Hacker News new | past | comments | ask | show | jobs | submit login
How I went from 100 to 0 things (or how I was robbed of all my stuff) (levels.io)
165 points by pieterhg on Jan 23, 2014 | hide | past | favorite | 170 comments

Being robbed sucks but when it comes to digital possessions there's no reason it needs to suck this much.

> I didn’t really trust file encryption because I thought I might lose files because of it and therefore I never enabled Mac OSX’s built-in FileVault hard drive encryption. I should have though. It’d save me from worrying about who’s going through all my files now.

This is a no brainer. I have yet to notice any real performance hit for enabling full disk encryption. Just enable it, make sure to have a long/strong password, and make sure your computer actually locks when you close the lid.

You should never be worried about losing files on a single computer. If they're important then they should be backed up to multiple computers/drives/services. If you're worried about accidentally wiping your laptop when you setup FDE then just make a backup before hand.

> My backup drive was literally NEXT to my MacBook. By sheer luck, I had just backed up my internal drive the day before and they didn’t take it.

Offsite backups are a must. It can be your own "offsite" (ie. a server at friends/parents/office) but it needs to be somewhere other than the primary site.

> I didn’t have a cloud backup because I don’t trust a third party with my data.

There's nothing wrong with not trusting third parties but that's exactly what encryption is for. Encrypt your data locally and then you can store it remotely without worrying about it being accessible to a third party. DIY scripting with GPG/S3 works well for a lot of situations. Or you can just use Tarsnap[1].

Honestly it makes a lot of sense to do the same with USB drives as well. My Linux machine is my primary computer (OS X laptop when roaming...) so the majority of my backup USB drive usage is done there. I have them setup with LUKS/dm-crypt[2] for full disk encryption. It's really easy to setup, plug-n-play on modern systems, and it almost falls into the "no reason not too" category. I just wish OS X supported it too.

[1]: http://www.tarsnap.com/

[2]: http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup

> This is a no brainer. I have yet to notice any real performance hit for enabling full disk encryption. Just enable it, make sure to have a long/strong password, and make sure your computer actually locks when you close the lid.

I have confirmed, using dtrace, that OS X uses Intel's AES-NI instructions to accelerate encrypted disks. I found no performance decrease for batch file copies. I did not test small files nor seeking. I should run more benchmarks now that I have an SSD. Perhaps the CPU is now the bottleneck.

God bless every engineer who has made this a reality.

Offsite backups are a must

Depending on your threat model, they don't even have to be outside the house. If petty burglary is what you are defending against, a disk in a quiet corner of your basement is probably plenty.

I bring up threat models a lot, because I'm still fascinated with the model of data security as an adversarial relationship in which you can characterize your enemy, and thus qualify "good enough".

> Depending on your threat model, they don't even have to be outside the house. If petty burglary is what you are defending against, a disk in a quiet corner of your basement is probably plenty.

Being outside of the house protects it equally well against fires/floods/earthquakes/pets too. Protection against burglary is an added bonus.

Oh yes, being somewhere other than your house has very clear upsides, but an appropriate location is not always forthcoming. For example, I would consider it pretty poor form to plug in a personal networked backup box at my desk at work. That kind of move can also pose a risk to my sustained employment!

> Oh yes, being somewhere other than your house has very clear upsides, but an appropriate location is not always forthcoming.

It's not too hard to find one. Unless you're completely anti-social you probably have at least one tech-savvy friend that can understand the need for this kind of setup. Even better if you have more than one friend (hopefully not too be an "if") then you can have a "round robin" approach with a group of friends. An open source (so the crypto can actually be vetted) version of BTSync[1] would be great for this.

> For example, I would consider it pretty poor form to plug in a personal networked backup box at my desk at work. That kind of move can also pose a risk to my sustained employment!

Haha. Yes plugging in random networked boxes at the office might arouse some (just!) concern. When I wrote that piece I was thinking specifically of my company as I'm the boss :D

[1]: http://www.bittorrent.com/sync

> An open source (so the crypto can actually be vetted) version of BTSync[1] would be great for this.

I'm most of the way through the non-Bitcoin / "Disk Space Marketplace" portion of a project that would work really well for this[1].

While the premise is that you would be able to rent disk space from anyone who wanted to provide it (using Bitcoin/Stripe/PayPal/Whatever), that part is going to be decoupled from the actual encrypt + distribute portion which could be pretty easily used by a group of friends to have reciprocal backups of important data.

I'm still a couple weekends away from it being usable though.

[1] https://github.com/ConceptPending/fincrypt

I've heard of git-annex being used for this. It doesn't do the crypto on it's own but with EncFS and the like I think it works fairly well.

Git-annex does encrypt if you set the other site(s) as a special remote - a good way to use it with less technical friends is to get a Windows rsync server (there are some with simple GUIs for start/stop) and set that machine as an encrypted rsync remote.


I had not seen that before, that's perfect. I had been looking for something like that but some time ago when I had looked it wasn't so easy to do.

