It’s complicated
Become a Patron of Ask Leo! and go ad-free!
Transcript
(A pre-written script that I riffed from while recording the video.)
That some of our software comes from overseas is, I hope, not news. Globalization is strong in technology. However it is you’re watching or reading this, you can bet that components used in the software, computers, networks, and servers come from all over the world.
When it comes to tech borders are in many ways irrelevant; it’s one big planetary market.
With recent political events and the rise of geo-political tribalism, those borders have become a little less imaginary. In fact, depending on the border you’re talking about they’re on the top of many people’s minds.
Case in point: I’ve recommended the backup program EaseUS Todo for a long time.
One of the push-backs I get semi-regularly is that the company is based in China. While it’s not prominent on their website, the corporate information can be found.
CHENGDU Yiwo® Tech Development Co.
18F-K, Building 2
Huaxi Meilu, No.17
Section 3 of Renmin South Road
Chengdu, Sichuan, 610000
China
I received a comment recently:
My response is the same as it’s been for years: There’s been zero evidence of any wrongdoing. Zero. And I’m an evidence-based guy. If there’s eventual evidence of wrong doing, then I’ll drop my recommendation, but that’s true for any software I use, regardless of the source.
But I totally understand that even without evidence, more folks might be concerned in the light of heightened trade war issues.
Here’s the problem, though: there are few domestic alternatives. (To be fair, I’ve not evaluated every solution, so maybe there is. But that’s kinda not the point.) So much of the software we use originates in other countries, or has massive contributions from overseas sources.
A selection of backup and restore tools:
- Acronis: Singapore and Switzerland (though originally Russian in origin)
- Aomei Backupper: Hong Kong
- Ashampoo: Germany
- Hasleo backup: unknown(!).
- Macrium Reflect: UK
- Nero BackItUp: Germany
- Paragon: Germany
DriveImage XML: US (Hawaii), though it’s not the complete solution I generally look for and recommend.
Open source tools like CloneZilla, and others invite contributions from around the world.
It’s not just backup software. Kaspersky is a great example of security software that’s been explicitly banned — without evidence, that I’m aware of — because it comes from “the wrong country”, a country some have concerns over, while others apparently do not.
And it’s not just software. Consider all the hardware we rely on every day. Components come from all over the planet, including China.
It’s complicated.
Honestly I’m less concerned about espionage than I am about the practical impact of the trade war. I would not surprise me if, at some point, EaseUS and other products originating from China were banned (or tarriffed into oblivion) much like Kaspersky, not because of evidence of wrong doing, but simply by being a pawn in a larger geopolitical game.
The net result would be fewer and or more expensive options for us all.
I’d expect there to be evidence if there were actual espionage or data theft from tools like EaseUS Todo, especially after all this time. I’m comfortable using the tools until either there’s proof of malicious behavior, or until the geopolitical situation says I can’t have them any more.
If you feel differently, that’s fine. There are alternatives, but you’ll need to choose once again just who it is you do trust. I mean, you’re trusting someone, likely several someone’s all over the planet, every time you even turn on your computer and connect to the internet.
What’s your take? Are you avoiding China, and if so based on what? Principle?
I use EaseUS products and Macrium Reflect. I disagree with what you say about CloneZilla and other Open-source tools. They do invite contributions from all over the world, but any backdoors or phone-home behaviors would be obvious to security researchers.
I’ve avoided CloneZilla, not because of security issues, but because I want a program that does incremental backups.
I am reluctant to rely on “obvious to security researchers“. While theoretically any one can view any of the code, they’d need to actually do so — it’s unclear how many people are investing time performing code reviews of open source projects. Yes, they could, but do they?
And if they do, do they have the knowledge and expertise to know what they’re looking at and critique it appropriately?
Again, it’s all quite possible, and I love that. But am I willing to count on it? I’m not so sure.
As a European I have seen recently that the new US trade wars have led to the first backlashes against US companies. For instance turning away from US based cloud services and moving to European based ones.
It looks as if winding back globalisation could be around the corner, especially if the trade wars that the Trump administration niw has started will lead into a world wide recession, something not totally unlikely anymore.
