I know zero about encryption.

Is it possible for me to keep a file on my laptop with sensitive information, but have it encrypted? I've been keeping a spread sheet of important info on an external hard drive, but it's a pain to always go get it, and I'd like to have the info available all the time. I don't want to have this info on the cloud.

Is encrypting and password protecting a specific folder or file something I can do? If someone can point me in the correct direction I'm sure I can do some research on my own, but this is something I know nothing about. Please point me in the right direction.

Thank you.

P.S. Google Drive is convenient, but I just assume it isn't safe for sensitive stuff and don't use it. Is that correct?

The problem with encrypting things, is that when you go to use it, by definition, it needs to be decrypted. So for convenience, you will keep it decrypted most of the time.

With that said, I use Microsoft Bitlocker on everything I own, so that if I am to lose a flash drive, or something, I can feel safe in the knowledge that it is encrypted.

Devices can be protected by encryption, but data, not so much, as like I say... you will probably have it decrypted for everyday usage.

-John

Are there options for what I want? I suppose I could get a thumb drive and keep it with me most of the time and just update everything frequently.

Yes, you can use Microsoft Bitlocker to encrypt a thumb drive, and then keep your most important secrets there. If you lose the key, you will lose access to the information. When you go to use the information, you will be decrypting the drive/data, and if you have security vulnerabilities, they can get to your data then.

It will protect you from random data loss, and I highly recommend it.

-John

Hmmm, I think I'll have to do that. Then I can have all the important stuff I want on my external and have that encrypted. Then I'd have copies on thumb drives. I shouldn't need it all that often, but I suppose if I'm really worried, I can use the thumb drive in the field on a device that is not connected to the internet.

As far as decrypting, is that as simple as just entering a password?

What are your thoughts on cloud storage?

I like Microsoft Bitlocker because decrypting is as simple as providing a password (among several authentication methods). You also (they) have a recovery key, which can be used to recover your data if you lose your password.

Anything and everything in the cloud can pretty much be considered compromised. Microsoft offers a "bring your own key" encryption for some of their services, but just in general, when your data is in the cloud, if it has not been specifically encrypted by yourself, using a method/key that you are sure of, for sure the Cloud Service Provider can read it, and therefore anyone that can hack them can read it, etc.

There used to be a product called TrueCrypt, which I liked. It offered plausible deniability because you could make a encrypted file, anywhere on your hard drive, which appeared normal, like random data, but was really an encrypted data store.

Today I don't really worry about plausible deniability, I just encrypt everything, and only store my really important things on devices which are not normally decrypted, like flash drives.

Passwords, I have started just keeping on paper. The only times they are digital are when I type them in (which is no good, but sheesh.)

-John

Thank you so far.

An iron key might do what you need

There used to be a product called TrueCrypt, which I liked. It offered plausible deniability because you could make a encrypted file, anywhere on your hard drive, which appeared normal, like random data, but was really an encrypted data store.

The new equivalent/successor to TrueCrypt is called VeraCrypt, which also works very well for its intended purposes. Definitely worth a look if TC was something you found useful.



Is encrypting and password protecting a specific folder or file something I can do? If someone can point me in the correct direction I'm sure I can do some research on my own, but this is something I know nothing about. Please point me in the right direction.


If you take a look at VeraCrypt and it doesn't really hit the mark, feel free to PM me and I'd be happy to provide a bit more assistance offline.

Normally I'd elaborate a bit more here, but I quite literally spent all day explaining to a roomful of application architects and developers how to build & integrate extremely high-volume crypto/key-mgt systems...



An iron key might do what you need

Also a good suggestion worth looking into - these have come a long way since originally released.

I am still using FreeOTFE, which is very similar to TrueCrypt, right down to being abandoned several years ago. But it still works and is relatively seamless. Mount your encrypted file or drive, do your business, dismount and move on. I am not a hacker or a security nerd, but I travel with a lot of data, including scans of medical documents and important papers that I wouldn't want randomly exposed to the world if I left my laptop behind in a plane or hotel. I also use Express VPN on the road since I spend a lot of time on sketchy hotel wireless connections. Seems secure, relatively painless to set up for a regular guy user.

VeraCrypt replaced TrueCrypt

https://archive.codeplex.com/?p=veracrypt

Yes, I take back what I said above about encrypted containers not still being a useful tool in the battle for online privacy. Here's another option using Bitlocker to create an encrypted container that can be mounted/dismounted at will.

https://www.howtogeek.com/193013/how-to-create-an-encrypted-container-file-with-bitlocker-on-windows/

-John

Open a shady email!

I'm interesting in VPN for mobile browsing as well, but not sure if that should be a separate thread. Either way, looks like I've got some reading to do. Thanks fellas.

For what we do, it is a wonderful thing. Inexpensive peace of mind. I went with Express because it was very simple to set up, and they offered domestic servers for Netflix compatibility. But it was a toss-up between them and NordVPN, which I also heard great things about.

I never had to pay for anything before, is it a pay service?

For what we do, it is a wonderful thing. Inexpensive peace of mind. I went with Express because it was very simple to set up, and they offered domestic servers for Netflix compatibility. But it was a toss-up between them and NordVPN, which I also heard great things about.

I use Nord, got the killer deal for 3 years at about $3 a month, plus a free extra month. Ideal for P2P and watching TV from outside the US. They encourage you to install on your router as well, but you can have six devices using different VPNs simultaneously if you want. The fact they're outside the US is attractive from a privacy standpoint.

That is a pretty awesome deal. I think mine breaks down to $9/month. I thought about installing it on my home router, but I've been too lazy to crack open the settings and actually do it yet. They also offer an Android client that I downloaded but constantly forget to use on my phone. My security concerns are mostly around things like being able to look at a bank statement or order a pizza from the hotel wireless without having to worry about another guest or housekeeping borrowing my info for their side business. I'd rather they just follow the traditional route of stealing it from my check-in information on the hotel's system.

