26 comments

[ 2.7 ms ] story [ 73.5 ms ] thread
I think TrueCrypt is the only good advice there; hiding a folder does nothing for your protection (people don't look at the stolen laptop for your credit card information, regexes do), and using hardware encryption just sounds like a disaster waiting to happen, like consumer-level "hardware" RAID. (RAID controller dies; your data does too.)

I'm still surprised that people don't encrypt all their personal information, especially on laptops. Truecrypt doesn't even require a reformat or reinstall -- download it, click a few buttons, and your data is safe and there's almost no speed hit.

I've thought about doing truecrypt a few times, but I'm afraid that will greatly complicate cross border trips
gte910h - Its super easy. Trust me. 10 mins. and you should be all set.
I'm not talking about the time to install, doesn't seem that would be that big of a deal.

But I'm afraid border patrol agents will see the truecrypt banner on boot up flag me as some sort of pedo or some such, and make my life hell as they don't believe I don't have a hidden partition.

Or perhaps I'm overly worried about this sort of thing.

Anyone have truecrypt installed and regularly/ever crossed borders in the last few years? Do they give you shit about if you just decrypt the disk for them?

What do you mean by "cross borders" ? I travel oversees and no one has booted my laptop ever to see what's inside. Maybe I've never traveled to those countries.
US border patrol wants to boot your notebook often to check for kiddie porn.

I don't have anything, even movies, no pirated software, etc, however I don't want the existence of the true-crypt program alone to be an issue with overzealous border patrol people

"often"?

I've been stopped by customs a number of times, and they have never made this request. It's too bad, because I want to be the test case.

I don't actually have a clue how "often' this is versus it not being. I've not been stopped the few times I've traveled internationally. I just know TC in particular has been a thorn in the side of the FBI and that border control people have enough powers to be rather annoying if they get pissed off.
I haven't had the pleasure of dealing with border agents, but I would assume that they'd leave you alone as long as everything looked normal at a casual glance.

A couple example suggestions for that:

1) TrueCrypt let's you change the bootup text, and can be set not to visibly show keystrokes when entering your password. This means that you can make it boot into what appears to be a standard "No operating system found" type error message, which will not react at all until you type your correct password and hit enter. Unless they're dedicated enough to examine the boot sector they wouldn't be able to tell that it's not just a corrupted drive. Toss an OS install disc in your bag for added realism.

2) TrueCrypt will boot from CD into an encrypted drive. Using this to your advantage, install a small Linux partition and set your computer up to boot into that unless the boot CD is inserted. Nothing suspicious at all remains on the drive except for a parition of apparently random data, which they'd have to be pretty suspicious already to even bother looking for. You could copy the TrueCrypt bootloader back onto the drive to boot without the CD for convenience if you're not going to be crossing borders for a while.

...And there are probably other ways. The TrueCrypt documention offers a number of suggestions on how to look minimally suspicious to suit whatever level of paranoia you may have.

Thanks, this is what I wanted to hear
Oh man, it looks like full disk encryption isn't supported under OS X :(
That sucks. I've used TrueCrypt for Windows and LUKS for Linux, but have never been a Mac guy so I haven't looked into that side of things. Google suggests that your main options are OSX's built-in FileVault to encrypt just your home directory (and optionally TC or something for additional non-system data), or PGP Whole Disk Encryption for a whopping $150. Or running a virtualized OSX within an encrypted container within a second OS, with all the extra boot time and performance hits that would entail.

I'd bet on something better coming out before too long given more interest (and laws) about encryption these days, but unless I've missed something, for now it looks like you're pretty much of out of luck for as good, complete, free solutions go.

It doesn't and it's so easy. And it's free.

There's no excuse. Someone walk off with my laptop, or the biz's, it's a shrug of the shoulders, fill in the insurance claim, and back to work.

By complicate, you mean simplify.

"We need to search your laptop."

"Sure, take it."

Laptops are disposable when they're encrypted.

Oh man, it looks like full disk encryption isn't supported under OS X :(
I use TrueCrypt for some pieces of data and even on entire backup drives, but haven't bitten the bullet and did the whole boot drive yet. Any gotchas / tips?
"so that even if someone gets in, they have to have basic skills to get to your data"

if they want your data, they'll just plug the HDD in to a different machine and bypass windows security that way, OS passwords only dissuade the most casual criminal

Unless I'm mistaken, none of his suggestions use OS passwords. All of his suggestions protect against plugging the hard drive into another machine (except hidden folders, which only work against non-tech-savvy thieves, anyway).
jcl - Passwords are great, the more complicated, the better. However when your laptop is stolen, why would they put their time in it cracking your OS password. If plugging the HDD in another computer bypasses it completely.
yeah, unless the drive content is encrypted you can just mount it on another system and take whatever you want. You can even boot to linux off a usb and do this.
But once you have truecrypt, it doesn't matter if they plug your HDD into a new computer. That was my main concern I was trying to solve here.
Yes indeed, encryption is the only real solution. Of course, if you're really trying to hide something then you need to make sure the unencrypted ones aren't leaking somewhere.
If you don't backup your entire drive, it's still useful to know which files were on it. I have launchagent (OS X cron equiv) dumping a full file listing on schedule.
I cannot recommend Time Capsule highly enough.
With a laptop I prefer to skip external drives and go purely offsite.