I’ve spent the last few days encrypting everything. We’ve had a lot of home break-ins recently in our little seaside hamlet and it made me realize how vulnerable all our data was to thieves. With all the security, firewalls, passcodes and so on I never really thought much about having our physical devices stolen out of the house! And so, I went into paranoia mode and have been encrypting everything and anything.
Luckily Mac makes things very easy (I love Mac for its elegance and simplicity). Most things already had encryption enabled by default and so I really only needed to take action on the external disks and Time Capsule. For the external disks one can use Filevault and it is very easy. For the Time Capsule you just tick encrypt and I chose to erase all the old unencrypted backups and start with a fresh encrypted one.
For my Android I enabled encryption and the forums were right that it really doesn’t affect the performance of a Samsung S6 at all.
For my PC I have all my files on a separate data drive and just decided to encrypt the entire thing with VeraCrypt. The only annoyance is I now have to mount the drive through the VeraCrypt program every time I turn on my computer. No big deal though as it gives me peace of mind.
It is with Synology server and encryption that I really had to think and the best solution costs money. 🙁 My NAS has two solid state hard disks: I chose solid state because it is always on and I wanted the reliability as well as less power usage/moving parts etc. But solid state drives are expensive and you don’t get a lot of storage. So my problem is I have too much personal data but not enough storage on the SS disks! So to cut to the chase, the easy fix is to buy a new solid state disk which I see have come down quite a bit in price. A good SSD with 1TB is still $250 that I can’t spare on disk upgrades at the moment. With a bigger solid state disk I could just use Synology’s built in encryption and create an encrypted folder with enough space to hold all my files.
I do have an external WD that I’ve been using but this is where the problem with encryption comes in. Synology won’t encrypt a folder on an external drive. I tried using VeraCrypt to encrypt the whole thing but then the NAS doesn’t recognize it. I tried using WD software to encrypt but the NAS doesn’t recognize that either! Finally, I was able to create a very large VeraCrypt container so long as I had formatted it NTFS – FAT cannot handle large files. So, ok, I’ve got it connected and can mount the container from my computer.
The next step was being able to open it from my Android. VeraCrypt doesn’t have an app (that would have been too easy!) I checked their website and they say to use a third party app called EDS. I got it but for full functionality you need to have root access. I don’t want to root my phone again so that is out. The other option is to decrypt to a temporary location. The problem is my VeraCrypt container is ENORMOUS and so I cannot be decrypting that thing to a temporary location.
Hence I have to chose between being able to access my files with my phone or having peace of mind in case someone stole the actual hard disk. To add to my headache I’ve read too many forums and some dude had a point that 99% of problems will arise from the encryption screwing up making the data inaccessible vs it actually getting stolen. This freaked me out as my mind raced to some sort of virus or unknown issue hitting VeraCrypt then one domino hitting the others until I’ve lost or cannot access all my data on all my encrypted backups.
And so the the only way I can truly have peace of mind is to sit in the middle of the room pressing my disconnected drive against my chest as I rock back and forth with my tinfoil hat on.
Anyway, I wanted to write this down just to document the adventure in encryption and how much of a pain it has been.
Moral of the story – use Apple products, they make things easy.
Well, I ran across a few problems with the encryption. The first and most important is that I could not use my file sync program to synch my personal files folder with the backup on the external drive attached to the server. I mounted both through VeraCrypt but it wouldn’t work telling me the connection was interrupted.
The second problem was with the Windows backup which I had completely forgotten about. I shouldn’t have encrypted the entire data drive on my computer because Windows couldn’t see it unless it was mounted. So I tried to have it backed up on the external drive attached to my server. No luck as I get the same error as above with the interrupted connection.
So, I unencrypted my computer’s data drive (quick format) and just made a VeraCrypt container. Now I don’t need to load the whole disk every time and Windows can see the disk immediately and proceed with the windows backup.
As for synching the two folders I’ve decided just to copy the entire encrypted container once in a while. That keeps things easy and with speed only about two to three hours for 800 gigabytes. I had also thought about putting a backup of the encrypted container on Google Drive, OneDrive or Drop Box but refuse to pay a monthly fee. I’m a local Google Maps guide and thought I had thought there was a benefit once you reach level three (four?) that you get unlimited storage on Google Drive. I checked yesterday and it is only for one year; no good since I don’t want to eventually have to pay a fee.
Finally, the only problem that remains is I cannot access my files remotely from my phone unless it is rooted. I don’t want to root as you no longer get OTA updates on the operating system and things can generally go awry much more easily.
So the solution remains to buy a bigger SS drive for the server which is still $250 and encrypt the folder. I’m not sure how much I trust the server’s encryption though and feel much more secure with a VeraCrypt container.
Anywho, on a slightly different subject I like this song which is the ending to the game Portal. It’s amazing how many games I know nothing about. I’ve been a Warcraft player exclusively for over twenty years (although I haven’t played in over a year or so.) But I love this song, especially for when I’m doing internet/computer stuff as the singer is GLaDOS – an artificial intelligence in the game. How long until something like GLaDOS is a reality? I’m guessing ten years. In fact the Google Assistant is slated to roll out this week. With advances in artificial intelligence I look for the day when one can speak to the Google Assistant in the same way Theodore Twombly speaks to Samantha, an intelligent computer operating system in the movie Her.
I’m rambling, let’s get to that song “Still Alive.” Here are my favorite lyrics. They make me think of this very blog and that perhaps in the distant future AI could analyze all my posts and create a persona that thinks and acts very much like me. In a way I’ll be ‘still alive.’
And believe me I am still alive.
I’m doing science and I’m still alive.
I feel fantastic and I’m still alive.
While you’re dying I’ll be still alive.
And when you’re dead I will be still alive.