Heh, I'm trying to learn Dutch at the moment (using Babbel.com)... I would _love_ to be as good at Dutch as you are at English! Really excellent writing style - keep up the great work.
This is one reason I'm a huge proponent of having dogs at home. They're far smarter than any alarm system. They don't need to actually be big dangerous guard dogs in order to protect you from burglars.
Speaking of deterrents, it can help a lot to simply have a sticker on your house or sign in your yard of a security company, even if you don't actually have a security system.
I'm from Brampton, which is a suburb of Toronto. We have a large South Asian population, many of whom are Punjabi. Putting "Beware of Dog" signs in your window is a thing.
I don't want to judge you, not knowing how big a yard you have, but as a downtown apartment dweller, dogs barking provide all the annoyance of car alarms, the same inaction, and a smoldering hatred for people who keep dogs in these conditions.
I'd hazard a guess that while it may be as annoying to you, and receive the same inaction from you, that to each owner a dog's bark has a different meaning. Partly because they get to know the animal ("oh, he never does X or he usually does Y so I can judge this better") and partly because they have context (all you hear is barking, but they hear that along with... knowing the dog hasn't had his walk yet. Or knowing he was asleep so something strange must have woken him up. Or knowing... etc.)
Depends on the kind. For the most part, if one keeps barking in the night, you can assume something's wrong. If it does it anyway, you already know that and can ignore it, and call the council if it keeps doing it.
Thieves don't wan to be caught or injured - they'll go for a house that doesn't have a dog bark at them when they are peeking in the windows; they'll go for the house without an alarm box next to the one that does. Even a small dog works for deterrence even if not so much actual physical defence - I've known people with some very non-aggressive dogs who still have 'Beware of Dog' signs for this exact reason.
Many (most?) backup systems allow you to encrypt your backups, so saving them in the cloud isn't really a security risk unless you choose a bad passphrase. Just make sure to keep your passphrase around...
I always backup important things to the phone (big memory + big MicroSD card) and together with my wallet they sit near my head while asleep. While I am awake they sit in tight jeans pockets.
Idea for a startup: Similar to how I can call a creditcard company to just cancel the current card on file and issue a new one, I'd love to have a place where I could just call up and say "Lock down my digital life and send me a letter in the mail with new pins, passwords, API keys, etc".
I would pay for expensive Next-Day-Delivery on this too.
Exactly how this would work I'm not sure. I guess said start-up would need to be trusted with all your passwords & API keys and private-keys? I dunno.
If they know all your accounts, passwords, PINs, etc, that's one thing - though you have to trust that, if and when the business dies, they properly wipe their hard drives.
But if they have your digital life (all of it), and they go under, then all your data is gone. So: Your approach of having them have your passwords and PINs is better than "one stop shopping" where they alone hold all your data.
I would think that the way it would work is that you when you sign up for the service you create a master document with accounts and passwords that gets encrypted before it's uploaded to their servers. Then, in the event if a catastrophe, you just send them your encryption key for that profile and they do their thing and reset all of your accounts.
It might work. Chrome already saves all your passwords on Google's servers (if you allow it too) and Apple does the same with Keychain on iCloud. So it's definitely going there, and if you can get users to trust your service, it might take off.
Think of it like an emergency service for your digital life (both private and business).
I suppose you could put it in a safe deposit box. Another option is hide it in the margin of a book; somewhere that normally wouldn't get stolen or read. Of course then you have to worry about fires and floods... Perhaps a copy at a relatives house as well as yours. For bonus points, don't tell the relative, just jot it down in a book on a shelf when he/she isn't looking!
It was largely rhetorical. :P A lot of the comments on this are related to how do you keep important data both always available to you, -and- safe from anyone else getting ahold of it. I was just pointing out the bootstrapping issue; having one password/phrase/key that allows you to reset the passwords/whatever to your digital life still requires you to find a way to keep that one word/phrase/key safe yet accessible.
That is stupid with credit cards, and it would be extra stupid with your digital life. Either this is one gigantic DoS vulnerability (anyone can call them up and ask them to completely immobilize you digitally for at least 24 hours), or you have some way to reliably store authentication credentials that would allow you to authenticate to such a service in an emergency, in which case you could probably just as well just store what is needed to recover things yourself.
Being robbed sucks but when it comes to digital possessions there's no reason it needs to suck this much.
> I didn’t really trust file encryption because I thought I might lose files because of it and therefore I never enabled Mac OSX’s built-in FileVault hard drive encryption. I should have though. It’d save me from worrying about who’s going through all my files now.
This is a no brainer. I have yet to notice any real performance hit for enabling full disk encryption. Just enable it, make sure to have a long/strong password, and make sure your computer actually locks when you close the lid.
You should never be worried about losing files on a single computer. If they're important then they should be backed up to multiple computers/drives/services. If you're worried about accidentally wiping your laptop when you setup FDE then just make a backup before hand.
> My backup drive was literally NEXT to my MacBook. By sheer luck, I had just backed up my internal drive the day before and they didn’t take it.
Offsite backups are a must. It can be your own "offsite" (ie. a server at friends/parents/office) but it needs to be somewhere other than the primary site.
> I didn’t have a cloud backup because I don’t trust a third party with my data.
There's nothing wrong with not trusting third parties but that's exactly what encryption is for. Encrypt your data locally and then you can store it remotely without worrying about it being accessible to a third party. DIY scripting with GPG/S3 works well for a lot of situations. Or you can just use Tarsnap[1].
