On theft, privacy and data loss

I’ve recently taken a serious look at the reality of theft of computers as well as ensuring privacy and reducing data loss should such a theft occur. Take a moment and and take inventory of where you store you data and how accessible and backed up it is. What would happen if:

    • You dropped your cell phone in the toilet? (data loss)
    • Your cell phone got stolen? (data loss & theft)
    • What about that ‘it will never be stolen’ desktop computer at home? What if some one stole that? Do you have a password on login, do you have your email password saved and your browser remember all your passwords? Do you file your taxes online and store copies? Do have resume with references, previous address and social security number? (Data loss, theft, and loss of privacy)

With the sheer number of accounts we create at every new site we register with, we’ve become lazy and no longer want to remember passwords. Most folks either check ‘remember password’ in their browser of choice, use the same password for every site, write down the password or all three. Further, most folks don’t password protect their smart phones. Compliment with all personal data stored on a laptop or a desktop, this creates a recipe for catastrophic data loss, serious violation of privacy potentially leading to identity theft.

In this post, I’m going to outline a number of suggestions to help fight data loss and identity theft while protecting your privacy. I’ll give each suggestion a PITA rating of how hard and how long it will take to implement. A PITA of 1 is easy a PITA of 10 is, well a real PITA!

Master Passwords

PITA: 1
If there’s one thing you actually do, do this one. I use both Thunderbird and Firefox. As I said, most folks are lazy and want all their passwords stored and remembered for them as needed. This is all fine and dandy until your laptop walks an the thief can use all your accounts with out ever touching the keyboard. Both Firefox and Thunderbird offer the ability to set a master password. Every time you open your browser or mail client and a password is needed, you will be prompted for a your master password once. Then all other passwords will be filled in for as normal. Note: close your browser and mail client often ; )

OS Level Passwords

PITA: 1
A no brainer. Both Windows and OS X (video) have it.

Set a phone password

PITA: 9, then less
When I first set a password on my phone it was a real pain in the ass. I had to enter it every time I wanted to make a call or check my email. I have a Palm OS phone (not a Web OS phone), so it’s not that sophisticated. I know that Android based phones have a quick pattern you can trace which is quite easy. The iphone has a number pad you can use. Any which way, over time, this becomes second nature, so the PITA rating will fade from 9 to a lower number.

Remote Backup

PITA: 7
I’ll explain my backup technique in a sec, but take this one seriously. If your house were to burn down while you were out of town, how much data would you loose? I hate to be all doom and gloom here, but most folks don’t shoot analog any more, so all photos are digital. Maybe you upload to flickr or the like, but there’s nothing like have all your photos organized just so. I strongly suggest you look at commercial providers for this.

Our household has both local and off site backup. We start by backing up all devices (two laptops and a desktop) to our local qnap server via robocopy (think rsync for windows). The qnap is just linux, so it runs all sorts of great things like rsync and secure copy (scp). A friend has a qnap as well. We first connected an external drive to our own qnaps and made a backup of all our backups. We then swapped external drives and connected them to our respective qnaps. We now have a remote backup that we can rsync our data to over ssh and the initial gigs of data are already there.

Remote, Secure Backup

PITA: 10
I have a subset of my data that is hundreds of PDFs. I generate them via my trusty and some what spendy sheet feed scanner. This guy creates searchable PDFs that have the OCR text embedded in them. Genius. In comes a bill, tax return or sensitive document, out comes a PDF and some shredded paper to recycle. Cross cut, of course.

This data set is a treasure trove. Should my desktop with hundreds of megs of PDFs walk out my front door one sunny afternoon in a thief’s hands I’d be up you know what creek with out a paddle. Data loss aside, it would be little effort to apply for a credit card after a little address change. Bad times indeed.

Enter Drop Box. This is an excellent free service (for the first 2 gigs) that allows you to do what I would call very rich man’s rsync. Store all your PDFs in this folder, and now they’re not only backed up, but remotely accessible!

Wait – what about the stolen desktop? The default behavior of Drop Box is to remember your password. Should someone take your computer and gain access to it, the PDFs on Drop Box are good as local on the drive.

Now enter the second layer: TrueCrypt. TrueCrypt is the no-joke way to store data securely. They support both an encrypted boot drive as well as the spook spy stuff: plausible deniability. Ignoring the more advanced features, TrueCrypt’s quick start guide will walk you through creating an encrypted volume that’s encapsulated in a single file. This file can be any size, thus the drive can be any size. You could then store you hundreds of PDFs in a TrueCrypt volume in a file on Drop Box. True secure offsite backup.

I’ve even gone so far as to create a small TrueCrypt volume that has all my passwords. It’s the keys to the kingdom, but I’m going to be vigilant about protecting this file and only the one closest to my heart knows how to get in there.

Caveat emptor

I’m not a security expert, take my advice with a big grain of salt. There are ways of hacking the master password for firefox and thunderbird. OS Level passwords are trivial to bypass for a skilled IT professional or evil intentioned googlist. Even TrueCrypt can be accessed via social engineering or a sloppy operator who writes down their password.

Good luck and happy securing!

Facebooktwitterredditpinterestmail

2 Comments


  1. you forgot passsafe.

    http://www.schneier.com/passsafe.html

    set random strong passwords, in a trustworthily encrypted database.
    copy the password to the clipboard when you need it.
    you never even need to know your password. you never need to view/expose the password in plain text. you never need to type it on your keyboard.

    Reply

    1. Nice! It looks like Password Gorilla is the cross platform version of this same idea. Just like the TrueCrypt disk, this file could be stored safely on a network location, like Drop Disk.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *