Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)

123456789 wrote:

I encrypt the sensitive data before storing it on the cloud.

That’s the smart way to do it. That way if the cloud is compromised your
data is still safe. The majority of user data stored in iCloud is
end-to-end encrypted with a key only known to the individual user:
https://support.apple.com/en-us/HT202303

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

The Real Bev wrote:

I try to back up my entire 353GB partition at least once a week to
either another partition on my computer or a USB drive within easy reach
if I have to flee a fire. Someone is home almost all of the time, so
unless a home invader decides to make off with my HEAVY full-tower
computer and a number of USB drives I feel pretty safe.

Add a drive to the picture, and swap it with that one once a week/month,
storing the other drive in your car or somewhere else off site, and fire is
no longer as big of a concern.

How long would it take to copy my partition to the cloud at ~6Mbps?
This is a rhetorical question...

Too freaking long to be practical for many of us. Taking a hard drive or
two with you when you leave the house occasionally is much more practical.

If we both have to leave home for an extended period (maybe once a
decade) we put recent backups in a box and take them to a friend's house.

Good idea. Be sure to encrypt those drives so the data is safe from prying
eyes.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 06/06/2019 05:04 PM, Jolly Roger wrote:
The Real Bev wrote:

I try to back up my entire 353GB partition at least once a week to
either another partition on my computer or a USB drive within easy reach
if I have to flee a fire. Someone is home almost all of the time, so
unless a home invader decides to make off with my HEAVY full-tower
computer and a number of USB drives I feel pretty safe.

Add a drive to the picture, and swap it with that one once a week/month,
storing the other drive in your car or somewhere else off site, and fire is
no longer as big of a concern.

How long would it take to copy my partition to the cloud at ~6Mbps?
This is a rhetorical question...

Too freaking long to be practical for many of us. Taking a hard drive or
two with you when you leave the house occasionally is much more practical.

If we both have to leave home for an extended period (maybe once a
decade) we put recent backups in a box and take them to a friend's house.

Good idea. Be sure to encrypt those drives so the data is safe from prying
eyes.

Our friends are free to look at whatever they want, but they don't run
linux.


--
Cheers, Bev
Schrodinger's Cake: You can have it AND eat it.
--Roland Curtis

On Thu, 6 Jun 2019 10:48:32 -0700, The Real Bev
wrote:

On 06/06/2019 08:05 AM, Arlen G. Holder wrote:
On Thu, 6 Jun 2019 10:41:35 +0200, Piet wrote:

And where do you store them? Theft-safe and fireproof?

Hi Piet,

This is a GOOD POINT, where we each bring value to the Usenet potluck with
our divergent ideas...

Given that people repeatedly claim that the cloud storage is safe from
catastrophic home fires, IMHO, this "theft safe & fireproof" concept is one

Fireproof. Friends went through one of the big California fires a while
back. Their entire house was flattened except for the perhaps
4-feet-high "fireproof" safe. Made an impressive picture standing there
amidst the ash. The papers inside were ash, the gold jewelry was melted
into the ash and other bits of stuff, and the Rolex was...interesting.
How many hours of fire can your fireproof safe tolerate? That one was
rated for one hour.

Which is a reminder that solutions are not absolute.

[snip]

Sincerely,

Gene Wirchenko

Gene Wirchenko wrote:
On Thu, 6 Jun 2019 10:48:32 -0700, The Real Bev
wrote:

On 06/06/2019 08:05 AM, Arlen G. Holder wrote:
On Thu, 6 Jun 2019 10:41:35 +0200, Piet wrote:

And where do you store them? Theft-safe and fireproof?
Hi Piet,

This is a GOOD POINT, where we each bring value to the Usenet potluck with
our divergent ideas...

Given that people repeatedly claim that the cloud storage is safe from
catastrophic home fires, IMHO, this "theft safe & fireproof" concept is one
Fireproof. Friends went through one of the big California fires a while
back. Their entire house was flattened except for the perhaps
4-feet-high "fireproof" safe. Made an impressive picture standing there
amidst the ash. The papers inside were ash, the gold jewelry was melted
into the ash and other bits of stuff, and the Rolex was...interesting.
How many hours of fire can your fireproof safe tolerate? That one was
rated for one hour.