Honestly it makes a lot of sense to do the same with USB drives as well. My Linux machine is my primary computer (OS X laptop when roaming...) so the majority of my backup USB drive usage is done there. I have them setup with LUKS/dm-crypt[2] for full disk encryption. It's really easy to setup, plug-n-play on modern systems, and it almost falls into the "no reason not too" category. I just wish OS X supported it too.
Depending on your threat model, they don't even have to be outside the house. If petty burglary is what you are defending against, a disk in a quiet corner of your basement is probably plenty.
I bring up threat models a lot, because I'm still fascinated with the model of data security as an adversarial relationship in which you can characterize your enemy, and thus qualify "good enough".
> Depending on your threat model, they don't even have to be outside the house. If petty burglary is what you are defending against, a disk in a quiet corner of your basement is probably plenty.
Being outside of the house protects it equally well against fires/floods/earthquakes/pets too. Protection against burglary is an added bonus.
Oh yes, being somewhere other than your house has very clear upsides, but an appropriate location is not always forthcoming. For example, I would consider it pretty poor form to plug in a personal networked backup box at my desk at work. That kind of move can also pose a risk to my sustained employment!
> Oh yes, being somewhere other than your house has very clear upsides, but an appropriate location is not always forthcoming.
It's not too hard to find one. Unless you're completely anti-social you probably have at least one tech-savvy friend that can understand the need for this kind of setup. Even better if you have more than one friend (hopefully not too be an "if") then you can have a "round robin" approach with a group of friends. An open source (so the crypto can actually be vetted) version of BTSync[1] would be great for this.
> For example, I would consider it pretty poor form to plug in a personal networked backup box at my desk at work. That kind of move can also pose a risk to my sustained employment!
Haha. Yes plugging in random networked boxes at the office might arouse some (just!) concern. When I wrote that piece I was thinking specifically of my company as I'm the boss :D
Git-annex does encrypt if you set the other site(s) as a special remote - a good way to use it with less technical friends is to get a Windows rsync server (there are some with simple GUIs for start/stop) and set that machine as an encrypted rsync remote.
> An open source (so the crypto can actually be vetted) version of BTSync[1] would be great for this.
I'm most of the way through the non-Bitcoin / "Disk Space Marketplace" portion of a project that would work really well for this[1].
While the premise is that you would be able to rent disk space from anyone who wanted to provide it (using Bitcoin/Stripe/PayPal/Whatever), that part is going to be decoupled from the actual encrypt + distribute portion which could be pretty easily used by a group of friends to have reciprocal backups of important data.
I'm still a couple weekends away from it being usable though.
Although I don't do it as regularly as I should, one compromise is to periodically backup to a USB drive and stick it in a drawer in your office. If you remember to update every few months or so, you may lose some recent things if you lose everything that you backup realtime but that's a big difference from losing everything.
I do use offsite backup in addition to regular local backups. I genuinely wonder how this will play out as video and image stuff to backup grows. At the least I'm thinking I probably need to do a better job of figuring out how to separate the important stuff from all the intermediate, rejected, etc. files.
Cyphertite[1] works very will for encrypted backups.
It splits your data in chunks, encrypts them on the fly while sending them to the cloud. It doesn't use much space, apart from a little metadata, and you don't have to worry about the NSA, as the encryption keys are only on your local machine.
Safety deposit box at a bank, trusted non-local family member's house, and trusted international (preferably different continent) friend's house should be enough for most cases.
Then perhaps back up the <10 Gb of stuff that would really screw you up if you lose it. For example, I keep all my bank account info, passwords, personal documents on an encrypted hardrive and I further encrypt the files. I keep this off site at a friends house which I can SSH into and transfer what ever I need.
Two 4TB Ext USB3 HD's and a Safety Deposit box at your Bank.
Cheap, more or less convenient (get four drives and rotate your backup drives), and secure.
Easier yet if you can pair the amount of crucial stuff to under 4TB, then it's just one drive that you can rotate monthly (weekly?).
How little "offsite" can one get away with? Could you put a waterproof (flooding), fireproof, buried (tornadoes) safe with a NAS (SSDs for earthquake protection?) in the barn in your yard? It would be easy to run Ethernet to that and have fully synced backups without ISP/cloud service charges.
What natural disasters/events will take out both your home and the hardened safe in your barn?
One problem with "fireproof" is that a safe that will protect paper records against combustion (by shielding them from the most intense heat and preventing oxygen from entering) will almost certainly get hot enough to melt plastics and render magnetic storage damaged if not unreadable.
One of the characteristics of fireproof safes is also their ability to withstand a multi-story drop. The reason being that when the floor burns out from under it, that's what happens. This still doesn't do much to ensure data records are retained.
So long as it's a barn in the yard, reasonably directional WiFi might well suffice.
As for what natural disasters could take out your house and your barn: if you live in wildfire country, that's a distinct possible risk. As a random Google Image search example:
Not always. Fireproof safes are rated for paper, tape or drives, as well as a time limit. A safe rated for drives will guaranteed a maximum of 55 degrees (C) inside it for the rated time, enough for drives to survive without problem when powered down.
Fair enough. Much of my experience is pretty dated, to the beginning of the time that data storage was a major concern (and much of the data of the time would do just fine in a paper-rated safe).
You do raise the point that fire ratings are for specific time limits: X minutes at Y temperature.
