
How I went from 100 to 0 things (or how I was robbed of all my stuff) - pieterhg
http://levels.io/100-to-0-things/
======
sehrope
Being robbed sucks but when it comes to digital possessions there's no reason
it needs to suck this much.

> I didn’t really trust file encryption because I thought I might lose files
> because of it and therefore I never enabled Mac OSX’s built-in FileVault
> hard drive encryption. I should have though. It’d save me from worrying
> about who’s going through all my files now.

This is a no brainer. I have yet to notice any real performance hit for
enabling full disk encryption. Just enable it, make sure to have a long/strong
password, and make sure your computer actually locks when you close the lid.

You should never be worried about losing files on a single computer. If
they're important then they should be backed up to _multiple_
computers/drives/services. If you're worried about accidentally wiping your
laptop when you setup FDE then just make a backup before hand.

> My backup drive was literally NEXT to my MacBook. By sheer luck, I had just
> backed up my internal drive the day before and they didn’t take it.

Offsite backups are a must. It can be your own "offsite" ( _ie. a server at
friends /parents/office_) but it needs to be somewhere other than the primary
site.

> I didn’t have a cloud backup because I don’t trust a third party with my
> data.

There's nothing wrong with not trusting third parties but that's exactly what
encryption is for. Encrypt your data locally and then you can store it
remotely without worrying about it being accessible to a third party. DIY
scripting with GPG/S3 works well for a lot of situations. Or you can just use
Tarsnap[1].

Honestly it makes a lot of sense to do the same with USB drives as well. My
Linux machine is my primary computer ( _OS X laptop when roaming..._ ) so the
majority of my backup USB drive usage is done there. I have them setup with
LUKS/dm-crypt[2] for full disk encryption. It's _really_ easy to setup, plug-
n-play on modern systems, and it almost falls into the "no reason not too"
category. I just wish OS X supported it too.

[1]: [http://www.tarsnap.com/](http://www.tarsnap.com/)

[2]:
[http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup](http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup)

~~~
cortesoft
I agree with the offsite backups, but I find it to be impractical for a lot of
my data.

I have over 8TB of data at my house, and getting that backed up offsite is not
trivial.

~~~
jevinskie
How little "offsite" can one get away with? Could you put a waterproof
(flooding), fireproof, buried (tornadoes) safe with a NAS (SSDs for earthquake
protection?) in the barn in your yard? It would be easy to run Ethernet to
that and have fully synced backups without ISP/cloud service charges.

What natural disasters/events will take out both your home and the hardened
safe in your barn?

edit: An EMP may fit the bill. :-O

~~~
dredmorbius
One problem with "fireproof" is that a safe that will protect paper records
against combustion (by shielding them from the most intense heat and
preventing oxygen from entering) will almost certainly get hot enough to melt
plastics and render magnetic storage damaged if not unreadable.

One of the characteristics of fireproof safes is also their ability to
withstand a multi-story drop. The reason being that when the floor burns out
from under it, that's what happens. This still doesn't do much to ensure data
records are retained.

So long as it's a barn in the yard, reasonably directional WiFi might well
suffice.

As for what natural disasters could take out your house and your barn: if you
live in wildfire country, that's a distinct possible risk. As a random Google
Image search example:

[http://www.mesonet.ttu.edu/cases/PitchforkFire_050811/201105...](http://www.mesonet.ttu.edu/cases/PitchforkFire_050811/20110508.html)

Note the plot of 20cm depth soil temperature rise (and how long the temps stay
elevated):

[http://www.mesonet.ttu.edu/cases/PitchforkFire_050811/meteo_...](http://www.mesonet.ttu.edu/cases/PitchforkFire_050811/meteo_PITC_050911.png)

~~~
blueskin_
Not always. Fireproof safes are rated for paper, tape or drives, as well as a
time limit. A safe rated for drives will guaranteed a maximum of 55 degrees
(C) inside it for the rated time, enough for drives to survive without problem
when powered down.

