Enlarge / Be careful with the buckets you put out there for anybody to fill. (credit: Getty Images)

If you're using Amazon Web Services and your S3 storage bucket can be reached from the open web, you'd do well not to pick a generic name for that space. Avoid "example," skip "change_me," don't even go with "foo" or "bar." Someone else with the same "change this later" thinking can cost you a MacBook's worth of cash.

Ask Maciej Pocwierz, who just happened to pick an S3 name that "one of the popular open-source tools" used for its default backup configuration. After setting up the bucket for a client project, he checked his billing page and found nearly 100 million unauthorized attempts to create new files on his bucket (PUT requests) within one day. The bill was over $1,300 and counting.

Nothing, nothing, nothing, nothing, nothing … nearly 100 million unauthorized requests. (credit: Maciej Pocwierz )

"All this actually happened just a few days after I ensured my client that the price for AWS services will be negligible, like $20 at most for the entire month," Pocwierz wrote over chat. "I explained the situation is very unusual but it definitely looked as if I didn't know what I'm doing."

Enlarge (credit: Dropbox)

Sometimes the honor system just doesn't work.

Up until yesterday, Dropbox offered an unlimited $24-per-user-per-month plan for businesses called Dropbox Advanced that came with an "as much as you need" storage cap. This was intended to free business users from needing to worry about quotas.

But as with unlimited cell phone data plans, the bad behavior of a small group of users is apparently ruining unlimited Dropbox storage for everybody. The company said in a blog post yesterday that it was retiring its unlimited storage policy specifically because people were buying Dropbox Advanced accounts "for purposes like crypto and Chia mining, unrelated individuals pooling storage for personal use cases, or even instances of reselling storage." Dropbox says that these users were using "thousands of times more storage than [their] genuine business customers."

• 

  We tested iDrive with its free Basic tier, which offers 10GB of storage. [credit: Jim Salter ]

If there's one rule of computing every system administrator preaches, it's to always back up important data. Unfortunately, even among sysadmins, this rule is often preached more than it is practiced—backups tend to be slow, cumbersome affairs that are ignored for years until they're (desperately) needed, by which time it's often too late to get them right.

Fortunately, backups don't need to be tedious—and there are plenty of relatively low-cost, consumer-friendly cloud services that make protecting your data easy. The five services we discuss in this article—Carbonite, Arq, iDrive, Spideroak One, and Backblaze—are cloud-based and inexpensive, and they operate seamlessly in the background.

What we’re looking for

For a backup service to work, it needs to be easy to install and use. Beyond ease of use, our preferred solution needs to be affordable and have a simple billing model. It also needs to operate reliably in the background, offer easy recovery, and provide archive depth—meaning you'll have backups to previous versions of your files in addition to the current saved copy.

Enlarge / Eufy's security arm has publicly addressed some of the most important claims about the company's local-focused systems, but those who bought into the "no clouds" claims may not be fully assured. (credit: Eufy)

Eufy, the Anker brand that positioned its security cameras as prioritizing "local storage" and "No clouds," has issued a statement in response to recent findings by security researchers and tech news sites. Eufy admits it could do better but also leaves some issues unaddressed.

In a thread titled "Re: Recent security claims against eufy Security," "eufy_official" writes to its "Security Cutomers and Partners." Eufy is "taking a new approach to home security," the company writes, designed to operate locally and "wherever possible" to avoid cloud servers. Video footage, facial recognition, and identity biometrics are managed on devices—"Not the cloud."

This reiteration comes after questions have been raised a few times in the past weeks about Eufy's cloud policies. A British security researcher found in late October that phone alerts sent from Eufy were stored on a cloud server, seemingly unencrypted , with face identification data included. Another firm at that time quickly summarized two years of findings on Eufy security , noting similar unencrypted file transfers.