It’s complicated
Become a Patron of Ask Leo! and go ad-free!
Transcript
(A pre-written script that I riffed from while recording the video.)
That some of our software comes from overseas is, I hope, not news. Globalization is strong in technology. However it is you’re watching or reading this, you can bet that components used in the software, computers, networks, and servers come from all over the world.
When it comes to tech borders are in many ways irrelevant; it’s one big planetary market.
With recent political events and the rise of geo-political tribalism, those borders have become a little less imaginary. In fact, depending on the border you’re talking about they’re on the top of many people’s minds.
Case in point: I’ve recommended the backup program EaseUS Todo for a long time.
One of the push-backs I get semi-regularly is that the company is based in China. While it’s not prominent on their website, the corporate information can be found.
CHENGDU Yiwo® Tech Development Co.
18F-K, Building 2
Huaxi Meilu, No.17
Section 3 of Renmin South Road
Chengdu, Sichuan, 610000
China
I received a comment recently:
My response is the same as it’s been for years: There’s been zero evidence of any wrongdoing. Zero. And I’m an evidence-based guy. If there’s eventual evidence of wrong doing, then I’ll drop my recommendation, but that’s true for any software I use, regardless of the source.
But I totally understand that even without evidence, more folks might be concerned in the light of heightened trade war issues.
Here’s the problem, though: there are few domestic alternatives. (To be fair, I’ve not evaluated every solution, so maybe there is. But that’s kinda not the point.) So much of the software we use originates in other countries, or has massive contributions from overseas sources.
A selection of backup and restore tools:
- Acronis: Singapore and Switzerland (though originally Russian in origin)
- Aomei Backupper: Hong Kong
- Ashampoo: Germany
- Hasleo backup: unknown(!).
- Macrium Reflect: UK
- Nero BackItUp: Germany
- Paragon: Germany
DriveImage XML: US (Hawaii), though it’s not the complete solution I generally look for and recommend.
Open source tools like CloneZilla, and others invite contributions from around the world.
It’s not just backup software. Kaspersky is a great example of security software that’s been explicitly banned — without evidence, that I’m aware of — because it comes from “the wrong country”, a country some have concerns over, while others apparently do not.
And it’s not just software. Consider all the hardware we rely on every day. Components come from all over the planet, including China.
It’s complicated.
Honestly I’m less concerned about espionage than I am about the practical impact of the trade war. I would not surprise me if, at some point, EaseUS and other products originating from China were banned (or tarriffed into oblivion) much like Kaspersky, not because of evidence of wrong doing, but simply by being a pawn in a larger geopolitical game.
The net result would be fewer and or more expensive options for us all.
I’d expect there to be evidence if there were actual espionage or data theft from tools like EaseUS Todo, especially after all this time. I’m comfortable using the tools until either there’s proof of malicious behavior, or until the geopolitical situation says I can’t have them any more.
If you feel differently, that’s fine. There are alternatives, but you’ll need to choose once again just who it is you do trust. I mean, you’re trusting someone, likely several someone’s all over the planet, every time you even turn on your computer and connect to the internet.
What’s your take? Are you avoiding China, and if so based on what? Principle?
I use EaseUS products and Macrium Reflect. I disagree with what you say about CloneZilla and other Open-source tools. They do invite contributions from all over the world, but any backdoors or phone-home behaviors would be obvious to security researchers.
I’ve avoided CloneZilla, not because of security issues, but because I want a program that does incremental backups.
I am reluctant to rely on “obvious to security researchers“. While theoretically any one can view any of the code, they’d need to actually do so — it’s unclear how many people are investing time performing code reviews of open source projects. Yes, they could, but do they?
And if they do, do they have the knowledge and expertise to know what they’re looking at and critique it appropriately?
Again, it’s all quite possible, and I love that. But am I willing to count on it? I’m not so sure.
As a European I have seen recently that the new US trade wars have led to the first backlashes against US companies. For instance turning away from US based cloud services and moving to European based ones.
It looks as if winding back globalisation could be around the corner, especially if the trade wars that the Trump administration niw has started will lead into a world wide recession, something not totally unlikely anymore.
Hard times are gonna come!
There are a few German companies that produce backup software, Paragon, Ashampoo, and Nero. I’ve played with Paragon Backup & Recovery and it’s pretty good and has a free version for home users. Ashampoo, and Nero are reliable companies, but I’ve never tried their backup apps and they don’t offer free versions.
I think the point is Chinese government policy and control over Chinese companies is of particular concern, an issue that is not as relevant for EU based software, for example.
From all I’ve researched, there is no evidence China is forcing companies to install backdoors in exported software and hardware. I’ve read many articls on China requiring companies that supply encryption and other software to include a backdoor. If they are doing that, it’s not a stretch to assume China might require that in the future.
One you left out that’s based in Las Vegas:
https://www.terabyteunlimited.com/
I’ve been using their disk imaging program Image For Windows since 2005 and they’re still around. I’ve dealt with their technical support via email off and on over the years and they’ve always been prompt and helpful. Also used their boot manager program for a while starting back in 2005 and it was good, if a bit confusing in some configuration setup (I was able to setup triple-boot of DOS, Windows XP and OpenBSD from one hard drive). Their online Knowledge Base of articles and email support exceeds that of many other tech companies.
It might be a good alternative, but many people are looking for a free solution. EaseUS Todo and Paragon Backup and Recovery have free versions.