Another key point (my long-ago sources informed me) is that one of the most important things to do after the fire is to NOT OPEN THE SAFE (this applied to paper storage, inquire with your vendor / manufacturer for data).
The same properties which make a safe proof against fire damage mean that it retains heat once applied to it for a considerable period. Apparently it's not uncommon for people to employ a fireproof safe, secure their papers and documents within it, have the safe and documents survive the fire ... and then spontaneously combust when fresh oxygen is introduced on opening to the still-blazing-hot interior.
The issue there isn't that something unlikely will happen physically, such as an EMP, the issue is that a virus could take out it out at the same time as it hits your main machine, thanks to that ethernet cable.
WTF 8TB? Are you a movie editor or something? Anyway, I'm sure you don't change 8TB of data regularly. Back up the 7,9TB which is stale on a physical media you store at your parents', then set up online sync for anything new you produce or change.
You have too much data. Archiving music/photos/movies is so pointless in this day and age, which I'm willing to bet what a lot of it is. Delete 95% of the photos and all of the movies. You now have about 100MB of actual, unique data, which fits nicely on a flash drive. It's ok, no need to thank me.
> This is a no brainer. I have yet to notice any real performance hit for enabling full disk encryption. Just enable it, make sure to have a long/strong password, and make sure your computer actually locks when you close the lid.
I have confirmed, using dtrace, that OS X uses Intel's AES-NI instructions to accelerate encrypted disks. I found no performance decrease for batch file copies. I did not test small files nor seeking. I should run more benchmarks now that I have an SSD. Perhaps the CPU is now the bottleneck.
My sense of pity really was cut short by not encrypting things. Regardless of the mention/data that disk encryption is a minor hit, reality is, for most it would be a non issue...our day to day computing issues aren't going to stress Filevault. Just turn it on...that or keep sensitive stuff in an encrypted disk image.
There is a lot in this story that sucks but a lot that is "should have known better" as well.
A good way to keep your files secure without using encryption is running anything else than OSX or Windows, too. I have had two laptops stolen, from my home - once entering by the (closed) door, once by a (closed) window. With them being under FreeBSD and Arch Linux, I'm quite confident that my data stayed safe (I ihad scans of about all my papers in there). It's kind of security through obscurity, but I think it works pretty well, any disk that's not FAT32, NTFS or HFS+ formatted is quite secure against theft.
Regarding backups, my laptops usually rsync their /home every day to my remote server (and most data on them is in git repositories anyway).
Not a single report came in. They’re good services, but if the thieves are smart the odds you’re getting anything back are slim.
My wife lost her iPhone 3G a few years ago and oddly it eventually turned up on Find My iPhone (which I use very frequently) a month or two ago. I have to wonder if at least in a phone's case, it uses the IMEI or something in its tracking rather than merely the iCloud login since you'd expect a phone to be wiped/reset within such a long timeframe. Maybe iCloud should (or does?) do a similar thing with MAC addresses or some other sort of internal serial number when it comes to tracing lost/stolen devices.
Since it was over a year later, my wife thought she'd "lost" it, we'd already mentally written it off, and it couldn't be easily traced to a specific property, I decided to let it go because I doubt the police would have been interested or useful.
With iOS7 and Find my iPhone enabled, your phone cannot be restored without entering your iTunes username and password. Your phone is literally worthless with out it.
I have jailbroken many an iPhone, so I have a bit of an idea. Apple's security is really quite strong. If you are trying to equate hacking to magic, I don't think you understand it.
I don't think you've been following the iOS7 updates closely.
If you ever manage to do a DFU, you won't be able to restore. And if you ever manage to restore and jailbreak, you'll never be able to connect to iTunes, use the AppStore, or sync with Apple again. Which means, the phone is either worthless or at least seriously crippled.
Doesn't matter. It ties your IMEI to your Apple login so after you restore you're still locked out. I've seen it action after unlocking an iPhone recently.
Even if you are a minimalist, one of the few things you should have if you have something non-negligible to lose, is a safe. Most thieves don't bother touching one if it looks sturdy and a good one will withstand fires, so that's where you can keep regular backups.
If you don't want one, building a tiny backup PC to hide somewhere (in the attic with WiFi etc.) is also feasible nowdays when you can get 1TB mSATA drives.
A NAS is my preferred choice, over a PC. Smaller than most any PC I could cobble together, lower power, quieter, unassuming. They even make WiFi-equipped models.
Which just made me think of something- if you are concerned about network security and isolating your backups, what's to stop you from keeping the NAS unconnected to your WLAN, and at time of archival, explicitly establishing P2P WiFi connections with the NAS from the client PC...
You can even buy a fire-resistant safe with USB connectivity, so you can leave an external hard drive in the safe and still back up to it regularly. The ones I've seen are still pretty pricey (~$500), but they avoid the potential for "I remembered to back up, but I forgot to lock the drive back in the safe, and then the house burned down".
Most document safes are rated to keep paper intact for a limited time, when exposed to house-fire temperatures and wattages.
Make sure when you buy a fire safe that it is 'media rated', not all of them are, and the internal temp of an ordinary fire safe will melt cds and backup tapes.
Android's encryption is pretty useless, as it forces you to use the same key for the encryption and for the screen lock. So either you have a secure encryption key and a way too complicated screen lock key, or you have a reasonable screen lock key, and a totally insecure encryption key (that can be brute-forced in less than a second).
Why would they implement the feature that way? Why not have a boot passphrase? Wouldn't you need some custom hardware to extract the keys out of RAM? And Google is in the right position to mandate some extra security hardware, if needed to provide a secure design.
