Medium term cold storage options?
Increasingly I'm looking at my backup solution and I'm not totally happy. My "threat model" I guess is if the house burns down and we only make it out with the shirts on our backs. Alternatively if I get hit by a bus I'd like a backup of passwords and maybe some instructions for my wife.
Mostly irrelevant discussion on my current backup or lack of situation
Up until recently I had a VPS running syncthing as a central backup for all my devices but it kind of looks like that got randomly wiped or something... my plan up until that happened was that I have a computer in a locker at work that I occasionally fired up to sync my syncthing stuff. This has some issues, the big one being that it doesn't deal with bus factor.
My next plan (and the point of this topic) is to have some data stored offline in a safe deposit box at the bank or some other secure location and swap the data out at some interval like 6 months or 1 year. The stuff I REALLY care about is easily under 1gb and stuff I kind of care about (photos and that kind of thing) is < 1tb.
Also currently I'm paying for iCloud each month even though I've mostly left the mac-osphere. This is where my < 1tb of photos are. I intend to download all of that and stop paying for iCloud in the coming months.
TL;DR What are decent medium term cold storage options for < 1gb that I can be really sure will be good for several years (maybe 10 or 20 years at the extreme end) and is fairly cheap. I was thinking optical media but I'm kind of lost as to what specifically to get and how to not get conned by buying fake media (m discs). I (somewhat randomly) have an m disc drive in my computer but I don't know if thats overkill or not? My important stuff may even fit on a CD actually...
For many years, my offsite backup plan was literally a spare HDD in my safe deposit box at the bank.
I had 2 such HDDs. One was employed in active nightly backups at home, and every month or 2, I would take that HDD to the bank, swap 'em out, and put the other one into play for the nightly backups. That way, the HDD in the bank was never more than 2 months out of date.
Same, although for me it was a disk I rotated to and from a drawer at my office.
When I started working from home, I moved to a big disk in an eBay refreshed office workstation in a closet at my parents place that I use as a restic endpoint. Works great, although not cold storage per se and definitely has a WAF approaching zero.
In fact my break glass situation is a piece of paper with critical passwords written on it and stored in a filing cabinet in my house. Ain’t no script kiddies getting that.
How long is an HDD really good for?
Optical would be better, especially if you're only talking about ~1GB or so.
Still, quality HDDs are typically rated for ~5 years, and probably generally good for double that ... this is particularly true if you're not using them constantly, but just writing data on them and then putting them in long-term storage.
Life expectancy for this sort of thing is 5-10 years in my experience.
S3. 2.3 cents per gig per month. 20 years is $5.50 per gig. My safety deposit box is $60/year for comparison.
I should also mention that deep archive tier storage is way cheaper at $0.00099 per GB. You could store a terabyte for 20 years for $237.60.
Why S3 over Backblaze B2? With B2 the first 10GB is free, $7/TB/mo after that, free egress and API calls, and hot storage. Seems to be a much better offering for OP unless I'm missing something.
A terabyte for 20 years would be $1680 at that rate. Backblaze would be better for that first gig but not for all their photo content, unless they also have archival tier pricing.
It's been a while since I looked into AWS S3 / deep archive tier so my understanding might not be correct any more, but didn't the egress fees for deep archive use to be fairly steep if you needed quick access to the files?
Given mild_takes scenario could be something to also take into consideration as the potential fees incurred when retrieving them?
If you want expedited access it's $0.03/gig but probably nobody needs instant access to their photo archive. Pulling out a keepass and critical documents would still be super cheap.
If my house burns down and I don't have anything except a (hypothetical) brand new computer then how do I access that?
Edit: and bus factor.
I assume you remember your email password? That’s all you’d really need to get in.
I don't actually. I moved EVERYTHING to long random passwords. I don't want my email to get hacked because thats kind of the key to being able to reset a shit ton of passwords. Also it has 2fa now so if I don't have access to a 2nd factor (or maybe a backup code... I should set that up) then I'm screwed.