> Even better if you have more than one friend (hopefully not too be an "if") then you can have a "round robin" approach with a group of friends.

How DVCS was first conceived. ;)

I keep a USB stick in my cube. This requires manually rotating it out every so often, but it doesn't get me fired.

Although I don't do it as regularly as I should, one compromise is to periodically backup to a USB drive and stick it in a drawer in your office. If you remember to update every few months or so, you may lose some recent things if you lose everything that you backup realtime but that's a big difference from losing everything.

I do use offsite backup in addition to regular local backups. I genuinely wonder how this will play out as video and image stuff to backup grows. At the least I'm thinking I probably need to do a better job of figuring out how to separate the important stuff from all the intermediate, rejected, etc. files.

My sense of pity really was cut short by not encrypting things. Regardless of the mention/data that disk encryption is a minor hit, reality is, for most it would be a non issue...our day to day computing issues aren't going to stress Filevault. Just turn it on...that or keep sensitive stuff in an encrypted disk image.

There is a lot in this story that sucks but a lot that is "should have known better" as well.

Cyphertite[1] works very will for encrypted backups.

It splits your data in chunks, encrypts them on the fly while sending them to the cloud. It doesn't use much space, apart from a little metadata, and you don't have to worry about the NSA, as the encryption keys are only on your local machine.

[1] https://www.cyphertite.com

If the encryption keys are only on your local machine, how do you recover the data when you lose your local machine?

You should print it or write it down and store it in a secure place.

Hopefully in multiple places, in case of fire!!


Safety deposit box at a bank, trusted non-local family member's house, and trusted international (preferably different continent) friend's house should be enough for most cases.

If you don't want to pay the TarSnap premium, just set up Duplicity directly with Amazon S3, or some other external box if you have one available: https://grepular.com/Secure_Free_Incremental_and_Instant_Bac...

I don't know if this post is intended to be a response or a summary of the blog post, but it's a summary.

A good way to keep your files secure without using encryption is running anything else than OSX or Windows, too. I have had two laptops stolen, from my home - once entering by the (closed) door, once by a (closed) window. With them being under FreeBSD and Arch Linux, I'm quite confident that my data stayed safe (I ihad scans of about all my papers in there). It's kind of security through obscurity, but I think it works pretty well, any disk that's not FAT32, NTFS or HFS+ formatted is quite secure against theft.

Regarding backups, my laptops usually rsync their /home every day to my remote server (and most data on them is in git repositories anyway).

I agree with the offsite backups, but I find it to be impractical for a lot of my data.

I have over 8TB of data at my house, and getting that backed up offsite is not trivial.

Then perhaps back up the <10 Gb of stuff that would really screw you up if you lose it. For example, I keep all my bank account info, passwords, personal documents on an encrypted hardrive and I further encrypt the files. I keep this off site at a friends house which I can SSH into and transfer what ever I need.

Two 4TB Ext USB3 HD's and a Safety Deposit box at your Bank. Cheap, more or less convenient (get four drives and rotate your backup drives), and secure.

Easier yet if you can pair the amount of crucial stuff to under 4TB, then it's just one drive that you can rotate monthly (weekly?).

WTF 8TB? Are you a movie editor or something? Anyway, I'm sure you don't change 8TB of data regularly. Back up the 7,9TB which is stale on a physical media you store at your parents', then set up online sync for anything new you produce or change.

How little "offsite" can one get away with? Could you put a waterproof (flooding), fireproof, buried (tornadoes) safe with a NAS (SSDs for earthquake protection?) in the barn in your yard? It would be easy to run Ethernet to that and have fully synced backups without ISP/cloud service charges.

What natural disasters/events will take out both your home and the hardened safe in your barn?

edit: An EMP may fit the bill. :-O

One problem with "fireproof" is that a safe that will protect paper records against combustion (by shielding them from the most intense heat and preventing oxygen from entering) will almost certainly get hot enough to melt plastics and render magnetic storage damaged if not unreadable.

One of the characteristics of fireproof safes is also their ability to withstand a multi-story drop. The reason being that when the floor burns out from under it, that's what happens. This still doesn't do much to ensure data records are retained.

So long as it's a barn in the yard, reasonably directional WiFi might well suffice.

As for what natural disasters could take out your house and your barn: if you live in wildfire country, that's a distinct possible risk. As a random Google Image search example:


Note the plot of 20cm depth soil temperature rise (and how long the temps stay elevated):


Not always. Fireproof safes are rated for paper, tape or drives, as well as a time limit. A safe rated for drives will guaranteed a maximum of 55 degrees (C) inside it for the rated time, enough for drives to survive without problem when powered down.

See: http://www.theregister.co.uk/2013/12/02/setting_the_iosafe_2...

Fair enough. Much of my experience is pretty dated, to the beginning of the time that data storage was a major concern (and much of the data of the time would do just fine in a paper-rated safe).