Hard times are gonna come!
There are a few German companies that produce backup software, Paragon, Ashampoo, and Nero. I’ve played with Paragon Backup & Recovery and it’s pretty good and has a free version for home users. Leo did an article on Paragon Backup:
A brief overview of Paragon Backup and Recovery
Ashampoo, and Nero are reliable companies, but I’ve never tried their backup apps and they don’t offer free versions.
I think the point is Chinese government policy and control over Chinese companies is of particular concern, an issue that is not as relevant for EU based software, for example.
From all I’ve researched, there is no evidence China is forcing companies to install backdoors in exported software and hardware. I’ve read many articls on China requiring companies that supply encryption and other software to include a backdoor. If they are doing that, it’s not a stretch to assume China might require that in the future.
One you left out that’s based in Las Vegas:
https://www.terabyteunlimited.com/
I’ve been using their disk imaging program Image For Windows since 2005 and they’re still around. I’ve dealt with their technical support via email off and on over the years and they’ve always been prompt and helpful. Also used their boot manager program for a while starting back in 2005 and it was good, if a bit confusing in some configuration setup (I was able to setup triple-boot of DOS, Windows XP and OpenBSD from one hard drive). Their online Knowledge Base of articles and email support exceeds that of many other tech companies.
It might be a good alternative, but many people are looking for a free solution. EaseUS Todo and Paragon Backup and Recovery have free versions.
So does Macrium, or at least they used to. I think it is limited to straight backups, nothing incremental in the free version
Macrium Reflect no longer offers a free version. They offer a 30-day trial version that will stop working after a month.
There are third party download sites that offer that last free version.
Macrium Reflect FREE Edition 8.0.7783 – Major Geeks
If you do away with Chinese products in your life you’d be living in a cardboard box under the freeway.
Scratch that – you wouldn’t have the carboard box.
And maybe the steel in the freeway.
If you have to pay $3000 for a phone, you’ll soon be living under a bridge. Funny thin, there’s a guy in my city who lives under a bridge and I often see him typing away on his MacBook under the bridge. Maybe the MacBook set him back so much he couldn’t afford an apartment.
I never hear of anyone using Acronis True Image for total HD backups. Is there an opinion about its efficacy, ease of use and safety?
Leo used to recommend Acronis True image, but he changed his recommendation to Macrium Reflect and EaseUS Todo because of issues with Acronis which I believe have been rectified.
I have no issues with China as a people or nation. The Chinese people have a long and storied history. It was Chinese astronomers who accurately recorded the first supernova that resulted in what we now know as the Crab Nebula in great detail, and they made many other great discoveries. With that said, I do have issues with the Chinese government, which describes itself as a people’s democratic dictatorship. China can also be described as a unitary one-party socialist republic led by the Chinese Communist Party (CCP). This means that the Chinese people have no input into choosing who constitute their leadership. The CCP makes all those decisions, and the welfare of the population is not necessarily their top consideration.
Because the Chinese government is a dictatorship, I don’t trust it. And since the Chinese government has absolute control over all Chinese businesses, I don’t trust them. As an example, TicToc collects an inordinate amount of information about their users, much more than is required to provide a good user experience. While there’s no concrete evidence that they share the data they collect with their government, there’s no way to really know, and we can’t trust that they are telling the truth when they say they don’t share anything with the government because the government may be telling them to deny any data sharing.
I hold similar reservations about hardware developed in China, although I do hold out the hope that anything developed in China is well scrutinized to insure that it meets, and does not exceed the specifications it was developed under by the foreign companies that ordered it.
As for open source software, I don’t use Chinese-based distributions for the above reasons, but I have no issues with Chinese nationals contributing to open source software world wide because before a patch/addition is included into the source of a project, it is evaluated by the development team, thus reducing the possibility of some sort of a ‘back door’ or malware being introduced. If that’s a false hope, so be it :).
My2Cents,
Ernie
Isn’t it funny how Chinese and Russian people have been expected to trust software from the USA (think Microsoft and Mac OSX). As a European I can see the hypocrisy. It appears to us that the USA is heading towards dictatorship so maybe we should be careful what we use.