I know maybe 4 of my current passwords:
bank card pin
log in for my computer
phone pin
password for KeePassXC
password for work accounts but only because they make me put it in endlessly and also don't allow me to use a phone at work AT ALL... so I use a weak password I can remember
That’s probably overkill. You can easily have enough entropy to defeat brute force and still be memorable. But, I feel like remembering a password isn’t such a giant obstacle, is it? Probably less difficulty than dealing with losing your safety deposit box key and identification in the hypothetical house fire.
Having a password manager that isn't exclusively tied to a physical device would allow you to have the same password behavior without reusing passwords to improve memorization (which is the biggest risk for most people not using a password manager, not the ability to brute force any particular password). I similarly only have a few passwords memorized, but my password manager contains everything else, including my 2fa backup codes, so I'd be able to get back into other accounts in case of an emergency because I can access that. But I use a password manager that stores my things in the cloud, which I assume OP doesn't want to do because that's the main reason people use KeePassXC.
But changing their password behavior isn't necessary, they just need to ensure they can access their KeePassXC database after a disaster like this. KeePassXC's documentation says you can safely store the encrypted database file in the cloud and recommends regular backups, but if that's too online, I believe copying it to a flash drive and sticking it in a safety deposit box somewhere would work (although it would be somewhat more annoying to update your backup that way). This would probably fill the "backup of passwords and instructions for wife upon death" criteria, at least.
Fwiw I do this too but supposedly this is not best practice and the likes of bitwarden advise against it.
yeah I get why it's advised against, but I don't really have anywhere else to store such codes that isn't even more insecure. My bitwarden vault beats out the notes app on my phone, at least.
I use the same password for keepassxc and for my email because if my email is compromised they can reset half of my passwords anyway
This would be my recommendation as well. I got close to 400GB on Glacier and pay less than $0.20 per month. The only downside is that I couldn't find software that backed things up the way I wanted, so I ended up vibe coding a massive bash script to compress, encrypt and upload the data for me while doing integrity checks.
what is your plan for restoring data?
I'm looking at backup solutions too but I'm wondering what the process would be for getting my data back.
It seems like the easiest way is to just have unencrypted data in the cloud that I can just pull from whenever I need to retrieve it, from whatever device I have.
Obviously not super secure.
If you encrypt before you send it to the cloud, and then you lose your source system, then what?
Do you just keep the encryption / decryption scripts on multiple USB drives and use that to bootstrap a restore on a different system?
Borg backup. It's fantastic and I've proven it works perfectly after I had a drive failure.
All my satellite machines sync with a little home server running Linux. Borg backup running on that archives to a few hard drives that I rotate in and out. The backups are encrypted, deduplicated and are snapshots rather than overwritten backups. On a more beefy machine they could also be compressed but I don't feel like waiting a week for a backup to complete.
My backup is local but it could be over local network or to a cloud provider.
this is interesting too, thanks!
I did a quick search and I'm finding BorgBackup Docker containers and examples of how to use Borg with Glacier. Lots for me to think about.
I use 1Password as my password manager. There I have my AWS credentials as well as my keys for encrypting/decrypting (I'm using gpg), not that there's anything special about 1Password here, any password manager would do. In the event of a disaster, as long as I remember my master password, I can log into AWS, download all the data, decrypt it after importing my private key and then uncompress it.
The way I structured it is I have multiple sources with different back up frequency. For example, my Docker set up and config backs up more frequently than my pictures since the pictures also live on my phone which acts as a backup on its own. In addition, because I'm doing integrity checks in S3 when I upload files (A hash check) and only up to 5GB files are supported for those, I split the encrypted into 4GB chunks. My Docker backup comfortably fits in one file but my pictures don't, so for those there's an extra step where I split the archive before uploading or concatenate it after downloading.
