Spideroak is broken so I’m looking at alternatives. Turns out there aren’t many services that get security right, and none that I’d call good.
Spideroak has proper zero-knowledge encryption. Everything is protected, including metadata such as file sizes. Unfortunately the client software is broken and they can’t fix it.
Backblaze only has basic encryption as far as I can tell, metadata is unprotected. https://www.backblaze.com/backup-encryption.html
I emailed iDrive about their security and they confirmed that they don’t fully encrypt metadata.
IASO Backup seems to be dead, website is down.
Crashplan is unclear, looks like maybe they protect metadata but the client is extremely limited and at $10/computer/month it’s not great value.
Jungle Disk is vague about their crypto, looks like metadata is unprotected.
KeepVault looks pretty basic and is insanely expensive.
Tarsnap has good security with what looks like zero knowledge backups, but is very expensive ($250/month for 1TB).
I emailed Sync and they confirmed that file sizes are available on the server side, so not zero-knowledge.
pCloud does per-file crypto, so not zero-knowledge.
tresorit lies about being zero knowledge, their support staff admitted that they can see file sizes.
Carbonite‘s web site is vague, I assume they have crap security or they would be touting it.
Elephant Drive has only basic encryption.
MSP360 might be okay, I have contacted their support to confirm. $50 for a 1 computer licence isn’t cheap and then you use your own choice of storage provider. I asked if I can use Google Archive storage at $1.25/TB/month.
Boxcrypter claims zero knowledge but it’s a lie, they actually charge extra for filename encryption and even then all the other metadata is unencrypted.
Cloudberry does not encrypt metadata.
Iperius is not clear, I might give it a try. They say they ZIP everything up so you get the security of a ZIP archive… At least with modern versions it’s reasonable I suppose.
Duplicati – we finally have a winner! Proper zero knowledge encryption, it’s open source and it works with a variety of storage providers.