Which is a reminder that solutions are not absolute.

[snip]

Sincerely,

Gene Wirchenko

It says right on the tin, how many hours it is rated for.
If your documents are burned, you need a higher rating :-)

The larger the thermal mass, the longer it takes to heat up.

This one is rated 3 hours. It's regular $9200 dollars, and
is now only $5100. So if a thief steals the safe, the safe
is likely worth more than the contents.

https://secure.img1-ag.wfcdn.com/im/...nic+ Lock.jpg

I guess we would rate these "a scam at the best of times".

I wonder how many tons of steel plates you could buy
for $9200 ? Like, build an entire fireproof room. with lots
of air gap to make for a large gradient.

Aerogel makes a great insulator, but it can't take 1500F by itself.
I think it'll handle a natural gas flame OK (which is
relatively cool as flames go). Aerogel is better than R10 per inch,
and quite expensive due to how its made. Sheets can be thinner than
an inch, because it isn't nearly as easy to make as Styrofoam SM.

https://www.researchgate.net/figure/...fig1_275209519

There are also those ceramic tiles on the space shuttle. Maybe a steel
box with those as an insulator would work.

Paul

On Fri, 07 Jun 2019 16:46:52 -0400, Paul
wrote:

[snip]

It says right on the tin, how many hours it is rated for.
If your documents are burned, you need a higher rating :-)

Read "needed" for "need" G.

The larger the thermal mass, the longer it takes to heat up.

This one is rated 3 hours. It's regular $9200 dollars, and
is now only $5100. So if a thief steals the safe, the safe
is likely worth more than the contents.

https://secure.img1-ag.wfcdn.com/im/...nic+ Lock.jpg

I guess we would rate these "a scam at the best of times".

ISTM that the first question should be "How long is a building
fire likely to result in the elevated temperatures that your treasures
need protection from?" and that the first priority would be making
sure that the fireproof safe is rated for at least that long plus a
safety margin.

Or why bother?

What good are those one-hour safes?

[snip]

Sincerely,

Gene Wirchenko

On 06/09/2019 06:55 PM, Gene Wirchenko wrote:
On Fri, 07 Jun 2019 16:46:52 -0400, Paul
wrote:

[snip]

It says right on the tin, how many hours it is rated for.
If your documents are burned, you need a higher rating :-)

Read "needed" for "need" G.

The larger the thermal mass, the longer it takes to heat up.

This one is rated 3 hours. It's regular $9200 dollars, and
is now only $5100. So if a thief steals the safe, the safe
is likely worth more than the contents.

https://secure.img1-ag.wfcdn.com/im/...nic+ Lock.jpg

I guess we would rate these "a scam at the best of times".

ISTM that the first question should be "How long is a building
fire likely to result in the elevated temperatures that your treasures
need protection from?" and that the first priority would be making
sure that the fireproof safe is rated for at least that long plus a
safety margin.

Or why bother?

What good are those one-hour safes?

Who in Santa Rosa thought that they'd need even ONE hour?

--
Cheers, Bev
"We thought about one of those discount store caskets, but,
frankly, we were worried about the quality."
-- mortuary commercial

On Sun, 9 Jun 2019 23:14:19 -0700, The Real Bev
wrote:

On 06/09/2019 06:55 PM, Gene Wirchenko wrote:

[snip]

What good are those one-hour safes?

Who in Santa Rosa thought that they'd need even ONE hour?

Housefire?

Sincerely,

Gene Wirchenko

In article , The Real Bev
wrote:


What good are those one-hour safes?

Who in Santa Rosa thought that they'd need even ONE hour?

those who understand risk.

On 06/10/2019 10:30 AM, Gene Wirchenko wrote:
On Sun, 9 Jun 2019 23:14:19 -0700, The Real Bev
wrote:

On 06/09/2019 06:55 PM, Gene Wirchenko wrote:

[snip]

What good are those one-hour safes?

