I'm not quite as paranoid as Raul, but I do use many of the same techniques that he describes below, including Truecrypt. I'd also suggest checking out the privacy and security policies for any cloud that you're going to use, assuming you are paranoid at all. For example, the security provisions of DropBox are documented at https://www.dropbox.com/help/27/en
On 12/09/12 10:43, Raul A. Gallegos wrote: > Hi all, the recent thread on the tech doctor podcast concerning > 1Password has prompted me to write the following. > > First off, I don't use 1Password, so my comments might be off a bit. I > use LastPass and MyKeePass. I won't get into the details of those > password managers, but suffice it to say that I feel they are just as > good as 1Password. I simply tried those first and see no need to switch > to 1Password. So now onto the real reason why I'm writing. > > It's more about security and what you put on Dropbox and what is safe > and what isn't. > > Many people feel it's ok to put whatever on Dropbox while others only > put non-secure stuff, and still others are somewhere in between. > > What I do in regards to Dropbox is put files in it which I don't > particularly care if the Dropbox staff somehow gains access to them. I > know for a fact that Dropbox stores files on there even if you delete > them. How do I know this? I once erased a folder of 5 gb of audio and > later needed it for a friend, and so I copied it back over. It had been > about 3 months since I had deleted them from Dropbox, yet when I copied > them over again, it didn't take hours to upload and update, it only took > a few minutes? Why is that? Because Dropbox already had a copy of those > files. I also know that if you have a file which is an exact copy of > someone else's file even if you are not sharing folders with that > person, Dropbox uses the same copy. This allows them to save on disc > space over all in the big picture. For example, if I download the iTunes > setup file for Windows and put it in my installs folder of Dropbox which > I only share with 5 people, and if 100 other people across the world > also have this same file in their own private or public space of > Dropbox, then Dropbox uses that one copy rather than multiple copies. > Some might feel this is a breach of security. I personally feel it's > Dropbox using disc space wisely. > > The one thing I don't do is put a text file of credit card or social > security numbers in Dropbox just for the convenience of having access to > those from my iPhone. Call me paranoid, but that's the way it is. > Instead, what I do is use Truecrypt. Truecrypt is a program which allows > you to create a file container of any size and put stuff in it. Think of > it like a virtual usb stick. So, I have a 10 Mb Truecrypt container > called KeepOut.tc. Yes, only 10 megs in size. I have this file in my > dropbox folder and when I want to review personal text files from any of > my computers, I simply mount this small 10 meg file and it becomes its > own drive. Like drive x maybe. I can then open files, copy files, add > files, do whatever I want in my little 10 meg virtual usb stick. When > I'm done, I unmount it, that's like using safely remove hardware. The > file is updated on Dropbox and closed up and secure again. > > There is an iphone app which will open Truecrypt files and so if I want > access to this data from my iphone, then I simply do the same process > from there. > > Some would say this is too much work for security, but it's worth it to > me to take the extra seconds to open the Truecrypt file, look at it, and > then close it when I'm done. > > I do a similar thing with all the documents in my documents folder of my > netbook and my pc where I back them up onto a Truecrypt volume and that > volume lives in Dropbox. So, it's like my own backup solution. I've > written batch files to automatically open the virtual file, copy the > changed files from my documents, and then close it. So, in the end it > doesn't take much time at all. I'm not the only one who does this > because there are various people who have blogged about it and who have > shared similar doings in terms of Dropbox, backups, and security. > > Lastly, I mentioned KeePass as a password manager. This program is > available in many different platforms, iOS and Windows for example, and > can share the same database. So if I want to get access to a username > and password for something, I can use that. The password file itself is > encrypted, and so can safely live inside Dropbox where MyKeepass from > iOS can read it. > > Hope that helps, and hope you join the paranoia team. -- Christopher (CJ) chaltain at Gmail -- You received this message because you are subscribed to the "VIPhone" Google Group. To search the VIPhone public archive, visit http://www.mail-archive.com/viphone@googlegroups.com/. To post to this group, send email to viphone@googlegroups.com. To unsubscribe from this group, send email to viphone+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/viphone?hl=en.
