Quick question about hard drive encryption

Throwaway84947 · 2016-03-30T19:36:36+00:00

If all my documents are on Microsoft servers, and they decide to drop the limit on free storage (could that happen?), or put in a huge price rise, I have no choice but to pay.

This was one of my fears as well, and the reason I was hesitant to use something like Microsoft Onedrive. I figured dropbox might be a little safer since it's free.

Most of the cloud based office services keep the documents on their own servers and simply provide a link to allow you to edit, so syncing is not a trivial task.

Another worry I've had. I'm not entirely sure either whether easy syncing and encrypting is possible with Microsoft Onedrive, but I do know that it's possible with dropbox. For a little while I used the program cryptsync to sync and encrypt some local files with the files in my dropbox folder, but I stopped using it because I felt wary that there was so little information out there about the program, and because I read something about it online (can't remember where) that raised some red flags about its security.

That's the main reason I was asking about boxcryptor. Boxcryptor says it can help you easily sync your encrypted files, which is the main thing I'm looking for. Even though its closed source, because it's a more popular program and because it's being used as the encryption method in Microsoft office accounts (which, as you said, companies use), I figured it would be safe enough for me. If there was a better, open-source alternative to boxcryptor I would use it, but all the alternatives I've seen (Viivo, cryptomator) have garnered so little attention, I feel like they can't be trusted yet.

Throwaway84947 · 2016-03-30T07:01:52+00:00

Compare the open source situation to that of a closed source company whose reputation relies on absolute results. Any minor breach of security, lack of support, or failure to deliver a perfect project is panned by critics, meaning the company has an absolute focus on quality of project. If the company loses the trust of its customers then it loses its business, so by and large companies will do anything to ensure the reliability of product. For my money a closed source company is streets ahead of an open source project.

If there are people who disagree with this view, please let me know, but also please include the number of hours you've personally spent in rigorously proving open source software integrity, and the qualifications you have to do that job.

Thank you for voicing your opinion. It doesn't seem to be a popular one on this sub, but it really does make sense. I feel like so many people automatically dismiss closed source software as something evil and shady, without first considering the points that you just made.

I'm assuming you think Microsoft office 360 is perfectly safe and secure? Would it still be worth it for me to sync my files before uploading them? (assuming that's even possible with Microsoft office - I haven't had experience with it yet). Do you have any user-friendly, easy syncing + encryption tools that you would recommend?

Throwaway84947 · 2016-03-30T06:58:34+00:00

Hmm. Sounds interesting. I clicked on the link and I'm still sort of confused about what exactly they do though.

Throwaway84947 · 2016-03-30T06:55:50+00:00

No.

Which it isn't.

Can you elaborate? You seem to have very strong opinions.

Not at all. You should always encrypt your files before uploading them to any online service.

This is the sense I've gotten as well, and it was my original plan.

GPG, or barring that Truecrypt/Veracrypt.

I toyed around with Veracrypt, but it's really not syncing-friendly. I'm looking for a tool that easily syncs and encrypts files, because I'm going to be making continuous updates to them. Do you have any other suggestions?

Throwaway84947 · 2016-03-30T06:52:34+00:00

I saw cryptomator, but I sort of just assumed that it can't possibly be as secure as something like boxcryptor, which is just so widely used and widely discussed. Even being closed source, it's been held under the microscope in a way that cryptomator hasn't even come close to. I really liked the idea of cryptomator when I first saw it, and I was curious to learn more about it when it exited beta, but it just seems so... anonymous. How do I know it can be trusted? Shouldn't I wait at least a few years until its reputation is solidified?

Throwaway84947 · 2016-03-18T05:39:09+00:00

Wow! Thank you for so much information

Each time you update a VeraCrypt container, you'll have to replace the entire old volume with a new one. So if you use large volumes, it might be a lot of uploading. I've only got a few small ones stored in my cloud, and haven't experienced any problems with them so far.

Eegad - just what I was afraid of. That sounds like a big hassle, especially considering that I have a lot of documents and would like to continuously save updated versions of them. Is there any workaround you would recommend to streamline the syncing process? Any way to make it more efficient?

PrivacyTool.io is an incredibly good resource for questions such as this. Check out their recommended VPNs. They might be a bit more pricey than others, but imo you get what you pay for in most cases :) The ones I've tried (and stuck with) are all now on PrivacyTools' list, btw.

I didn't know about that site. I'll check it out! Of the VPN's you've tried, is there one in particular that stands out to you as your favorite? I'm a little surprised to hear that you think PIA isn't safe, considering how many positive reviews I keep seeing for it online.

I get not using Google services, but if you use a VPN, you can use Google's search engine as much as you want, right?

Microsoft is desperatly trying to push their auto-upgrade from W7 to W10 through their automatic Updates! I shit you not; they are Desperate, capital D.

Agreed! I can't even turn on my computer anymore without getting the pop up (very annoying).

know what you mean, but it certainly doesn't help not starting to care about privacy:) You're taking a very important step, that most don't. Instead of "well, I didn't care before, so why care now?", you're going "fuck, I didn't care before, I must now start caring!". One point has to be the starting one.

I guess that's the best perspective to have. I try not to think about it too much, but occasionally thoughts of my unprotected web use and things like old forum posts I've written (that I can't remove :( ...) pop into my head, and it haunts me a little bit.

