Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web-Based Private File Storage?

Posted by kdawson on from the dead-servers-tell-no-tales dept.

steve802 writes "Recently, someone died in our company, and word is getting around that the admins who were given access to his Outlook account have found personal things that are embarrassing at best (the rumor mill differs on what was found). No matter, it raises a question. I have personal stuff in Outlook folders that I would not want someone in IT to see if I suddenly dropped dead: emails to the wife, photos of the kids, that kind of thing. I also keep a journal at home that I save to a server; personal reflections that I never want anyone else to see, especially if I die. So I was thinking that some sort of web-based storage for files, individual emails, and perhaps even Outlook folders would be perfect. All my most private personal stuff in one place. I found CryptoHeaven, which seems to offer some of what I'm looking for — but it is pricey. I'm willing to pay, but something less than $400/year would be nice. Best would be a service with a dead-man's switch, so that if I don't access it in, say, three months, it auto-purges. Any thoughts?"

55 of 467 comments (clear)

  1. Freenet by Wonko+the+Sane · · Score: 2, Interesting

    Slow, but very secure.

    1. Re:Freenet by Mordok-DestroyerOfWo · · Score: 4, Interesting

      Any web service, just create a TrueCrypt container. As long as you sync the container between your computers regularly it shouldn't be an issue. I've been doing it this way for about 3 years now (I keep all of my important data there for when I'm on the road). Works perfectly fine with Windows and Linux.

      --
      "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
    2. Re:Freenet by 0100010001010011 · · Score: 2, Informative

      I have Chrome, Thunderbird, my MP3 player and DropBox on TrueCrypt partitions.

      Computer is PowerCycled and it's "gone". Since speed isn't a huge factor I went paranoid and went with AES-Twofish-Serpent. Good luck recovering my stuff.

      I use DreamHost for my mail/webserver. They're not 5-9s but they're cheap and still seem like they are a "small company". Plus they wrote Ceph, (distributed/scalable file system, which merged into 2.6.34.)

      I'm sure you could write cron script or something to run on the shell to do what you're talking.

    3. Re:Freenet by BarryJacobsen · · Score: 4, Funny

      >>>Mac OS X

      False advertising. Ooops. It doesn't work with all of Mac OS 10.x - only the more recent versions.

      It probably says it runs Windows, but doesn't run on Windows 1.0, either...Lying bastards.

      --
      Track your TV Shows with your iPhone - FREE
    4. Re:Freenet by JumpDrive · · Score: 3, Insightful

      If he really wants to protect it, then he should also encrypt it.
      My brother passed away a couple of years ago and I was able to gain access to his web server. I knew the CC used and the email address used. There wasn't anything on there, but the expected files, but if he wants to keep it secret permanent after death, then encrypt with a long key.

    5. Re:Freenet by Anonymous Coward · · Score: 4, Insightful

      All this for stuff after you're dead. Who the Hell cares? You're either in heaven, hell, limbo, reincarnated with no knowledge of previous life, or worm food, and in any of those cases you've got bigger things to worry about (or nothing at all ever depending). I can see someone else wanting life insurance on you, but not you wanting it for yourself, since when it gets used you won't care, and that's a much bigger thing than whatever sicko porn collection you happen to have for whatever reason. Your reputation with other people means nothing once you die. Either there's some omnipotent being that already knows all that crap about you, or there isn't and either way, who the hell cares?

    6. Re:Freenet by MoonBuggy · · Score: 3, Insightful

      Why use TrueCrypt with OS X when you can do the same thing with built-in Disk Utility?

      Cross platform compatibility, source code which can be inspected, and a choice of ciphers and other security options.

    7. Re:Freenet by cayenne8 · · Score: 3, Funny
      "You encrypt your MP3 player? What are you listening to, exactly?"

      Probably those mp3's that get you high....and he doesn't want anyone messing with his 'stash'!!

      :-D

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    8. Re:Freenet by ghjm · · Score: 2, Funny

      By Grapthar's hammer, by the sons of Worvan, you shall be avenged.

    9. Re:Freenet by dan828 · · Score: 4, Interesting

      It could be that you want to ensure that people you care about won't be emotionally harmed by things you did and kept secret. In the military, if one is killed, they sanitize personal effects, destroy "little black books" and the like, just so that the wife or whomever back home doesn't find out about your time with the Thai hooker in Bangkok or the mistress you had while TDY in England. Frankly, it's a policy that keeps the "loved ones" from being harmed by things that it really doesn't do anyone any good to know about. Really, who is it going to help to know what a shit you were in private after you're gone?

    10. Re:Freenet by Mr.+Freeman · · Score: 3, Insightful

      Because your secrets could possibly affect other people. For example, your wife might not be looked upon too highly if people know that she married a guy that was into some weird fetish. Also, their secrets might be stored with your stuff as well. Those things should not be released.