Not true anymore. Device encryption can differ from lock screen nowadays. But speaking of lock screen, people have built robot to brute force it, so shutting down after a few failures is definitely a good idea.
Definitely a cautionary tail. And a reminder that we should often ignore the FUD and put (some) faith in digital systems.
Specifically:
1. Enable full disk encryption.* Unless you lose your memory, this should never prevent you from losing files. If you're still concerned, store a backup of the phrase in a very secure location.
2. Make offsite backups. Encrypt them.
* One of the things I love about Boxen is that this is enforced across the board.
I wonder what the average value of computer hardware is vs the average exploitable value of the data on that hardware and how it's changed over time.
I've never heard of a thief who's tried to use the data from a randomly stolen computer for further profit. Maybe with bitcoin and other technologies, the calculus will start shifting and thieves will become more interested in stealing data than hardware.
Setting aside all morality for a moment, what an interesting service to offer to criminals - bring me a stolen laptop and I'll pull out the personal data from it, and sell that data for you online.
This actually probably exists. Which makes the, "thieves aren't that smart" argument kind of useless.
There would probably be a bunch of trust issues blocking it. Why should any legitimate thief trust you/whatever person to take stolen property and actually do something profitable with it, instead of go straight to the police or the original owner? If you intended to offer this service as an honest criminal, how would you go about finding actual thieves and not undercover cops, and getting their trust? How could you trust them to not turn you in to the cops themselves?
If anybody came up with a startup or website or something to resolve those issues, that would be evil genius on the scale of Cryptolocker.
I definitely agree that those would all be issues, but those are issues for every underhanded transaction, not just this kind of transaction. You could say almost the same thing about drugs, hookers, etc.
Criminals do find ways to do business, and I believe they substitute money and intimidation where trust would usually go.
The holy trifecta of things that people hear about and refuse to do. And then come and preach to others when they realize that "Doh, should have listened to that troll on HN".
Wait, how was using a password manager advantageous in this situation?
>Since they had my iPhone too, they now also had potential access to my passwords manager as well as all my two-factor codes (on the Google Authenticator app).
Lastpass on the mobile app can be set up to require a password at all times. Mine locks as soon the Screen goes out of focus.
With a password manager he can use it to trigger an audit. It might not cut down the time taken to change passwords everywhere, but it will make it a lot easier.
They have potential access to the password manager on his Mac as well.
If you use a good password manager you should have the time to reset all your password so that if they somehow manager to crack the manager all the passwords in there are worthless.
Also if you immediately ask iCloud to lock your iPhone they can't use the any of the two-factor authenticators without connecting to the Internet which would brick the phone.
I don't mean it as snark but when it takes 12 hours to reset all of your passwords, that's a lot of digital "stuff" for a minimalist. At what point does the psychic load of all the digital things equal the foregone physical things?
I think you need a better system. Seriously, I just don't understand I guess I don't get it. I keep my browser on "forget everything on close" mode and I keep my passwords in a password manager all auto generated passwords. If I were to get robbed I would have to reset exactly zero passwords. Forgive me for being stupid, (I'm not trying yo be mean) but where you logged into every service you ever signed up for when you were robbed?
Did you ever think to sign out after you were done?
This is a personal preference, but I sign in, do my business, and then sign out after I'm done with the service.
My main business is running a YouTube network so I'm signed into about 10 accounts in one browser session. Merely, to maintain my channels. All passwords are 16-character random strings with two-factor authentication enabled. So if I'd let my browser "forget everything on close" as you mention, that'd take even longer every morning to sign in to all these accounts.
Opening up my password manager on my phone, then writing the 16-char password, then entering the two-factor auth code takes about a minute for each account. So that's 10 minutes to sign in to all those accounts. A bit too much for me to start my day with :)
Then there's my personal email, my work email, my web server logins etc.
It all adds up, that I'd rather save the sessions.
But I agree, there's definitely space for some digital minimalism here :)
Well, I never thought it made much sense, but: What's the point of "two-factor", when the second factor isn't actually ever required? I mean, what is "two factor" about that setup?
Good point. Two-factor auth is required on any other browser session or device without the session cookie. It's also reset every 30 days, so you'll have to re-enter it even if you still have a session running.
Well, the first factor presumably is also required in order to get a new session cookie, so what's the point of the second factor there? And if someone breaks into your system, they'll have both your password and your session cookie, so they don't need the second factor either (well, except after 30 days after you have reinstalled your system, which I would think is plenty of time to abuse your account).
Really, IMO two-factor authentication only makes sense where a separate challenge-response round is required for each transaction, so a replay of stolen credentials is impossible - as it's usually done with online banking. And against burglars, you can protect your cookies as well as your passwords by encrypting the disk contents. Just be aware of cold boot and DMA attacks, and possibly evil maid attacks.
When someone steals your device, you change your passwords and Google ends all active sessions automatically. If you use a session cookie from a very different location (e.g. another country, it also asks to re-enter the two-factor token.
That leaves the chance of having your system being compromised through the internet. Sure, that's possible.
Well, yeah, but what does two-factor auth help with any of that? Ending all existing sessions when you change the password doesn't require a second factor. Limiting the validity of a cookie to one country also doesn't seem to me to be much of a security feature, and more something that prevents you from using the service anonymously through Tor - the local thief won't be far from you and the botnet operator probably has more than enough systems in your vicinity to tunnel through, and in any case requiring the password would do the job equally well, wouldn't it?
Hu? That doesn't make sense in any interpretation I can think of. A second factor is what you need in addition to the first factor (in a conjunction), not what you can use instead, that would be a second summand (in a disjunction).
That is pretty much the epitome of "hard task". Sites differ, associating the right site with the right password is difficult, and the security risks (having scripts accidentally send the wrong creds to the wrong site(s)) mean you'd really want to get this right.
In conjunction with some other thoughts of mine, though, this suggests a space for a more API-driven web design generally. One in which the authentication mode is clearly expressed. HTML had this integrated at one point with htaccess, but it was a horribly simplistic model.
That was my thought as well. Macs have FileVault. Pretty big no-brainer for me since my laptop can access my work vpn. I have a strong password for the same reason.
Can you elaborate more? I would have thought your example isn't comparable, in that we death is inevitable, but being robbed isn't (as much, depending on circumstances)
Imagine you have a giant 10000-sided dice. You throw that dice once every day searching for a magic number (e.g. 1337). "Hitting 1337" is an experiment with a binary outcome (yes/no).
On day 500 you hit the magic number. Did you have a 1 in 500 chance of hitting it? No, you had 1/10000 chance of hitting! Even if you throw it 10000 times, there's no 100% chance of hitting 1337 since the dice is still 10000-sided even after you hit any number (this is called "no replacement") so you can have, for example, 1338 coming twice and 1337 none. There is never a 100% probability (but it approaches 1 rapidly near 10000).
On the other hand, you can calculate the probability of "hitting 1337 at least once in N throws", which is actually the CDF of a binomial distribution[1], but you need the initial probability of a single event!
Bringing back the robbery theme, living a day of your life is just repeating the "being robbed today" experiment (throwing the dice) once a day. Being robbed on day N of your life just means you repeated the experiment N days and N-1 times the outcome was "no" and then a single "yes". This does not mean that the CDF was 1 at N attempts, it just means that it was greater than 0... and this is just the probability of "being robbed after N days", i.e., the CDF of "being robbed today", not the probability of being robbed itself.
Also: you can't evaluate probability a posteriori unless the events are repeatable under controlled conditions, in which case you repeat the experiment lots of times and derive the probability from the outcomes. Burglaries are not repeatable under controlled conditions!
just because your experience was 1/10000 doesnt mean your true risk is 1/10000 . You could have tossed 9999 heads and 1 tails, there's still a 50/50 chance on the coin... Similarly you could be overstating your risk..
Yes, I say that it's more likely to find an unicorn somewhere on Earth (an undiscovered species) than to get that toss sequence. We say that an event is impossible for _way_ less probabilities (I could be hit by a cosmic radiation and start to grow a third arm, but it's unlikely enough to say that it's impossible).
Maybe more accurate to say the probability of being robbed on a single day is 1 in 10,000? So on average he could expect to be robbed two more times in his lifetime.
It can act as a frontend to Amazon Glacier, just punch in your Amazon API keys. Considering ingress into the Amazon world is free and it's a penny per GB per month to store, I've basically paid $1/month to keep 100GB of personal data safely backed up at Amazon.
I'll need to pay more than that to get my data back out, because Amazon charges retrieval fees to get things out of Glacier, but if my on-location backups should fail to rescue me, then this has my back.
Really sorry to hear about the OP getting burgled. It sucks, I know, and I was lucky enough that my laptop was missed when I was burgled - if it had been taken I'd have been in that awful position as my only backup was right next to the laptop. Scared me in to doing proper backups though!
Arq definitely gets my recommendation too. I've been using it for a little over a year, paying about $3 per month, and the peace of mind is fantastic. It's a last resort, and I have a number of other offsite backups on normal external drives, but with this backup running every hour, I'm extremely unlikely to ever lose more than an hour's work.
It's really nice because the encryption is client side, so you're not really trusting Amazon with too much, and there's an open source restore utility on github, so you don't need to worry too much about haystack going out of business.
It's also, in my experience, much, much faster to upload to than any of the other online services I've tried (Backblaze, Crashplan).
Also, a good way to protect your computer, especially while travelling: use a Kensington lock cable to physically attach it to something that doesn't move.
Since the lock mount is often just a cut-out in the laptop case, the result of theft is typically a cosmetic but non-functional blemish to the device.
Mind: anyone receiving the laptop would have a strong indication it had been stolen. This might or might not be a concern.
Additional deterrence? Sure. Proof against theft? No. Slow down an opportunistic smash-and-grab situation (I've seen ~ $20,000 of hardware stolen inside of 60 seconds)? Sure.
I guess it depends on the laptop. The last time I used a lock was with a pre-Retina MBP; short of cutting the cable (doable but you'd better come prepared) or what it's attached to (ditto but probably harder) you're not getting that off without a fight.
A kensington lock means you can walk over to the cake counter and take your time selecting a cake, leaving your computer back at the table, locked to the table leg or whatever. That's what I found anyway when travelling... it just removes the quick swipe opportunity and gives you peace of mind.
The thieves thank you for providing the link on how to break into your MacBook, since most thieves are not smart enough to do so... like you say they just want to wipe and sell it.
The iPhone should not need WiFi for Find My iPhone to work. But it probably does require you have data roaming turned on if you are not in your home country, did you have that disabled? They might have also shut down the iPhone.
Also having the Macbook join any open network it sees might bee a good security option for making it more likely it would contact a network to be found... though it's also a bit of a security risk by itself.
