Whole restore - About every 2x years.
Single file extract - About every 2x months.
Main use case is unpacking the *.tar.gz to get direct access to a config file to check against the current version - useful for debugging, and general version control.
I also sometimes uses the *.tar.gz to help configure a test pre-production install running on separate hardware (e.g. testing, Beta version, new ideas).
There are other uses - unpacking a backup is the only way to extract Mosquitto MQTT Add-On system_user.json “system” account credentials:
Whole backup restore has only been used for hardware upgrades.
Modern uSD cards are pretty reliable, and NVMe even more so.
I well understand the “plausible deniability” protection of a hosting provider from user content (“no access, no subpoenas”) for cloud backups (and UK Legislation) HOWEVER not being to unencrypt a local backup from my own hardware which was created using a standard FOSS library is a very red flag to me.
One major point of FOSS tools is “many eyes make all bugs shallow” (ESR Linus’ Law), but specifically for crypto, I’m going to quote Bruce “Schneier’s Law”:
Please fix initialisation vector entropy, fix file padding, and fix compatibility with standard crypto tooling. I’d prefer AES-256, but get low-end hardware will taker longer than AES-128.