You do raise the point that fire ratings are for specific time limits: X minutes at Y temperature.

Another key point (my long-ago sources informed me) is that one of the most important things to do after the fire is to NOT OPEN THE SAFE (this applied to paper storage, inquire with your vendor / manufacturer for data).

The same properties which make a safe proof against fire damage mean that it retains heat once applied to it for a considerable period. Apparently it's not uncommon for people to employ a fireproof safe, secure their papers and documents within it, have the safe and documents survive the fire ... and then spontaneously combust when fresh oxygen is introduced on opening to the still-blazing-hot interior.

The issue there isn't that something unlikely will happen physically, such as an EMP, the issue is that a virus could take out it out at the same time as it hits your main machine, thanks to that ethernet cable.

Make the safe a Faraday cage.

That's crazy. After 25 years, all I have is a 32Gb USB stick.

I don't mean it as snark but when it takes 12 hours to reset all of your passwords, that's a lot of digital "stuff" for a minimalist. At what point does the psychic load of all the digital things equal the foregone physical things?

You're spot on. That's a very good point. I guess I'm not a minimalist in the digital realm.

I think you need a better system. Seriously, I just don't understand I guess I don't get it. I keep my browser on "forget everything on close" mode and I keep my passwords in a password manager all auto generated passwords. If I were to get robbed I would have to reset exactly zero passwords. Forgive me for being stupid, (I'm not trying yo be mean) but where you logged into every service you ever signed up for when you were robbed?

Did you ever think to sign out after you were done?

This is a personal preference, but I sign in, do my business, and then sign out after I'm done with the service.

My main business is running a YouTube network so I'm signed into about 10 accounts in one browser session. Merely, to maintain my channels. All passwords are 16-character random strings with two-factor authentication enabled. So if I'd let my browser "forget everything on close" as you mention, that'd take even longer every morning to sign in to all these accounts.

Opening up my password manager on my phone, then writing the 16-char password, then entering the two-factor auth code takes about a minute for each account. So that's 10 minutes to sign in to all those accounts. A bit too much for me to start my day with :)

Then there's my personal email, my work email, my web server logins etc.

It all adds up, that I'd rather save the sessions.

But I agree, there's definitely space for some digital minimalism here :)

Well, I never thought it made much sense, but: What's the point of "two-factor", when the second factor isn't actually ever required? I mean, what is "two factor" about that setup?

Good point. Two-factor auth is required on any other browser session or device without the session cookie. It's also reset every 30 days, so you'll have to re-enter it even if you still have a session running.

Well, the first factor presumably is also required in order to get a new session cookie, so what's the point of the second factor there? And if someone breaks into your system, they'll have both your password and your session cookie, so they don't need the second factor either (well, except after 30 days after you have reinstalled your system, which I would think is plenty of time to abuse your account).

Really, IMO two-factor authentication only makes sense where a separate challenge-response round is required for each transaction, so a replay of stolen credentials is impossible - as it's usually done with online banking. And against burglars, you can protect your cookies as well as your passwords by encrypting the disk contents. Just be aware of cold boot and DMA attacks, and possibly evil maid attacks.

When someone steals your device, you change your passwords and Google ends all active sessions automatically. If you use a session cookie from a very different location (e.g. another country, it also asks to re-enter the two-factor token.

That leaves the chance of having your system being compromised through the internet. Sure, that's possible.

Well, yeah, but what does two-factor auth help with any of that? Ending all existing sessions when you change the password doesn't require a second factor. Limiting the validity of a cookie to one country also doesn't seem to me to be much of a security feature, and more something that prevents you from using the service anonymously through Tor - the local thief won't be far from you and the botnet operator probably has more than enough systems in your vicinity to tunnel through, and in any case requiring the password would do the job equally well, wouldn't it?

The 2nd factor is the computer you are logged in at.

Hu? That doesn't make sense in any interpretation I can think of. A second factor is what you need in addition to the first factor (in a conjunction), not what you can use instead, that would be a second summand (in a disjunction).

Oops, you're right.

In an online world of ephermeralization (and applying good password hygiene), I don't see that as a particularly sound criticism.

I don't make heavy use of online services, and yet I've got over 100 accounts I access (assessed by counting entries in my encrypted password store).

Resetting those passwords (or even changing them, which might not be a bad idea) could easily take some time.

If only there were a collection of user scripts that would automate this task for you ...

That is pretty much the epitome of "hard task". Sites differ, associating the right site with the right password is difficult, and the security risks (having scripts accidentally send the wrong creds to the wrong site(s)) mean you'd really want to get this right.

In conjunction with some other thoughts of mine, though, this suggests a space for a more API-driven web design generally. One in which the authentication mode is clearly expressed. HTML had this integrated at one point with htaccess, but it was a horribly simplistic model.

Something I've been thinking about.

Mozilla Persona is a good start.

But that's not backwards-compatible with existing site authentication systems, is it?

Is there one?

Not that I know of...