Who in Santa Rosa thought that they'd need even ONE hour?

Housefire?

Tubbs Fire. A curious thing: Google shows street view after the fire
(2017), but the satellite view is still pre-fire.

--
Cheers, Bev
"What's truly sad is that your vote counts the same as mine."
-- S. Brown

On Wed, 5 Jun 2019 16:19:11 -0000 (UTC), in alt.comp.os.windows-10, Arlen
G. Holder wrote:

This question is only about STORING data on the Internet, such as
o Your media
o Your documents
o Your passwords, private calendar, app backups, etc.

I'm confused. Do you mean that the data exists only in the cloud? No
local copy? Does any service do that? All of my cloud services will keep
a local copy on the computer.

Assuming you mean store data in the cloud and have it locally synced, I
use both Dropbox and Google Drive.

I keep my passwords in the Dropbox, in a password protected Excel
spreadsheet. This has saved my ass numerous times, as all I need is my
phone to look up my passwords. Or on any other device I'm using at the
time.

When I was in school, I kept all my school work in Dropbox to prevent
accidental deletion and to track revisions. "The computer ate my
homework" is no longer an acceptable excuse with free cloud services
available.

Version history is a *big* feature of both Dropbox and Drive. Did you
screw up that file? Restore a previous version. Even if you f-ed it up a
week ago. If you pay, you can get quite a long period of version backups.

Because of versioning, I keep my financial program data files in Dropbox.
Again, they're password protected.

I keep my contacts book in Dropbox as well. I trust them to not look at
it. It's not really a big deal. They have privacy policies.

I also keep anything that I would want to be accesible from any machine I
use. There isn't much that falls under this category, but all my tabletop
RPG stuff is in Dropbox, so I can bring any device I want to a game
(laptop or phone), and change my characters and have it sync to all my
other devices.

I don't keep my pictures in the cloud. No reason to.

My cloud drive passwords are *extremely* strong. That's all you need to
make it work.

I build my own desktop computers and used to be a IT professional. I
guess that makes me "technically proficient."

The main benefits are cross-platform data sync and version history. The
cost is you have to trust people not to mine your personal data.

--
Zag

No one ever said on their deathbed, 'Gee, I wish I had
spent more time alone with my computer.' ~Dan(i) Bunten

On Mon, 10 Jun 2019 15:42:19 -0500, Zaghadka wrote:

I'm confused. Do you mean that the data exists only in the cloud? No
local copy? Does any service do that? All of my cloud services will keep
a local copy on the computer.

Hi Zag,
I generally consider you to be reasonably competent, so I will read below
with interest how you approach the stated problem set.

To answer your question, I "assume" the cloud storage is a "copy" of the
local storage, in all cases.

Since I don't store anything I don't have to on the cloud, I don't know if
anyone stores the ORIGINAL data alone (not a copy) on the cloud, where if
they do not keep a copy on the local device or in external storage, then I
would wonder why they trust the cloud so much.

Assuming you mean store data in the cloud and have it locally synced, I
use both Dropbox and Google Drive.

It will be interesting to see why you do that, and for what gain.

I keep my passwords in the Dropbox, in a password protected Excel
spreadsheet. This has saved my ass numerous times, as all I need is my
phone to look up my passwords. Or on any other device I'm using at the
time.

Passwords on the cloud make sense, where I'm not so sure an Excel
encryption is secure (I used to break them years ago, for example, along
with PDF passwords, but I haven't tried in a long time).

We never know if ANY encryption is secure because the bad guys aren't going
to tell us (and they break the hardest encryptions all the time, so, if
they 'wanted' ours, I'm sure they already have it).

Having said that we'll never know if any encryption is safe, most of us
seem to use keeppass-like dedicated password storage or LastPass for the
really lazy people.

I wonder what gain Excel has over keepass?

I can't think of any gain, particularly since Keepass is freeware available
on all five common consumer platforms, so you can easily store your
passwords on all your devices without ever having to put them on the cloud.

