This is awful. This is absolutely a breaking change and, IMO, an unforced error by the HA team.
The no backups before updating addons thing has already screwed me over. I updated HA a few days ago. I didn’t pay close attention to the changes to backups. Today, I updated an add-on without thinking much of it. Didn’t notice the backup option was gone because I always just leave it checked. Well, the update broke the add-on for me. So I went looking for the (nonexistent) backup thinking I could just revert it, no big deal. Nope, no recent backup to be found! Sure, my fault for not paying attention, but I can’t possibly be the only one with this issue. I feel like this is a pretty predictable outcome actually. But what do I know, I’m just some guy who specialized in UX design and HCI.
Another bone I have to pick with this: what even is the point of encrypting these backups? What could possibly be in there that would be valuable to a hypothetical hacker, that they couldn’t otherwise get from the system which they have clearly compromised at that point. Besides, I’m not exactly storing my SSN and credit card numbers in home assistant. I can’t really think of anything in my use case that I would be worried about if my system was compromised other than some camera streams and door controls, but those have nothing to do with backups anyway. Regardless of whether the risk is real or imagined (which I believe it largely is), I should be allowed to live ‘dangerously’ if I so choose.
Really hope they listen to the community on this one.
Addon backup should be made exactly right before you update it. Why?
Let’s say i make regular backups, so i do have latest backup. But now i go and spend whole day programming and changing my HA. In the evening an addon update appears and i update it. Which breaks my whole HA. NOW WHAT? Should i go back to 4:45 backup and destroy MY WHOLE DAY’S WORK? I can’t just revert to previous addon version, since it’s not there anymore… what a mess…
But at least they now know about the sexual and religious orientation of the community since the survey. I found those questions very odd
Back to the main topic: Luckily, I have a Synology docker setup that backs up the entire docker environment to Synology C2 every night (though even that is technically an unsupported HA installation since there are other docker containers running alongside HA ).
I’ll miss the automatic backup before an Add-On update. That’s already saved my ass a few times in the past.
over the past few years, there have been (IMO) some questionable decisions, but this one has the biggest impact so far.
Ideally, the first step should have been to implement a feature that notifies users after an update if they have ancient backups and asks if they’d like to clean them up. That was actually the a manual task that has occasionally been necessary in the past.
Its typical in UX design questions when trying to profile the user base. Typical UX design folk will try to abstract the user base into a group of ‘typical users’ or personas that represent the most common ways the software is used. We may not consider it now but personal habits including very personal ones sometimes need to be considered when designing personal software. I’d suspect they will group the answers by whatever demographics fit the personas they come up with out of the survey
TL;DR. Didn’t find that part out of context. Just. Probably needs some additional explanation for people who do t live in the software industry for a living…
I too work in InfoSec.
Thank you to those with awesome relevant posts outlining practical experience from production environments.
The bottom line is that forcing encrypted backups on users is most certainly a disservice to the community and does not increase security in any practical way. Encryption keys will be improperly stored by all but the most savvy users. I GUARANTEE IT.
This just feels like a CYA move more than anything. I’m failing to see how this will provide any real value to the community. To be clear, my argument is NOT to negate the value of encrypted backups, but to challenge the decision to force it. Every environment is different and with the focus on providing customizability and uniqueness in HA, this move really has my head spinning.
Let’s not forget that at its core, security is about reducing the risk of unauthorized disclosure, modification, or denial of access to data. If this solution has the net impact of locking people out of their data down the road for the reasons touched on in this thread, these changes actually increase risk not reduce it.
Nothing is 100% secure.
Nothing is 100% risk free.
If it’s so secure that that no one can use it then it isn’t secure at all.
And what makes above claim even more true is the fact that encryption key is randomly-generated gibberish and not a word by our choice. If we could enter our own password then majority of users would enter phrase they remember, eliminating the need to be written down. But this way 90% of keys will be stored in the same folder as backups. As plain text file.
I did some testing when 2025.1 was still beta. Guess where my downloaded txt file with password is saved…
I dont think it’s a bad thing to generate a random string for the “key”. At this point I’m assuming it’s a pass phrase which isn’t the actual key. Less predictable passwords/phrases are a good thing but the user should absolutely have a choice. Something as intimate as user backup encryption should present options to the user for them decide how far they want to take it.
If there is a specific cloud hosting platform that has specific storage requirements, those storage requirements should be implemented at the point of integration for that specific product.
It feels really cheap to shoe horn the entire community into one way of doing things for a niche part of the platform’s offerings.