of your business, if you can avoid it. They give the "appearance of ownership", but in fact you do not own the platform, you have "digital tenancy". If the service ever deactivates your account for some reason, your business is dead. And content you write on them (in FB Pages, Amazon items for sale, etc) probably is in a non-standard format and hard to move to elsewhere. If you absolutely must use such a service as your critical host, plan for the possibility that they may drop you. Keep backups, have a separate web site and email, have pages on other services, etc.

Do NOT rely on a high page-rank in Facebook or Google, or a high reputation rating in Amazon or iTunes or YouTube or AirBNB or Yelp or something, as the critical asset of your business, if you can avoid it. The algorithms behind those can change at any time. A couple of bad reviews from users can harm you greatly.

Do NOT use a free email account supplied by your ISP or cell-phone service provider. If you ever change service provider for some reason, you may lose that email account.

Maybe some people don't consider their email/messenger to be "cloud data", but it is. If you're saving 10 years of past messages in GMail or WhatsApp or something, it may be valuable to you, and it may be used or deleted by a hacker if your account gets hacked. It also may be hard to back up, and may be hard to move to elsewhere. I'm a big believer in keeping your email account as close to empty as feasible. Clean it out !

Alberto de Murga's "How to back up your Git repositories"

If you're running a business on a cloud service (Facebook, eBay, Shopify, Etsy, GMail, Amazon, AirBNB, etc), back up your data. The service may or may not be backing it up for you. Even if they are backing it up, getting it restored may take a while. And if they turn off your account for some reason, you need that data so you can move to another platform and continue to serve your customers. These services give the "appearance of ownership", but in fact you do not own the platform, you have "digital tenancy". If there's a way to use a custom domain name that you own, that's safer than using one provided by the service: if the service fails then you can make the domain name point to some new server. Same is true of a phone number, especially a VOIP number: you don't really own it, the provider owns it, and you can lose the number through disuse or failure to pay or some other mishap.

Do you actually "own" the things you think you own ? If a friend set up your domain registration or email account for you, is it in their name or yours ? If an employee administers the company email accounts on GMail, is the employee's personal account the only administrator for the whole company ? If someone gave you a used computer or phone or something, whose name is on any accounts or subscriptions associated with it ? If your relationship with your spouse or partner is failing, whose name is registered as the owner of various accounts ?

If you do lose access to something important, be wary of threats in search results. Lots of sites have been set up to provide "Facebook Support phone number" or "Unlock your banned WhatsApp account" or similar in search-engine results. But these big vendors with free services (Google, Facebook, WhatsApp, etc) deliberately do not HAVE a phone support number you can call. They have hundreds of millions or billions of free users; the LAST thing they want is for users to be able to call humans at their company. Any search result that gives you such a phone number is trying to connect you to a scammer. At best, they'll try to sell you something. At worst, they'll install ransomware, steal your money, and sell your information.



Other things to back up

+/-
Do "backups" of old non-electronic data, such as family photos and diplomas and such. Scan them and back up the images.

From Justin Carroll on an ITRH podcast:
Kinds of information (for you and everyone in family, and pets) you should have backed up and available (carry with you) in event of a disaster:
  • Biographical (driver's license, passport, birth certificate, wedding license, divorce decree, firearm licenses, military history, etc).
  • Medical records (prescriptions, vaccination record, test results, etc).
  • Ownership and Financial records (titles of house, vehicles, insurance policies, bank accounts and statements, photos and info of expensive items, credit reports).
  • Other (family photos, etc).
Lisa Rowan's "Keep These Financial Records in Your 'Go Bag'"

Do a "backup" of your own memory: in a simple text file, write a summary autobiography. Dates and places you lived, went to school, worked, traveled, etc. Names of friends, roommates, coworkers, etc. Memory fades over time.



You don't have to back up everything. Consider what you're willing to lose. For example, I don't back up my operating system or applications. I can re-install them easily from the standard places.





Destinations to back up to





Backups to the cloud

+/-
If you do backups to the cloud, don't leave those backups accessible from your machine via a "cloud drive" that is always mounted (shows up as drive H: or something). If you get hit by malware, it may affect files on all accessible drives, including your backups in the cloud.

Apparently, automatic cloud backups of your phone data can expire and be deleted if you don't use your phone for many months. Android backups in Google Drive Backup are deleted if you don't use the phone for 2 months ? iPhone backups in iCloud are deleted if the iCloud account is not used for 6 months ?

A factor to consider: today's cloud backup may be encrypted so well that no one can crack it. But that encrypted data may still be available somewhere in the cloud 20 years from now, and maybe 20-years-future technology WILL be able to crack today's encryption.

Some photo-storage or photo-gallery sites feel free to downgrade the resolution of large photos or all photos, assuming that human viewers won't be able to see the difference. Know the exact policy of the site before using it, if this matters to you. The downgrading may happen as owner uploads, or may happen when a user "views" and/or when the owner "exports". You may have to test carefully to understand what is done.

Eric Griffith's "Back Up Your Cloud: How to Download All Your Data"
Adam Dachis's "How to Protect Your Data in the Event of a Webapp Shutdown"



Note: a Btrfs or ZFS snapshot stored on the same disk as the original data is not a backup. If the disk fails, you lose the data and the snapshot.

Note: RAID is not backup. Some forms of RAID can provide recovery from some forms of disk hardware failure. But if you accidentally delete files, those files are deleted from everywhere in the RAID. Similar for files encrypted by ransomware. And usually all disks in an array are right next to each other, so a single event such as a power surge or fire could take them all out at the same time.