Passwords don't change as frequently as does, say, a calendar, which means
there's almost zero reason, I would think, to put passwords on the cloud
unless you need a password when you don't have your device with you.

Even in that case, you can put a password database on your flash stick
mounted to a recent router (SMB 2 or above) where you can access your
encrypted database from anywhere in the world.

In short, I UNDERSTAND your Excel method, but I worry about two things:
1. Excel encryption versus keepass-like encryption, and,
2. Why do you need the password database to be on the cloud

NOTE: You explained why you need it on the cloud - but I simply state that
passwords don't change that often, IMHO, where you can easily avoid putting
passwords on the cloud.

When I was in school, I kept all my school work in Dropbox to prevent
accidental deletion and to track revisions. "The computer ate my
homework" is no longer an acceptable excuse with free cloud services
available.

Good point. There is merit, particularly for school stuff which isn't all
that private in the first place, to be online and readily accessible from
the library or from the dorm room or from home or while on the road.

I don't consider school stuff all that private, as compared to, oh, say,
medical records or passwords would be so you make a good point that these
kind of less private things readily go on the cloud.

Even if the cloud is hacked (and it WILL be hacked), you don't lose
anything but a school paper on why women's studies is needed but not men's
studies.

Version history is a *big* feature of both Dropbox and Drive. Did you
screw up that file? Restore a previous version. Even if you f-ed it up a
week ago. If you pay, you can get quite a long period of version backups.

Ouch. I've spent decades in the Silicon Valley on "version history". Don't
even get me started. They all suck in very different ways. But they're all
needed, in just as many different ways.

Good luck to you on version history stuff for binary files.

Me?
I just rename the binary files (filename_date_a, filename_date_b, etc.).

I gave up on version control long ago, due to the limitations, particularly
for BINARY files (where incremental updates aren't easily done and where
MANY MANY MANY updates are constantly done).

Text files are easy. Binary files that change a lot are sheer hell, IMHO.

Because of versioning, I keep my financial program data files in Dropbox.
Again, they're password protected.

It's good you double encrypt in that I wouldn't put anything on the cloud
that I didn't have encrypted first on my own, perhaps using Veracrypt style
containers (which work on all five common consumer platforms, although
they're not free on iOS).

With Veracrypt style containers, you can easily manage the file on all five
common consumer platforms, and then upload the encrypted container (perhaps
containing a hidden container inside the container, much like those Russian
dolls), onto your cloud storage.

Again, nobody knows how good the encryption really is - but for the
layperson, it's likely "good enough for now", I suspect.

Certainly it's better than no encryption at all other than what DropBox
provides, where I can't imagine anyone storing anything private on the
cloud that isn't doubly encrypted (or triply encrypted in the case of the
hidden containers).

I keep my contacts book in Dropbox as well. I trust them to not look at
it. It's not really a big deal. They have privacy policies.

I wouldn't rely so much on "privacy policies" since I'm not a lawyer, and
they have loopholes, but even more so, since the hackers who will get your
data don't abide by those privacy policies anyway.

Just as I noted that passwords don't change all that much, contacts change
only slightly faster for most people, so I feel that there's absolutely no
need to put contacts on the cloud when all five common consumer platforms
handle VCARD files which can be stored inside of encrypted file containers
for free on all common consumer platforms other than on iOS.

I get that contacts need to be accessible, but my assumption is that they
don't change faster than each day, where each day you can synchronize all
your files to every device that is connected to your home LAN using the
solution Michael Logies had suggested, which is a GREAT SOLUTION overall!

o Duplicati https://www.duplicati.com/articles/FactSheet/
"Free backup software to store encrypted backups online for Windows, macOS and Linux"
https://updates.duplicati.com/beta/duplicati-2.0.4.5_beta_2018-11-28-x64.msi

Seems to me, the solution that is best for both privacy and accessibility
is to synchronize the VCARD file (or the encrypted db file) whenever the
devices are on the home LAN which should happen, in most cases, faster than
the contacts would change.