      --
      -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
    11. Re:Freenet by McFadden · · Score: 2, Insightful

      Cross platform compatibility

      He's a Mac user.

      There aren't any other platforms.

  2. Separate them by Anonymous Coward · · Score: 5, Insightful

    Dont use personal info on work systems. Often time anything in there is usually subject to scrutiny.

    1. Re:Separate them by shentino · · Score: 5, Informative

      Indeed.

      Best solution to keeping your boss out of your personal stuff? Don't do personal stuff on company time.

    2. Re:Separate them by Profane+MuthaFucka · · Score: 3, Funny

      The restrooms are your own time. Do your wanking in there.

      --
      Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
    3. Re:Separate them by Anonymous Coward · · Score: 3, Insightful

      Absolutely. Never, never, never, never use your employer's computers for personal stuff. At all. Period. That computer is your employer's, and anything you put on it is also his. Whether that is strictly, legally true is immaterial. In practical terms, it is.

      You keep personal reflections in a journal that you never want anyone else to read, ever? Then, don't write it down. Duh. Anything you really don't want your survivors to ever under any circumstances see--physically destroy it. Don't have physical access? Oh, well.

      Assume that anything you write down, especially if you store it on someone else's computer, will be read by someone, probably the owner of the computer. If it's on your own computer, it becomes your wife or childs computer when you die. Anything you left there is theirs.

      Don't want to take this advice? Don't come crying to me if, after you die, somebody sees something you didn't want them to.

    4. Re:Separate them by spazdor · · Score: 4, Funny

      glory, glory-hole allujiah!

      --
      DRM: Terminator crops for your mind!
    5. Re:Separate them by jtownatpunk.net · · Score: 2, Interesting

      No shit. I swear some people can be amazingly stupid. I once had a guy call me when he had trouble sending an email. "Subject: Re: Re: Re: Re: I wuv my snookums." "Body: I can't wait to see you again..." (That's where I tuned out and flipped on the blinders.) Now if this had been Mrs. VP, that's no big deal, tho still the kind of thing that shouldn't go in the corporate email archive. But the address was not Mrs. VP. It was Mr. VP's former assistant. And the guy KNEW it was going in the archive because one of his requirements for the email archiving system was that it be impossible for messages to be removed from the archive. And instead of just deleting the message, he called for help, GUARANTEEING that it would be noticed.

      Looking back, maybe he wanted to be caught. But don't drag the IT department into your divorce, dude! Not cool.

    6. Re:Separate them by shentino · · Score: 2, Insightful

      It has nothing to do with privacy.

      It has everything to do with misappropriation of company property for personal usage.

  3. TrueCrypt? by e065c8515d206cb0e190 · · Score: 2, Informative

    Why does it have to be web based? If the only requirement is absolute privacy, TrueCrypt will suffice.

    1. Re:TrueCrypt? by ds_job · · Score: 4, Informative

      Which is what the two key "Plausible Deniability" feature is all about:
      http://www.truecrypt.org/docs/?s=plausible-deniability

    2. Re:TrueCrypt? by Andy+Dodd · · Score: 3, Informative

      Portable TrueCrypt requires admin rights.

      --
      retrorocket.o not found, launch anyway?
    3. Re:TrueCrypt? by obarel · · Score: 2, Funny

      In that case, "fired" can mean more than one thing, I guess...

  4. Translation by grahamsz · · Score: 2, Insightful

    I think you mean "emails to the wife, photos of the wife, that kind of thing"

    1. Re:Translation by bsDaemon · · Score: 2, Funny

      Unless someone who hated him uploaded some photos of someone else's kids in an attempt to frame him...

  5. Web-Based Private Is An Oxymoron by Maarx · · Score: 4, Informative

    Web-Based Private is an oxymoron. Why does this have to be web-based?

    It would be pretty trivial to set up a Linux distro with two hard drives, one with the simple operating system and the other an encrypted drive with a passphrase, and set up the OS to nuke the second drive if the current time is ever greater than three months from the last time the passphrase was successfully supplied.

    1. Re:Web-Based Private Is An Oxymoron by spazdor · · Score: 4, Insightful

      Web-Based Private is an oxymoron

      Actually, they have this thing, "cryptography" now.

      --
      DRM: Terminator crops for your mind!
  6. Work account? by The+MAZZTer · · Score: 5, Insightful

    Solution: Don't do personal stuff on your work account...

    1. Re:Work account? by Kronos. · · Score: 2, Insightful

      Indeed, a technical solution is not needed for this problem as far as I see it. A little common sense and separation of work and personal life would go a long way.

