11 September 2013
The recent news about the NSA's access to the data hosted with cloud providers got me re-thinking how I store and access my sensitive documents—and not only from the point of view of privacy, but also in terms of convenience.
My wife has an iMac at home and I have a MacBook Air that I shuttle daily between home and the office. Until now, we've stored almost all of our documents in Dropbox, using a common account.
A while back, wanting an extra layer of security within Dropbox, I decided to create an encrypted sparse bundle image to store our confidential documents—bank statements, contracts and the like. (Sparse bundle images are really OS X package files, comprised of lots of "little" files, so that incremental backup to cloud providers or Time Machine is efficient.)
The problem is that since I'm frequently archiving business purchase receipts in an EagleFiler repository, that encrypted volume pretty much stays permanently mounted on my MacBook Air—which means that my wife at home can't concurrently access any of the other documents on that image. As a consequence, we ended up moving some confidential documents (like QuickBooks data files) out of the encrypted image and back into just Dropbox, so that she'd have access.
So the drawbacks of my old system were:
Although it's probably futile to try to completely escape their net, this NSA ordeal was the straw that broke the camel's back in my growing disinterest in keeping personal information on servers easily accessible by other people, and so I decided to make a change.
This weekend, I moved all our confidential documents (including those on the encrypted disk image) out of Dropbox, and into a folder that my wife and I share with BitTorrent Sync.
BitTorrent Sync is made by the same people who make BitTorrent, and it's basically a robust peer-to-peer filesharing system. You add a folder to BTS on one computer and create an associated "shared key". Then, you associate that same key with a folder on the other computer (or computers), at which point they start syncing. It works very nicely!
I did want to preserve some "cloud" aspect to the whole system, in order to have an offsite backup as well as faster download access, and so I setup BitTorrent Sync managing a copy of that shared folder on an encrypted volume, mounted on a hosted dedicated server that I maintain. So it's kinda like my own private Dropbox.
(I'm not sure what's the bigger risk, that somebody breaks into that dedicated server while it's running or that the NSA has back door access to CrashPlan—the other cloud solution I was considering, since I already use them for backup of all my other documents.)
All in all, I suspect this setup's fairly secure, although I'm sure if the NSA really wanted to target me, it'd be no match for PRISM, BULLRUN and whatever else they've got going!
In terms of physical security of the three endpoints—my MacBook Air has FileVault enabled, and so if the device were stolen or lost, it shouldn't be possible to access the documents on the drive. On the internet-connected dedicated server, the documents are stored in an encrypted volume. So that just leaves my wife's iMac at home, and that's where this weekend turned awfully frustrating...
Her machine has an Apple-installed 256GB SSD boot drive, and a 1 TB internal hard drive for storage (which I've partitioned into a 250GB bootable backup volume, and a 750GB volume for Dropbox and other files). In addition, I have a 3TB G-Drive attached externally. After many, many hours of moving data around and rebooting:
I was unable to enable FileVault on the iMac's startup volume. After making a fresh install of OS X in order to get a Recovery partion present (required to enable FileVault), I enabled FileVault, waited for the encryption process to finish, and then rebooted from my bootable backup in order to clone it back to the start-up drive. But, the password of the single account on that start-up drive would not unlock the encrypted drive. I googled for the procedure to unlock the drive with the backup key, and that didn't work either. Grrrrrr.
I was unable to encrypt the 1TB internal drive supplied by Apple—due to some POSIX error.
I was unable to encrypt the 3TB external G-Drive, again due to some (different) POSIX error.
And so still on the todo list after this weekend, is to figure out how to physically secure the drive containing the BitTorrent Sync managed files on that home computer. I suppose one option would be to create an encrypted disk image on that internal drive. I'll keep scratching my head on that one...