Saturday, September 04, 2010

CrashPlan Fail - you still can't remove an account

Is it obvious how to delete your account and all data and services?
This rule is always important, but it's critically important for a Cloud backup service. Do you really want to forget or lose control of a complete backup of all your unencrypted data?

CrashPlan failed this test, and others, seven months ago. Back then, during a trial period, I had my backup data on their servers. Their FAQ then didn't describe how to delete it.

I was later told you could delete it by logging in to the CrashPlan account web site, then choosing CrashPlan Central -> Destinations>Online, then selecting "Remove Backup Destination". There was no way to remove an account however.

Today I checked. My account still remains, but now that the trial period ended I don't see an option to remove my data from their servers. Perhaps the data is gone, or maybe if I paid up I'd see it reappear. I wouldn't be surprised by either option.

There's still no way to remove an account from the web site. I also noticed that "My Profile" includes "Receive promotional emails from CrashPlan.com". Hell freezes over the day I opt-in to promotional emails, so that was a sneak play.

CrashPlan is on course to crash landing. When they go into receivership their creditors will own your data. Creditors who need to recover some of their losses.

Update: See comments from CrashPlan. They tell me the data is likely overwritten, and is not recoverable after the promotional period ends. They have no plans at this time for an account removal feature, that requires email (seems a risky practice). Maybe that will change. Comments underscored the importance of client-side encryption.

See also:

8 comments:

  1. Hi Gordon!

    If you DM me I can ask @CrashPlan to remove your account; it's no big deal at all.

    Me on twitter: @CrashPlanMatt

    Most folks simply deactivate their accounts, and never use 'em again. We can remove your user account as well with a quick email to support@crashplan.com.

    ~MattG

    ReplyDelete
  2. Hi Gordon,

    Data is removed in real time, when you stopped using central via the simple method describe via support. It's one click and confirmation.

    This is verifiable via web restore, client restore, etc. It's gone. I've always feared someone stealing a laptop and being mean - you know - erasing all backups after stealing it. Tricky stuff.

    For account, the only piece of data that's left behind that's even remotely interesting is your email address. You could change this to something non-sensical if you'd like as you leave.. "ihateonlinedata@thatdoesnotgoaway.com".

    If you think it's critical we offer a feature to nuke your email address as well - you could post it in our suggestions forum: https://crashplan.zendesk.com/forums/24327-feature-requests

    If memory services, I think you'd be the first, but maybe others will want it too/chime in and we can get a sense of how important this is to our community of users.

    I've always wondered about the promise some companies make when it comes to removing all data everywhere. Really? even in all the backups of your database? onsite and offsite? tape too? I seriously doubt it's truly gone in the physical sense. Quite a challenge.

    Your data is indeed wiped in real time - and given our usage patterns, would exceed any secure erase pattern out there.

    ReplyDelete
  3. These are good policies. I will add them as updates to my post. Have you put these into your FAQ or documentation?

    The services I use and like all offer an option to remove accounts. I don't know if they got customer requests, or if they decided there are some things they should do because they make sense -- knowing someday customers would figure out what's important.

    Your comment about the impossibility of removing all data everywhere underscores that backup services should support and recommend (strongly) encryption on the client side.

    ReplyDelete
  4. CrashPlan on 4/9/10 4:50 PM said, "If memory services, I think you'd be the first…" Well their memory doesn't serve them very well. I exchanged email with them in March trying to convince them I wanted all traces of my account deleted.

    I had uninstalled the buggy Mac version because it crashed twice doing trivial things. It doesn't appear to have been updated in the meantime as I just downloaded it and the date is from March 8th.

    I'm in total agreement with you, and it absolutely baffles me why cloud service providers don't understand how users may want to scrub all traces from their servers. I understand that their own backups may take awhile to be overwritten, but their database containing account info should be able to be purged by the customer at any time and not require an email to tech support.

    It's policies like CrashPlan's that result in fear of the cloud by the general population. Storing data in the cloud is all about trust and I don't trust a company that won't let me delete my account without the hassle of "negotiating" it with tech support.

    ReplyDelete
  5. Anonymous said:
    Storing data in the cloud is all about trust and I don't trust a company that won't let me delete my account without the hassle of "negotiating" it with tech support.

    I see it the same way. After some good reviews I was about to test crashplan but if there isn´t an option the delete my account (besides "ask for it and we may do it") then I definitely will not even test it. (Yes, you can call me paranoid).

    ReplyDelete
  6. looks like this this true still in 2013. I want to freakign delete my acc now. I am logged in online and there is nothing I can font to just DELETE FFS this is horrible! I will never trust a company like that!

    ReplyDelete
  7. What type of service requires to open ticket in order to remove the account?

    Crashplan sucks!
    I regret I used it.

    ReplyDelete
  8. Still true in 2018.... never use Crashplan.
    I fully regret the decision.

    ReplyDelete