See:
[http://www.theregister.co.uk/2013/12/02/setting_the_iosafe_2...](http://www.theregister.co.uk/2013/12/02/setting_the_iosafe_214_on_fire/)

~~~
dredmorbius
Fair enough. Much of my experience is pretty dated, to the beginning of the
time that data storage was a major concern (and much of the data of the time
would do just fine in a paper-rated safe).

You do raise the point that fire ratings are for specific time limits: X
minutes at Y temperature.

Another key point (my long-ago sources informed me) is that one of the most
important things to do after the fire is to _NOT OPEN THE SAFE_ (this applied
to paper storage, inquire with your vendor / manufacturer for data).

The same properties which make a safe proof against fire damage mean that it
_retains_ heat once applied to it for a considerable period. Apparently it's
not uncommon for people to employ a fireproof safe, secure their papers and
documents within it, have the safe and documents survive the fire ... and then
spontaneously combust when fresh oxygen is introduced on opening to the still-
blazing-hot interior.

------
noonespecial
I don't mean it as snark but when it takes 12 hours to reset all of your
passwords, that's a lot of digital "stuff" for a minimalist. At what point
does the psychic load of all the digital things equal the foregone physical
things?

~~~
pieterhg
You're spot on. That's a very good point. I guess I'm not a minimalist in the
digital realm.

~~~
aestra
I think you need a better system. Seriously, I just don't understand I guess I
don't get it. I keep my browser on "forget everything on close" mode and I
keep my passwords in a password manager all auto generated passwords. If I
were to get robbed I would have to reset exactly zero passwords. Forgive me
for being stupid, (I'm not trying yo be mean) but where you logged into every
service you ever signed up for when you were robbed?

Did you ever think to sign out after you were done?

This is a personal preference, but I sign in, do my business, and then sign
out after I'm done with the service.

~~~
pieterhg
My main business is running a YouTube network so I'm signed into about 10
accounts in one browser session. Merely, to maintain my channels. All
passwords are 16-character random strings with two-factor authentication
enabled. So if I'd let my browser "forget everything on close" as you mention,
that'd take even longer every morning to sign in to all these accounts.

Opening up my password manager on my phone, then writing the 16-char password,
then entering the two-factor auth code takes about a minute for each account.
So that's 10 minutes to sign in to all those accounts. A bit too much for me
to start my day with :)

Then there's my personal email, my work email, my web server logins etc.

It all adds up, that I'd rather save the sessions.

But I agree, there's definitely space for some digital minimalism here :)

~~~
zAy0LfpBZLC8mAC
Well, I never thought it made much sense, but: What's the point of "two-
factor", when the second factor isn't actually ever required? I mean, what is
"two factor" about that setup?

~~~
pieterhg
Good point. Two-factor auth is required on any other browser session or device
without the session cookie. It's also reset every 30 days, so you'll have to
re-enter it even if you still have a session running.

~~~
zAy0LfpBZLC8mAC
Well, the first factor presumably is also required in order to get a new
session cookie, so what's the point of the second factor there? And if someone
breaks into your system, they'll have both your password and your session
cookie, so they don't need the second factor either (well, except after 30
days after you have reinstalled your system, which I would think is plenty of
time to abuse your account).

Really, IMO two-factor authentication only makes sense where a separate
challenge-response round is required for each transaction, so a replay of
stolen credentials is impossible - as it's usually done with online banking.
And against burglars, you can protect your cookies as well as your passwords
by encrypting the disk contents. Just be aware of cold boot and DMA attacks,
and possibly evil maid attacks.

~~~
pieterhg
When someone steals your device, you change your passwords and Google ends all
active sessions automatically. If you use a session cookie from a very
different location (e.g. another country, it also asks to re-enter the two-
factor token.

That leaves the chance of having your system being compromised through the
internet. Sure, that's possible.

~~~
zAy0LfpBZLC8mAC
Well, yeah, but what does two-factor auth help with any of that? Ending all
existing sessions when you change the password doesn't require a second
factor. Limiting the validity of a cookie to one country also doesn't seem to
me to be much of a security feature, and more something that prevents you from
using the service anonymously through Tor - the local thief won't be far from
you and the botnet operator probably has more than enough systems in your
vicinity to tunnel through, and in any case requiring the password would do
the job equally well, wouldn't it?

------
beat
This is one reason I'm a huge proponent of having dogs at home. They're far
smarter than any alarm system. They don't need to actually be big dangerous
guard dogs in order to protect you from burglars.

~~~
jliptzin
My 2 little dachshunds create a nice ruckus anytime a stranger comes near the
house. They wouldn't protect me, but at least they'd wake me up.

~~~
momerath
I don't want to judge you, not knowing how big a yard you have, but as a
downtown apartment dweller, dogs barking provide all the annoyance of car
alarms, the same inaction, and a smoldering hatred for people who keep dogs in
these conditions.

