This has already been discussed a little in
This is my main concern too.
On one hand duplicati can access network shares Windows normally does not know about (like SFTP),
but on the other hand the credential can be read quite easily.
Is there a file system / permission sheme on Linus available to only allow read and append operations, but not deleting and changing existing data.
Maybe running a “second” duplicati instance on the backend to do things like compacting, smart retention, …
Just a thought.
I know, 100% security is not possible, but maybe we can achieve 99% 