Hi everyone 👋
As far as I know, currently the most common recommendation for backups on the forum is to use two methods at the same time:
- Seedvault,
- backups of individual applications if they have their own custom mechanism for this.
A lot of applications that have their backup mechanisms do not offer encryption.
I wonder how you approach this in this situation? One of the ideas is simply to create a directory in shared memory for backups and store them there (later you can synchronize it with some external storage encrypting before sending). However, it seems to me that such a directory does not have such a strong sandbox and, for example, giving some applications access to all files (even accidentally) would immediately give access to data in unencrypted backups. Of course, with careful permissions management and using storage scopes, this can be mitigated, but still sandboxing is weaker than if these copies were not stored in such a location.
What's your approach to this? Do you have any proven recommendations? Maybe you solve this problem differently? Or setting up a directory in shared memory with careful permission magegement is safe enough for you?
I would be grateful for every input.