Iain McLaren

(1) Why encrypt personal files?

So only you can read them.  Especially if you are backing them up to a computer on the internet that others can access (e.g. gmail).

(2) How do we encrypt personal files?

We take the normal (or plain text) file and turn that file into gobledegook (or encrypt) it in such a way as only the person with the key can unscramble (or decrypt) the file.

See also: PGP: Encrypting personal files made (relatively) easy.

(3) Encypted backups sounds hard.  Can’ t we get someone else to encrypt/decrypt files for us?

Not if we want the encryption to be effective.  If we give someone else our encrypted file and the key, then there is no point encrypting.  Giving third parties our encypted files and the key is like:

• locking all the doors of your house and then mailing a copy of the key to every thief in the land; or
• posting your internet backing username and password on your website.

(4) But Jungledisk lets you keep your own encryption key.  Doesn’t that solve the problem?

Jungledisk is sort of like Dropbox (file backup and syncronisation between computers for PCs and Macs).  Except Jungledisk allows you keep your own encryption key.  The problems:

• No encryption protection if you use their web interface.  Jungledisk has a web interface but requires you to give them your encryption key if you want to use it.  Thus negating pretty much all of the benefit of you storing the encryption key (and not telling Jungledisk what it is). 
• The Hushmail problem. 

(5) The Hushmail problem?

The what problem?  Hushmail is a great idea.  It is a website for accessing email (like gmail), but it either:

• encrypts emails on the Hushmail server; or
• lets you download software (a client) which allows you to encrypt emails yourself (thus the Hushmail people never have access to your emails in plain text).

The problems:

• if emails are encryped on the Hushmail server, courts can order Hushmal to “catch” the unencrypted email in transit; and
• if you download software (the client) to your computer to encrypt emails, Hushmail can (if ordered by a court for example) send you ”broken” software.  When you log in to Hushmail, you download software (the client) to your computer to encrypt emails.  Instead of sending you the normal software, Hushmail can send you ”broken” software that allows other people to access and/or decrypt emails (for a discussion of this problem see the Wikipedia entry for Hushmail). 

(6) Urgh.  So what do I do?

Encrypt the sensitive files yourself.  Then upload the encypted files to a backup service (using Dropbox, or an equivalent service like Jungledisk).

(7) This seems hugely painful.  Should I bother to encrypt at all?

It depends how sensitive your data is.  Is it worth the hassle for your mother’s favourite chocolate cake recipe?  Probably not.  Sensitive financial data? Yes. 

(8) Is there an easier way?

Yes, the technology is available, but has not yet been implemented in a way that is simple to use.  I’ll talk about some possible solutions in my next post … 

4 basic scenarios where we may want to encrypt personal files:

1. Encrypting all files on a laptop or desktop.
2. Encrypting files to send over the internet, by email for example.
3. Encrypting files to carry with us or to post in the mail.
4. Encrypting cloud files that you have backed up to a computer on the internet (or are storing for other people on a computer on the internet), so that the people running your cloud storage service cannot read these files.

Let’s do what the experts do (i.e. do what Bruce Schneier does), and use PGP Destop Professional from PGP for PC or Mac (currently US$143).  And.  How do I say this politely.  If we aren’t willing to pay $143, then we probably don’t care about your data enough to bother with the hassle of encrypting it.  So anyway:

(1) Files on a laptop or desktop

We can:

• encrypt your whole computer hard drive (whole disk encryption).  This lets you encrypt your whole computer hard drive and type in a password (or insert a usb key) to login.  Safe unless your computer is snatched away from you before you turn it off.  So you can also (to protect against the snatching risk) … 
• create encrypted zip files or partitions.    For really sensitive files. 

(2) Files to send over the internet

We can create encrypted zip files.    For example, for sensitive files that you want to email to people (emails are generally sent unencryped).

(3) Files to carry with us or to post in the mail

We can:

• encrypt entire usb drives.  If you carry a usb stick while travelling or want to post a usb drive in the mail.
• create encrypted zip files and put these on usb drives.   

(4) Cloud files

We can:

• create encrypted zip files.    For sensitive files that you want to upload to Dropbox.  If you don’t trust the Dropbox people.
• use an encrypted backup and file syncronisation service (like Jungledisk).  Although I wouldn’t recommend it, as you should probably encrypt files yourself (or not bother). 

I’ll discuss why I think that effective file encryption should generally be do it yourself (DIY) in my next post …

Control your computer at work.  Or from an internet cafe.  Or from your iphone.  Or from wherever:

1. Install LogMeIn Free on all of your computers (PC or Mac). 
2. While these computers are connected to the internet, you can remotely control them from the logmein.com website.  There is no need to install any software on the “controlling” computer.  

I use Dropbox to back up and syncronise files on my computers (Windows PCs or Macs).  And PC and Mac backup and file synchronisation (using Dropbox) is now easy because:

• Dropbox is fast. Actually it’s very fast.  Dropbox monitors your files and only sends the changes backwards and forwards between your computers and the internet.
• Install it then forget it. Install Dropbox.  Then pick a folder to back up.  And you are done.  Dropbox will automatically suck your files up to the internet.  Including any changes that you make to these files.
• Price certainty. Badwidth is free, as is the first 2GB of storage, and $100/year for 50GB stored or $200/year for 100GB stored is a snip at the price.
• View your files on the internet or your iphone. You can then view (and download) these files from any computer connected to the internet or from your iphone.  View your photos and movies on the iphone using the dropbox app.
• Automatically syncronise the files on all of your computers. I have installed Dropbox on my laptop and desktop computers.  If I add (or change or delete) a file on my laptop, Dropbox automatically adds the file to my desktop computer (and vice versa).
• Version control. Dropbox keeps all past versions of my files (including any files that I delete).

Photo gallery now available at http://gallery.iainmclaren.com