As you said, very good idea not to keep the backup drive and computer together. When I'm traveling if I leave the room without my computer, I generally try and carry the backup drive somewhere on me.
Yes and no. They have my data until I left to Asia in April (9 months ago). Luckily the thieves left a backup of my main drive I just did the day before. Really glad they did.
I'm used to enabling disk encryption on my work laptop for corporate security, but I've ignored my own personal information security. I'll be looking into re-enabling that now after reading what you went through. It would give me the security to know for sure that my information was wiped and not rummaged through.
> I didn’t have a cloud backup because I don’t trust a third party with my data.
I would still use cloud-based storage like Dropbox but encrypted with Truecrypt.
Am I the only one that still carries around an encrypted USB on hand at all times?
Also, have you heard anything from the police yet? Glad you and your family are safe though!
172 comments
[ 0.13 ms ] story [ 233 ms ] threadTo illustrate my point, watch this video, with subtitles on: http://www.youtube.com/watch?feature=player_detailpage&v=xmK...
Thieves don't wan to be caught or injured - they'll go for a house that doesn't have a dog bark at them when they are peeking in the windows; they'll go for the house without an alarm box next to the one that does. Even a small dog works for deterrence even if not so much actual physical defence - I've known people with some very non-aggressive dogs who still have 'Beware of Dog' signs for this exact reason.
If you're thinking about reading this article but not sure, just do it - you may find there's a lot you can learn from Pieter's horrible experience.
I would pay for expensive Next-Day-Delivery on this too.
Exactly how this would work I'm not sure. I guess said start-up would need to be trusted with all your passwords & API keys and private-keys? I dunno.
But if they have your digital life (all of it), and they go under, then all your data is gone. So: Your approach of having them have your passwords and PINs is better than "one stop shopping" where they alone hold all your data.
Think of it like an emergency service for your digital life (both private and business).
On the other hand, if you don't require that, then somebody could spoof you...
> I didn’t really trust file encryption because I thought I might lose files because of it and therefore I never enabled Mac OSX’s built-in FileVault hard drive encryption. I should have though. It’d save me from worrying about who’s going through all my files now.
This is a no brainer. I have yet to notice any real performance hit for enabling full disk encryption. Just enable it, make sure to have a long/strong password, and make sure your computer actually locks when you close the lid.
You should never be worried about losing files on a single computer. If they're important then they should be backed up to multiple computers/drives/services. If you're worried about accidentally wiping your laptop when you setup FDE then just make a backup before hand.
> My backup drive was literally NEXT to my MacBook. By sheer luck, I had just backed up my internal drive the day before and they didn’t take it.
Offsite backups are a must. It can be your own "offsite" (ie. a server at friends/parents/office) but it needs to be somewhere other than the primary site.
> I didn’t have a cloud backup because I don’t trust a third party with my data.
There's nothing wrong with not trusting third parties but that's exactly what encryption is for. Encrypt your data locally and then you can store it remotely without worrying about it being accessible to a third party. DIY scripting with GPG/S3 works well for a lot of situations. Or you can just use Tarsnap[1].
Honestly it makes a lot of sense to do the same with USB drives as well. My Linux machine is my primary computer (OS X laptop when roaming...) so the majority of my backup USB drive usage is done there. I have them setup with LUKS/dm-crypt[2] for full disk encryption. It's really easy to setup, plug-n-play on modern systems, and it almost falls into the "no reason not too" category. I just wish OS X supported it too.
[1]: http://www.tarsnap.com/
[2]: http://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
Depending on your threat model, they don't even have to be outside the house. If petty burglary is what you are defending against, a disk in a quiet corner of your basement is probably plenty.
I bring up threat models a lot, because I'm still fascinated with the model of data security as an adversarial relationship in which you can characterize your enemy, and thus qualify "good enough".
Being outside of the house protects it equally well against fires/floods/earthquakes/pets too. Protection against burglary is an added bonus.
It's not too hard to find one. Unless you're completely anti-social you probably have at least one tech-savvy friend that can understand the need for this kind of setup. Even better if you have more than one friend (hopefully not too be an "if") then you can have a "round robin" approach with a group of friends. An open source (so the crypto can actually be vetted) version of BTSync[1] would be great for this.
> For example, I would consider it pretty poor form to plug in a personal networked backup box at my desk at work. That kind of move can also pose a risk to my sustained employment!
Haha. Yes plugging in random networked boxes at the office might arouse some (just!) concern. When I wrote that piece I was thinking specifically of my company as I'm the boss :D
[1]: http://www.bittorrent.com/sync
http://git-annex.branchable.com/special_remotes/rsync/
How DVCS was first conceived. ;)
I'm most of the way through the non-Bitcoin / "Disk Space Marketplace" portion of a project that would work really well for this[1].
While the premise is that you would be able to rent disk space from anyone who wanted to provide it (using Bitcoin/Stripe/PayPal/Whatever), that part is going to be decoupled from the actual encrypt + distribute portion which could be pretty easily used by a group of friends to have reciprocal backups of important data.
I'm still a couple weekends away from it being usable though.
[1] https://github.com/ConceptPending/fincrypt
I do use offsite backup in addition to regular local backups. I genuinely wonder how this will play out as video and image stuff to backup grows. At the least I'm thinking I probably need to do a better job of figuring out how to separate the important stuff from all the intermediate, rejected, etc. files.