This is one reason I'm a huge proponent of having dogs at home. They're far smarter than any alarm system. They don't need to actually be big dangerous guard dogs in order to protect you from burglars.

My 2 little dachshunds create a nice ruckus anytime a stranger comes near the house. They wouldn't protect me, but at least they'd wake me up.

More importantly, they're going to deter a potential burglar. They'll just move on to an easier target.

Speaking of deterrents, it can help a lot to simply have a sticker on your house or sign in your yard of a security company, even if you don't actually have a security system.

I'm from Brampton, which is a suburb of Toronto. We have a large South Asian population, many of whom are Punjabi. Putting "Beware of Dog" signs in your window is a thing.

To illustrate my point, watch this video, with subtitles on: http://www.youtube.com/watch?feature=player_detailpage&v=xmK...

I don't want to judge you, not knowing how big a yard you have, but as a downtown apartment dweller, dogs barking provide all the annoyance of car alarms, the same inaction, and a smoldering hatred for people who keep dogs in these conditions.

I'd hazard a guess that while it may be as annoying to you, and receive the same inaction from you, that to each owner a dog's bark has a different meaning. Partly because they get to know the animal ("oh, he never does X or he usually does Y so I can judge this better") and partly because they have context (all you hear is barking, but they hear that along with... knowing the dog hasn't had his walk yet. Or knowing he was asleep so something strange must have woken him up. Or knowing... etc.)

Depends on the kind. For the most part, if one keeps barking in the night, you can assume something's wrong. If it does it anyway, you already know that and can ignore it, and call the council if it keeps doing it.

It's all deterrence.

Thieves don't wan to be caught or injured - they'll go for a house that doesn't have a dog bark at them when they are peeking in the windows; they'll go for the house without an alarm box next to the one that does. Even a small dog works for deterrence even if not so much actual physical defence - I've known people with some very non-aggressive dogs who still have 'Beware of Dog' signs for this exact reason.

> It took me over 27 years, or about 10,000 days, to get robbed. That’s still a 1 in 10,000 probability. Pretty good.

No, no, no. That is not how probability works. That's like saying that if I live to be 100, the probability of me dying was 1 in 36,525.

Can you elaborate more? I would have thought your example isn't comparable, in that we death is inevitable, but being robbed isn't (as much, depending on circumstances)

An event happening only reveals that p > 0.

Imagine you have a giant 10000-sided dice. You throw that dice once every day searching for a magic number (e.g. 1337). "Hitting 1337" is an experiment with a binary outcome (yes/no).

On day 500 you hit the magic number. Did you have a 1 in 500 chance of hitting it? No, you had 1/10000 chance of hitting! Even if you throw it 10000 times, there's no 100% chance of hitting 1337 since the dice is still 10000-sided even after you hit any number (this is called "no replacement") so you can have, for example, 1338 coming twice and 1337 none. There is never a 100% probability (but it approaches 1 rapidly near 10000).

On the other hand, you can calculate the probability of "hitting 1337 at least once in N throws", which is actually the CDF of a binomial distribution[1], but you need the initial probability of a single event!

Bringing back the robbery theme, living a day of your life is just repeating the "being robbed today" experiment (throwing the dice) once a day. Being robbed on day N of your life just means you repeated the experiment N days and N-1 times the outcome was "no" and then a single "yes". This does not mean that the CDF was 1 at N attempts, it just means that it was greater than 0... and this is just the probability of "being robbed after N days", i.e., the CDF of "being robbed today", not the probability of being robbed itself.

Also: you can't evaluate probability a posteriori unless the events are repeatable under controlled conditions, in which case you repeat the experiment lots of times and derive the probability from the outcomes. Burglaries are not repeatable under controlled conditions!

[1] https://en.wikipedia.org/wiki/Binomial_distribution#Cumulati...

Maybe more accurate to say the probability of being robbed on a single day is 1 in 10,000? So on average he could expect to be robbed two more times in his lifetime.

just because your experience was 1/10000 doesnt mean your true risk is 1/10000 . You could have tossed 9999 heads and 1 tails, there's still a 50/50 chance on the coin... Similarly you could be overstating your risk..

The probability to get 9999 heads and 1 tail is so small that you have more chance of finding an unicorn in a forest. I'd toss that coin :-P

So you're saying unicorns exist? Because that coin toss could happen. Not sure if finding a unicorn in a forest could happen, unless unicorns exist ;)

Yes, I say that it's more likely to find an unicorn somewhere on Earth (an undiscovered species) than to get that toss sequence. We say that an event is impossible for _way_ less probabilities (I could be hit by a cosmic radiation and start to grow a third arm, but it's unlikely enough to say that it's impossible).

I wonder what the average value of computer hardware is vs the average exploitable value of the data on that hardware and how it's changed over time.

I've never heard of a thief who's tried to use the data from a randomly stolen computer for further profit. Maybe with bitcoin and other technologies, the calculus will start shifting and thieves will become more interested in stealing data than hardware.

