Open-source backup and restore, honestly reviewed. No marketing fluff, just what you get when you self-host it.

TL;DR

What it is: Open-source (ISC license) backup solution built on top of Kloset — a custom immutable data store that performs content-defined deduplication before encryption, meaning you don’t have to choose between storage efficiency and privacy [README].
Who it’s for: Engineers and infrastructure-aware founders who want encrypted, deduplicated, mountable snapshots across filesystems, S3, and cloud — without paying Acronis, Veeam, or Backblaze for the privilege [2][README].
Cost savings: Acronis True Image starts around $49.99/year per device; enterprise backup vendors charge per TB or per node at rates that scale uncomfortably fast. Plakar is ISC-licensed with no per-backup fees. Your cost is a VPS and disk [README].
Key strength: Solves a real architectural problem that most backup tools ignore — high-density deduplication on fully encrypted data, without ever exposing plaintext to the storage layer [README][website].
Key weakness: ~1,700 GitHub stars, minimal HN/Lobsters traction as of early 2026, still shipping beta releases with architectural rewrites in progress. You are adopting an early-stage tool [3][README].

What is Plakar

Plakar is a backup and restore platform built around a storage engine called Kloset. The project is maintained by PlakarKorp and originated in France. The homepage headline — “Backup Anything. Store Anywhere. Restore Everywhere.” — is actually an accurate description of what it does, which is rare for backup tool marketing.

The core idea that makes Plakar architecturally interesting is this: standard encrypted backup solutions have a deduplication problem. If you encrypt before chunking, the deduplication engine sees ciphertext, which looks like noise — dedup ratios collapse to near zero. If you deduplicate before encrypting, you leak structural metadata to the storage backend. Plakar’s Kloset engine solves this by performing content-defined chunking and deduplication at the client side before the encryption layer, then encrypting the deduplicated chunks. The storage backend sees only opaque encrypted blocks and never touches plaintext [README][website].

A French developer who analyzed the Kloset engine in depth compared this approach to restic, which uses Rabin Fingerprints for content-defined chunking. He noted that Kloset’s rolling hash implementation may offer more advanced deduplication than restic’s approach, though he acknowledged uncertainty about the precise algorithmic differences [3]. That kind of comparison — from someone who actually read the source — is more useful than marketing copy.

Beyond the storage engine, Plakar’s feature set includes FUSE-based snapshot mounting (browse without restoring), entropy analysis for ransomware detection, pluggable integration architecture, and a governance layer called Plakar Enterprise that aggregates backup metadata across an entire estate. The project claims to be building toward petabyte and exabyte scale, though at 1,700 GitHub stars it hasn’t been stress-tested in public the way restic and BorgBackup have [README][3].

Why People Choose It

The honest answer is: not many people have chosen it yet. The French developer who wrote one of the more substantive technical notes on Plakar in 2026 found almost no discussion of it on Hacker News or Lobsters — a few posts from 2021 and 2024 with zero comments [3]. AlternativeTo lists it with 5 likes as an alternative to Acronis True Image [2]. That’s the current footprint.

The people who do choose it seem to care about two things:

The encryption-deduplication math. If you’ve ever priced out encrypted backups at scale, you’ve hit the wall: either your dedup ratios are terrible because you encrypt first, or your storage backend gets structural metadata because you deduplicate first. Plakar’s pitch to this audience is that Kloset genuinely fixes this at the architecture level, not by papering over it [README][website]. The CTO quote on the Plakar website — “70% cost reduction through high-density efficiency, without ever handing over our encryption keys” — is the kind of claim that either lands with an infrastructure-focused reader or means nothing to them [website].

The license. ISC is about as permissive as open-source licenses get. You can use it commercially, embed it in products, modify it, redistribute it, without the friction of GPL or the commercial-use restrictions of AGPL [2][README]. For a team building a backup product on top of Plakar’s storage engine, this matters.

What it doesn’t offer is a large community, mature documentation, or the confidence that comes from something running in production at thousands of sites. That’s the honest trade.

