|FROM ||Ruben Safir
|SUBJECT ||Subject: [NYLXS - HANGOUT] gee - here is a thought, ending the private computer
The cloud is your friend, asshole...
What's to stop the Feds peering into your cloud?
August 16, 2013
Gadgets on the go
Adam Turner is an award-winning Australian freelance technology
journalist with a passion for gadgets and the "digital lounge room".
View more entries from Gadgets on the go
submit to reddit
Reprints & permissions
Photo: KARL HILZINGER
Do you encrypt cloud files to protect them from prying eyes?
A strong password and two-factor authentication might help keep hackers
out of your online accounts, but what happens when the government wants
a peek at your sensitive files? Your cloud storage provider probably has
no choice but to grant the Feds full access. It's not even allowed to
tell you that the government is snooping around in your files and
keeping tabs on you.
If the thought of possibly losing something forever seems worse than
the thought of it falling into the wrong hands then you probably don't
want to use your own personal encryption key.
You might argue that honest people have nothing to worry about. You're
generally right, but the idea of an omnipotent government which knows
all our secrets doesn't sit well with some people. History has shown
time and again that such powers are abused, often in the name of
homeland security, and by the time people speak up it's too late.
Even if you're not worried about a seemingly benevolent totalitarian
regime abusing its power, there's always the chance that someone else
could hack or bluff their way past all your security measures and gain
access to your online treasure trove. Most of us have got at least one
photo, file or password stored somewhere that we wouldn't want the world
to see. Of course if something's that sensitive then it shouldn't be
stored on someone else's servers, but it's easy for the convenience of
the cloud to lull you into a false sense of security.
Encrypting your files before they're uploaded to the cloud adds an extra
layer of protection, so even your cloud service provider can't read your
files. There's more than one way to go about it, but some methods are
more complicated than others. Keep in mind that if you forget your
password then those files are lost forever, it's not as simple as
requesting a password reset. There are no second chances. Make sure you
know what you're doing and even then use personal encryption sparingly.
Save it for the handful of files you really need to protect, rather than
encrypting your entire family photo library and risk losing it forever.
Some cloud storage providers let you set your own encryption key, so
only you can unlock your backups. They're generally business-focused
paid services, which assume all your business data is sensitive. Like I
said, you probably don't want to lock away all your family photos, tax
records and personal documents behind your own encryption key. If the
thought of possibly losing something forever seems worse than the
thought of it falling into the wrong hands then you probably don't want
to use your own personal encryption key. Proceed with caution.
Consumer-grade cloud storage services such as Google Drive, SkyDrive and
Dropbox don't offer the option to set your own encryption key -- which
is exactly why some people refuse to use them. There are however
third-party solutions for encrypting your data before it's uploaded to
these services, making it easy to keep a handful of sensitive files in
an encrypted folder alongside all your other backups.
You'll find a few services like Cloudfogger, TrueCrypt, BoxCryptor and
Viivo which run on your desktop, creating an encrypted folder and
syncing it to the cloud. They're designed to work with cloud storage
services like Dropbox and might be the security option you're looking
for if you only need to protect a handful of files.
While your files might be safely encrypted in the cloud, you'll also
want to think about how secure they are on your computer and whether
temporary copies are stored in the open. There are options for
encrypting your entire hard drive, but once again you'll want to weigh
up your security concerns against the risk of losing everything. Be
realistic about the potential threat and possible consequences. When in
doubt, less encryption is better than more.
Things become more complicated if you're syncing your encrypted folder
between several computers and you can run into trouble with the backup
software failing to recognise that your encrypted folder has changed.
You might also run into trouble with a mess of duplicate conflict files,
which can also get ugly. Whichever cloud storage and encryption service
you opt for, you'll want to test it out for a while before you trust it.
You'll also want to read the instructions carefully, as it's sometimes
possible to upload files which aren't encrypted when you think they are.
You might also need to keep a backup copy of your configuration file to
ensure you can open your folder if you need to rebuild your computer.
Test the data recovery options before the day comes when you really need
them to work, or you could lose everything.
Of course all this works on the assumption that the encryption can't
even be broken by government intelligence agencies. Nothing is
uncrackable, it's simply a matter of time and resources. There are no
magic bullets, you need to weigh up the risks and consequences to decide
Do you need the extra protection of a personal encryption key? What
works best for you?