I know it sounds pretty convoluted but the three main requirements that I had were:
As I mentioned, I explored multiple solutions but none did what I wanted. I had written something like this years ago by hand but it's pretty out of date, vibe coding would bring me the benefits of a bespoke solution without me having to dedicate too much time to it.
great information, it gives me ideas of what I want to do. Thanks!
When I was looking into this a few years ago, the consensus answer seemed to be that there's not a great option, but archival-quality optical media is probably the best one. (Flash doesn't have great longevity offline, and hard disks are something of a question mark—and the typical failure mode isn't "some degradation", it's "this complicated mechanical device has broken and does not work at all".) Consensus at the time seemed to be that archival-quality media was expensive out of proportion to the increase in quality, and there was a whole lot of discussion of (mostly non-actionable) concerns like the original manufacturer of a piece of media. My conclusion ended up being:
My schema is mostly to have encrypted backups stored online (in Backblaze B2, in my case), with encryption keys, a copy of my password vault, and a handful of other useful things on the backup disks. In the end, I've got a few dozen megabytes on my backup discs (on DVD media, because that's all that was available, lol).
For long-term storage, the answer is, oddly enough, to keep it online and monitored. Individual units of storage media are pretty fragile, but a NAS with a handful of drives and someone checking up on it regularly will keep data stored more-or-less indefinitely. (Online storage is much easier to accidentally delete stuff off of, of course, so it's not a panacea.)
Personally I have a hard drive in my desk at work with backups. Burnt to CDs was my fathers method and 12 years later about half of it is unrecoverable.
I'm literally just (re)setting my backup system and ended up with Arq Backup after trying their free tier for a month. Decided on their cloud version ($60/year) instead of the pay once version ($50), we'll see in a year if I'll keep the cloud version.
The Important Stuff (the things that are really irreplaceable) go to B2, my Hetzner Storage Box (free with my VPS) and Arq Cloud Storage. Most of that stuff is also in iCloud, so that should be enough. =)
The rest is cross-synced to all of my machines (laptop, desktop, NAS) with Syncthing via Tailscale
I've also got a few VPSs etc, that are backed up to B2 with restic, although most of the important stuff in them is in Ansible playbooks and Github (configs etc)
A few years ago I went through the "cold storage" options and decided they aren't worth it. Burning CDs and DVDs would require archival quality discs and they're hard to source in 2026. Similarly storing SSDs and HDDs offline is risky, they might just rot in storage. Thus -> just back up to multiple places online and hope that the world doesn't end in a massive global EMP.
Why tailscale? Syncthing works across the internet not just your LAN.
I have the same setup of syncthing + tailscale and the tailscale is there so I can give syncthing a magic url/IP address which can reach my NAS/desktop which live behind a potentially changing residential IP. Similarly if I'm out and about with my laptop and phone the two can sync even if I'm on some random network and therefore given some unknown IP address.
But syncthing has servers that point your devices at eachother. Your IP can change and your devices will link back up. No port forwarding, no setting IP addresses, no setup, it just works. Its kind of half the point of using syncthing.
I don't use Syncthing, but on the website it says this
That seems to indicate that it still port forwards, but through UPnP rather than through explicit port forwarding rules. There are other ways as well, looking at their docs, it links to a list of relays and if these are full relays, then they're transferring whatever data you're syncing in full (encrypted), and you can see on that list of relays the speeds at which some of them operate. It's not necessarily blazing fast, which is typical/common for relays. The other way around these options, which is what Tailscale and similar services do, is use a middle-man server to coordinate NAT hole punching in firewalls between different client devices to help them establish a direct connection.
So Tailscale likely still represents a better solution in some cases, because Tailscale can establish direct connections rather than being bottlenecked by whatever speeds a relay is capable of handling.
I'll admit that I didn't look super hard when I set it up since I knew I wanted tailscale to access other services running on the NAS, but you're right you can use the syncthing community run relays.
My laptop travels around with me, and I want it to be able to sync wherever it is. =)
Also I don't want to use the public routing infrastructure from Syncthing, each machine is connected directly via the Tailscale IP and all external access through any other interface is blocked.