Online Backup Comparison: IDrive vs Backblaze vs Encrypting It Yourself

"Backup" and "Private" Are Not the Same Word

IDrive and Backblaze both encrypt your data in transit and at rest, and both can still read it. Unless you take an extra, easy-to-miss step, the vendor holds the decryption key, meaning:

  • Employees can technically access your files
  • A US legal order (both companies are US-based) can compel readable access, not just encrypted blobs
  • A data breach at the vendor exposes real files, not gibberish

Both vendors offer a real fix for this. Almost nobody uses it, because it only works if you turn it on the day you sign up.

Two Ways to Actually Get Private Backup

  1. The vendor's built-in private key: IDrive and Backblaze each let you set a personal encryption key at signup that locks them out of your data. Simple, but irreversible after the fact and it kills file sharing.
  2. Encrypt it yourself first: Use an open-source tool (restic, Kopia, Duplicati) to encrypt your data client-side, then store the resulting encrypted blobs on cheap S3-compatible storage (IDrive e2, Backblaze B2). You control and can audit the encryption. No signup-day decision to remember or regret.

Both approaches genuinely work. The DIY approach is more setup but doesn't depend on trusting a closed-source implementation, and it doesn't lock you out of anything later.

Quick Comparison Table

Option Starting Price Zero-Knowledge Best for
IDrive Personal $69.65/yr (5TB, 1st yr) Opt-in at signup only Cheap versioned backup
Backblaze Personal ~$9/mo (1 computer, unlimited) Opt-in at signup only Set-and-forget single computer
IDrive e2 (raw storage) ~$5/TB/month Only if you encrypt first DIY backup target, no egress fees
Backblaze B2 (raw storage) ~$6/TB/month Only if you encrypt first DIY backup target, restic-native docs
DIY: restic/Kopia + e2 or B2 Storage cost only Yes, always Anyone who wants real privacy without a signup-day gamble

Detailed Breakdown

IDrive: Cheapest Per Terabyte

Why Consider It: IDrive undercuts most competitors on price per terabyte, includes ransomware-resistant point-in-time Snapshots, and backs up multiple devices on one plan. The private key option, when used, is a real zero-knowledge mechanism.

The Catch

  • Private key must be set during initial signup. There's no menu to turn it on later.
  • US company (Calabasas, California), subject to US legal process
  • An unpatched 2026 privilege-escalation vulnerability (CVE-2026-1995) affects the Windows client as of this writing

Full review with the private-key walkthrough: our IDrive review.

Try IDrive →

Backblaze: Simplest Single-Computer Backup

Why Consider It: Flat unlimited-storage pricing per computer, a long track record in the consumer backup space, and the identical Personal Encryption Key option as IDrive for zero-knowledge encryption.

The Catch

  • Same signup-day-only limitation on the encryption key as IDrive
  • If you enable the key, restoring through Backblaze's website is impossible; you must use the desktop app and re-enter the key, since sending it to Backblaze's servers for a web restore would defeat the purpose
  • Also a US company, same jurisdiction exposure as IDrive
  • One computer per plan, unlike IDrive's multi-device plans

We don't have an affiliate relationship with Backblaze; this is an independent comparison, not a promotion.

DIY: Encrypt First, Then Store Cheaply

Why Consider It: This is the option we'd actually point a high-threat reader toward. Instead of trusting IDrive's or Backblaze's private-key implementation, you encrypt your data yourself with an open-source tool before it ever leaves your machine, then store the resulting encrypted blobs on whichever raw object storage is cheapest.

How It Works

  1. Install restic, Kopia, or Duplicati (all free, open source, all encrypt client-side by default)
  2. Point it at an S3-compatible bucket: IDrive e2 or Backblaze B2 both work, both publish direct integration guides for these tools
  3. The tool encrypts everything locally before upload. The storage provider only ever sees ciphertext, whether or not they'd even offer a "private key" option of their own
  4. Back up your restic/Kopia repository password itself somewhere separate from the backup (a password manager, not the same cloud account)

Why This Beats the Vendor's Own Private Key

  • No irreversible signup-day decision. You can start this on an account you've had for years.
  • The encryption tool is open source and independently auditable, unlike IDrive's or Backblaze's closed client apps.
  • You're not locked out of file sharing on your regular account, since the raw storage bucket is separate from anything else you use that provider for.

The Real Tradeoff

More setup than clicking "sign up." You're running a command-line tool (or Kopia's simple GUI) instead of a polished consumer app. Worth it if your threat model includes "I don't want to trust a vendor's encryption," not worth it if you just want easy off-site backup and IDrive's or Backblaze's own private key is enough for you.

Try IDrive e2 →

What About Google Drive, OneDrive, or iCloud as "Backup"?

Sync Is Not Backup

Google Drive, OneDrive, and iCloud sync files across devices, they don't version or protect against ransomware the way IDrive Snapshots or Backblaze's 30-day version history do. Delete a file (or have ransomware encrypt it) and that change syncs everywhere, including your "backup." They also default to the same vendor-holds-the-key model as IDrive and Backblaze, with even less of a path to zero-knowledge encryption. See our Encrypted Cloud Storage Comparison for the sync-focused alternatives (Proton Drive, Sync.com, Cryptomator) if what you actually need is active file access, not disaster-recovery backup.

Use Case Recommendations

Cheapest Backup, Comfortable With the Tradeoff

IDrive with the private key set at signup. Cheapest per terabyte, real zero-knowledge if you don't skip the setup step.

Simplest Setup, One Computer

Backblaze Personal, same encryption caveat as IDrive. Flat pricing, no storage math.

High-Threat Model, Technical Comfort

restic or Kopia encrypting client-side, storing on IDrive e2 or Backblaze B2. No vendor encryption to trust, no irreversible signup decision.

Active File Access, Not Just Backup

Proton Drive or Sync.com instead. Zero-knowledge by default, built for daily use and sharing, not disaster recovery.

The Bottom Line

Summary

Cheap backup is a good deal. Private backup takes one extra decision.

  • Cheapest: IDrive, with the private key set at signup, not after
  • Simplest: Backblaze, same encryption caveat
  • Most private: Encrypt it yourself with restic or Kopia before it touches any cloud, then use whichever raw storage (IDrive e2 or Backblaze B2) is cheapest that month

Neither IDrive nor Backblaze is lying about their encryption. They're just not making the private option the default, and once you've skipped it, there's no undo button. Decide before you sign up, or skip the decision entirely and encrypt it yourself.

Related Guides

References

  1. IDrive Security and Private Key Documentation
  2. Backblaze Encryption Documentation
  3. CERT/CC: CVE-2026-1995 IDrive for Windows Privilege Escalation
  4. IDrive e2 + restic Integration Guide
  5. restic Official Site