Paraphrased from Restore It All podcast episode 160:
+/-
  • There is a difference between backups (retain for maybe 2+ years) and archiving (retain for maybe 10-50 years).

  • There are special cloud-archiving services, but it may be slow and expensive to get your data out. Amazon S3 Glacier

  • Flash and SSD are bad for archiving, because they have to be powered-on every 6 months or so to retain data.

  • HDD is bad for archiving, because the bit sizes are made as small as possible.

  • LTO tape is best for archiving. Wikipedia's "Linear Tape-Open"

  • M-DISC (DVD form-factor, compatible with DVD drives) is a newish technology that may be great for archiving. Wikipedia's "M-DISC"






Ways to manage the backup process



Type of backups

+/-
  • Full image: a block-level copy of the whole raw disk/partition contents.

    Good: Everything is copied, even hidden data and bootloader etc. Restoring is simple, everything gets copied back in one operation.

    Bad: Takes a lot of space and time, even if few files have changed. Restoring is an all-or-nothing operation, you can't restore just part of the system.

  • Full file-level: all files under some directory are copied, as files.

    Good: Simple and clear. You can do it manually if you wish. You can see and test what you did. Restoring is flexible, you can copy back only the files you need. Uses only standard default OS applications.

    Bad: Takes a lot of space and time, even if few files have changed. May miss hidden stuff or bootloader. Will miss partition table.

  • Incremental file-level: changed files under some directory are copied, as files, and stored as deltas from previous versions of the files.

    Good: Fast and space-efficient. Restoring is flexible, you can copy back only the files you need.

    Bad: Something has to decide what files have changed, which is tricky and maybe slow. May miss hidden stuff or bootloader. Restoring requires specific software, usually.

  • Incremental filesystem-level: filesystem marks "snapshot" points, and keeps track of state of everything at each snapshot.

    Good: Fast and space-efficient. Every detail of filesystem can be saved/restored.

    Bad: You have to decide when to take a snapshot, and you may forget or do at inappropriate times. I think all things that have changed will be saved/restored; no detailed control. Not supported by older filesystems. A newish feature, so may have bugs.




In incremental file-level backup, how to decide if a file has "changed"

+/-
One or more of:
  • Metadata:
    • File size.
      (Danger: some files such as encrypted container files never change size.)
    • Modified time.
      (Danger: some database or encryption apps may not change modified time.)
    • Inode number.
    • Access permissions / ownership.


  • Contents:
    • Hash.
    • Byte-by-byte comparison.





Ways to do the backup

+/-

Note that a "sync" feature (as in Google Drive, Dropbox, Sync.com) is not a backup. If something is deleted or corrupted on one end of it, that thing will be deleted or corrupted on the other end too. Usually. And if one system gets a bad date/time setting, the "sync" may copy old files over new files. Be careful.
David Murphy's "Why Did iCloud Delete All of My Photos?"

/r/techsupport's "backuptools wiki"



Test or spot-check your backups, even if you don't do a full restore. Just check that some files are readable, and the backup process didn't throw any errors.

Ask Leo's "How Do I Test Backups?"



From someone on reddit:
"Identified problem as bad blocks on SSD. Planned to replace the drive and restore from backup. Only to find that the backup hasn't been running for the last 4 months ... Macrium Reflect refuses to backup a drive with bad blocks!"



Backing up a smartphone: how ?





Do before starting to make a backup



Clean out any caches in app-profiles that you're going to back up (browser cache, email client cache).

Maybe clean out system temp files or cache files or crash dumps before doing a backup.
See "Clean up space on disk" section.

Dismount VeraCrypt or LUKS filesystems using container files you want to back up.

Close running apps that maybe be using files you want to back up: browser, email client, VeraCrypt, password manager, database server, text editor, IDE, RSS reader/downloader, torrent client.





Scheduled backups or not ?







Restore



Schrodingers Backup

Think about how you would restore to a complete new computer if necessary.

"Nobody cares if your backup works, only if the restore does."





Linux Software



Syncing your primary disk to a secondary disk, or syncing a primary disk to the cloud, is not the same as backing up that primary disk. With syncing, if you delete something from the primary or it gets corrupted, the problem will be copied to the other place, and you've lost data. Usually in a backup, the destination maintains multiple historical copies of each file, so a mistake/problem on your primary disk does not wipe out the previously-backed-up data.



Aaron Kili's "24 Outstanding Backup Utilities for Linux Systems in 2018"
Mehedi Hasan's "Best Backup Software For Linux Desktop"





Miscellaneous



If you're concerned about your backups functioning for 10, 20, 50 years

+/-
Don't focus so much on "what media to use ?". Focus on "when should I make a perfect copy from my current media to new media ?". Where "new media" could be same type as current media, or some new type as the current type nears EOL.

For example, if you have backups on floppy disks, you need to copy to new floppy disks as the old ones threaten to degrade, or copy to USB flash sticks as the market threatens to stop making floppy drives and floppy disks.

Then in 10 or 20 years, you'll be copying from your USB flash sticks to whatever the new medium is (DNA or something ?).



Howard Fosdick's "My open source disaster recovery strategy for the home office"



Uninterruptible Power Supply (UPS)




Apparently WhatsApp can have both local backup and Google Drive backup ? The local backup contains just messages, not images or video. Google Drive contains messages and images, but video is optional.



My "Computer Theft Recovery" page
My "Computer Security and Privacy" page