~~~
corin_
I'd hazard a guess that while it may be as annoying to you, and receive the
same inaction from you, that to each owner a dog's bark has a different
meaning. Partly because they get to know the animal ("oh, he never does X or
he usually does Y so I can judge this better") and partly because they have
context (all you hear is barking, but they hear that along with... knowing the
dog hasn't had his walk yet. Or knowing he was asleep so something strange
must have woken him up. Or knowing... etc.)

------
mathgeek
> It took me over 27 years, or about 10,000 days, to get robbed. That’s still
> a 1 in 10,000 probability. Pretty good.

No, no, no. That is not how probability works. That's like saying that if I
live to be 100, the probability of me dying was 1 in 36,525.

~~~
skeletonjelly
Can you elaborate more? I would have thought your example isn't comparable, in
that we death is inevitable, but being robbed isn't (as much, depending on
circumstances)

~~~
kaoD
An event happening only reveals that p > 0.

Imagine you have a giant 10000-sided dice. You throw that dice once every day
searching for a magic number (e.g. 1337). "Hitting 1337" is an experiment with
a binary outcome (yes/no).

On day 500 you hit the magic number. Did you have a 1 in 500 chance of hitting
it? No, you had 1/10000 chance of hitting! Even if you throw it 10000 times,
there's no 100% chance of hitting 1337 since the dice is still 10000-sided
even after you hit any number (this is called "no replacement") so you can
have, for example, 1338 coming twice and 1337 none. There is never a 100%
probability (but it approaches 1 rapidly near 10000).

On the other hand, you can calculate the probability of "hitting 1337 at least
once in N throws", which is actually the CDF of a binomial distribution[1],
but you need the initial probability of a single event!

Bringing back the robbery theme, living a day of your life is just repeating
the "being robbed today" experiment (throwing the dice) once a day. Being
robbed on day N of your life just means you repeated the experiment N days and
N-1 times the outcome was "no" and then a single "yes". This does not mean
that the CDF was 1 at N attempts, it just means that it was greater than 0...
and this is just the probability of "being robbed after N days", i.e., the CDF
of "being robbed today", not the probability of being robbed itself.

Also: you can't evaluate probability _a posteriori_ unless the events are
repeatable under controlled conditions, in which case you repeat the
experiment lots of times and derive the probability from the outcomes.
Burglaries are not repeatable under controlled conditions!

[1]
[https://en.wikipedia.org/wiki/Binomial_distribution#Cumulati...](https://en.wikipedia.org/wiki/Binomial_distribution#Cumulative_distribution_function)

------
shalmanese
I wonder what the average value of computer hardware is vs the average
exploitable value of the data on that hardware and how it's changed over time.

I've never heard of a thief who's tried to use the data from a randomly stolen
computer for further profit. Maybe with bitcoin and other technologies, the
calculus will start shifting and thieves will become more interested in
stealing data than hardware.

~~~
diminoten
Setting aside all morality for a moment, what an interesting service to offer
to criminals - bring me a stolen laptop and I'll pull out the personal data
from it, and sell that data for you online.

This actually probably exists. Which makes the, "thieves aren't that smart"
argument kind of useless.

~~~
ufmace
There would probably be a bunch of trust issues blocking it. Why should any
legitimate thief trust you/whatever person to take stolen property and
actually do something profitable with it, instead of go straight to the police
or the original owner? If you intended to offer this service as an honest
criminal, how would you go about finding actual thieves and not undercover
cops, and getting their trust? How could you trust them to not turn you in to
the cops themselves?

If anybody came up with a startup or website or something to resolve those
issues, that would be evil genius on the scale of Cryptolocker.

~~~
diminoten
I definitely agree that those would all be issues, but those are issues for
every underhanded transaction, not just this kind of transaction. You could
say almost the same thing about drugs, hookers, etc.

Criminals do find ways to do business, and I believe they substitute money and
intimidation where trust would usually go.

------
ben1040
I've been using Arq lately for online backups:

[http://www.haystacksoftware.com/arq/index.php](http://www.haystacksoftware.com/arq/index.php)

It can act as a frontend to Amazon Glacier, just punch in your Amazon API
keys. Considering ingress into the Amazon world is free and it's a penny per
GB per month to store, I've basically paid $1/month to keep 100GB of personal
data safely backed up at Amazon.

I'll need to pay more than that to get my data back out, because Amazon
charges retrieval fees to get things out of Glacier, but if my on-location
backups should fail to rescue me, then this has my back.