I also keep anything that I would want to be accesible from any machine I
use. There isn't much that falls under this category, but all my tabletop
RPG stuff is in Dropbox, so I can bring any device I want to a game
(laptop or phone), and change my characters and have it sync to all my
other devices.

Yes. I agree. The whole point is to synchronize all your files, locally,
onto all your devices, where the only files that NEED to be on the cloud
are those that change constantly, every minute or so, which, in effect,
isn't much.

Your email does that.
Your stock portfolio does that.

But what else changes by the minute?

I don't keep my pictures in the cloud. No reason to.

Good! Pictures are a privacy hole if there ever was one.

My cloud drive passwords are *extremely* strong. That's all you need to
make it work.

Maybe. But there are other ways to get to data other than brute force
attacks. Every MARKETING org that sells a cloud solution or an encryption
solution tries to make you think the ONLY way anyone will attack is by
frontal brute force.

In reality, very few attacks are frontal brute force in real life.

I build my own desktop computers and used to be a IT professional. I
guess that makes me "technically proficient."

I consider you technically proficient, as I consider myself to be
reasonably proficient in privacy online - but there's ALWAYS more to learn.

Those on the left side of the DK scale think they know it all already,
where you and I still have lots to learn and that's a good thing.

The main benefits are cross-platform data sync and version history. The
cost is you have to trust people not to mine your personal data.

I like your summary, where I think the MAIN reason for cloud storage is
sheer mindless convenience. Turn our minds off and we can still access all
our data if we put it on the cloud.

I contrast that mindless convenience with a purposeful strategy to only put
on the cloud data which changes by the minute, where the rest of the data
which only changes about daily or less, doesn't need to be on the cloud,
IMHO.

Thanks for your ideas, where I welcome the opportunity to see how other
people think, where your arguments were all reasonable, even as I contrast
them with mine - since logic depends on how much weight we put on each
condition.

Thanks for bringing technical value to the Usenet potluck to share with
all.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Arlen G. Holder wrote:
Do people of reasonable technical ability store their private data on the
Internet (if so, for what gain over non-Internet methods?)

Yes. Don't forget that your PC at home is technically "on the Internet",
and it's usually pretty easy to make accessible.


What type of person stores private data on the cloud?
o Technically astute people?
o Technically non-astute people?

"The cloud(tm)" is just marketing BS for "on a server somewhere on the
internet" -- generally with the caveat of "owned by someone else".


For what gain?

I can look something up if I need to.

[...]
This question is only about STORING data on the Internet, such as
o Your media

Nah, too bandwidth intensive. I mean I _CAN_ get at it, but it involves
a ssh jumphost or a VPN connection, plus however long it takes to
transfer across the internet on whatever slow-as-anything internet
connection I have at $remote_location

o Your documents

They're more generally accessible, but still need a (key auth) sftp
transfer. Though there are things that we do share for extremely
time-limited (1 week or less) periods, as emailing 50MB+ of pics from
Christmas or something to out-of-state family doesn't always work.

o Your passwords, private calendar, app backups, etc.

Passwords - NO.
Calendar - Yeah; but it's more the "need to share this with people
outside the domicile". The truely "private" things are still on paper
in the kitchen.
Programs - absolutely; but I suppose you probably don't count the Debian
repos.

Do people of reasonable technical ability store their private data on the
Internet (if so, for what gain over other less-public methods)?

"On the Internet", sure -- with the caveat that it's likely their own
machine running one or more servies, such as sftp / {own,next}cloud /
email / etc. moreso than gdrive or dropbox.

That is not to say those "commercial" services aren't used, but that
they're for different purposes (e.g. I love the "send to dropbox"
features some sites use for digital goods).