Setting aside all morality for a moment, what an interesting service to offer to criminals - bring me a stolen laptop and I'll pull out the personal data from it, and sell that data for you online.

This actually probably exists. Which makes the, "thieves aren't that smart" argument kind of useless.

There would probably be a bunch of trust issues blocking it. Why should any legitimate thief trust you/whatever person to take stolen property and actually do something profitable with it, instead of go straight to the police or the original owner? If you intended to offer this service as an honest criminal, how would you go about finding actual thieves and not undercover cops, and getting their trust? How could you trust them to not turn you in to the cops themselves?

If anybody came up with a startup or website or something to resolve those issues, that would be evil genius on the scale of Cryptolocker.

I definitely agree that those would all be issues, but those are issues for every underhanded transaction, not just this kind of transaction. You could say almost the same thing about drugs, hookers, etc.

Criminals do find ways to do business, and I believe they substitute money and intimidation where trust would usually go.

I've been using Arq lately for online backups:


It can act as a frontend to Amazon Glacier, just punch in your Amazon API keys. Considering ingress into the Amazon world is free and it's a penny per GB per month to store, I've basically paid $1/month to keep 100GB of personal data safely backed up at Amazon.

I'll need to pay more than that to get my data back out, because Amazon charges retrieval fees to get things out of Glacier, but if my on-location backups should fail to rescue me, then this has my back.

Really sorry to hear about the OP getting burgled. It sucks, I know, and I was lucky enough that my laptop was missed when I was burgled - if it had been taken I'd have been in that awful position as my only backup was right next to the laptop. Scared me in to doing proper backups though!

Arq definitely gets my recommendation too. I've been using it for a little over a year, paying about $3 per month, and the peace of mind is fantastic. It's a last resort, and I have a number of other offsite backups on normal external drives, but with this backup running every hour, I'm extremely unlikely to ever lose more than an hour's work.

It's really nice because the encryption is client side, so you're not really trusting Amazon with too much, and there's an open source restore utility on github, so you don't need to worry too much about haystack going out of business.

It's also, in my experience, much, much faster to upload to than any of the other online services I've tried (Backblaze, Crashplan).

Is there a windows/linux equivalent for this?

A Google search for "windows glacier backup" turned this up in the top few results, so this may be doable:


And for Linux it seems like this one might be an option, but, YMMV:


I'm using Arq as well. Easy to setup, reliable through AWS S3 and encrypted on the client.

Not a single report came in. They’re good services, but if the thieves are smart the odds you’re getting anything back are slim.

My wife lost her iPhone 3G a few years ago and oddly it eventually turned up on Find My iPhone (which I use very frequently) a month or two ago. I have to wonder if at least in a phone's case, it uses the IMEI or something in its tracking rather than merely the iCloud login since you'd expect a phone to be wiped/reset within such a long timeframe. Maybe iCloud should (or does?) do a similar thing with MAC addresses or some other sort of internal serial number when it comes to tracing lost/stolen devices.

With iOS7 and Find my iPhone enabled, your phone cannot be restored without entering your iTunes username and password. Your phone is literally worthless with out it.

Can't you put it in DFU mode and reinstall the whole system?

Doesn't matter. It ties your IMEI to your Apple login so after you restore you're still locked out. I've seen it action after unlocking an iPhone recently.

>literally worthless

I don't think you understand hacking...

> I don't think you understand hacking...

I don't think you've been following the iOS7 updates closely.

If you ever manage to do a DFU, you won't be able to restore. And if you ever manage to restore and jailbreak, you'll never be able to connect to iTunes, use the AppStore, or sync with Apple again. Which means, the phone is either worthless or at least seriously crippled.

I have jailbroken many an iPhone, so I have a bit of an idea. Apple's security is really quite strong. If you are trying to equate hacking to magic, I don't think you understand it.

> Apple's security is really quite strong. Funny. Every single one of my friends in the IT security business strongly disagrees with this statement.

Ok, the iPhone device security is really quite strong. As for whatever else Apple does, it's not relevant to this discussion.

...and? what happened next? Did you find it?

Since it was over a year later, my wife thought she'd "lost" it, we'd already mentally written it off, and it couldn't be easily traced to a specific property, I decided to let it go because I doubt the police would have been interested or useful.

Also, a good way to protect your computer, especially while travelling: use a Kensington lock cable to physically attach it to something that doesn't move.

Make sure the lock itself doesn't suck, though. A lot of cylinder locks can be opened with a Bic pen, for example.

Since the lock mount is often just a cut-out in the laptop case, the result of theft is typically a cosmetic but non-functional blemish to the device.

Mind: anyone receiving the laptop would have a strong indication it had been stolen. This might or might not be a concern.

Additional deterrence? Sure. Proof against theft? No. Slow down an opportunistic smash-and-grab situation (I've seen ~ $20,000 of hardware stolen inside of 60 seconds)? Sure.