~~~
skeletonjelly
Is there a windows/linux equivalent for this?

~~~
ben1040
A Google search for "windows glacier backup" turned this up in the top few
results, so this may be doable:

[http://www.cloudberrylab.com/amazon-glacier-storage-
backup.a...](http://www.cloudberrylab.com/amazon-glacier-storage-backup.aspx)

And for Linux it seems like this one might be an option, but, YMMV:

[http://www.janoszen.com/2013/10/14/backing-up-linux-
servers-...](http://www.janoszen.com/2013/10/14/backing-up-linux-servers-with-
duplicity-and-amazon-aws/)

------
petercooper
_Not a single report came in. They’re good services, but if the thieves are
smart the odds you’re getting anything back are slim._

My wife lost her iPhone 3G a few years ago and oddly it eventually turned up
on Find My iPhone (which I use very frequently) a month or two ago. I have to
wonder if at least in a phone's case, it uses the IMEI or something in its
tracking rather than merely the iCloud login since you'd expect a phone to be
wiped/reset within such a long timeframe. Maybe iCloud should (or does?) do a
similar thing with MAC addresses or some other sort of internal serial number
when it comes to tracing lost/stolen devices.

~~~
wvenable
With iOS7 and Find my iPhone enabled, your phone cannot be restored without
entering your iTunes username and password. Your phone is literally worthless
with out it.

~~~
vex
>literally worthless

I don't think you understand hacking...

~~~
wvenable
I have jailbroken many an iPhone, so I have a bit of an idea. Apple's security
is really quite strong. If you are trying to equate hacking to magic, I don't
think you understand it.

~~~
efdee
> Apple's security is really quite strong. Funny. Every single one of my
> friends in the IT security business strongly disagrees with this statement.

~~~
wvenable
Ok, the iPhone device security is really quite strong. As for whatever else
Apple does, it's not relevant to this discussion.

------
gregschlom
Also, a good way to protect your computer, especially while travelling: use a
Kensington lock cable to physically attach it to something that doesn't move.

~~~
eropple
Make sure the lock itself doesn't suck, though. A lot of cylinder locks can be
opened with a Bic pen, for example.

~~~
dredmorbius
Since the lock mount is often just a cut-out in the laptop case, the result of
theft is typically a cosmetic but non-functional blemish to the device.

Mind: anyone receiving the laptop would have a strong indication it had been
stolen. This might or might not be a concern.

Additional deterrence? Sure. Proof against theft? No. Slow down an
opportunistic smash-and-grab situation (I've seen ~ $20,000 of hardware stolen
inside of 60 seconds)? Sure.

"A lock keeps an honest man honest."

~~~
eropple
I guess it depends on the laptop. The last time I used a lock was with a pre-
Retina MBP; short of cutting the cable (doable but you'd better come prepared)
or what it's attached to (ditto but probably harder) you're not getting that
off without a fight.

~~~
dredmorbius
An angle grinder and/or drill can do wonders. If you can snip the cable, you
can remove the lock head at your leisure later.

This still slows down the casual / opportunistic thief markedly, of course.

------
lazyjones
Even if you are a minimalist, one of the few things you should have if you
have something non-negligible to lose, is a safe. Most thieves don't bother
touching one if it looks sturdy and a good one will withstand fires, so that's
where you can keep regular backups.

If you don't want one, building a tiny backup PC to hide somewhere (in the
attic with WiFi etc.) is also feasible nowdays when you can get 1TB mSATA
drives.

~~~
sliverstorm
A NAS is my preferred choice, over a PC. Smaller than most any PC I could
cobble together, lower power, quieter, unassuming. They even make WiFi-
equipped models.

Which just made me think of something- if you are concerned about network
security and isolating your backups, what's to stop you from keeping the NAS
unconnected to your WLAN, and at time of archival, explicitly establishing P2P
WiFi connections with the NAS from the client PC...

~~~
ossreality
Nothing, but there are more paranoid and more easily implemented systems that
you could use instead if you want easy, but air-gapped backups.

