> I didn’t really trust file encryption because I thought I might lose files because of it and therefore I never enabled Mac OSX’s built-in FileVault hard drive encryption. I should have though. It’d save me from worrying about who’s going through all my files now.
This is a no brainer. I have yet to notice any real performance hit for enabling full disk encryption. Just enable it, make sure to have a long/strong password, and make sure your computer actually locks when you close the lid.
You should never be worried about losing files on a single computer. If they're important then they should be backed up to multiple computers/drives/services. If you're worried about accidentally wiping your laptop when you setup FDE then just make a backup before hand.
> My backup drive was literally NEXT to my MacBook. By sheer luck, I had just backed up my internal drive the day before and they didn’t take it.
Offsite backups are a must. It can be your own "offsite" (ie. a server at friends/parents/office) but it needs to be somewhere other than the primary site.
> I didn’t have a cloud backup because I don’t trust a third party with my data.
There's nothing wrong with not trusting third parties but that's exactly what encryption is for. Encrypt your data locally and then you can store it remotely without worrying about it being accessible to a third party. DIY scripting with GPG/S3 works well for a lot of situations. Or you can just use Tarsnap.
Honestly it makes a lot of sense to do the same with USB drives as well. My Linux machine is my primary computer (OS X laptop when roaming...) so the majority of my backup USB drive usage is done there. I have them setup with LUKS/dm-crypt for full disk encryption. It's really easy to setup, plug-n-play on modern systems, and it almost falls into the "no reason not too" category. I just wish OS X supported it too.
I have confirmed, using dtrace, that OS X uses Intel's AES-NI instructions to accelerate encrypted disks. I found no performance decrease for batch file copies. I did not test small files nor seeking. I should run more benchmarks now that I have an SSD. Perhaps the CPU is now the bottleneck.
Depending on your threat model, they don't even have to be outside the house. If petty burglary is what you are defending against, a disk in a quiet corner of your basement is probably plenty.
I bring up threat models a lot, because I'm still fascinated with the model of data security as an adversarial relationship in which you can characterize your enemy, and thus qualify "good enough".
Being outside of the house protects it equally well against fires/floods/earthquakes/pets too. Protection against burglary is an added bonus.
It's not too hard to find one. Unless you're completely anti-social you probably have at least one tech-savvy friend that can understand the need for this kind of setup. Even better if you have more than one friend (hopefully not too be an "if") then you can have a "round robin" approach with a group of friends. An open source (so the crypto can actually be vetted) version of BTSync would be great for this.
> For example, I would consider it pretty poor form to plug in a personal networked backup box at my desk at work. That kind of move can also pose a risk to my sustained employment!
Haha. Yes plugging in random networked boxes at the office might arouse some (just!) concern. When I wrote that piece I was thinking specifically of my company as I'm the boss :D
I'm most of the way through the non-Bitcoin / "Disk Space Marketplace" portion of a project that would work really well for this.
While the premise is that you would be able to rent disk space from anyone who wanted to provide it (using Bitcoin/Stripe/PayPal/Whatever), that part is going to be decoupled from the actual encrypt + distribute portion which could be pretty easily used by a group of friends to have reciprocal backups of important data.
I'm still a couple weekends away from it being usable though.
How DVCS was first conceived. ;)
I do use offsite backup in addition to regular local backups. I genuinely wonder how this will play out as video and image stuff to backup grows. At the least I'm thinking I probably need to do a better job of figuring out how to separate the important stuff from all the intermediate, rejected, etc. files.
There is a lot in this story that sucks but a lot that is "should have known better" as well.
It splits your data in chunks, encrypts them on the fly while sending them to the cloud. It doesn't use much space, apart from a little metadata, and you don't have to worry about the NSA, as the encryption keys are only on your local machine.
Safety deposit box at a bank, trusted non-local family member's house, and trusted international (preferably different continent) friend's house should be enough for most cases.
Regarding backups, my laptops usually rsync their /home every day to my remote server (and most data on them is in git repositories anyway).
I have over 8TB of data at my house, and getting that backed up offsite is not trivial.
