We can compress files, and backup sets can be encrypted.
For compression, we use the LZW algorithm.
For encryption, we read a block from the file (100K at most) and then compress the block via LZW and encrypt the result with AES 256 CBC. We then send it to the service over SSL. The service stores this files in encrypted format. Upon receipt by a client, the client decrypts and decompresses the file.
We can also slice the files into ‘chunks’ (this is done by default, with chunk size set to 1MB). Each chunk has its own individual AES key. We store these keys in encrypted format in the storage service with one RSA 2048 master key per Backup Set (only the user password can open the master key).
Transactions between the client and server are always SSL encrypted, even when the Backup Set is not encrypted.