------
jrockway
> If someone takes your laptop, they have you by the balls (or ovaries).

People still have laptops that aren't encrypted!?

~~~
lambdasquirrel
That was my thought as well. Macs have FileVault. Pretty big no-brainer for me
since my laptop can access my work vpn. I have a strong password for the same
reason.

------
zebra
I always backup important things to the phone (big memory + big MicroSD card)
and together with my wallet they sit near my head while asleep. While I am
awake they sit in tight jeans pockets.

------
smtddr
Idea for a startup: Similar to how I can call a creditcard company to just
cancel the current card on file and issue a new one, I'd love to have a place
where I could just call up and say "Lock down my digital life and send me a
letter in the mail with new pins, passwords, API keys, etc".

I would pay for expensive Next-Day-Delivery on this too.

Exactly how this would work I'm not sure. I guess said start-up would need to
be trusted with all your passwords & API keys and private-keys? I dunno.

~~~
AnimalMuppet
If they know all your accounts, passwords, PINs, etc, that's one thing -
though you have to trust that, if and when the business dies, they properly
wipe their hard drives.

But if they _have_ your digital life (all of it), and they go under, then all
your data is gone. So: Your approach of having them have your passwords and
PINs is better than "one stop shopping" where they alone hold all your data.

~~~
mryingster
I would think that the way it would work is that you when you sign up for the
service you create a master document with accounts and passwords that gets
encrypted before it's uploaded to their servers. Then, in the event if a
catastrophe, you just send them your encryption key for that profile and they
do their thing and reset all of your accounts.

~~~
lostcolony
But then where do you safely backup/store the encryption key?

~~~
mryingster
I suppose you could put it in a safe deposit box. Another option is hide it in
the margin of a book; somewhere that normally wouldn't get stolen or read. Of
course then you have to worry about fires and floods... Perhaps a copy at a
relatives house as well as yours. For bonus points, don't tell the relative,
just jot it down in a book on a shelf when he/she isn't looking!

~~~
lostcolony
It was largely rhetorical. :P A lot of the comments on this are related to how
do you keep important data both always available to you, -and- safe from
anyone else getting ahold of it. I was just pointing out the bootstrapping
issue; having one password/phrase/key that allows you to reset the
passwords/whatever to your digital life still requires you to find a way to
keep that one word/phrase/key safe yet accessible.

------
Kiro
Am I the only one who have no digital assets? I recently did a clean wipe and
realized that I had exactly nothing on my computer that I wanted to save. No
backup was needed.

~~~
ToastyMallows
No photos, videos, music, movies, code? Nothing?

------
jedbrown
I use full-disk encryption and encrypt backups, but I only reboot my computer
once a month or so to upgrade the kernel. So in almost all vectors by which my
computer could be stolen, it will just be sleeping. How worried should I be
that DRAM is not encrypted? Unlike the encryption password, the screen lock
password gets typed often and in public places so I doubt it would foil a
sophisticated thief.

~~~
MichaelGG
First, I believe I read something that with newer memory, even cold freezing
the RAM is not enough to reliably pull off an attack. Second, it's so
incredibly unlikely that just a thief is going to not try to reboot the
machine.

It's probably not exceedingly difficult to slap an acoustic keylogger near
you, then steal all your passwords.