Easier yet if you can pair the amount of crucial stuff to under 4TB, then it's just one drive that you can rotate monthly (weekly?).
What natural disasters/events will take out both your home and the hardened safe in your barn?
edit: An EMP may fit the bill. :-O
One of the characteristics of fireproof safes is also their ability to withstand a multi-story drop. The reason being that when the floor burns out from under it, that's what happens. This still doesn't do much to ensure data records are retained.
So long as it's a barn in the yard, reasonably directional WiFi might well suffice.
As for what natural disasters could take out your house and your barn: if you live in wildfire country, that's a distinct possible risk. As a random Google Image search example:
Note the plot of 20cm depth soil temperature rise (and how long the temps stay elevated):
You do raise the point that fire ratings are for specific time limits: X minutes at Y temperature.
Another key point (my long-ago sources informed me) is that one of the most important things to do after the fire is to NOT OPEN THE SAFE (this applied to paper storage, inquire with your vendor / manufacturer for data).
The same properties which make a safe proof against fire damage mean that it retains heat once applied to it for a considerable period. Apparently it's not uncommon for people to employ a fireproof safe, secure their papers and documents within it, have the safe and documents survive the fire ... and then spontaneously combust when fresh oxygen is introduced on opening to the still-blazing-hot interior.
Did you ever think to sign out after you were done?
This is a personal preference, but I sign in, do my business, and then sign out after I'm done with the service.
Opening up my password manager on my phone, then writing the 16-char password, then entering the two-factor auth code takes about a minute for each account. So that's 10 minutes to sign in to all those accounts. A bit too much for me to start my day with :)
Then there's my personal email, my work email, my web server logins etc.
It all adds up, that I'd rather save the sessions.
But I agree, there's definitely space for some digital minimalism here :)
Really, IMO two-factor authentication only makes sense where a separate challenge-response round is required for each transaction, so a replay of stolen credentials is impossible - as it's usually done with online banking. And against burglars, you can protect your cookies as well as your passwords by encrypting the disk contents. Just be aware of cold boot and DMA attacks, and possibly evil maid attacks.
That leaves the chance of having your system being compromised through the internet. Sure, that's possible.
I don't make heavy use of online services, and yet I've got over 100 accounts I access (assessed by counting entries in my encrypted password store).
Resetting those passwords (or even changing them, which might not be a bad idea) could easily take some time.
In conjunction with some other thoughts of mine, though, this suggests a space for a more API-driven web design generally. One in which the authentication mode is clearly expressed. HTML had this integrated at one point with htaccess, but it was a horribly simplistic model.
Something I've been thinking about.
To illustrate my point, watch this video, with subtitles on: http://www.youtube.com/watch?feature=player_detailpage&v=xmK...
Thieves don't wan to be caught or injured - they'll go for a house that doesn't have a dog bark at them when they are peeking in the windows; they'll go for the house without an alarm box next to the one that does. Even a small dog works for deterrence even if not so much actual physical defence - I've known people with some very non-aggressive dogs who still have 'Beware of Dog' signs for this exact reason.
No, no, no. That is not how probability works. That's like saying that if I live to be 100, the probability of me dying was 1 in 36,525.
Imagine you have a giant 10000-sided dice. You throw that dice once every day searching for a magic number (e.g. 1337). "Hitting 1337" is an experiment with a binary outcome (yes/no).
On day 500 you hit the magic number. Did you have a 1 in 500 chance of hitting it? No, you had 1/10000 chance of hitting! Even if you throw it 10000 times, there's no 100% chance of hitting 1337 since the dice is still 10000-sided even after you hit any number (this is called "no replacement") so you can have, for example, 1338 coming twice and 1337 none. There is never a 100% probability (but it approaches 1 rapidly near 10000).
On the other hand, you can calculate the probability of "hitting 1337 at least once in N throws", which is actually the CDF of a binomial distribution, but you need the initial probability of a single event!