"A lock keeps an honest man honest."

I guess it depends on the laptop. The last time I used a lock was with a pre-Retina MBP; short of cutting the cable (doable but you'd better come prepared) or what it's attached to (ditto but probably harder) you're not getting that off without a fight.

An angle grinder and/or drill can do wonders. If you can snip the cable, you can remove the lock head at your leisure later.

This still slows down the casual / opportunistic thief markedly, of course.

Kensington locks can be unlocked with nothing more than a slim cardboard tube: https://www.youtube.com/watch?v=0SkKJ4yOKo8

I tested this technique myself a few years back, but must admit to not knowing if Kensington locks have evolved since then.

A kensington lock means you can walk over to the cake counter and take your time selecting a cake, leaving your computer back at the table, locked to the table leg or whatever. That's what I found anyway when travelling... it just removes the quick swipe opportunity and gives you peace of mind.

Even if you are a minimalist, one of the few things you should have if you have something non-negligible to lose, is a safe. Most thieves don't bother touching one if it looks sturdy and a good one will withstand fires, so that's where you can keep regular backups.

If you don't want one, building a tiny backup PC to hide somewhere (in the attic with WiFi etc.) is also feasible nowdays when you can get 1TB mSATA drives.

A NAS is my preferred choice, over a PC. Smaller than most any PC I could cobble together, lower power, quieter, unassuming. They even make WiFi-equipped models.

Which just made me think of something- if you are concerned about network security and isolating your backups, what's to stop you from keeping the NAS unconnected to your WLAN, and at time of archival, explicitly establishing P2P WiFi connections with the NAS from the client PC...

Nothing, but there are more paranoid and more easily implemented systems that you could use instead if you want easy, but air-gapped backups.

You can even buy a fire-resistant safe with USB connectivity, so you can leave an external hard drive in the safe and still back up to it regularly. The ones I've seen are still pretty pricey (~$500), but they avoid the potential for "I remembered to back up, but I forgot to lock the drive back in the safe, and then the house burned down".

Most document safes are rated to keep paper intact for a limited time, when exposed to house-fire temperatures and wattages. Make sure when you buy a fire safe that it is 'media rated', not all of them are, and the internal temp of an ordinary fire safe will melt cds and backup tapes.

Only if the safe is properly secured. Thieves are more than willing to carry a safe away if they can.

Bolting to the floor/wall is a must.

> If someone takes your laptop, they have you by the balls (or ovaries).

People still have laptops that aren't encrypted!?

That was my thought as well. Macs have FileVault. Pretty big no-brainer for me since my laptop can access my work vpn. I have a strong password for the same reason.

I always backup important things to the phone (big memory + big MicroSD card) and together with my wallet they sit near my head while asleep. While I am awake they sit in tight jeans pockets.

Idea for a startup: Similar to how I can call a creditcard company to just cancel the current card on file and issue a new one, I'd love to have a place where I could just call up and say "Lock down my digital life and send me a letter in the mail with new pins, passwords, API keys, etc".

I would pay for expensive Next-Day-Delivery on this too.

Exactly how this would work I'm not sure. I guess said start-up would need to be trusted with all your passwords & API keys and private-keys? I dunno.

If they know all your accounts, passwords, PINs, etc, that's one thing - though you have to trust that, if and when the business dies, they properly wipe their hard drives.

But if they have your digital life (all of it), and they go under, then all your data is gone. So: Your approach of having them have your passwords and PINs is better than "one stop shopping" where they alone hold all your data.

I would think that the way it would work is that you when you sign up for the service you create a master document with accounts and passwords that gets encrypted before it's uploaded to their servers. Then, in the event if a catastrophe, you just send them your encryption key for that profile and they do their thing and reset all of your accounts.

It might work. Chrome already saves all your passwords on Google's servers (if you allow it too) and Apple does the same with Keychain on iCloud. So it's definitely going there, and if you can get users to trust your service, it might take off.

Think of it like an emergency service for your digital life (both private and business).

Hmm. Then you have to have your encryption key after the catastrophy, which might be problematic.

On the other hand, if you don't require that, then somebody could spoof you...

But then where do you safely backup/store the encryption key?

I suppose you could put it in a safe deposit box. Another option is hide it in the margin of a book; somewhere that normally wouldn't get stolen or read. Of course then you have to worry about fires and floods... Perhaps a copy at a relatives house as well as yours. For bonus points, don't tell the relative, just jot it down in a book on a shelf when he/she isn't looking!

It was largely rhetorical. :P A lot of the comments on this are related to how do you keep important data both always available to you, -and- safe from anyone else getting ahold of it. I was just pointing out the bootstrapping issue; having one password/phrase/key that allows you to reset the passwords/whatever to your digital life still requires you to find a way to keep that one word/phrase/key safe yet accessible.