If you're really worried about that level of adversary, then keep your laptop
physically secured and powered off. And don't use it after breaking chain of
custody.

~~~
tripzilch
> It's probably not exceedingly difficult to slap an acoustic keylogger near
> you, then steal all your passwords.

Umm did the accuracy of this technique improve markedly over the last few
years, or did I miss something?

Last I heard they got an ~80% per-character accuracy, _given_ it can be
calibrated with a keyboard of the same make, as well as the room it'll be in.

Which is enough that it can technically be done, but it's not really a "just
slap it on there" procedure.

------
Paul12345534
Unrelated to the robbery part, but if anyone is trying to escape the unrest in
Thailand, the Philippines is a pretty cheap place to stay for a short period.
Most people know English. I would opt for Cebu City over Manila but that's
just me.

I have backups on Crashplan. I have a copy of my password database in bank
safety deposit box. Almost all my local stored data (and everything sensitive)
is encrypted.

------
SirBill
The thieves thank you for providing the link on how to break into your
MacBook, since most thieves are not smart enough to do so... like you say they
just want to wipe and sell it.

The iPhone should not need WiFi for Find My iPhone to work. But it probably
does require you have data roaming turned on if you are not in your home
country, did you have that disabled? They might have also shut down the
iPhone.

Also having the Macbook join any open network it sees might bee a good
security option for making it more likely it would contact a network to be
found... though it's also a bit of a security risk by itself.

As you said, very good idea not to keep the backup drive and computer
together. When I'm traveling if I leave the room without my computer, I
generally try and carry the backup drive somewhere on me.

------
megaframe
I travel with my laptop so I worry about it being stolen...

So I could be wrong about this, and if I am please tell me.

From what I read if you use full disc encryption, bios password, and set the
bios to go direct to hdd for booting on a macbook air, you've essentially
bricked the laptop. You can't get the laptop to log in with no guest account
and only the one user account. You can't get it to boot to another device
because of the bios lock. You can't change the boot device with a bios
password set. Finally you can't reset the bios password because to do so you
would need to remove the DRAM per the macbook bios reset instructions, and
that's not physically possible on an air since it's soldered down.

------
jonalmeida
Great write up.

I'm used to enabling disk encryption on my work laptop for corporate security,
but I've ignored my own personal information security. I'll be looking into
re-enabling that now after reading what you went through. It would give me the
security to know for sure that my information was wiped and not rummaged
through.

> I didn’t have a cloud backup because I don’t trust a third party with my
> data.

I would still use cloud-based storage like Dropbox but encrypted with
Truecrypt. Am I the only one that still carries around an encrypted USB on
hand at all times?

Also, have you heard anything from the police yet? Glad you and your family
are safe though!

------
kileywm
> Except for my clothes and toothbrush, they’d taken everything. MacBook,
> iPhone, debit and credit cards and much, much more.

It's surprising to meet someone who doesn't keep their phone on/near their
person, even when sleeping. It does; however, raise a good point:

Does everyone have some sort of contingency plan for this kind of event? Show
up at a friend's door to use theirs? Library or other public computers? Prior
to this article, I hadn't considered how to change passwords/cancel credit
cards/notify bank(s) without at least one of my own internet-connected
devices.

~~~
maerF0x0
I keep a crap laptop in the closet where its unlikely someone will look...
plus they'd have to be idiots to steal it.. If you tried to sell it someone
would say "Well, You can throw it out, or you can pay me $10 to do it for
you..."

------
blueskin_
"There are two kinds of people: Those who keep backups, and those who haven't
lost all their data yet."

Also why to use KeePass with a very strong password and not 'remember my
password' in $browserofchoice.

------
HeyImAlex
Many (most?) backup systems allow you to encrypt your backups, so saving them
in the cloud isn't really a security risk unless you choose a bad passphrase.
Just make sure to keep your passphrase around...

------
ExxKA
Wow... This scared the crap out of me. I started thinking about what files
acutally are available in non encrypted state on my harddrive and phone.. Like
the author I have digital copies of all my ID, tax reports, payslips and the
list goes on. All of the passwords I have are different so I use a password
vault, but that is usually turned on (JUST CHANGED THAT)

Also, the my dropbox on my job is leaking personal documents like crazy.. I
better step up my game..

------
morgante
Definitely a cautionary tail. And a reminder that we should often ignore the
FUD and put (some) faith in digital systems.

Specifically:

1\. Enable full disk encryption.* Unless you lose your memory, this should
never prevent you from losing files. If you're still concerned, store a backup
of the phrase in a very secure location.

2\. Make offsite backups. Encrypt them.

* One of the things I love about Boxen is that this is enforced across the board.

------
rudyrigot
My MacBook was stolen in September, and it was the same for me: they were
smart enough not to connect to a WiFi, and FindMyMac knows nothing about it. I
requested it to lock itself, but since it never connected to a WiFi, I'm
pretty sure it never did...

I just enabled FileVault on the MacBook I have now, thanks for that! :)

------
siliconc0w
It should be trivial to report hardware as stolen and get it remotely
disabled. We've already pretty much given up on privacy and signed up for all
the apple/windows IDs possible - might as well get some benefit from it.

------
maxmem
You have your life and health.

------
basicallydan
Best of luck to Pieter - it's a real shame.

If you're thinking about reading this article but not sure, just do it - you
may find there's a lot you can learn from Pieter's horrible experience.