Bringing back the robbery theme, living a day of your life is just repeating the "being robbed today" experiment (throwing the dice) once a day. Being robbed on day N of your life just means you repeated the experiment N days and N-1 times the outcome was "no" and then a single "yes". This does not mean that the CDF was 1 at N attempts, it just means that it was greater than 0... and this is just the probability of "being robbed after N days", i.e., the CDF of "being robbed today", not the probability of being robbed itself.
Also: you can't evaluate probability a posteriori unless the events are repeatable under controlled conditions, in which case you repeat the experiment lots of times and derive the probability from the outcomes. Burglaries are not repeatable under controlled conditions!
I've never heard of a thief who's tried to use the data from a randomly stolen computer for further profit. Maybe with bitcoin and other technologies, the calculus will start shifting and thieves will become more interested in stealing data than hardware.
This actually probably exists. Which makes the, "thieves aren't that smart" argument kind of useless.
If anybody came up with a startup or website or something to resolve those issues, that would be evil genius on the scale of Cryptolocker.
Criminals do find ways to do business, and I believe they substitute money and intimidation where trust would usually go.
It can act as a frontend to Amazon Glacier, just punch in your Amazon API keys. Considering ingress into the Amazon world is free and it's a penny per GB per month to store, I've basically paid $1/month to keep 100GB of personal data safely backed up at Amazon.
I'll need to pay more than that to get my data back out, because Amazon charges retrieval fees to get things out of Glacier, but if my on-location backups should fail to rescue me, then this has my back.
Arq definitely gets my recommendation too. I've been using it for a little over a year, paying about $3 per month, and the peace of mind is fantastic. It's a last resort, and I have a number of other offsite backups on normal external drives, but with this backup running every hour, I'm extremely unlikely to ever lose more than an hour's work.
It's really nice because the encryption is client side, so you're not really trusting Amazon with too much, and there's an open source restore utility on github, so you don't need to worry too much about haystack going out of business.
It's also, in my experience, much, much faster to upload to than any of the other online services I've tried (Backblaze, Crashplan).
And for Linux it seems like this one might be an option, but, YMMV:
My wife lost her iPhone 3G a few years ago and oddly it eventually turned up on Find My iPhone (which I use very frequently) a month or two ago. I have to wonder if at least in a phone's case, it uses the IMEI or something in its tracking rather than merely the iCloud login since you'd expect a phone to be wiped/reset within such a long timeframe. Maybe iCloud should (or does?) do a similar thing with MAC addresses or some other sort of internal serial number when it comes to tracing lost/stolen devices.
I don't think you understand hacking...
I don't think you've been following the iOS7 updates closely.
If you ever manage to do a DFU, you won't be able to restore. And if you ever manage to restore and jailbreak, you'll never be able to connect to iTunes, use the AppStore, or sync with Apple again. Which means, the phone is either worthless or at least seriously crippled.
Mind: anyone receiving the laptop would have a strong indication it had been stolen. This might or might not be a concern.
Additional deterrence? Sure. Proof against theft? No. Slow down an opportunistic smash-and-grab situation (I've seen ~ $20,000 of hardware stolen inside of 60 seconds)? Sure.
"A lock keeps an honest man honest."
This still slows down the casual / opportunistic thief markedly, of course.
I tested this technique myself a few years back, but must admit to not knowing if Kensington locks have evolved since then.
If you don't want one, building a tiny backup PC to hide somewhere (in the attic with WiFi etc.) is also feasible nowdays when you can get 1TB mSATA drives.
Which just made me think of something- if you are concerned about network security and isolating your backups, what's to stop you from keeping the NAS unconnected to your WLAN, and at time of archival, explicitly establishing P2P WiFi connections with the NAS from the client PC...
Bolting to the floor/wall is a must.
People still have laptops that aren't encrypted!?
I would pay for expensive Next-Day-Delivery on this too.
Exactly how this would work I'm not sure. I guess said start-up would need to be trusted with all your passwords & API keys and private-keys? I dunno.
But if they have your digital life (all of it), and they go under, then all your data is gone. So: Your approach of having them have your passwords and PINs is better than "one stop shopping" where they alone hold all your data.
Think of it like an emergency service for your digital life (both private and business).