It splits your data in chunks, encrypts them on the fly while sending them to the cloud. It doesn't use much space, apart from a little metadata, and you don't have to worry about the NSA, as the encryption keys are only on your local machine.
[1] https://www.cyphertite.com
Safety deposit box at a bank, trusted non-local family member's house, and trusted international (preferably different continent) friend's house should be enough for most cases.
I have over 8TB of data at my house, and getting that backed up offsite is not trivial.
Easier yet if you can pair the amount of crucial stuff to under 4TB, then it's just one drive that you can rotate monthly (weekly?).
What natural disasters/events will take out both your home and the hardened safe in your barn?
edit: An EMP may fit the bill. :-O
One of the characteristics of fireproof safes is also their ability to withstand a multi-story drop. The reason being that when the floor burns out from under it, that's what happens. This still doesn't do much to ensure data records are retained.
So long as it's a barn in the yard, reasonably directional WiFi might well suffice.
As for what natural disasters could take out your house and your barn: if you live in wildfire country, that's a distinct possible risk. As a random Google Image search example:
http://www.mesonet.ttu.edu/cases/PitchforkFire_050811/201105...
Note the plot of 20cm depth soil temperature rise (and how long the temps stay elevated):
http://www.mesonet.ttu.edu/cases/PitchforkFire_050811/meteo_...
See: http://www.theregister.co.uk/2013/12/02/setting_the_iosafe_2...
You do raise the point that fire ratings are for specific time limits: X minutes at Y temperature.
Another key point (my long-ago sources informed me) is that one of the most important things to do after the fire is to NOT OPEN THE SAFE (this applied to paper storage, inquire with your vendor / manufacturer for data).
The same properties which make a safe proof against fire damage mean that it retains heat once applied to it for a considerable period. Apparently it's not uncommon for people to employ a fireproof safe, secure their papers and documents within it, have the safe and documents survive the fire ... and then spontaneously combust when fresh oxygen is introduced on opening to the still-blazing-hot interior.
I have confirmed, using dtrace, that OS X uses Intel's AES-NI instructions to accelerate encrypted disks. I found no performance decrease for batch file copies. I did not test small files nor seeking. I should run more benchmarks now that I have an SSD. Perhaps the CPU is now the bottleneck.
There is a lot in this story that sucks but a lot that is "should have known better" as well.
Regarding backups, my laptops usually rsync their /home every day to my remote server (and most data on them is in git repositories anyway).
My wife lost her iPhone 3G a few years ago and oddly it eventually turned up on Find My iPhone (which I use very frequently) a month or two ago. I have to wonder if at least in a phone's case, it uses the IMEI or something in its tracking rather than merely the iCloud login since you'd expect a phone to be wiped/reset within such a long timeframe. Maybe iCloud should (or does?) do a similar thing with MAC addresses or some other sort of internal serial number when it comes to tracing lost/stolen devices.
I don't think you understand hacking...
I don't think you've been following the iOS7 updates closely.
If you ever manage to do a DFU, you won't be able to restore. And if you ever manage to restore and jailbreak, you'll never be able to connect to iTunes, use the AppStore, or sync with Apple again. Which means, the phone is either worthless or at least seriously crippled.
If you don't want one, building a tiny backup PC to hide somewhere (in the attic with WiFi etc.) is also feasible nowdays when you can get 1TB mSATA drives.
Bolting to the floor/wall is a must.
Which just made me think of something- if you are concerned about network security and isolating your backups, what's to stop you from keeping the NAS unconnected to your WLAN, and at time of archival, explicitly establishing P2P WiFi connections with the NAS from the client PC...
Thanks for writing this post! I finally took a moment to enable FileVault :)
Best of luck on your travels!
Discussion about the issue : https://code.google.com/p/android/issues/detail?id=29468
Specifically:
1. Enable full disk encryption.* Unless you lose your memory, this should never prevent you from losing files. If you're still concerned, store a backup of the phrase in a very secure location.
2. Make offsite backups. Encrypt them.
* One of the things I love about Boxen is that this is enforced across the board.
> online back-ups.
that combination merits a post of its own.
I've never heard of a thief who's tried to use the data from a randomly stolen computer for further profit. Maybe with bitcoin and other technologies, the calculus will start shifting and thieves will become more interested in stealing data than hardware.
This actually probably exists. Which makes the, "thieves aren't that smart" argument kind of useless.
If anybody came up with a startup or website or something to resolve those issues, that would be evil genius on the scale of Cryptolocker.
Criminals do find ways to do business, and I believe they substitute money and intimidation where trust would usually go.
- make backups
- encrypt data
- use a password manager
The holy trifecta of things that people hear about and refuse to do. And then come and preach to others when they realize that "Doh, should have listened to that troll on HN".
>Since they had my iPhone too, they now also had potential access to my passwords manager as well as all my two-factor codes (on the Google Authenticator app).
With a password manager he can use it to trigger an audit. It might not cut down the time taken to change passwords everywhere, but it will make it a lot easier.
If you use a good password manager you should have the time to reset all your password so that if they somehow manager to crack the manager all the passwords in there are worthless.
Also if you immediately ask iCloud to lock your iPhone they can't use the any of the two-factor authenticators without connecting to the Internet which would brick the phone.
what are lips for if not to pleasure your master?
Did you ever think to sign out after you were done?
This is a personal preference, but I sign in, do my business, and then sign out after I'm done with the service.
Opening up my password manager on my phone, then writing the 16-char password, then entering the two-factor auth code takes about a minute for each account. So that's 10 minutes to sign in to all those accounts. A bit too much for me to start my day with :)
Then there's my personal email, my work email, my web server logins etc.
It all adds up, that I'd rather save the sessions.
But I agree, there's definitely space for some digital minimalism here :)
Really, IMO two-factor authentication only makes sense where a separate challenge-response round is required for each transaction, so a replay of stolen credentials is impossible - as it's usually done with online banking. And against burglars, you can protect your cookies as well as your passwords by encrypting the disk contents. Just be aware of cold boot and DMA attacks, and possibly evil maid attacks.
That leaves the chance of having your system being compromised through the internet. Sure, that's possible.
I don't make heavy use of online services, and yet I've got over 100 accounts I access (assessed by counting entries in my encrypted password store).
Resetting those passwords (or even changing them, which might not be a bad idea) could easily take some time.
In conjunction with some other thoughts of mine, though, this suggests a space for a more API-driven web design generally. One in which the authentication mode is clearly expressed. HTML had this integrated at one point with htaccess, but it was a horribly simplistic model.
Something I've been thinking about.
People still have laptops that aren't encrypted!?
No, no, no. That is not how probability works. That's like saying that if I live to be 100, the probability of me dying was 1 in 36,525.
Imagine you have a giant 10000-sided dice. You throw that dice once every day searching for a magic number (e.g. 1337). "Hitting 1337" is an experiment with a binary outcome (yes/no).
On day 500 you hit the magic number. Did you have a 1 in 500 chance of hitting it? No, you had 1/10000 chance of hitting! Even if you throw it 10000 times, there's no 100% chance of hitting 1337 since the dice is still 10000-sided even after you hit any number (this is called "no replacement") so you can have, for example, 1338 coming twice and 1337 none. There is never a 100% probability (but it approaches 1 rapidly near 10000).
On the other hand, you can calculate the probability of "hitting 1337 at least once in N throws", which is actually the CDF of a binomial distribution[1], but you need the initial probability of a single event!
Bringing back the robbery theme, living a day of your life is just repeating the "being robbed today" experiment (throwing the dice) once a day. Being robbed on day N of your life just means you repeated the experiment N days and N-1 times the outcome was "no" and then a single "yes". This does not mean that the CDF was 1 at N attempts, it just means that it was greater than 0... and this is just the probability of "being robbed after N days", i.e., the CDF of "being robbed today", not the probability of being robbed itself.
Also: you can't evaluate probability a posteriori unless the events are repeatable under controlled conditions, in which case you repeat the experiment lots of times and derive the probability from the outcomes. Burglaries are not repeatable under controlled conditions!
[1] https://en.wikipedia.org/wiki/Binomial_distribution#Cumulati...
http://www.haystacksoftware.com/arq/index.php
It can act as a frontend to Amazon Glacier, just punch in your Amazon API keys. Considering ingress into the Amazon world is free and it's a penny per GB per month to store, I've basically paid $1/month to keep 100GB of personal data safely backed up at Amazon.
I'll need to pay more than that to get my data back out, because Amazon charges retrieval fees to get things out of Glacier, but if my on-location backups should fail to rescue me, then this has my back.
http://www.cloudberrylab.com/amazon-glacier-storage-backup.a...
And for Linux it seems like this one might be an option, but, YMMV:
http://www.janoszen.com/2013/10/14/backing-up-linux-servers-...
Arq definitely gets my recommendation too. I've been using it for a little over a year, paying about $3 per month, and the peace of mind is fantastic. It's a last resort, and I have a number of other offsite backups on normal external drives, but with this backup running every hour, I'm extremely unlikely to ever lose more than an hour's work.
It's really nice because the encryption is client side, so you're not really trusting Amazon with too much, and there's an open source restore utility on github, so you don't need to worry too much about haystack going out of business.
It's also, in my experience, much, much faster to upload to than any of the other online services I've tried (Backblaze, Crashplan).
Mind: anyone receiving the laptop would have a strong indication it had been stolen. This might or might not be a concern.
Additional deterrence? Sure. Proof against theft? No. Slow down an opportunistic smash-and-grab situation (I've seen ~ $20,000 of hardware stolen inside of 60 seconds)? Sure.
"A lock keeps an honest man honest."
This still slows down the casual / opportunistic thief markedly, of course.
I tested this technique myself a few years back, but must admit to not knowing if Kensington locks have evolved since then.
The iPhone should not need WiFi for Find My iPhone to work. But it probably does require you have data roaming turned on if you are not in your home country, did you have that disabled? They might have also shut down the iPhone.
Also having the Macbook join any open network it sees might bee a good security option for making it more likely it would contact a network to be found... though it's also a bit of a security risk by itself.
As you said, very good idea not to keep the backup drive and computer together. When I'm traveling if I leave the room without my computer, I generally try and carry the backup drive somewhere on me.
> 4 hard drives spread around with all my data encrypted
Did these turn out to be useful?
I'm used to enabling disk encryption on my work laptop for corporate security, but I've ignored my own personal information security. I'll be looking into re-enabling that now after reading what you went through. It would give me the security to know for sure that my information was wiped and not rummaged through.
> I didn’t have a cloud backup because I don’t trust a third party with my data.
I would still use cloud-based storage like Dropbox but encrypted with Truecrypt. Am I the only one that still carries around an encrypted USB on hand at all times?
Also, have you heard anything from the police yet? Glad you and your family are safe though!