That is stupid with credit cards, and it would be extra stupid with your digital life. Either this is one gigantic DoS vulnerability (anyone can call them up and ask them to completely immobilize you digitally for at least 24 hours), or you have some way to reliably store authentication credentials that would allow you to authenticate to such a service in an emergency, in which case you could probably just as well just store what is needed to recover things yourself.

Am I the only one who have no digital assets? I recently did a clean wipe and realized that I had exactly nothing on my computer that I wanted to save. No backup was needed.

No photos, videos, music, movies, code? Nothing?

I use full-disk encryption and encrypt backups, but I only reboot my computer once a month or so to upgrade the kernel. So in almost all vectors by which my computer could be stolen, it will just be sleeping. How worried should I be that DRAM is not encrypted? Unlike the encryption password, the screen lock password gets typed often and in public places so I doubt it would foil a sophisticated thief.

First, I believe I read something that with newer memory, even cold freezing the RAM is not enough to reliably pull off an attack. Second, it's so incredibly unlikely that just a thief is going to not try to reboot the machine.

It's probably not exceedingly difficult to slap an acoustic keylogger near you, then steal all your passwords.

If you're really worried about that level of adversary, then keep your laptop physically secured and powered off. And don't use it after breaking chain of custody.

> It's probably not exceedingly difficult to slap an acoustic keylogger near you, then steal all your passwords.

Umm did the accuracy of this technique improve markedly over the last few years, or did I miss something?

Last I heard they got an ~80% per-character accuracy, given it can be calibrated with a keyboard of the same make, as well as the room it'll be in.

Which is enough that it can technically be done, but it's not really a "just slap it on there" procedure.

Unrelated to the robbery part, but if anyone is trying to escape the unrest in Thailand, the Philippines is a pretty cheap place to stay for a short period. Most people know English. I would opt for Cebu City over Manila but that's just me.

I have backups on Crashplan. I have a copy of my password database in bank safety deposit box. Almost all my local stored data (and everything sensitive) is encrypted.

The thieves thank you for providing the link on how to break into your MacBook, since most thieves are not smart enough to do so... like you say they just want to wipe and sell it.

The iPhone should not need WiFi for Find My iPhone to work. But it probably does require you have data roaming turned on if you are not in your home country, did you have that disabled? They might have also shut down the iPhone.

Also having the Macbook join any open network it sees might bee a good security option for making it more likely it would contact a network to be found... though it's also a bit of a security risk by itself.

As you said, very good idea not to keep the backup drive and computer together. When I'm traveling if I leave the room without my computer, I generally try and carry the backup drive somewhere on me.

I travel with my laptop so I worry about it being stolen...

So I could be wrong about this, and if I am please tell me.

From what I read if you use full disc encryption, bios password, and set the bios to go direct to hdd for booting on a macbook air, you've essentially bricked the laptop. You can't get the laptop to log in with no guest account and only the one user account. You can't get it to boot to another device because of the bios lock. You can't change the boot device with a bios password set. Finally you can't reset the bios password because to do so you would need to remove the DRAM per the macbook bios reset instructions, and that's not physically possible on an air since it's soldered down.

Great write up.

I'm used to enabling disk encryption on my work laptop for corporate security, but I've ignored my own personal information security. I'll be looking into re-enabling that now after reading what you went through. It would give me the security to know for sure that my information was wiped and not rummaged through.

> I didn’t have a cloud backup because I don’t trust a third party with my data.

I would still use cloud-based storage like Dropbox but encrypted with Truecrypt. Am I the only one that still carries around an encrypted USB on hand at all times?

Also, have you heard anything from the police yet? Glad you and your family are safe though!

> Except for my clothes and toothbrush, they’d taken everything. MacBook, iPhone, debit and credit cards and much, much more.

It's surprising to meet someone who doesn't keep their phone on/near their person, even when sleeping. It does; however, raise a good point:

Does everyone have some sort of contingency plan for this kind of event? Show up at a friend's door to use theirs? Library or other public computers? Prior to this article, I hadn't considered how to change passwords/cancel credit cards/notify bank(s) without at least one of my own internet-connected devices.

I keep a crap laptop in the closet where its unlikely someone will look... plus they'd have to be idiots to steal it.. If you tried to sell it someone would say "Well, You can throw it out, or you can pay me $10 to do it for you..."

"There are two kinds of people: Those who keep backups, and those who haven't lost all their data yet."

Also why to use KeePass with a very strong password and not 'remember my password' in $browserofchoice.

Many (most?) backup systems allow you to encrypt your backups, so saving them in the cloud isn't really a security risk unless you choose a bad passphrase. Just make sure to keep your passphrase around...

Wow... This scared the crap out of me. I started thinking about what files acutally are available in non encrypted state on my harddrive and phone.. Like the author I have digital copies of all my ID, tax reports, payslips and the list goes on. All of the passwords I have are different so I use a password vault, but that is usually turned on (JUST CHANGED THAT)

Also, the my dropbox on my job is leaking personal documents like crazy.. I better step up my game..

