Keeping your data safe in the cloud the cheap way

Security and safety of data. You may not be concerned about it. I am. Especially since I like Cloud solutions.

spideroak_nav_mainI have an account with a cloud provider called SpiderOak where your data are stored encrypted. Your computer first encrypts your stuff and then sends it to SpiderOak’s servers. They don’t have your key, so if you lose it and you lock yourself out of the client on your computer, you’re royally buggered up. They can’t help you. SpiderOak offers 2GB free, other accounts cost money ($100/year, $10/month for 100GB). See their site for other pricing options if you’re interested.

What if you can’t afford that but you have a huge Skydrive with Microsoft, or this enormous space on Google Drive? The answer: Truecrypt.

Truecrypt is a helper program that allows you to encrypt stuff. You can make it encrypt a file, a disk partition or even your entire computer. For this post I stick to the file.

When you start Truecrypt you have the options:

Truecrypt 1

Note that this is a shot from Linux, in Windows it’ll look as good as the same. To set up an encrypted file, you click ‘create volume’, enter the name of the file and follow the prompts (the entire procedure is laid out in their Beginner’s Tutorial, so I’m not copying all that here. When you have followed the wizard, you have created a new volume.

Next step is to mount the file (volume). The fun bit is that you can mount the truecrypt file as a drive (e.g. /media/truecrypt in Linux, or to a drive letter like M: or V: in windows):
truecrypt 2

Via ‘select file’ you browse to your file (or you type in the name) and click Mount. Truecrypt asks you for the password you assigned to the file in the creation process and if that matches your file is mounted as a disk (as mine is in Slot 1. Windows will show you actual drive letters to assign something to).

Stick your work in the new drive, unmount it and back up that file to Google Drive, Dropbox, MS Skydrive etc, provided you have ample space there. If you created a 4GB Truecrypt file and you try to store that to a 2GB dropbox account, you’ll get yelled at by Dropbox.

The file (your new drive) will be fully encrypted, no one can read it. I have read that the FBI spent months trying to hack a Truecrypted drive from the infamous DotCom affaire and gave up. If you need your file back, just download it from wherever, mount it and voila, there are your files. For your eyes only, and no one else’s. Again: lose the password and you’re buggered.

Warning:

! Note that I don’t know if syncing a Truecrypt file “live” to Dropbox (e.g. you have the Truecrypt file INSIDE your Dropbox directory) works fine. I haven’t tried that.

I assume it will, as Truecrypt only has unencrypted data in memory and always writes encrypted data to disk. Dropbox then should move the update to the cloud, but understand that if you update e.g. a 1GB file (your drive), each update will cause the entire 1GB file to be Dropboxed, not just the 25 words you added to the file inside your Truecrypt-drive. For Truecrypt it’s a drive, for Dropbox it’s a big file. That is why I suggest copying the Truecrypt file to Dropbox when you’re done for the day or so.

Questions?

Dutch Ministry Proposes Powers for Police to Hack into Computers

Dutch Ministry Proposes Powers for Police to Hack into Computers, Install Spyware, Destroy Data

Dutch Ministry Proposes Powers for Police to Hack into Computers, Install Spyware, Destroy Data
The Dutch Ministry of Justice and Security has proposed some rather over the line measures and wants to extend such powers to the police that would allow them to break into computers and mobile phones in any part of the world.

According to the proposal [PDF] (in Dutch), dated October 15, the ministry has asked for powers that would allow police to not only break into computers but, would also allow them to install spyware, search for data in those computers and destroy data.

As explained by the digital rights group ‘Bits of Freedom’, which obtained the copy of the proposal, if the Dutch police gets such powers the security of computer users would be lessened and that there will be a “perverse incentive to keep information security weak.”

Another take is that millions of computers would be less secured as Government might not push companies to publish vulnerabilities on one hand and won’t encourage public to patch their systems on time on the other because it might want to exploit those vulnerabilities for its own purpose.

As much as this law is bad for the people, it is more so for the Dutch government as “other governments would be very interested in using such a power against Dutch interests.”

(Original article at ParityNews.com)