Cloud Sync Task - Backblaze B2 - How Does It Work?

[João Dalvi]

Hey there, people. I have some doubts about Cloud Sync tasks that I cannot figure out, nor find on the docs or google.
I need to know how does the cloud sync tasks work. Does it use rsync or something like that? Does it have some kind of transport encryption, or is my data transfered unencrypted over the internet to backblaze servers?
And finally, is there a way to sync files to backblaze in such a way that they cannot read my files, in such a way that they leave my FreeNAS server encrypted?

 

[sretalla]

Judging only by the difference between the credentials screens, I suspect that Amazon S3 allows the possibility to have an encryption key that only you know, whereas B2 seems to know the key (the fact that you can see the file list on their site and can preview files before restore/download seems to indicate they must be able to see the content).

I can't find it in the guide anywhere, but I also assume that the traffic is encapsulated in HTTPS, so is encrypted over the wire and is likely to be some kind of rsync when you use the Sync or Copy options.

 

[danb35]

Does it use rsync or something like that?

Cloud Sync uses rclone.

Does it have some kind of transport encryption, or is my data transfered unencrypted over the internet to backblaze servers?

Like @sretalla, I'd assume that transport is over HTTPS, but I don't know any way of confirming that other than by checking the rclone source--though the rclone forums might be able to help.

And finally, is there a way to sync files to backblaze in such a way that they cannot read my files, in such a way that they leave my FreeNAS server encrypted?

rclone supports encryption, but it isn't currently implemented in FreeNAS--that's supposed to be due out in 11.2.

 

[João Dalvi]

Judging only by the difference between the credentials screens, I suspect that Amazon S3 allows the possibility to have an encryption key that only you know, whereas B2 seems to know the key (the fact that you can see the file list on their site and can preview files before restore/download seems to indicate they must be able to see the content).

I can't find it in the guide anywhere, but I also assume that the traffic is encapsulated in HTTPS, so is encrypted over the wire and is likely to be some kind of rsync when you use the Sync or Copy options.

Yes, I checked it. They really do know about your files. I can see alll the files on the bucket on b2 site. Guess I'll have to first create an encrypted tar or something like that, or use other means that not cloudsync to send my files to b2.

 

[João Dalvi]

Cloud Sync uses rclone.

Like @sretalla, I'd assume that transport is over HTTPS, but I don't know any way of confirming that other than by checking the rclone source--though the rclone forums might be able to help.

rclone supports encryption, but it isn't currently implemented in FreeNAS--that's supposed to be due out in 11.2.

Thank you. Gonna check out how does rclone work, and what options I have to accomplish b2 zero knowledge about my files. Just knowing it uses rclone is a good start to me. Thanks!

 

[millst]

Judging only by the difference between the credentials screens, I suspect that Amazon S3 allows the possibility to have an encryption key that only you know, whereas B2 seems to know the key (the fact that you can see the file list on their site and can preview files before restore/download seems to indicate they must be able to see the content).

I believe that the S3 encryption is server side and would assume that Amazon has just as much access to your data as Backblaze (if that's a concern).

-tm

 

[danb35]

If you don't want to wait for 11.2, you can certainly use encryption with rclone at the command line. But I wouldn't expect that to play nice with whatever ends up being built in to the GUI.

 

[João Dalvi]

I see. Didn't had time to read about rclone as I need to. Newborn baby at home, it takes us all our available time :|
But I will, eventually, or maybe 11.2 gets released first. Anyway, thank you guys for the help, it was really nice of you.
BTW, 11.2 will be released in the end of june, is that right?

 

[bodriye]

For backblaze I was doing a sync and running ntopng to watch the traffic, its transported over https.
But yeah all the files are there in the clear.