Cloud sync is not backup, and what to do instead

It is easy to believe you have a backup, because you have files “in the cloud”. The files are in the cloud. The cloud is genuinely doing a useful thing for you. But if you delete a file, cloud sync deletes the file. If ransomware encrypts a file, cloud sync syncs the encrypted version. “Syncing your documents to the cloud” is a different operation from “backing up your documents”, and confusing the two is one of the single most common ways people lose data.

What sync actually does

A sync service watches a folder on your device. When a file changes, it propagates the change to other copies — usually a cloud copy, and potentially other devices sharing the same folder.

This is extremely useful. It means the document you saved on your laptop is on your phone too; that a colleague you shared a folder with sees your edits within seconds; that if your laptop falls in a lake, most of your documents are waiting for you on a new one.

But the design goal of sync is keep all copies identical. That is the exact opposite of the design goal of backup, which is keep a history of past states even if the live copy has been altered. When the live copy is corrupted, encrypted, or deleted — intentionally or otherwise — a good sync service faithfully propagates that change to every other copy. That is the feature working correctly; it is not a bug.

The specific ways sync fails as a backup

• Accidental deletion. You delete a folder, meaning only to clean up your desktop; the deletion syncs everywhere.
• Ransomware. A ransomware strain encrypts every file in your sync folder; the sync service diligently uploads the encrypted versions, overwriting the clean ones.
• Credential theft. An attacker signs into your sync account from somewhere else and deletes, modifies, or downloads your files.
• Software bugs in sync clients. Once in a rare while, a bug in a sync client propagates unintended changes. It has happened to every major provider at some point in the last decade.
• Two-device disagreement. Your phone and your laptop each think they have the “right” version; a conflict resolution replaces one with the other, silently.
• Sync pause you forgot about. You paused sync for a week while traveling; during that week, the cloud copy and the local copy diverged; when sync resumed, one side “won”.

What the major providers offer as consolation

Every large sync provider does offer some protection beyond pure sync. These are real, useful, and not sufficient:

• Trash / recycle bin. Deleted files can be recovered from trash for a window — typically 30 days on Dropbox, Google Drive, and OneDrive. After that, the file is really gone.
• Version history. Modified files can often be rolled back to previous versions for a bounded time — again, typically 30 days on free tiers, longer on paid plans.
• “Restore all” tools. Dropbox has a “Dropbox Rewind” feature; OneDrive has “Restore your OneDrive”; Google Drive has account-wide restores that require a support ticket. These help with mass events like ransomware if you notice quickly enough.

The fatal flaw: all of these features have a time limit. If you notice in a week, they help. If you notice in a year — because a cherished photo turns out to have been quietly deleted twelve months ago by something you don’t remember — they do not help at all. There is no “restore files I deleted fourteen months ago” button, because that is simply not a sync-service feature.

What a real backup adds

A backup, distinct from sync, has three qualities:

1. A separate namespace. The backup lives in a place that is not “just another copy of your sync folder”. Deleting a file from your desktop should not delete it from the backup.
2. History. The backup remembers past versions of files, for a usefully long time (months to years, not days).
3. Resilience to credential theft. An attacker who compromises your laptop’s credentials should not be able to destroy your backup. This is where immutability and append-only storage come in, and why two-factor authentication on the backup account matters as much as on your email.

You get this by using software specifically designed to back up, not by using a sync service harder. Common options:

• Backblaze Computer Backup — continuous, encrypted, with a retention that can be extended to a year. Simple; set and forget.
• Arq or Duplicati — pointed at your own S3, Backblaze B2, or similar object storage. Flexible; can use immutable buckets.
• Apple Time Machine — local backup to an external drive. Not off-site, but very good history; pair with a cloud backup for the off-site leg of 3-2-1.
• Windows File History — the Windows equivalent, with the same caveats.

The 3-2-1 backup rule article explains the layered approach in detail.

A practical configuration

The most common “enough” setup for a solo operator or a household:

1. Sync service (iCloud, Google Drive, OneDrive, Dropbox) for convenience, cross-device availability, and short-term recovery via trash and version history.
2. Backup service (Backblaze or Arq to cloud object storage) running continuously in the background, encrypting before upload, with retention set to at least 12 months and a password that lives in your password manager and a printed backup somewhere physically safe.
3. Local backup (Time Machine or File History) to an external drive, for fast local restores.
4. A quarterly reminder to restore one random file from backup. Thirty seconds. This is the single highest-value security practice you can adopt.

Your sync service keeps you productive. Your backup saves you when the sync service faithfully destroys something. They are not substitutes; they are complements.