Kinda like emails where you send them but cannot delete them, it is up to the receiver to decide what to do with them. Backups like that would be safe if a hacker subsequently takes over your system and wipes its drives or attempts to store malware in all your old backups but they cannot. Then you'd ask the email receiver for a copy of your data before the disaster.

How can such a thing be done with an external USB drive?

Look into your encryption options. That's your read.

Alternatively, mega.nz does encrypted cloud storage. It's owned by Kim Dot Com,who you may have heard of in the days of Megaupload. Anyhow, he doesn't keep your decryption key, so if you lose it, tough. Your data is also lost.

I don't understand what the OP is getting at. Not unusual for this OP.

As for mega, last I looked Kim was (way) on the outer - dishing the site in fact.

1 members found this post helpful.

SpiderOak.

The OP's concepts of email seems a bit askew.
Plenty of self-destruct email services about.

Can't a malicious hacker discover the encryption key, open all backups in the cloud and put their malware in all backups so any restore will not get rid of his malware no matter what version you restore to? Or I memorise 50 passphrases, one for each backup version in the cloud. Not practical.

Does such a thing as "write once but cannot read immediately" exist with an external USB drive? Like when you drop a coin into a piggy bank and cannot get the coin back without breaking the piggy?



Hacker can then put mangled coins in the piggy bank but cannot change the good coins you put in it yourself before you got hacked.

If you run your backups as an unprivileged user, you can create a root cron job that goes through and moves the backup to a secure location, removes all permissions from the files/dirs, etc., so your user can no longer access it. If you're afraid the hacker might have root access on the machine on which the backups are stored, there's not much you can do beyond using an external drive that you physically unplug from the machine when your backups are finished.

Actually, no.
With mega.nz (I only mention them on merit, no connection), and they bellyache if you don't make the password/encryption key extremely long. Hackers won't guess that unless you give it to them. I don't think I'm compromising my security to say I ended up with a line from an obscure and forgettable song. If you write it down neatly labelled where a hacker can find it, you're a fool. Then your cloud drive is decrypted for you to see like google drive. I believe transfers of files come encrypted and you decrypt them, making network transfers slow but secure. Read more on their site.

If you want to encrypt encrypted stuff and that sort of thing, I back out. Where I live only highly illegal stuff is worth that bother. About the only thing that illegal here is child pornography. Of course in other areas (e.g. North Korea, China) restrictions limit normal activities (e.g. religion) and you would need to consult locally. My friend in China pays for a VPN to access his religious stuff, and doesn't hoard backups, but that solution doesn't work everywhere, or everywhere in China. It would strike me as the course of wisdom not to keep backups of backups, gigabytes of data you cannot afford to let anyone see.

There are also keyloggers that can steal the passphrase when you type it.

When a folder owned by root has the read flag set to Off for root but On for the group and the write flag for the group is On, can root still read what a user of this group adds to the folder?

Does such a thing as a hidden folder exist, that you must know its name to access it? Much like hidden wifi access points?

root can do whatever it wants, whenever it wants. File permissions are no more than a polite suggestion for root. The only thing it can't access is an encrypted volume (unless it has the passphrase), but despite not being able to read it, it can still wipe it out.

See my earlier post:
Note that "physically unplug" is from the perspective of the OS. If that OS is on a virtual machine, then "physically unplug" could mean using your virtualization software on the host to remove access to a drive or shared folder from the guest.