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAl0AM+ cACgkQjhHd8xJ5
ooEOpwgAp8KiC/bMJ2M9iL2/9H+izyEMFdO4vu3BLeaBKH5xbLDUWU/pdvbTt88l
MT03pz5QdRFp/yfBr/el9/PqsBCN4Gi7Y661kO6/QWuAUGm4YZgL31oUCuOANuVQ
E2jwi7dIRuDam0HtmBikq4wgfzd/VO0ez/LFm+ifvWtxUvDLUpm/eEh1QQ8ahk0p
1zrhDFqSK6DteQabTfv2DR8hUfNRse2T5M3VGcc35AvHQP7kK/6a5lHW1OvSvpXC
hQpGkSaFclOs3r2n8vMppkY4soxnsMP0aYhdZnBDPi5a6kkm8e 1jhHY9wny5sVNM
EORHAviLOQc+GXvvaEJ5Tudc04zgNg==
=jab0
-----END PGP SIGNATURE-----

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281

On Tue, 11 Jun 2019 23:08:15 -0000 (UTC), Dan Purgert wrote:

Yes. Don't forget that your PC at home is technically "on the Internet",
and it's usually pretty easy to make accessible.

Hi Dan Purgert,

While I have the competency to pop a flash drive onto a router, and while I
can easily store data on that flash drive inside of encrypted file
containers, I'm not so sure I have the competency to put the COMPUTER on
the Internet safely.

What's the method of putting the Windows _computer_ on the Internet safely?

"On the Internet", sure -- with the caveat that it's likely their own
machine running one or more servies, such as sftp / {own,next}cloud /
email / etc. moreso than gdrive or dropbox.

Is _that_ the method you'd suggest for putting the Windows file system on
the Internet?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Arlen G. Holder wrote:
On Tue, 11 Jun 2019 23:08:15 -0000 (UTC), Dan Purgert wrote:

Yes. Don't forget that your PC at home is technically "on the Internet",
and it's usually pretty easy to make accessible.

Hi Dan Purgert,

While I have the competency to pop a flash drive onto a router, and
while I can easily store data on that flash drive inside of encrypted
file containers, I'm not so sure I have the competency to put the
COMPUTER on the Internet safely.

What's the method of putting the Windows _computer_ on the Internet
safely?

Plug it into your router, add port forwards to whatever programs are
hosting the service(s) you want to provide. Of course, this does assume
that your ISP provides you with a public IP address at your router (I
guess they do, given your USB Key comment).

As alwas, keep the program(s) updated, have your AV running, and so on.

Now, that being said, the last time I did these type of services on
Windows, the server program(s) created "virtual users", which had their
own psuedo-profiles within the program's individual C:\PROGRA~1\PROGRAM\
hierarchy.



"On the Internet", sure -- with the caveat that it's likely their own
machine running one or more servies, such as sftp / {own,next}cloud /
email / etc. moreso than gdrive or dropbox.

Is _that_ the method you'd suggest for putting the Windows file system on
the Internet?

Not the "entire" filesystem - I mean there's not really any reason I can
think of to poke at C:\Windows remotely. But some subset of the
filesystem can be accessed with those methods.

In my case, I mainly use ssh and sftp to access things remotely. Most
of the time, just being able to read (plaintext) notes / documents is
all I need, so I probably use ssh 90% of the time or so; only switching
to sftp when the thing I need is unreadable (e.g. a pdf).

I also have an Owncloud instance, mainly for ease of sharing pictures
and the like with my less tech-savvy family members, but that tends to
not have much going on.

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAl0CKe IACgkQjhHd8xJ5
ooEx+wf/W1VSW0YdubwU5VoIr4mRprw3k/S7woGUOcON0TomnThsPaqKVmIp2k9Q
Pxb9xkZ05RPciZD+SAcA/LdM+adPErIn34HbmsoTVoHCPgywgrqZWIQIWd5+EeAz
X4kJujCp4B8ROYmm3iyZpY7HZ6AiHQpHfx6zA8FR+chDIX4yf1/2ilbXeOD1hr9v
Nt5YQFrlSnPk5NlMXcTQecOUWLchqgfRJo1URKCwb6JCYkiUGT kjKbKxfyMxqX29
0mFXeKvSXTFjhzZZmdLaiLMOimLIG2Aofsl7dx3jJajip9oBnU mzSFu+vyyVDOa6
a+SLd7ktzxx5v0f7s3hVJpSL84exeg==
=wgIi
-----END PGP SIGNATURE-----

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281