| ▲ | _flux 3 days ago | |
Doesn't this just move the bucket: which processes should the OS grant access to that API? In any case, if the purpose is to make a backup of the system, it seems the possibility to read all and every file as original as possible seems rather critical, in particular if we want to take advantage of e.g. content-based addressing -based deduplication in the backup application. And we in any case want to restore that backup to an empty computer, so there really are no places to hide the encryption keys in such a way that they cannot be read from the backup. | ||
| ▲ | charcircuit 2 days ago | parent [-] | |
You don't need to backup every file. It's a reasonable compromise to require users to login to their bank again when switching to a new computer. | ||