I’m using Backblaze and seem to remember that they offer object block with S3. Would have to look it up to make sure, though.
1 Like
Suggest you ask the vendors of these services. Those that respond might be a sign of good service.
(I like and use BackBlaze but have not researched the issues you are thinking about).
Edit: for you I did a Google search “backblaze ransomware” and found Ransomware Protection With Object Lock and Instant Recovery. A starter for your research.
1 Like
Thanks guys!
Before trying Arq Premium I also thought about using Backblaze. But (some time ago) I’ve read here on the forum that Backblaze doesn’t back up meta data. Checked it to make sure that this info is (still) valide, and it turned out it is.
Most of my databases contain indexed files, and I can’t tell now in which way other apps might alter the records in the future. It might be that I’ll be using some other app (than DEVONthink) to flow thru a bunch of PDFs and tagging or commenting them. An online backup service that doesn’t preserve macOS meta data is a no go for me.
1 Like
Probably time for you to discuss with macOS experts and the backup service vendors as this outside scope of DEVONthink. I rely on creating DEVONthink Archive (zip) files which get backed-up to multiple places in my backup regime, including Backblaze (for offsite purposes).
I don’t think I need to contact macOS experts. We’re just not using DEVONthink in the same way (that is: mostly imported records vs. mostly indexed records).
Anyway, I’d still like to know the experiences from other users. Arq or some other online backup system 
That’s right. I didn’t think about it because I do not use them (or at least not to a degree that I’d worry about them). In fact, BB does not backup extended attributes. Probably, because they’re not available on all filesystems, so it would require too much work to consider them.
1 Like
@chrk I’ve read your posts about Arq and it seems you’ve switched your online storage provider quite often. Why did you do this and what provider would you recommend?
Yes, I did.
I was using the Arq standalone license for a while, but switched to Arq Premium because with the license you would have to pay a yearly fee to keep Arq up to date (basically a subscription).
Arq Premium as a subscription is a great deal and cheaper than the license (+ extra paid storage) because it already comes with 1TB of storage.
Google Cloud is the backend Arq Premium uses, so that’s how that started. I use their Iowa datacenter because it’s the least likely to be affected by natural disasters.
This would probably be enough overall, but I like having 2 locations for cloud data, just like I have 2 local backups (2 apps [Time Machine, Carbon Copy Cloner], on 2 different disks).
The providers I was using in the past, Backblaze B2 and Wasabi, both had some downsides.
B2 got really slow after a while. I don’t know why, support couldn’t help. Backblaze as a company has also attracted quite some negative attention in recent times that made it easy to switch.
Wasabi was nice and fast, but I didn’t like their 3 month minimum storage duration and 1TB minimum requirements.
This brought me to Storj, which is a nice addition to the centralized Google Cloud server in the US. Their decentralized approach is interesting and it has been working nicely. Upload speeds are great too (much better than B2 and similar to Google Cloud). Pricing is better than any other service, which made it easier to justify using 2 providers.
I can recommend Google Cloud (seamless integration with Arq Premium, great speeds, many server locations to choose from), Wasabi (if you don’t mind their requirements, but want object lock, and good speeds), and Storj (because of their great pricing, speeds, and innovative approach – natural disasters wouldn’t be an issue).
1 Like
I use Bitdefender. But I also keep a Time Machine daily backup off-line. And I have an iPhone 6s which synchronizes our data normally like all our other Apple devices. But it is off-line except during a sync. It has 256 GB and that is enough for our (important) data.
1 Like
Some thoughts about the whole ransomware issue.
When I was using Wasabi and B2, I had object lock enabled. This just means that Arq can not be used to delete the provider data from within the app.
If you had malware on your Mac and someone had remote access to your stuff, they would need to launch Arq and delete your backups from within the app. This is the scenario that immutable backups with Arq (and Wasabi or B2) protect against.
At this point however, if someone has remote access, an immutable backup record might not be enough. They could just delete your accounts (instead of the data from within Arq) from keylogging your logins or accessing any installed password manager. You can delete the whole Wasabi or Backblaze B2 account, even with immutable backup records still in there. I tried when I stopped using both services and was surprised that this worked easily. This made the whole point of immutable backups a bit less important to me because someone who has access to my Arq installation, would probably also have access to my login info.
A more limited ransomware attack (without complete remote control) probably won’t affect backups from within Arq, unless targeted specifically to the app. Still, one thing to protect against this scenario could be setting an app password as mentioned in Arq’s help.
To protect against malware in general, I can recommend the tools from Objective-See, made by a former NSA and NASA employee. I wouldn’t bother with traditional anti-virus apps, even with good heuristics, they’ll always be one step behind. Objective-See has an anti-ransomware tool, but I only use KnockKnock (for weekly diagnostics) and BlockBlock, which is a persistence monitoring tool that alerts you of anything that tries to install itself, with the option of blocking the installation. I can also recommend LuLu, their firewall app.
2 Likes
Thank you very much! You’re right, using object lock doesn’t make that much sense if it doesn’t really protect.
Although Arq Premium would be the easiest solution I will check the other providers you mentioned as I’m trying to avoid Google products. Thanks again!
1 Like
Watch out for iCloud 
1 Like
1 Like
No problem. Object lock still protects against deletions from within Arq, so can be nice to have. Protecting the service accounts themselves with 2FA might be the more important thing though.
I also try to minimize usage of their products, but since the data is locally encrypted in Arq, Google doesn’t see anything, it’s not like putting your stuff in Google Drive. There is a reason Arq chose them as the backend (they even switched from Wasabi, which they used with the earlier Arq Cloud offering). It’s very fast and reliable.
Storj makes for a nice complement to Arq Premium because of its decentralized nature. Given the novelty of the service however, I only feel confident using it because I also have a more traditional service in there with Google Cloud.
I’d recommend Arq Premium (Google Cloud) if you only want to use 1 service, it’s very solid. You can always add more service providers / storage locations in Arq Premium, you’re not limited.
1 Like
Thanks for all that. Regular backups to WORM media stored in a secret cave inhabited by a vicious loving bear is the way to go.
3 Likes
I concur, this is the way
1 Like
If somebody, somewhere, doesn’t call their next book, record, rock band, song, or movie “Vicious Loving Bear” then I don’t know what the internet was invented for.
6 Likes
Any service that allows a remote drive to appear as a “destination” in Finder would be potentially vulnerable to a ransomware attack. Effectively, the service is trusting your local authentication to protect the remote drive: any application that can be launched from your user account potentially has access to it.
2 Likes