What is the TV watching angle? Is it that TV and Netflix make you vulnerable, or that trying to watch through a VPN is a pain and they make it easy?

What is the TV watching angle? Is it that TV and Netflix make you vulnerable, or that trying to watch through a VPN is a pain and they make it easy?

Using a vpn often makes your internet traffic look like it's coming from outside the US... and if your netflix account is a US based on, they won't let you in. VPN services that offer US based servers avoid that issue.

What is the TV watching angle? Is it that TV and Netflix make you vulnerable, or that trying to watch through a VPN is a pain and they make it easy?

The flip side is that many services based outside(Sky Sports, Eurovision, Fox Central America) the US don't allow streaming to US IP addresses, Nord has servers in over 120 countries to get around those restrictions. It's really the only good way to get race coverage of anything other than Nascar.

ProtonVPN/ProtonMail is also a very good option for VPN and encrypted email services, definitely recommend checking out (especially for email if not a fan of big (evil) G mining your comms - they have one of the worst/most insidious privacy policies I've seen to date.

I second ProtonMail and ProtonVPN.

I've yet to run into any issues (that I know about) with Gmail being invasive. I suppose if you forward mail from a ProtonMail account to Gmail it completely defeats the purpose? Glad to see more people with experience with these programs. Thank you.

I've yet to run into any issues (that I know about) with Gmail being invasive. I suppose if you forward mail from a ProtonMail account to Gmail it completely defeats the purpose? Glad to see more people with experience with these programs. Thank you.That's just it - you won't know when it happens...

Just to give a brief example, let's compare this:

https://uploads.tapatalk-cdn.com/20190211/5c2c279c7a33c3b9b2ece861399dc88e.jpg

or this:

https://uploads.tapatalk-cdn.com/20190211/f36588913e4dc528bccd1214360b5739.jpg

with this:
https://uploads.tapatalk-cdn.com/20190211/b6b05393b6d11b5dc99f06ad4d1441af.jpg


And just a single example (there are many others) to drive home the point of just how bad that statement from google is (despite looking good to the untrained eye) without a bunch of legal gobbledygook:

https://www.businessinsider.com/google-allows-app-developers-to-read-peoples-gmails-report-2018-7/

Thanks for info.

Just book marking this so I can read it later.

https://www.pcmag.com/feature/366323/how-to-encrypt-a-document-stored-on-google-drive

That's just it - you won't know when it happens...



Any insight on the meat of his question re: cross-contamination w/ non protonmail recipients?

So far as I know, protonmail is only encrypted if you are sending it to someone else who also is using a protonmail account.

If you send an email from PM to GMail, it's sent in the clear and Google can access the information.

^^^thanks for bumping this to remind me; had written up something last week during some in-flight down time, but ended up being way too much, so here's the condensed version:

Without taking any additional items/steps into consideration, mail sent from a ProtonMail account to a Gmail (or any other external/non-ProtonMail) address would only be encrypted while in-transit between mail-hosts (at best), and would still be stored in plain-text on the Google (or other provider) mail servers, fully available to them to access, mine/analyze, and/or disseminate your data within the sphere of those parties identified in the privacy policy (which is a damn large list).

ProtonMail uses OpenPGP to encrypt mailboxes and messages between ProtonMail users, with encryption/decryption through either the website, Mobile App, and/or ProtonMail Bridge (note that the messages retrieved through the Bridge are decrypted in local storage).

Also, they've exposed this functionality (and keyring management) to provide options for exchanging fully-encrypted email with external non-ProtonMail recipients - (e.g. Gmail, etc.); This allows for the message contents to be fully protected & unreadable even on remote servers (but watch out for those headers/subject-lines, which stay plaintext and are captured in any number of locations during message transit/processing).

All that's required for this is to simply create/associate a PGP Public Key with an address/contact, and PM will automatically encrypt all outbound email to that address (bidirectional encrypt/decrypt is seamless once Public Keys have been exchanged & verified; do not ever share a private key). Also, other than rules configured in a mail client, there is no native "auto-forwarding" capability in the PM service.

gpg4win is a good Windows/Outlook client bundle for creating and managing PGP Keyrings, and for "one-off's", PM has option for message encryption/expiration using OTPs.

Finally, be careful to (securely) store any keyrings & passphrases, or anything encrypted with such is toast should they be lost...

Encryption with a biometric source is the hardest to crack. A fingerprint will be hard to decipher as it does not use a password in the conventional sense. Off the shelf software will always be breakable. I'd cruise some software forums.

You have any studies backing that up? Biometrics are often easier to hack than many things, because they aren't reading DNA, it's just using software interpretation. They've even been fooled by photocopies.

I highly trust Veracrypt, as a TrueCrypt derivative. Why? It's been tested, you could say.

The Gov't threw all of it's resources into trying to decrypt a TC drive a few years back in a massive treason case. After trying for a year and a half, they had to give up. It's not hard to use either, and you can treat the decrypted folder like a hard drive after mounting it. Microsoft bitlocker? Because of the first word in that title, I'm pretty sure the "right" people could decrypt that in about 0.001 nanoseconds. The fact it has a recovery key is probably not for your benefit, it's for theirs, intentionally. I have a hard time believing Microsoft didn't reach a handshake deal on a backdoor.

If you throw in a fingerprint reader, with a retinal scan, magnetic strip reader and a password. I won't say where I have seen this in use.

If you throw in a fingerprint reader, with a retinal scan, magnetic strip reader and a password. I won't say where I have seen this in use.Probably Netflix...