------
Gyran
If you don't trust a third party you can use CrashPlan to backup offsite to
your friends.

[http://www.code42.com/crashplan/](http://www.code42.com/crashplan/)

------
jhuckestein
Wait a minute, didn't we meet at Punspace a few months ago? Hope all is well
and glad you're okay.

Thanks for writing this post! I finally took a moment to enable FileVault :)

Best of luck on your travels!

~~~
uses
Same here. I didn't know OS X had disk encryption. And I went ahead and
enabled encryption on my Nexus 4 as well.

~~~
gst
Android's encryption is pretty useless, as it forces you to use the same key
for the encryption and for the screen lock. So either you have a secure
encryption key and a way too complicated screen lock key, or you have a
reasonable screen lock key, and a totally insecure encryption key (that can be
brute-forced in less than a second).

~~~
brohee
Not true anymore. Device encryption can differ from lock screen nowadays. But
speaking of lock screen, people have built robot to brute force it, so
shutting down after a few failures is definitely a good idea.

~~~
gst
It appears still to be the case on my Nexus 5. Or are there any hidden options
to fix this problem?

~~~
brohee
Sorry need an app :
[https://play.google.com/store/apps/details?id=org.nick.crypt...](https://play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager)

Discussion about the issue :
[https://code.google.com/p/android/issues/detail?id=29468](https://code.google.com/p/android/issues/detail?id=29468)

------
D9u
This is why I have dogs. An 80 pound bull dog (or 2, or 3) can be a good
deterrent, as well as an alarm, which helps me to sleep well at night.

------
Nilzor
Does anyone know of any good anti-theft/theft-damage-control software for
Windows based laptops? Like cerberus for Windows 8.

------
mturmon
Very nice writing. Thanks for the perspective.

~~~
BlackDeath3
My only gripe (so far): I don't think "eventhough" is a word (though I suppose
it is now!).

~~~
pieterhg
Thank you, fixed. Not a native :)

~~~
patrickdavey
Heh, I'm trying to learn Dutch at the moment (using Babbel.com)... I would
_love_ to be as good at Dutch as you are at English! Really excellent writing
style - keep up the great work.

~~~
pieterhg
Dankjewel! Succes met je Nederlands. Lijkt me een behoorlijk moeilijke taal
als je er niet geboren bent :) Waarom ben je het aan het leren?

------
woodylondon
Hoping you do a blog what you now buy to replace everything, based on all your
travel experience.

------
diminoten
From your "100 things" post:

> 4 hard drives spread around with all my data encrypted

Did these turn out to be useful?

~~~
pieterhg
Yes and no. They have my data until I left to Asia in April (9 months ago).
Luckily the thieves left a backup of my main drive I just did the day before.
Really glad they did.

------
zaqokm
You should have stayed in Thailand :), outside of Bangkok the environment is
reasonably safe.

------
sarojt
This post is a great eye opener I am enabling file encryption on my disk right
away

------
antman
I have installed an alarm, because I cannot backup myself or my wife and kid.

------
Void_
No comment about pretentiousness of minimalism yet? HN is having a good day.

~~~
aroman
[http://en.wikipedia.org/wiki/Apophasis](http://en.wikipedia.org/wiki/Apophasis)

~~~
Void_
So?

------
gcb0
> fear of others having access to your data

> online back-ups.

that combination merits a post of its own.

------
ossreality
So:

\- make backups

\- encrypt data

\- use a password manager

The holy trifecta of things that people hear about and refuse to do. And then
come and preach to others when they realize that "Doh, should have listened to
that troll on HN".

~~~
aroman
Wait, how was using a password manager advantageous in this situation?

 _> Since they had my iPhone too, they now also had potential access to my
passwords manager as well as all my two-factor codes (on the Google
Authenticator app)._

~~~
reidmain
They have potential access to the password manager on his Mac as well.

If you use a good password manager you should have the time to reset all your
password so that if they somehow manager to crack the manager all the
passwords in there are worthless.

Also if you immediately ask iCloud to lock your iPhone they can't use the any
of the two-factor authenticators without connecting to the Internet which
would brick the phone.

------
kimonos
Dogs are often a big help in preventing burglary..

------
swayvil
we don't have ideas, we have start-ups.

what are lips for if not to pleasure your master?

~~~
Gracana
What?

