On Mon, 10 Jun 2019 15:42:19 -0500, Zaghadka wrote:
> I'm confused. Do you mean that the data exists only in the cloud? No
> local copy? Does any service do that? All of my cloud services will keep
> a local copy on the computer.
Hi Zag,
I generally consider you to be reasonably competent, so I will read below
with interest how you approach the stated problem set.
To answer your question, I "assume" the cloud storage is a "copy" of the
local storage, in all cases.
Since I don't store anything I don't have to on the cloud, I don't know if
anyone stores the ORIGINAL data alone (not a copy) on the cloud, where if
they do not keep a copy on the local device or in external storage, then I
would wonder why they trust the cloud so much. :)
> Assuming you mean store data in the cloud and have it locally synced, I
> use both Dropbox and Google Drive.
It will be interesting to see why you do that, and for what gain.
> I keep my passwords in the Dropbox, in a password protected Excel
> spreadsheet. This has saved my ass numerous times, as all I need is my
> phone to look up my passwords. Or on any other device I'm using at the
> time.
Passwords on the cloud make sense, where I'm not so sure an Excel
encryption is secure (I used to break them years ago, for example, along
with PDF passwords, but I haven't tried in a long time).
We never know if ANY encryption is secure because the bad guys aren't going
to tell us (and they break the hardest encryptions all the time, so, if
they 'wanted' ours, I'm sure they already have it).
Having said that we'll never know if any encryption is safe, most of us
seem to use keeppass-like dedicated password storage or LastPass for the
really lazy people.
I wonder what gain Excel has over keepass?
I can't think of any gain, particularly since Keepass is freeware available
on all five common consumer platforms, so you can easily store your
passwords on all your devices without ever having to put them on the cloud.
Passwords don't change as frequently as does, say, a calendar, which means
there's almost zero reason, I would think, to put passwords on the cloud
unless you need a password when you don't have your device with you.
Even in that case, you can put a password database on your flash stick
mounted to a recent router (SMB 2 or above) where you can access your
encrypted database from anywhere in the world.
In short, I UNDERSTAND your Excel method, but I worry about two things:
1. Excel encryption versus keepass-like encryption, and,
2. Why do you need the password database to be on the cloud
NOTE: You explained why you need it on the cloud - but I simply state that
passwords don't change that often, IMHO, where you can easily avoid putting
passwords on the cloud.
> When I was in school, I kept all my school work in Dropbox to prevent
> accidental deletion and to track revisions. "The computer ate my
> homework" is no longer an acceptable excuse with free cloud services
> available.
Good point. There is merit, particularly for school stuff which isn't all
that private in the first place, to be online and readily accessible from
the library or from the dorm room or from home or while on the road.
I don't consider school stuff all that private, as compared to, oh, say,
medical records or passwords would be so you make a good point that these
kind of less private things readily go on the cloud.
Even if the cloud is hacked (and it WILL be hacked), you don't lose
anything but a school paper on why women's studies is needed but not men's
studies. :)
> Version history is a *big* feature of both Dropbox and Drive. Did you
> screw up that file? Restore a previous version. Even if you f-ed it up a
> week ago. If you pay, you can get quite a long period of version backups.
Ouch. I've spent decades in the Silicon Valley on "version history". Don't
even get me started. They all suck in very different ways. But they're all
needed, in just as many different ways.
Good luck to you on version history stuff for binary files.
Me?
I just rename the binary files (filename_date_a, filename_date_b, etc.).
I gave up on version control long ago, due to the limitations, particularly
for BINARY files (where incremental updates aren't easily done and where
MANY MANY MANY updates are constantly done).
Text files are easy. Binary files that change a lot are sheer hell, IMHO.
> Because of versioning, I keep my financial program data files in Dropbox.
> Again, they're password protected.
It's good you double encrypt in that I wouldn't put anything on the cloud
that I didn't have encrypted first on my own, perhaps using Veracrypt style
containers (which work on all five common consumer platforms, although
they're not free on iOS).
With Veracrypt style containers, you can easily manage the file on all five
common consumer platforms, and then upload the encrypted container (perhaps
containing a hidden container inside the container, much like those Russian
dolls), onto your cloud storage.
Again, nobody knows how good the encryption really is - but for the
layperson, it's likely "good enough for now", I suspect.
Certainly it's better than no encryption at all other than what DropBox
provides, where I can't imagine anyone storing anything private on the
cloud that isn't doubly encrypted (or triply encrypted in the case of the
hidden containers).
> I keep my contacts book in Dropbox as well. I trust them to not look at
> it. It's not really a big deal. They have privacy policies.
I wouldn't rely so much on "privacy policies" since I'm not a lawyer, and
they have loopholes, but even more so, since the hackers who will get your
data don't abide by those privacy policies anyway.
Just as I noted that passwords don't change all that much, contacts change
only slightly faster for most people, so I feel that there's absolutely no
need to put contacts on the cloud when all five common consumer platforms
handle VCARD files which can be stored inside of encrypted file containers
for free on all common consumer platforms other than on iOS.
I get that contacts need to be accessible, but my assumption is that they
don't change faster than each day, where each day you can synchronize all
your files to every device that is connected to your home LAN using the
solution Michael Logies had suggested, which is a GREAT SOLUTION overall!
o Duplicati <
https://www.duplicati.com/articles/FactSheet/>
"Free backup software to store encrypted backups online for Windows, macOS and Linux"
<
https://updates.duplicati.com/beta/duplicati-2.0.4.5_beta_2018-11-28-x64.msi>
Seems to me, the solution that is best for both privacy and accessibility
is to synchronize the VCARD file (or the encrypted db file) whenever the
devices are on the home LAN which should happen, in most cases, faster than
the contacts would change.
> I also keep anything that I would want to be accesible from any machine I
> use. There isn't much that falls under this category, but all my tabletop
> RPG stuff is in Dropbox, so I can bring any device I want to a game
> (laptop or phone), and change my characters and have it sync to all my
> other devices.
Yes. I agree. The whole point is to synchronize all your files, locally,
onto all your devices, where the only files that NEED to be on the cloud
are those that change constantly, every minute or so, which, in effect,
isn't much.
Your email does that.
Your stock portfolio does that.
But what else changes by the minute?
> I don't keep my pictures in the cloud. No reason to.
Good! Pictures are a privacy hole if there ever was one.
> My cloud drive passwords are *extremely* strong. That's all you need to
> make it work.
Maybe. But there are other ways to get to data other than brute force
attacks. Every MARKETING org that sells a cloud solution or an encryption
solution tries to make you think the ONLY way anyone will attack is by
frontal brute force.
In reality, very few attacks are frontal brute force in real life.
> I build my own desktop computers and used to be a IT professional. I
> guess that makes me "technically proficient."
I consider you technically proficient, as I consider myself to be
reasonably proficient in privacy online - but there's ALWAYS more to learn.
Those on the left side of the DK scale think they know it all already,
where you and I still have lots to learn and that's a good thing.
> The main benefits are cross-platform data sync and version history. The
> cost is you have to trust people not to mine your personal data.
I like your summary, where I think the MAIN reason for cloud storage is
sheer mindless convenience. Turn our minds off and we can still access all
our data if we put it on the cloud.
I contrast that mindless convenience with a purposeful strategy to only put
on the cloud data which changes by the minute, where the rest of the data
which only changes about daily or less, doesn't need to be on the cloud,
IMHO.
Thanks for your ideas, where I welcome the opportunity to see how other
people think, where your arguments were all reasonable, even as I contrast
them with mine - since logic depends on how much weight we put on each
condition.
Thanks for bringing technical value to the Usenet potluck to share with
all.