Features

Based on the README and website as of early 2026:

Core backup engine:

Content-defined chunking with deduplication before encryption [README]
End-to-end encryption with audited cryptography — the team published a crypto audit report in February 2025 [README]
Multi-directory snapshots in a single operation (plakar backup /etc /home) [README]
Incremental backups — only changed chunks are transmitted after initial backup [README]
Immutable snapshots — once written, a snapshot cannot be modified [README]

Storage backends:

Local filesystem
S3-compatible object storage
SFTP
Integration architecture designed for third-party connectors written in any language [README][website]

Verification and recovery:

Native cryptographic integrity proofs — verify without full restoration [README][website]
FUSE-based snapshot mounting on Linux and macOS (completely rewritten in v1.1.0-beta, including FUSE-T support on macOS) [README]
HTTP serving of snapshot contents [README]
Browse terabytes via UI without restoring [website]
plakar repair command for detecting and fixing state inconsistencies, added in v1.0.6 [README]

Security:

Client-side encryption — storage backend never sees plaintext [README]
Entropy analysis to detect high-entropy anomalies consistent with ransomware activity before it spreads [website]
Zero-knowledge architecture for provider-delegated storage [website]

Performance (v1.1.0-beta.1 benchmarks, January 2026):

Restore operations: ~95% faster versus prior version (from ~60 minutes to ~3 minutes for 1M items) [README]
Backup: up to 33% faster [README]
RAM usage: -43% during backup, -66% during restore [README]
On-disk cache: -55% [README]

Enterprise / governance (Plakar Enterprise — separate product, pricing not public):

Aggregated view of backup posture across all agents and integrations [website]
Real-time protection status, blind spot identification [website]
Compliance and audit-ready reporting [website]
Pricing: contact sales / book a demo [website]

The gap between the community open-source edition and the Enterprise product is not fully documented publicly. Pricing data for the Enterprise tier is not available without a demo call.

Pricing: SaaS vs Self-Hosted Math

Plakar itself is ISC-licensed and costs nothing to run. You pay for infrastructure.

Typical self-hosted cost:

VPS for the backup agent: $5–10/month (Hetzner, Contabo, or your existing server)
Storage: varies. S3-compatible storage (Backblaze B2, Wasabi, or Hetzner Object Storage) runs $5–7/TB/month. A Hetzner storage box at 1TB is around €3.29/month.

What you’d be replacing:

Acronis True Image: from $49.99/year per device (5-device plans run ~$89.99/year). Advanced plans with cloud storage go to $299.99+/year [2].
Veeam: community edition is free but limited; commercial licensing starts in the hundreds per year and scales to thousands for enterprise deployments.
Backblaze Computer Backup: $9/month per computer, unlimited storage — but it’s personal use only and doesn’t cover servers.
R1Soft / Axcient / enterprise backup vendors: typically $10–50+/month per protected server, depending on plan.

For a non-technical founder or small team protecting a handful of servers, Plakar plus Backblaze B2 storage runs under $15/month with no per-device fees and no vendor lock-in. For 10TB of backups at Backblaze B2 rates (~$6/TB/month), you’re looking at roughly $60–70/month total — a number that many enterprise backup vendors charge per seat before you get to storage costs.

The honest caveat: Plakar’s Enterprise pricing is not public. If you need the governance layer for compliance or audit purposes, you need to contact their sales team and the math changes.

Deployment Reality Check

Plakar installs as a CLI tool on Linux and macOS. There is no Docker-first deployment model advertised — it’s closer to restic or BorgBackup in deployment style than to a web-app-in-a-container. The quickstart documentation is available on the website and covers initialization, first backup, and restore.

The v1.0.6 release (November 2025) fixed a critical state-synchronization bug that could cause snapshots to appear correct on the backup machine but be invisible or corrupt on other machines. The fix introduced a two-stage commit. The release notes explicitly recommended running plakar repair after upgrading — which is a sign that the project is being actively maintained and honest about bugs, but also a sign that v1.x has not been boring [README].

The v1.1.0-beta.1 architectural redesign (January 2026) replaced the background agent model with a lighter cached process and moved execution directly into the CLI. This is a significant change; if you’re evaluating Plakar for production use, the stable v1.0.x line is more conservative than the beta.

Things that can go sideways:

The v1.1.0 beta is still a beta. The v1.0.6 release had a state-sync bug serious enough to warrant a repair command. This is a project where running on the latest stable release and reading release notes before upgrading is advisable.
Third-party integrations (S3, SFTP) were affected by a memory leak in the go-kloset-sdk in v1.0.6 and required reinstallation. [README]
Community is small — the Discord exists, but if you hit an unusual error, you’re more likely to be reading source code than finding a Stack Overflow answer [3][README].
Documentation quality is improving but not at the depth of restic or BorgBackup, which have years of community-written guides.

Realistic estimate: Technical user deploying to an existing Linux server: 20–45 minutes for initial setup and first backup. Non-technical founder: this tool is not yet at the “follow a DigitalOcean tutorial” level of accessibility. You’ll want someone technical involved.

Pros and Cons

Pros

Solves the encryption-deduplication problem correctly. Not by compromising on either — by rearchitecting where chunking happens in the pipeline. This is a genuine technical contribution, not just another restic wrapper [README][3].
ISC license. Maximally permissive. Use it commercially, embed it, redistribute it — no phone calls to lawyers [2][README].
Audited cryptography. The crypto implementation has a published audit report (February 2025). For a backup tool where encryption is a primary selling point, this matters [README].
FUSE mounting without restore. Browse or test snapshots as a live filesystem without pulling down the full data. Useful for partial restores and integrity testing [README].
Entropy analysis for ransomware detection. Detects high-entropy anomaly patterns before they propagate to your backup store [website].
Significant performance improvements in recent releases. The v1.1.0-beta numbers (95% faster restore, 66% RAM reduction) are dramatic if they hold at production scale [README].
Vendor lock-free storage format. Data stored in open formats readable by open-source code [website].

Cons

Small and early. 1,700 GitHub stars. Almost no HN or Lobsters discussion as of 2026 [3]. The restic community is an order of magnitude larger with years of production deployments behind it.
Beta architectural rewrites in active progress. v1.1.0 is a significant rearchitecting. If you deploy on the beta track, expect instability. If you deploy on stable, you’re on v1.0.x which had a critical state-sync bug in v1.0.6 [README].
Enterprise pricing is opaque. If you need the governance and compliance layer, you’re in “book a demo” territory with no published pricing [website].
Limited public production track record. No major public case studies, no large-scale deployments described, no visible community of users reporting multi-year production experience.
CLI-first, no friendly web UI for community edition. The mountable snapshots can be browsed, but the core workflow is CLI. Non-technical team members will need tooling around it.
French documentation and community bias. The most substantive independent analysis found is from a French developer [3]. The English-language community is thin.

Who Should Use This / Who Shouldn’t

Use Plakar if:

You’re an engineer or infrastructure lead who has hit the encrypted-backup-storage-cost wall and wants a solution that doesn’t force you to choose between efficiency and privacy.
You want an ISC-licensed backup engine you can embed in your own product or use commercially without license friction.
You’re already comfortable with restic or BorgBackup and want to evaluate something more architecturally modern.
You have an encryption-first compliance requirement and can’t afford to let storage backends see plaintext.

Hold off on Plakar (or run it non-critically) if:

You need a backup solution for production data today and can’t afford the risk of a young project with known past state-sync bugs and active architectural rework.
You’re a non-technical founder who needs something that works with a tutorial and a DigitalOcean droplet. Use restic + restic-browser or BorgBackup + Vorta instead.
You need enterprise SLA, paid support, or compliance documentation that doesn’t require a demo call. Veeam or Proxmox Backup Server will serve you better.

Skip it entirely (use restic) if:

You want the largest open-source backup community, the most tutorials, and the most predictable maintenance history. Restic is battle-tested at scale in a way Plakar simply hasn’t been yet.

Alternatives Worth Considering

restic — the community standard for open-source encrypted backup. Golang, BSD license, very mature, huge community. Lacks Plakar’s pre-encryption deduplication architecture but has years of production trust behind it. Start here if you’re unsure.
BorgBackup — Python-based, also content-defined chunking, excellent compression, strong community. Linux-native; macOS works but is second-class. Vorta provides a desktop GUI [2].
Kopia — newer, Go-based, cloud-native backup tool. Has a web UI, S3/GCS/Azure support, and a GUI client. More polished UI than restic or Plakar; still growing its community. The French blogger who analyzed Plakar previously compared Kopia and restic [3].
Proxmox Backup Server — if you’re in a Proxmox environment, this is purpose-built. Freemium open-source, excellent dedup for VM snapshots [2].
Duplicacy — cross-platform, source-available, free for personal use. Supports lock-free deduplication across multiple clients sharing a storage backend [2].
Bacula — enterprise-grade, GPL, complex setup. The tool you call when you’re protecting petabytes and have a dedicated backup admin [2].
Acronis True Image — commercial. The thing many people are trying to escape when they discover self-hosted options [2].

For a non-technical founder evaluating Plakar against restic: restic is the safer choice today. Plakar is the more interesting architectural bet for 2027.

Bottom Line

Plakar is solving a real problem — encrypted backup at scale without the storage-cost penalty — and solving it at the architecture level rather than by hacking around it. The Kloset engine’s approach to pre-encryption deduplication is legitimately novel compared to how restic and BorgBackup work. The ISC license, the published crypto audit, and the entropy-based ransomware detection are real differentiators. But the project is early, the community is small, and the production track record thin. If you’re an engineer with a genuine encryption-at-scale problem and the patience to track beta releases, Plakar is worth serious evaluation. If you need backup infrastructure you can stake production data on today, restic or BorgBackup are safer bets — and you can revisit Plakar in 18 months when v1.x has accumulated more production mileage.

Sources

AlternativeTo — Ubuntu Software page (community alternatives listing, general reference). https://alternativeto.net/platform/ubuntu/
AlternativeTo — Best Acronis True Image Alternatives (Plakar listed as ISC-licensed open-source alternative, 5 likes). https://alternativeto.net/software/acronis-true-image/?p=4
Stéphane Klein — notes.sklein.xyz — “Lobster — Jardin numérique” (technical analysis of Kloset vs restic deduplication; notes on Plakar’s minimal HN/Lobsters presence). https://notes.sklein.xyz/Lobster/

Primary sources:

GitHub repository and README: https://github.com/plakarkorp/plakar (~1,700 stars, ISC license)
Official website: https://plakar.io
Release notes v1.1.0-beta.1 (January 2026): https://www.plakar.io/posts/2026-01-26/plakar-v1.1.0-beta-the-foundation-for-whats-next/
Release notes v1.0.6 (November 2025): https://www.plakar.io/posts/2025-11-30/release-v1.0.6-bugfix-and-memory-usage-improvement/

Features

Integrations & APIs

REST API

Replaces

Related Security & Authentication Tools

View all 159 →

Ghidra

66K

A free, open-source software reverse engineering framework created by the NSA — disassemble, decompile, and analyze compiled code on any platform.

security Apache-2.0

PocketBase

58K

Open-source backend in a single 12 MB binary — realtime database, auth, file storage, and admin dashboard. No Docker, no Postgres, just run it.

security MIT Easy to deploy

Vaultwarden

57K

Lightweight, self-hosted Bitwarden-compatible password manager written in Rust. Uses 10x less RAM than the official server and works with all Bitwarden clients.

security AGPL-3.0

Zen Browser

41K

Zen Browser is a privacy-focused, beautifully designed Firefox fork with a unique sidebar tab layout, split views, and built-in content blocking — no telemetry, no tracking.

security MPL-2.0