On the other hand, if you don't require that, then somebody could spoof you...
It's probably not exceedingly difficult to slap an acoustic keylogger near you, then steal all your passwords.
If you're really worried about that level of adversary, then keep your laptop physically secured and powered off. And don't use it after breaking chain of custody.
Umm did the accuracy of this technique improve markedly over the last few years, or did I miss something?
Last I heard they got an ~80% per-character accuracy, given it can be calibrated with a keyboard of the same make, as well as the room it'll be in.
Which is enough that it can technically be done, but it's not really a "just slap it on there" procedure.
I have backups on Crashplan. I have a copy of my password database in bank safety deposit box. Almost all my local stored data (and everything sensitive) is encrypted.
The iPhone should not need WiFi for Find My iPhone to work. But it probably does require you have data roaming turned on if you are not in your home country, did you have that disabled? They might have also shut down the iPhone.
Also having the Macbook join any open network it sees might bee a good security option for making it more likely it would contact a network to be found... though it's also a bit of a security risk by itself.
As you said, very good idea not to keep the backup drive and computer together. When I'm traveling if I leave the room without my computer, I generally try and carry the backup drive somewhere on me.
So I could be wrong about this, and if I am please tell me.
From what I read if you use full disc encryption, bios password, and set the bios to go direct to hdd for booting on a macbook air, you've essentially bricked the laptop. You can't get the laptop to log in with no guest account and only the one user account. You can't get it to boot to another device because of the bios lock. You can't change the boot device with a bios password set. Finally you can't reset the bios password because to do so you would need to remove the DRAM per the macbook bios reset instructions, and that's not physically possible on an air since it's soldered down.
I'm used to enabling disk encryption on my work laptop for corporate security, but I've ignored my own personal information security. I'll be looking into re-enabling that now after reading what you went through. It would give me the security to know for sure that my information was wiped and not rummaged through.
I would still use cloud-based storage like Dropbox but encrypted with Truecrypt.
Am I the only one that still carries around an encrypted USB on hand at all times?
Also, have you heard anything from the police yet? Glad you and your family are safe though!
It's surprising to meet someone who doesn't keep their phone on/near their person, even when sleeping. It does; however, raise a good point:
Does everyone have some sort of contingency plan for this kind of event? Show up at a friend's door to use theirs? Library or other public computers? Prior to this article, I hadn't considered how to change passwords/cancel credit cards/notify bank(s) without at least one of my own internet-connected devices.
Also why to use KeePass with a very strong password and not 'remember my password' in $browserofchoice.
Also, the my dropbox on my job is leaking personal documents like crazy.. I better step up my game..
1. Enable full disk encryption.* Unless you lose your memory, this should never prevent you from losing files. If you're still concerned, store a backup of the phrase in a very secure location.
2. Make offsite backups. Encrypt them.
* One of the things I love about Boxen is that this is enforced across the board.
I just enabled FileVault on the MacBook I have now, thanks for that! :)
If you're thinking about reading this article but not sure, just do it - you may find there's a lot you can learn from Pieter's horrible experience.
Thanks for writing this post! I finally took a moment to enable FileVault :)
Best of luck on your travels!
Discussion about the issue : https://code.google.com/p/android/issues/detail?id=29468
> 4 hard drives spread around with all my data encrypted
Did these turn out to be useful?
> online back-ups.
that combination merits a post of its own.
- make backups
- encrypt data
- use a password manager
The holy trifecta of things that people hear about and refuse to do. And then come and preach to others when they realize that "Doh, should have listened to that troll on HN".
>Since they had my iPhone too, they now also had potential access to my passwords manager as well as all my two-factor codes (on the Google Authenticator app).
If you use a good password manager you should have the time to reset all your password so that if they somehow manager to crack the manager all the passwords in there are worthless.
Also if you immediately ask iCloud to lock your iPhone they can't use the any of the two-factor authenticators without connecting to the Internet which would brick the phone.
With a password manager he can use it to trigger an audit. It might not cut down the time taken to change passwords everywhere, but it will make it a lot easier.
what are lips for if not to pleasure your master?