Definitely a cautionary tail. And a reminder that we should often ignore the FUD and put (some) faith in digital systems.


1. Enable full disk encryption.* Unless you lose your memory, this should never prevent you from losing files. If you're still concerned, store a backup of the phrase in a very secure location.

2. Make offsite backups. Encrypt them.

* One of the things I love about Boxen is that this is enforced across the board.

My MacBook was stolen in September, and it was the same for me: they were smart enough not to connect to a WiFi, and FindMyMac knows nothing about it. I requested it to lock itself, but since it never connected to a WiFi, I'm pretty sure it never did...

I just enabled FileVault on the MacBook I have now, thanks for that! :)

It should be trivial to report hardware as stolen and get it remotely disabled. We've already pretty much given up on privacy and signed up for all the apple/windows IDs possible - might as well get some benefit from it.

You have your life and health.

Best of luck to Pieter - it's a real shame.

If you're thinking about reading this article but not sure, just do it - you may find there's a lot you can learn from Pieter's horrible experience.

If you don't trust a third party you can use CrashPlan to backup offsite to your friends.


Wait a minute, didn't we meet at Punspace a few months ago? Hope all is well and glad you're okay.

Thanks for writing this post! I finally took a moment to enable FileVault :)

Best of luck on your travels!

Same here. I didn't know OS X had disk encryption. And I went ahead and enabled encryption on my Nexus 4 as well.

Android's encryption is pretty useless, as it forces you to use the same key for the encryption and for the screen lock. So either you have a secure encryption key and a way too complicated screen lock key, or you have a reasonable screen lock key, and a totally insecure encryption key (that can be brute-forced in less than a second).

Why would they implement the feature that way? Why not have a boot passphrase? Wouldn't you need some custom hardware to extract the keys out of RAM? And Google is in the right position to mandate some extra security hardware, if needed to provide a secure design.

Not true anymore. Device encryption can differ from lock screen nowadays. But speaking of lock screen, people have built robot to brute force it, so shutting down after a few failures is definitely a good idea.

It appears still to be the case on my Nexus 5. Or are there any hidden options to fix this problem?

My Macs all have encryption enabled, but I didn't know about Androids encryption. I'll be doing that as soon as my phone is charged!

Hi Jonas, we did! Thanks for your wishes, you still in Chiang Mai?

This is why I have dogs. An 80 pound bull dog (or 2, or 3) can be a good deterrent, as well as an alarm, which helps me to sleep well at night.

Does anyone know of any good anti-theft/theft-damage-control software for Windows based laptops? Like cerberus for Windows 8.

Very nice writing. Thanks for the perspective.

My only gripe (so far): I don't think "eventhough" is a word (though I suppose it is now!).

Thank you, fixed. Not a native :)

Heh, I'm trying to learn Dutch at the moment (using Babbel.com)... I would _love_ to be as good at Dutch as you are at English! Really excellent writing style - keep up the great work.

Dankjewel! Succes met je Nederlands. Lijkt me een behoorlijk moeilijke taal als je er niet geboren bent :) Waarom ben je het aan het leren?

Not a problem. I do sometimes forget that there is a whole wide world out there.

Hoping you do a blog what you now buy to replace everything, based on all your travel experience.

From your "100 things" post:

> 4 hard drives spread around with all my data encrypted

Did these turn out to be useful?

Yes and no. They have my data until I left to Asia in April (9 months ago). Luckily the thieves left a backup of my main drive I just did the day before. Really glad they did.

You should have stayed in Thailand :), outside of Bangkok the environment is reasonably safe.

This post is a great eye opener I am enabling file encryption on my disk right away

I have installed an alarm, because I cannot backup myself or my wife and kid.

No comment about pretentiousness of minimalism yet? HN is having a good day.


> fear of others having access to your data

> online back-ups.

that combination merits a post of its own.


- make backups

- encrypt data

- use a password manager

The holy trifecta of things that people hear about and refuse to do. And then come and preach to others when they realize that "Doh, should have listened to that troll on HN".

Wait, how was using a password manager advantageous in this situation?

>Since they had my iPhone too, they now also had potential access to my passwords manager as well as all my two-factor codes (on the Google Authenticator app).

They have potential access to the password manager on his Mac as well.

If you use a good password manager you should have the time to reset all your password so that if they somehow manager to crack the manager all the passwords in there are worthless.

Also if you immediately ask iCloud to lock your iPhone they can't use the any of the two-factor authenticators without connecting to the Internet which would brick the phone.

Could something like LastPass help? Passwords are kept on server in encrypted form and accessible from all computers after giving one last pass.

Lastpass on the mobile app can be set up to require a password at all times. Mine locks as soon the Screen goes out of focus.

With a password manager he can use it to trigger an audit. It might not cut down the time taken to change passwords everywhere, but it will make it a lot easier.

Dogs are often a big help in preventing burglary..

we don't have ideas, we have start-ups.

what are lips for if not to pleasure your master?


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact