Web-Based Private File Storage?

steve802 writes "Recently, someone died in our company, and word is getting around that the admins who were given access to his Outlook account have found personal things that are embarrassing at best (the rumor mill differs on what was found). No matter, it raises a question. I have personal stuff in Outlook folders that I would not want someone in IT to see if I suddenly dropped dead: emails to the wife, photos of the kids, that kind of thing. I also keep a journal at home that I save to a server; personal reflections that I never want anyone else to see, especially if I die. So I was thinking that some sort of web-based storage for files, individual emails, and perhaps even Outlook folders would be perfect. All my most private personal stuff in one place. I found CryptoHeaven, which seems to offer some of what I'm looking for — but it is pricey. I'm willing to pay, but something less than $400/year would be nice. Best would be a service with a dead-man's switch, so that if I don't access it in, say, three months, it auto-purges. Any thoughts?"

Freenet

[Wonko the Sane]

Slow, but very secure.

Re:Freenet

[Mordok-DestroyerOfWo]

Any web service, just create a TrueCrypt [truecrypt.org] container. As long as you sync the container between your computers regularly it shouldn't be an issue. I've been doing it this way for about 3 years now (I keep all of my important data there for when I'm on the road). Works perfectly fine with Windows and Linux.

Re:

[0100010001010011]

I have Chrome, Thunderbird, my MP3 player and DropBox on TrueCrypt partitions.

Computer is PowerCycled and it's "gone". Since speed isn't a huge factor I went paranoid and went with AES-Twofish-Serpent. Good luck recovering my stuff.

I use DreamHost [dreamhost.com] for my mail/webserver. They're not 5-9s but they're cheap and still seem like they are a "small company". Plus they wrote Ceph [newdream.net], (distributed/scalable file system, which merged into 2.6.34.)

I'm sure you could write cron script or something to run on the shell to do

Re:Freenet

[cayenne8]

"You encrypt your MP3 player? What are you listening to, exactly?"

Probably those mp3's that get you high....and he doesn't want anyone messing with his 'stash'!!

:-D

Re:

[ghjm]

By Grapthar's hammer, by the sons of Worvan, you shall be avenged.

Re:

[spazdor]

What more obvious "dead man's switch" is there than knowing your password?

Uh, you know how key-length standards usually increase 'cause brute-forcing gets easier over time, right...?

Re:Freenet

[Anonymous Coward]

All this for stuff after you're dead. Who the Hell cares? You're either in heaven, hell, limbo, reincarnated with no knowledge of previous life, or worm food, and in any of those cases you've got bigger things to worry about (or nothing at all ever depending). I can see someone else wanting life insurance on you, but not you wanting it for yourself, since when it gets used you won't care, and that's a much bigger thing than whatever sicko porn collection you happen to have for whatever reason. Your reputation with other people means nothing once you die. Either there's some omnipotent being that already knows all that crap about you, or there isn't and either way, who the hell cares?

Re:Freenet

[dan828]

It could be that you want to ensure that people you care about won't be emotionally harmed by things you did and kept secret. In the military, if one is killed, they sanitize personal effects, destroy "little black books" and the like, just so that the wife or whomever back home doesn't find out about your time with the Thai hooker in Bangkok or the mistress you had while TDY in England. Frankly, it's a policy that keeps the "loved ones" from being harmed by things that it really doesn't do anyone any good to know about. Really, who is it going to help to know what a shit you were in private after you're gone?

Re:Freenet

[Mr. Freeman]

Because your secrets could possibly affect other people. For example, your wife might not be looked upon too highly if people know that she married a guy that was into some weird fetish. Also, their secrets might be stored with your stuff as well. Those things should not be released.

Re:

[Reece400]

True for his work PC, but on a secure web service your password should be good enough. On top of that, I imagine that once you die and stop paying the bill it will be purged for you within a few months.

Re:Freenet

[JumpDrive]

If he really wants to protect it, then he should also encrypt it.
My brother passed away a couple of years ago and I was able to gain access to his web server. I knew the CC used and the email address used. There wasn't anything on there, but the expected files, but if he wants to keep it secret permanent after death, then encrypt with a long key.

Re:Freenet

[BarryJacobsen]

>>>Mac OS X

False advertising. Ooops. It doesn't work with all of Mac OS 10.x - only the more recent versions.

It probably says it runs Windows, but doesn't run on Windows 1.0, either...Lying bastards.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[McFadden]

Cross platform compatibility

He's a Mac user.

There aren't any other platforms.

Separate them

[Anonymous Coward]

Dont use personal info on work systems. Often time anything in there is usually subject to scrutiny.

Re:Separate them

[shentino]

Indeed.

Best solution to keeping your boss out of your personal stuff? Don't do personal stuff on company time.

Re:

[Profane MuthaFucka]

The restrooms are your own time. Do your wanking in there.

Re:Separate them

[spazdor]

glory, glory-hole allujiah!

That would be great....

[jotaeleemeese]

.... if companies didn't encroach in personal time.

Re:

[shentino]

It has nothing to do with privacy.

It has everything to do with misappropriation of company property for personal usage.

Re:

[Anonymous Coward]

Absolutely. Never, never, never, never use your employer's computers for personal stuff. At all. Period. That computer is your employer's, and anything you put on it is also his. Whether that is strictly, legally true is immaterial. In practical terms, it is.

You keep personal reflections in a journal that you never want anyone else to read, ever? Then, don't write it down. Duh. Anything you really don't want your survivors to ever under any circumstances see--physically destroy it. Don't have phys

Re:

[jtownatpunk.net]

No shit. I swear some people can be amazingly stupid. I once had a guy call me when he had trouble sending an email. "Subject: Re: Re: Re: Re: I wuv my snookums." "Body: I can't wait to see you again..." (That's where I tuned out and flipped on the blinders.) Now if this had been Mrs. VP, that's no big deal, tho still the kind of thing that shouldn't go in the corporate email archive. But the address was not Mrs. VP. It was Mr. VP's former assistant. And the guy KNEW it was going in the archive b

TrueCrypt?

[e065c8515d206cb0e190]

Why does it have to be web based? If the only requirement is absolute privacy, TrueCrypt will suffice.

Re:

[Lunix Nutcase]

Because he was talking about computers at work? I doubt most companies are going to let you encrypt the hard drives on your work computer to block them from seeing what's on it.

Re:

[NFN_NLN]

Because he was talking about computers at work? I doubt most companies are going to let you encrypt the hard drives on your work computer to block them from seeing what's on it.

You don't need to encrypt an entire drive. You can encrypt a binary blob (file) and then pass it around to HDD, USB, email, web etc.

In fact, why would you trust an online service for privacy. Just use any old online service to store your encrypted blob.

Case closed:

Beginner's Tutorial
How to Create and Use a TrueCrypt Container

http://www.truecrypt.org/docs/?s=tutorial [truecrypt.org]

Re:

[countSudoku()]

Yes, but it's still THEIR computer. Just use ssl/gmail for your personal crap, and PGP/encrypt your stupid personal thought from people who are most interested in them. Which is the crux of the biscuit; people who really care will circumvent your encryption anyway. and get at that juicy data you have there. Just write it in a journal, then burn it. What is so special about our private thoughts that make us write them down in case we forget them later? Just think more! I'm going to lunch now. Don't ne

Re:

[Seraphim1982]

Why can't you just encrypt a thumb drive? Or use one that has built in encryption (eg. an Ironkey)?

Re:

[Lunix Nutcase]

Yes, they might find out you have some encrypted stuff on their hard drives, but at least they won't be able to get into it.

Yeah, and then they'll just say "Show me what's in it or your fired for misappropriation of company resources".

Re:TrueCrypt?

[ds_job]

Which is what the two key "Plausible Deniability" feature is all about:
http://www.truecrypt.org/docs/?s=plausible-deniability [truecrypt.org]

Re:

[Lunix Nutcase]

You would still have to explain why you have TrueCrypt on your system. Unless you purge all traces of having downloaded it and installed it on the PC it's not like they won't be able to find that you've been encrypting things on the computer.

Re:

[Nadaka]

You don't have to download and install it, you can run it off a thumb drive.

Re:

[IndustrialComplex]

Then you lose your job. The OP is not asking how to protect his job. He's asking how to protect his private data while accessing it on a company PC. That includes some risk.

Even better, he isn't asking how to protect it while he is accessing it. He is really asking how to protect it when he is DEAD!

Which makes the threat of being fired all the more laughable. Unless of course, he didn't use a metaphor and his boss literally IS satan. Then I guess the threat of being fired is probably relevant again.

Re:

[obarel]

In that case, "fired" can mean more than one thing, I guess...

Re:TrueCrypt?

[Andy Dodd]

Portable TrueCrypt requires admin rights.

Translation

[grahamsz]

I think you mean "emails to the wife, photos of the wife, that kind of thing"

Re:

[bsDaemon]

Unless someone who hated him uploaded some photos of someone else's kids in an attempt to frame him...

Web-Based Private Is An Oxymoron

[Maarx]

Web-Based Private is an oxymoron. Why does this have to be web-based?

It would be pretty trivial to set up a Linux distro with two hard drives, one with the simple operating system and the other an encrypted drive with a passphrase, and set up the OS to nuke the second drive if the current time is ever greater than three months from the last time the passphrase was successfully supplied.

Re:Web-Based Private Is An Oxymoron

[spazdor]

Web-Based Private is an oxymoron

Actually, they have this thing, "cryptography" now.

Work account?

[The MAZZTer]

Solution: Don't do personal stuff on your work account...

Re:

[Kronos.]

Indeed, a technical solution is not needed for this problem as far as I see it. A little common sense and separation of work and personal life would go a long way.

Re:Work account?

[grasshoppa]

No shit. OP: Bad news, if it's on company equipment, IT has already looked at it. Your fetish for donkeys is now well known.

As far as the personal stuff at home; who cares? Family means never having to explain the albino midget you keep in the closet.

Re:Work account?

[Coren22]

Family means never having to explain the albino midget you keep in the closet.

Dad?

Re:Work account?

[roman_mir]

I have a better, more perfect solution.

Don't die.

(in the unlikely event that you do die, ask yourself a question: "why do you give a fuck what anybody finds out about you? Really?")

Re:Work account?

[TooMuchToDo]

Pay for a virtual private server somewhere. Tie it to a credit card or some payment method that you need to keep paying. You die? Payments don't get made, hosting provider nukes the virtual machine after X days for non-payment.

Whats the surprise?

[mschoolbus]

They can already read your emails..

Some thoughts

[grahamsz]

On a more serious note.

1) Kill switch is unnecessary. If it's a paid service then it'll purge when you stop paying the bill

2) I've been playing with tarsnap lately and i'm pretty impressed. You use it just like tar but it uses a private key to store the results on their server. They can't see what you store and it intelligently tracks diffs so if a file appears in multiple archives you don't need to transfer or pay for it after the first time.

3) Something like mozy or jungledrive would surely be easier to u

Re:

[MBGMorden]

1) Kill switch is unnecessary. If it's a paid service then it'll purge when you stop paying the bill

Two problems there. 1) It's highly unlikely that it'll immediately purge. It'll probably just disable access and keep the files around for a good while.

2) Depending on his account setup (PARTICULARLY if he's autodrafting from an account that is shared with his wife), then the auto-bill could go on for a significant amount of time beyond his death. If on a debit card, then several years until it expires. If it's straight out of a checking account (I have some loan payments setup this way), then it could

Why?

[quarkoid]

I've got to ask the question, but... why?

I mean, if you don't want anybody to find this stuff when you're dead, why bother collecting it when you're alive?

And for the 'pictures' of the wife, what's wrong with a Truecrypt store?

Re:

[war4peace]

Mod parent VERY insightful.
If I die, i don't give a shit how people are going to perceive me if they find my not-that-secret porn collection or whatever they would loathe. Because I'm dead!
What makes the poster ask such a question?
Is it fear that his family will think differently of you post-mortem? Well, my friend, if you have such deep and ugly secrets towards your family, then sorry to say, doesn't sound like a family to me.
Is it fear that society would make you a pariah post-mortem? Whet do you care

Re:

[stdarg]

Is it fear that society would make you a pariah post-mortem? Whet do you care? Death is forever, the last thing you'll do in your life :)

It might be uncomfortable for your still-living family. Why would you not care what happens to your family after you die? Do you also think people who buy life insurance are dumb?

Re:Why?

[stdarg]

After he's dead, he still doesn't want people to know because it'll reflect badly on him and make people he's close to feel bad or uncomfortable?

I mean just because you'll be dead doesn't mean that you, now, alive, can't think of other people's feelings and how future revelations will affect them.

Easy

[aaaaaaargh!]

Encryption + online storage. You can use openssl, truecrypt or whatever you like for encryption and, say, Jungledisk for online storage. Problem solved. Unless you think your colleagues will mount a 1 trillion entry dictionary attack against the file that they illegally recovered from your personal online storage after your death. In case of which you should perhaps look for new colleagues.

Use a home server

[Nadaka]

Run a server out of your house. Use linux with truecrypt and SELinux enabled. Access it through ssh if you need to from a remote site.

Why make it complicated ?

[germansausage]

Do what I do. Store the unhallowed debris of your grimy little soul in a true crypt file. When you shuffle off to meet your maker the passphrase goes with you. Need web access, put it on dropbox.

Completely Disagree

[TehZorroness]

When you die, your writings and works are the only thing left of you. They are the only way for someone to try to dig deeper into your mind and build up an understanding of your true character. A lot of crazy shit happens in a lifetime, someone may really appreciate you leaving a book of your reflections behind.

Re:

[theJML]

You may not want everything in that book though. Don't want to slander yourself with something that may have only been a passing thought or thought exercise and is afterwards taken completely out of context.

While I agree with you, it might be best to have an easily found diary/journal/captain's log/whatever for your relatives to find upon your passing, perhaps even including said location in your will.

Re:

[MikeFM]

I don't see what people could be doing that is so embarrassing anyway. Unless you are taking photos of yourself dressing as a wolf and having sex with real sheep it's probably nothing that most the people around you aren't doing too. I really don't see the whole paranoid need for privacy. Who cares if everybody else knows that you're just like everybody else? It's probably healthy to stop worrying that you'll be found out.

That said, why not just use an encrypted disk image? Mac OS and Linux have built-in en

Re:

[petes_PoV]

I don't see what people could be doing that is so embarrassing anyway

Well, you could be hoping for some revenge from "beyond the grave" by spreading lies (or even truths) about family members you disliked.

Re:

[petes_PoV]

someone may really appreciate you leaving a book of your reflections behind.

reading people's tweets would indicate otherwise. Unless you are a particularly talented writer, most personal reflections are the most turgid and self-indulgent nonsense imaginable.

Re:

[Vahokif]

And it's not like it'll have serious repercussions on your death.

Re:Completely Disagree

[Angst Badger]

When you die, your writings and works are the only thing left of you. They are the only way for someone to try to dig deeper into your mind and build up an understanding of your true character.

Thanks, but I don't owe that to anyone. Period. The very thought of someone having unrestricted access to my private writings makes me feel physically ill. And it's not because I have any unusual skeletons in my closet, it's because that access would be a total violation of my personal boundaries. You're welcome to what I choose to share while I'm alive, and I share quite a bit, but I don't belong to you or anyone else. Quite frankly, I like the idea that I'll be completely erased by death. Having spent my entire life with claims placed upon me by family, employers, government agencies, creditors, and countless social organizations, it is no small comfort to know that something will escape the insatiable demands of my fellow man.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Why web-based?

[hcdejong]

If you want to access the info anywhere, but keep the files private, you could store them on a USB drive instead. That eliminates most security holes, and you could easily encrypt the files for even better security.
This also gives you the option to launch applications from the drive (I use FirefoxPortable, for instance), ie. applications that you control instead of the company. That still leaves the possibility of the company snooping on any connections you make, unless you encrypt those.

Keeping personal st

this is silly

[Lord Ender]

First of all, keep your business and personal data separate, or at the very least keep your embarrassing personal data separate.

Secondly, don't upload shit you want to keep private to any web service. They may not be honest, but even if they are they could still be hacked. Use truecrypt on a USB drive you keep with your car keys. For backups, upload the encrypted file container from your USB disk to any random online file storage periodically.

Thirdly, don't worry about being embarrassed after you die. You'l

web based storage?

[vux984]

So, I'm looking for something to be absolutely private and secure...
"So I was thinking that some sort of web-based storage for files..."

Yeah. That was my first thought too. "Lets put them on the internet."

How about,
1) don't access absolutely private stuff at work.
2) store it on an encrypted drive
3) consider putting instructions in your will that it be destroyed

Other than that, as for a dead-mans switch type thing. Seriously? You'd seriously prefer continually risking losing the documents forever over the sl

Um

[MBGMorden]

This is about the easiest problem in the world to solve. If you don't want corporate IT in your personal business, then don't do your personal business on those systems. You have no expectation of privacy on work computers. Anything you don't want them to see, do it AT HOME on your own system.

Just live a clean and pure life...

[sgage]

... and you'll have nothing to worry about :-)

I keed, I keed!

First off, anyone who keeps incriminating material on a work computer is ot-nay oo-tay ight-bray.

I do keep a series of rather personal and private journals on my home computer, password-protected. There is some stuff that I've written there that's not meant for anyone else to see, ever.

Other than that, I don't think anyone would be too interested in the vast collection of stuff on my computer - some of which has followed me from computer to comput

Home Net

[Frightened_Turtle]

I never left personal files or data on the computers at work. I would shunt anything personal to a server I had running at home. For any personal journal writing or private data, I would SSH into the server and create it there. I went to great pains to ensure that I left nothing personal or private on the company's property.

I'm not comfortable storing sensitive personal information off site with some online service. My preference is to store important data in a small RAID I set up in a fireproof area in my

It's worse after you die?

[Last_Available_Usern]

They can already read your data and email now. Why is it more embarrassing for them to read the stuff after you die than before?

The answer is simple

[BigBadBus]

Don't use your work email for private and personal stuff. D'oh!

Discretion?

[Xacid]

I'm kind of surprised I haven't seen any comments on the bigger issue - the IT folks entrusted with this data who let data leak (or at least rumors of the content). As a system admin - if you're at that level you're already not trustworthy enough to keep that postion and would probably be reassigned depending on the severity. Understandably if it's something illegal then it needs to be report it but even still - discretion is still required. It's no one else's damned business.

Compare this to your HR person - would you like them to spill your SSN randomly here and there? Just because the guy is dead doesn't mean his data requires less care.

Anywho - as far as technical solutions 1) don't put personal stuff on a work computer, 2) even some web space and an ftp account should be nearly sufficient if you just need a place to store files remotely that isn't easily accessible.

Re:Discretion?

[JumpDrive]

In our work area, what has happened is information has gone from the CEO to a VP and then to everyone else. Then IT gets blamed for the rumor.
First time it happened, I was thinking "Do you think I'm a dumbshit", second time it happened I realized IT was going to be blamed for their knitting circle talk.
After that I just started pretending I don't see it.
But if it ever something seriously illegal, I'll tell law enforcement.
Other than that I don't want to add to the knitting circle talk.

Re:

[fermion]

I would have to respectfully, and completely, disagree. Work computers are for work. The company is responsible for the machine, and to some extent what is done with it. If the IT staff let a rumor fly, it may well have been strategic to remind the staff that what is on their computer is not private.

Given the naivety of the question, it is clear such a reminder was justified. The question implied that no one knows exactly what was on the machine, porn, naked pictures of the spouse, naked pictures of a l

LARTing is in order.

[couchslug]

Take the personal shit off, now, because you don''t need it there. Backup and store elsewhere.

Don't put anything but business correspondence on business systems, and don't put anything unencrypted on email you don't want to see on 4chan.

I don't use my workplace email. I use a webmail address so my correspondence follows me if I leave. Not an option for everyone, but nice so you can't get locked out by accident or intent. All my browsing at work is done using Firefox Portable, copied to USB key, and archived

Beating dead horse...

[drumcat]

"I have personal stuff in Outlook folders that I would not want someone in IT to see..." Stored AT your IT department. As 100 people here have said, solve that problem first.

Re:

[drumcat]

When you're done with that, whichever program or setup you choose, get a good password. Do something you remember well, like your name. Then use the key to the upper-right of that key... so if your name was Jacque Strappe, you drop the space, and it's iwf284e65w--4 or something like that. Cool? Now go hide your blackmail stuff on a key. Use AES. If you have a mac, use knox.

Why do you care?

[h3llfish]

You'll be dead, after all. We are all food for worms. Get over it.

personal email

[fermion]

I only do work stuff on work email. I have personal emails accounts to do personal stuff, all web based. Many people use gmail for this. It is not private, and after one dies it might not go away, but unless one is important no one will really have a reason to look at it. Certainly your local sys admins will not have access to it, unless they are just nosy and can get your passwords, but that is an issue with any solution, which is why the paranoid don't even use company machines for personal business.

Why

[koan]

Why do you have things on your computer that you don't want people to see, and they aren't encrypted or otherwise protected?

Sorry just can't get past that question.

Windows Home Server

[Call Me Black Cloud]

I recommend Windows Home Server. Of course, it integrates perfectly with your Windows machines (since you're running Outlook you have at least one) and is the best backup and recovery solution I've been able to find for home use (you can roll back individual files). You can have folders mirrored on different drives, and you can control who has access to what folders.

Additionally, through the magic of dynamic DNS you can access your files through the Internet. You get a subdomain off homeserver.com which allows you to check the status of the server, upload or download photos, and if you have expensive enough versions of Windows on your machines at home you can control them via Remote Access.

I've used other NAS solutions for years at home, and I don't regret switching to WHS at all. FYI, I built my own server and installed WHS myself - I didn't buy one off the shelf, though you certainly could if you're not into building computers.

Good God, only use work email for work!

[stevegee58]

I only exchange emails with my wife and friends using my gmail account.

Clean house in your work email and stop doing that.

PogoPlug

[tagno25]

With PogoPlug, you control your file storage. If you buy a Sandisk Freeagent Dockstar then you get a free lifetime subscription.

Pre-emption.

[fahrbot-bot]

Rule: Do not write down stuff you don't ever want anyone to read.
(See U.S. Military vs. Wikileaks current events.)

Corollary: Don't save porn/ you don't ever want people to find.

How about old fashioned measures?

[mlts]

Instead of using Web based measures, what about a cryptographic token and TrueCrypt? This way, someone had to have the token, know the token's password, and have the TC passphrase and volume. If someone guesses the passphrase on the token too many times, it goes boom and there will be no access for anyone, which may be what is wanted.

Another option is to build a custom file server with Windows Server 2008 or Windows Server 2008 R2, enable TPM + PIN + USB flash drive, and use BitLocker. This way, for some

You are an idiot

[h4rr4r]

If you are storing personal data on the company mail server you are an idiot. If you are accessing personal data from a company machine that is not much better.

D-Day - 90

[westlake]

Best would be a service with a dead-man's switch, so that if I don't access it in, say, three months, it auto-purges. Any thoughts?"

Don't leave the country.

Don't let an auto crash leave you in a coma.

Don't be trapped on the Gulf Coast in hurricane season.

Dead doesn't always mean dead-dead. It can mean nothing more than that you or your files have become temporarily inaccessible.

photos of the kids

[gandhi_2]

photos of the kids

If you are afraid IT will see pictures of your kids, either you got ugly kids or you took the wrong kinda pictures.

the four basics of privacy at work

[v1]

1) do not store anything private on company hardware, not on your pc on your desk, not on your laptop you take home, not on your blackberry. Doesn't matter if you encrypt or not. Do not do it. You have no right to privacy when using company hardware.

2) regardless of where you store your private data, do not access it from company hardware, at home or at work. No form of security is effective if you're accessing it from hardware you do not control. Clearing cookies/history or using a "portable private b

LA[MP]P+openssl

[burnin1965]

A simple PHP application running on a LAMP or LAPP server can easily be created to upload files and encrypt them with a custom SSL certificate using openssl. I did a demo for something very similar for a client.

Of course there are many avenues of risk between the upload to encryption path and the decryption to download path. Some of the risk can be reduced by choosing the right hosting method.

The cheapest solution would be free web hosting for the application but I am not sure they will have an SSL connecti

Re:

[bsDaemon]

The problem with Truecrypt is that the volume is portable and they can run a dictionary attack against the passphrase at their leisure. I roll with an IronKey, with hardware-driven AES encryption. After 10 unsuccessful attempts at entering the passphrase in a row, it destroys the key, never to be recovered again.

Also on the subject of drive encryption, I have a server here at work I built with an encrypted RAID5 array using the GELI drivers in FreeBSD. The server has to be booted with a USB drive contain

Re:

[MBGMorden]

The problem with Truecrypt is that the volume is portable and they can run a dictionary attack against the passphrase at their leisure.

