Tarsnap design principles

The design of Tarsnap was guided by the following four principles:

  • Security: Backups should be secure against attackers ranging from "script kiddies" up to major world governments, even if they can compromise the systems on which the backups are being stored. Backups are supposed to be a tool for mitigating damage — not a potential vulnerability to worry about!

  • Flexibility: Backups should be flexible and convenient. When you decide you want to create an archive, you should be able to store in it whatever files you want; if you decide that you want to delete an archive, you should be able to do it whenever you want, without impacting other archives; and there should be no arbitrary limits on how many archives you have stored, how often you can create new archives, or how long you can keep them for.

  • Efficiency: Backups should be efficient, using a minimal amount of storage and bandwidth. If you archive the same file twice, it should still only be uploaded and stored once; likewise, if you move, rename, copy, or make small changes to a file (e.g., adding a small amount of new data to the end of a log file or mail spool) you should never need to re-upload the entire file.

  • Utility: Backups should be provided as a utility, with linear (i.e., per-GB) pricing. Forcing people to figure out ahead of time how much data they want to back up so that they can sign up for the right "plan" is dumb, and having some customers subsidize other customers is inherently unfair.