With news of the NSA, GCHQ, big corporations, and anyone else with an Internet connection snooping through your online data these days, you can’t be too careful when it comes to protecting the stuff you put in the cloud. This guide will tell you what you need to do so that TrueCrypt can keep your synced files guarded from prying eyes.
When is your data not your data?
When your files are kept only on your computer, or on your own thumb drives or portable hard drives, you have the ability to completely control who has access to them and what they can do with that data. As long as you keep your computer malware-free, set appropriate file permissions, use strong passwords, and physically secure your storage media, you can be reasonably assured that the only people looking at your electronic documents are those whom you’ve chosen to allow. This may sound like a lot, but it really is all relatively simple and the bottom line is that these are things which are generally well within your control.
However, when you choose to put your files in the cloud with services like Dropbox, OneDrive, iCloud, and Google Drive, you are handing this control over to a lot of other organizations who may not necessarily hold your privacy as a top priority. Recent news has cast much doubt upon whether or not we can trust large corporations to keep our personal data from secretive government agencies, or even to not dig into it themselves. Former NSA contractor Edward Snowden has leaked details of government mass surveillance programs that claimed cooperation from nearly every major cloud storage provider there is. Another recent incident found Microsoft digging through a blogger’s Hotmail account without even having a court order.
There are a number of other potential weak links in the chain between you and your cloud storage provider. Your ISP and other Internet backbone providers that handle your network traffic could be coerced or ordered to provide access that could similarly compromise your information. This risk is generally mitigated by the use of SSL, but even that protection is reliant upon other organizations like Certificate Authorities who may still be compromised, wittingly or not, by government agencies or other hackers. The best way to make sure you have control of who accesses your data in the cloud is by encrypting the data yourself, so that you’re the only one holding the keys.
How does TrueCrypt fit in?
TrueCrypt creates a virtual drive on your computer that is encrypted with a key generated at the time of the drive’s creation. Because the key is generated on your computer, and protected by a password you select, the only people who can unlock a TrueCrypt volume – regardless of where it is stored – are those who know the password. If you create a sufficiently strong password, and take appropriate measures to keep it secret, that means that you’re the only person who can access the data in your TrueCrypt volume even if you decide to put it somewhere online. TrueCrypt even provides options for two-factor authentication by way of keyfiles or security tokens of your choosing.
We already have some guides covering TrueCrypt usage in general:
The How-To Geek Guide to Getting Started with TrueCrypt
The HTG Guide to Hiding Your Data in a TrueCrypt Hidden Volume
How to Protect Your Flash Drive Data with TrueCrypt
What’s special about a TrueCrypt volume in the cloud?
Because of the way cloud storage operates, there’s special considerations you need to bear in mind for your TrueCrypt volumes to work properly.
TrueCrypt Volume File Names
Some cloud storage providers (one known case at this time being OneDrive for Business) may edit files of certain types to insert unique identifiers or other metadata. Since a TrueCrypt volume is not a regular document file, no matter what file extension you choose to use for it, modifications like this could corrupt the volume and render it unusable. To prevent such changes from happening, it would be best to avoid using common file extensions for the TrueCrypt volumes you keep in the cloud – the safest bet is to use TrueCrypt’s native extension of “.tc”.
TrueCrypt Volume Timestamps
Most cloud storage software only syncs files when the timestamp changes. By default, TrueCrypt will not alter the timestamp of a volume after it is created. This will prevent your cloud storage software from recognizing when there have been changes to the TrueCrypt volume, and new versions will not be synced. To resolve this, you need to change one of the options in TrueCrypt’s Preferences.
From the TrueCrypt main interface, go to Settings -> Preferences…
In the TrueCrypt – Preferences dialog, un-check “Preserve modification timestamp of file containers” and click OK.
Now, whenever a change is made to the files within the TrueCrypt container, TrueCrypt will update the timestamp on the volume file so that the change can be detected by your cloud storage software.
Dismount Volumes to Save Changes
Though timestamps on files within the TrueCrypt volume are updated whenever the file is saved, TrueCrypt will not update the timestamp on the volume itself until you have dismounted the volume. Since your cloud storage software cannot see the files inside of the TrueCrypt volume, the volume file’s timestamp is the only indicator it has to know when there’s been an update. So, whenever you want changes to your TrueCrypt volume to be sent to the cloud, make sure to dismount the volume from the TrueCrypt main interface, or by right-clicking the TrueCrypt tray icon and selecting the appropriate dismount option (or Dismount All).
Normal Cloud Storage File Considerations
Other general considerations for files stored in the cloud still apply with your TrueCrypt volume:
- Don’t leave the volume open with unsaved changes on more than one computer at a time.
- When accessing your volume via a web interface, you’ll need to manually upload it back to the cloud after you’ve dismounted it if you’ve made any changes.
That’s all there really is to it. With all your personal data kept in a TrueCrypt volume in the cloud, you can feel secure in knowing that anyone who wants access to it will need to come to you personally to request it.
No comments:
Post a Comment