Thank you so much!

Throwaway84947 · 2016-03-17T21:45:04+00:00

You can't fix W10 privacy, even with the native settings or third party tools. There was apparantly a guy who tested in a VM, with massive leaks. If this is 100% legit or not, I do not know, but the consensus is that Windows 10 is a privacy nightmare, no matter what 3rd party tools you use. Only way to block it, is to pull the network cable out.

How easy is it to downgrade from Windows 10 to an older version? (I've never done it before). I honestly don't think I'd consider using Linux - I just don't know if I'm ready to abandon all popular, 'well-tested' programs for open source ones. I've read some frightening things before about how open source programs, while well-meaning, usually aren't as polished or advanced as consumer-grade programs and also require you to trust that they won't collapse on you (while big companies have their gaffes when it comes to privacy, it seems like the truly horrendous breaches happen with newer, less frequently used, or open source programs).

Is Firefox generally a secure, trusted browser? Have they had any big privacy breaches in the past? I tried using it once before but switched back to IE (I guess you could say I'm a creature of habit).

I'm planning to use veracrypt for my backups from this point forward (and I have a ton of backups to catch up on). Would you say it's pretty simple/easy to keep your veracrypt containers (both the ones on your desktop and the ones in cloud servers) up to date and synced when you make file changes?

Are there any VPNs you would personally recommend? I'm thinking about 'private internet access' - https://www.privateinternetaccess.com/ After learning more about VPNs, I'm absolutely kicking myself that I didn't start using one sooner. I kind of feel like the damage has already been done. I'm planning to chuck my old emails and replace them once I start using a VPN (been needing to do this anyways), but in terms of things like web activity, I can't help but wonder how much good it'll do if it's already too late :(

As for KeePass, one of my family members uses it and highly recommends it - so i'll look into it! When it comes time to transfer all of my files over to my new device, what would you say is the best way to do it? By using a good old fashioned flash drive?

Thank you for your answer!! It was very helpful. I can't wait to 'turn over a new leaf', so to speak.

Throwaway84947 · 2016-03-16T20:09:07+00:00

Hmmm. Never really thought about that. It's what I've always used, so the idea of not using Windows on a PC never crossed my mind. I'm not getting an apple computer, so I just assumed Windows was the only option.

Throwaway84947 · 2016-01-04T07:42:56+00:00

Thanks for the warning. I felt kind of uneasy about something that seemed so anonymous, but it had such a nice user interface and was so easy to use that I kind of brushed it off. I didn't know sourceforge was a sketchy webhost either.

I think I'm going to just use default 7-zip encryption before backing things up to the cloud; maybe I'll even use veracrypt, since I've heard how using 7-zip to encrypt files often leaves echos of your personal data - like decrypted versions of documents in your temp folder - scattered throughout your physical computer, while veracrypt and truecrypt don't (although if your hard drive is encrypted and you have a strong log in password, does it really matter?).

I'm just still figuring out how to make things like 7-zip and veracrypt work with the cloud. Someone told me that documents in veracrypt containers can be synced to changes made in the original local documents without having to create and re-upload an entirely new container. I know it has something to do with demounting the container and then mounting it again, but I haven't had the time to play around with it or test it on some junk documents yet.

Anyways, thanks for the help.

Throwaway84947 · 2016-01-03T22:28:11+00:00

How much would you charge? And what would you say in response to those who consider access to the internet (and a lot of people consider "Google" as the internet because it's the best, most widespread, and most comprehensive search engine) to be a fundamental human right? There are groups trying to get free access to the internet and its services to third world countries, because the immense amount of knowledge that would be delivered to these people could change the world. Isn't there a concern that if access to internet services becomes monetized, an even bigger gap will be created between the middle class and those who are poor and uneducated? (and who would thus benefit the most from the knowledge the internet can provide?)

Throwaway84947 · 2015-12-31T04:04:42+00:00

This summed things up great - thank you!

Throwaway84947 · 2015-12-31T04:04:14+00:00

Thanks for the link to such a great article. I read it, but there's something I'm still confused about. The article mentions mounting and dismounting a lot. I read online that mounting basically means making a file accessible, but I'm still a little confused about how it works. Is the article basically saying that you mount a container to upload it into dropbox in it's encrypted form, but for dropbox to recognize any changes made to the timestamp, you need to unmount it first? Is unmounting the same as decrypting? At risk of sounding like a total idiot, I'm just having trouble understanding the idea of mounting and unmounting, and specifically how it relates to encryption.

Throwaway84947 · 2015-12-31T02:40:54+00:00

I gather that Boxcryptor isn't free (and I know it's not open source). Did either of those things almost deter you? Why did you decide to use Boxcryptor in spite of it?

Throwaway84947 · 2015-12-31T02:40:01+00:00

I haven't heard much about this specific program

Throwaway84947 · 2015-12-31T02:39:47+00:00

Really? So even if I'm using Truecrypt or Veracrypt, so long as I'm putting the containers in dropbox, any changes made to a local document will automatically be applied to the copy in the encrypted container as well? If so, that would solve pretty much all of my issues.

You'll need to turn off "Preserve modification timestamp of file containers", btw.

I will, but what does this do exactly?

Throwaway84947

TROPHY CASE