Backblaze B2 Was Leaking Metadata to Facebook

Ben Cox:

WTF? @backblaze’s B2 web UI seems to submit all of the names and sizes of my files in my B2 bucket to facebook. I noticed because I saw “waiting for” at the bottom while trying to download a backup…

Yev Pusin of Backblaze:

We use Google Tag Manager to help deploy key third-party code in a streamlined fashion. The Google Tag Manager implementation includes a Facebook trigger. On March 8, 2021 at 8:39 p.m. Pacific time, a new Facebook campaign was created that started firing a Facebook advertising pixel, intended to only run on marketing web pages. However, it was inadvertently configured to run on signed-in pages. […]

We promptly investigated the matter and, once we were able to identify, verify, and replicate the issue, we removed the offending code from the signed-in pages on March 21, 2021 at 11:19 p.m. Pacific time.

Via Michael Tsai:

There is a long history of engineering problems. Just one example: it seems to still be the case that the Backblaze client reports files as successfully backed up as many as eight hours before they are actually committed to the server. If something happens to your Mac in the interim, you won’t be able to restore them.

I am a keen Backblaze user, but I am frustrated by its limitations and quality problems like these. I still do not fully understand why Apple does not offer a sort of Time Machine in the Cloud product — but, given last year’s report on abandoned plans to allow for end-to-end encryption for iCloud backups, perhaps that is for the best.