Not that I have any sympathy for the asker in this case (just keep private stuff at home and you're good), but with any decent passphrase "at their leisure" could very well be measured in millenia for brute forcing a good password. If you're over 8-9 characters, with alphas and numbers, and not based on a dictionary word, then I can guarantee you that a) barring you having national security level info tucked away they're not going to care enough to even try to break the encryption, and b) even if they DID

Re:

[bsDaemon]

I understand that it be a wicked long time before they crack the passphrase, and that a good passphrase is key. Mine is pretty amazingly awesome (long, case switching, numbers for letters, all that good stuff) but I still feel better knowing that there is a hard limit on the short side that prevents a successful attack.

Re:

[Anonymous Psychopath]

The problem with Truecrypt is that the volume is portable and they can run a dictionary attack against the passphrase at their leisure. I roll with an IronKey, with hardware-driven AES encryption. After 10 unsuccessful attempts at entering the passphrase in a row, it destroys the key, never to be recovered again.

Also on the subject of drive encryption, I have a server here at work I built with an encrypted RAID5 array using the GELI drivers in FreeBSD. The server has to be booted with a USB drive containing the encryption key if you want the drives to come back up when you reboot the server (alternatively, you can manually mount them -- point is, you need the USB key). It's a pretty nice arrangement, too.

You can use a keyfile/password combination with TrueCrypt as well. That way they'll have to have both your keyfile (which could be any file on your system, USB stick, Dropbox account, etc.) and your password.

Re:Encryption

[vux984]

After 10 unsuccessful attempts at entering the passphrase in a row, it destroys the key, never to be recovered again.

If I was transporting a copy of the data across national borders, and I didn't want customs to get a copy... a self-destruct sequence makes a lot of sense. But to have a permanent sword of damocles dangling over the data by a thread... If I valued the data so much that I was willing to go to extremes to protect it... and then set it up to be irrevocably trashed that easily... I might as well just delete it now to save myself the aggravation.

Re:

[bsDaemon]

No, its understood. My passwords for all my online financial information, email addresses, user accounts and server root passwords are all randomly generated. They are stored in a keepassx database and locked with a passphrase that I know. The keepassx database is kept on my ironkey, which is locked with a passphrase that I know. I also have the passwords backed up in the IronKey password locker for when I'm on strange systems, especially those which use Windows, as those utilities on the IronKey only w

Re:

[couchslug]

"I was fucking his wife last night and apparently he was hung like a toddler."

She said you were a "form and fit replacement".

Re:

[dc29A]

I got a bunch of encrypted archives uploaded to my Google Docs account that I can access anywhere I need it.

Haven't looked around but with the new Google command line tool (or other command line tools), pretty sure uploading/downloading could be automated. Then fire up WinRar using the same script and encrypt/decrypt archive. This way Google can't snoop on your files.

Re:GOOGLE MAIL

[icebraining]

WinRAR? Turn over your geek card.

At least, use gpg to encrypt it and Dropbox to automate uploading/downloading. Bonus points for an automated encryption system (encfs mount point, for example).

Re:GOOGLE MAIL

[rwa2]

Yeah, really! I don't know why anyone is paranoid about Google at all when your ISP and cellphone providers have all your data activity records on hand.

I pay a bit extra for the "business" tier of service, so I can actually run my own web and email server on my home machine. I've pretty much been hosting everything on my own server since my college days. Never used / needed a USB stick for working on school projects, just pulled it in over the internet using PuTTy/PSFTP or more likely VNC+ssh. I even presented some final projects over VNC running a little opengl thing over VNC.

I don't have a "smartphone" (call me old skool), but if I did all I'd need is a good ssh client (such as midpssh) and a good VNC client, and I'm in business. Works fine on my Palm TX PDA tethered to my dumbphone.

For offsite backups, I occasionally rsync my home dir over to a friend's server, which I've donated hardware for (including hard disks, among other things). The sensitive stuff like financial records and nekkid pics of the wife are encrypted with PGP. The rest of the porn we all share.

Frankly I'm more worried about data being lost forever than data getting "out". If I get hit by a truck, my dying words scrawled in a pool of blood will be the master password for my keyring vault so my wife can pay the bills online. I'll pass away very anxious about whether she can decipher the special characters properly.

Re:

[drumcat]

"Secure File Sharing - Using our "Temporary URLs" feature, you can ahare any file on your SwissDisk without giving access to your whole filesystem. You can designate how many days the Temporary URL can be used. You can even track how many times files have been downloaded." If they tell you to ahare stuff, I'm not sure I'd trust them. Miss one keystroke and your data is vapor. You better be better than that.