Tarsnap

Why do people have to use unmodified Tarsnap client code?

In designing Tarsnap, I had to make trade-offs at several places between making the client as efficient as possible and making the server efficient enough that I can run it cheaply. There are places in the Tarsnap client code where it looks like "optimizations" could be made; but if people start making those changes then I'd need to detect this on the server and adjust the pricing formula so that those users pay extra to compensate for the increased load they're placing on the server... so it's much better just to say "don't do that".

That said, if you have a great idea for improving the Tarsnap client code, I want to hear from you. Ideas are great; patches are even better, of course. Send me an email.

Why do I reserve the right to provide information to law enforcement authorities?

Short answer: Because there are some situations where it would be reasonable, and I want to be able to apply my own judgement in determining when those situations are.

Long answer: International law is painful, particularly where things like search warrants are concerned. My (very limited) understanding of the law is that because I'm in Canada, if any non-Canadian police force wants to compel me to provide them with information, they need to talk to their Canadian counterparts and get a Canadian court to instruct me to hand over the information. This would probably take a lot of time and effort for people involved; and honestly, if someone is using Tarsnap to help them break the law (e.g., if they're creating backups of child pornography) I want to be able to help the police.

However, I'm serious about saying "at my sole discretion" — if a law enforcement agency wants information, they'd better have a good reason for asking for it... and I don't consider the NSA saying "we want to have all the information you have, just because we feel like it and someone somewhere might be a terrorist" to be a good reason. Also note that unlike the situation with certain illegal wiretaps, I can't give your data to anyone, because it's all encrypted such that I can't read it.

Why do I reserve the right to provide information about your account if I believe that doing so is in your interest?

Because in June 2004, Dan Langille's laptop was stolen and was seen on MSN, but Microsoft wouldn't tell Dan where the laptop was. If your laptop gets stolen and connects to the Tarsnap server to do an automatic backup, I don't want to be in the position of worrying about whether it's ok for me to tell someone who I think is you but might conceivably not be you what IP address your laptop connected from.

Why do I reserve the right to provide information about your account if it is necessary in order to keep Tarsnap running or to diagnose or fix problems with Tarsnap or another network?

This one is simple: Things break, and I want to be able to fix them. For example, if I get a phone call from a network administrator saying "hey, my network is falling over because lots of machines are sending huge volumes of data to your server", I want to be able to say "right, go talk to you@yourdomain.com, because he's the guy who set up fifty machines to do their backups at exactly the same time".

Why do people have to pay in advance to use Tarsnap? Why can't you just bill credit cards at the end of each month?

There are three major reasons for this:

1. Predictability. This way, you're not going to get surprised with a large bill at the end of the month, and I'm not going to get surprised by someone not paying their bill.
2. Simplicity. Keeping a list of credit card numbers (securely) and charging them at the end of each month is complicated; dealing with expired/cancelled credit cards, failed charges, etc. would just add to the headaches.
3. Economics. Many people using Tarsnap have less than 1 GB of data stored — that is, they're using less than $0.30/month of storage. Given that credit card processors typically take a fee of about $0.30 + 2.5% to charge credit cards, charging credit cards every month for such small amounts would be a horrible waste of money — whereas having someone deposit $5 which lasts them for the next 16 months works out quite reasonably.

Why are citizens and residents of Canada not allowed to use Tarsnap? What do you have against Canucks?

I don't have anything against Canadians — in fact, I am one. I do have something against sales tax. Dealing with federal and provincial sales taxes would not only mean dealing with extra paperwork; it would also mean figuring out whether the government considers me to be selling software (the Tarsnap client code), providing a service within Canada (since I'm resident here), or providing a service outside of Canada (since the Tarsnap service is provided via hardware in the US) — not to mention questions like whether Tarsnap is "data warehousing", "data processing", "telecommunications", or something else entirely. How Tarsnap is classified would determine if I'd have to charge sales tax, how much, and to whom — and I'm guessing that those answers are different between federal and provincial taxes, too. From what I've read about sales taxes I'm reasonably confident about one thing, however: I don't need to charge sales tax to non-Canadians.

So for the moment, I'm taking the path of least resistance: Don't allow Canadians to use Tarsnap, and spend my time writing code instead of trying to figure out how complicated sales tax laws, which were written by people who never imagined the internet or online services, apply to Tarsnap.

Why should anyone agree to terms and conditions which you can unilaterally change?

There are some things which I will almost certainly have to change in the future. One likely point of adjustment is paragraph 7 — I hope that I will be able to lower the price I charge people for using Tarsnap at some point — while another is in paragraph 10 — there will probably be a more streamlined process for closing an account and withdrawing unspent funds than "send me an email" at some point.

Given that you will always have 30 days notice before being bound by any change (I'm presuming that if I lower the price, nobody will insist that they want to be charged the higher rate, but for anything more serious than that I certainly plan on giving at least 30 days notice of any changes), I don't think this is a big deal.