A better comparison would be to Cyphertite (https://www.cyphertite.com/), which is somewhere on par security-wise.

CrashPlan and co. are somehow secure, but still not really open about their crypto (and some of them use quite weird one).

But does crashplan does client side decryption? That is the one weak spot in my current backup provider - backblaze. They encrypt and protect your data and when you need to restore it is out in the wild.

They list it as a feature, but I'm not sure I'd trust it, given that their client is closed source.

Why not just run encfs or ecryptfs locally and then backup the encrypted regular files?

Or use duplicity. It even directly supports many cloud-services as backend, including Google Drive ($2 for 100GB, $10 for 1TB) Dropbox, Onedrive, etc. It encrypts, deduplicates, stores old versions, etc.

I'd love to use duplicity, but in the 3rd paragraph of their website is the sentence "Duplicity is still in Beta.".

I'd much rather trust my backups to tarsnap, which is not in beta. Furthermore, and perhaps even more importantly, tarsnap offers support which duplicity does not. When my hard drives decide to die, I really want someone who I can contact if there are any issues restoring from backups.

Check out Duplicati - same idea as duplicity, but in active development, main developer posts to his support group frequently, overall very solid

Since CrashPlan uses blowfish-448-cbc-sha1 (a weird choice) and may (I'm uncertain on this) have ability to push configuration changes from remote, I've considered that possibility, because of CrashPlan's "unlimited" offer.

Unfortunately, it's barely usable due to recovery issues. You can't mount CrashPlan as a filesystem (well, without ton of reverse engineering), so that's not an option unless you're satisfied with all-or-nothing recovery without possibility to pick and restore just certain files of interest.

A middle ground there that would work for restore of particular files is to use ecryptfs/encfs without encrypting filenames. I think ecryptfs at least knows how to do this. Then you can download the file with the proper name, but the contents are encrypted and decrypt them locally.

You could probably also hack up something to figure out locally what encrypted filename corresponds to what regular filename and go fish for the encrypted filename in CrashPlan. It will probably be clunky though.

You can absolutely "pick and restore just certain files of interest" when restoring with CrashPlan.

That's if you only rely on CrashPlan-provided encryption, which is certainly not a cream of the crop.

We were talking about eCryptfs/encFS-encrypted copy, where filenames are (usually) encrypted. That means navigating around names like `l00Dqf,A49VqDd8AveLMrbBE` or `qR,bmE-73cA2H6wOxZxlKSwD`.

how do u share a file encrypted using encfs with someone else?

Yes.

And if you don't want some govt to take down a single provider like what happened with Lavabit email vis-a-vis backup, go with a distribute (multi-provider) solution like Tahoe LAFS

https://leastauthority.com/

The proxy is run locally and all encryption happens locally, so it's end-to-end encrypted.