    2. Re:Work account? by grasshoppa · · Score: 4, Interesting

      No shit. OP: Bad news, if it's on company equipment, IT has already looked at it. Your fetish for donkeys is now well known.

      As far as the personal stuff at home; who cares? Family means never having to explain the albino midget you keep in the closet.

      --
      Mod me down with all of your hatred and your journey towards the dark side will be complete!
    3. Re:Work account? by TooMuchToDo · · Score: 3, Insightful

      Pay for a virtual private server somewhere. Tie it to a credit card or some payment method that you need to keep paying. You die? Payments don't get made, hosting provider nukes the virtual machine after X days for non-payment.

    4. Re:Work account? by Coren22 · · Score: 4, Funny

      Family means never having to explain the albino midget you keep in the closet.

      Dad?

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
    5. Re:Work account? by roman_mir · · Score: 4, Insightful

      I have a better, more perfect solution.

      Don't die.

      (in the unlikely event that you do die, ask yourself a question: "why do you give a fuck what anybody finds out about you? Really?")

      --
      You can't handle the truth.
  7. Whats the surprise? by mschoolbus · · Score: 5, Insightful

    They can already read your emails..

  8. Why? by quarkoid · · Score: 4, Insightful

    I've got to ask the question, but... why?

    I mean, if you don't want anybody to find this stuff when you're dead, why bother collecting it when you're alive?

    And for the 'pictures' of the wife, what's wrong with a Truecrypt store?

    1. Re:Why? by stdarg · · Score: 3, Insightful

      After he's dead, he still doesn't want people to know because it'll reflect badly on him and make people he's close to feel bad or uncomfortable?

      I mean just because you'll be dead doesn't mean that you, now, alive, can't think of other people's feelings and how future revelations will affect them.

    2. Re:Why? by stdarg · · Score: 2, Insightful

      Is it fear that society would make you a pariah post-mortem? Whet do you care? Death is forever, the last thing you'll do in your life :)

      It might be uncomfortable for your still-living family. Why would you not care what happens to your family after you die? Do you also think people who buy life insurance are dumb?

  9. Completely Disagree by TehZorroness · · Score: 4, Insightful

    When you die, your writings and works are the only thing left of you. They are the only way for someone to try to dig deeper into your mind and build up an understanding of your true character. A lot of crazy shit happens in a lifetime, someone may really appreciate you leaving a book of your reflections behind.

    1. Re:Completely Disagree by Angst+Badger · · Score: 4, Insightful

      When you die, your writings and works are the only thing left of you. They are the only way for someone to try to dig deeper into your mind and build up an understanding of your true character.

      Thanks, but I don't owe that to anyone. Period. The very thought of someone having unrestricted access to my private writings makes me feel physically ill. And it's not because I have any unusual skeletons in my closet, it's because that access would be a total violation of my personal boundaries. You're welcome to what I choose to share while I'm alive, and I share quite a bit, but I don't belong to you or anyone else. Quite frankly, I like the idea that I'll be completely erased by death. Having spent my entire life with claims placed upon me by family, employers, government agencies, creditors, and countless social organizations, it is no small comfort to know that something will escape the insatiable demands of my fellow man.

      --
      Proud member of the Weirdo-American community.
    2. Re:Completely Disagree by hairyfeet · · Score: 3, Informative

      Uhhhh...let me get this straight, maybe I'm misunderstanding you...You would WANT your family to know you were into Tranny Grannies and midget bukkake? Because lets be honest here, he is most likely asking the question because he has a fetish he has kept wifeypoo in the dark about and don't want her and the rest of the family to know about when he kicks the bucket. This isn't some deep dark poetry of his soul here, most likely one of your standard kinks you can get off any site like RedPorn.

      If I had to guess, based on what I've dealt with here at the shop, it will be either Trannies, B&D/S&M, or piss/shit related. Not exactly what you would want anyone trying to "dig deeper into your mind" to actually know you got a boner over bud. If I had to lay money I would bet on the trannies or B&D/S&M, as those two seem to be relatively popular yet people act like it was goat porn or something. I guess they figure it makes them "unmanly" or something, but as I tell my customers "As long as there is nothing illegal on the desktop I frankly don't care what you look at, because unless it is on the desktop on Windows folders or you specifically tell me to back up the folder you have it in I ain't gonna know about because I don't snoop". But folks act like they have to be some big deviant or something just because they have a porn collection. Big fricking deal.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  10. Discretion? by Xacid · · Score: 5, Insightful

    I'm kind of surprised I haven't seen any comments on the bigger issue - the IT folks entrusted with this data who let data leak (or at least rumors of the content). As a system admin - if you're at that level you're already not trustworthy enough to keep that postion and would probably be reassigned depending on the severity. Understandably if it's something illegal then it needs to be report it but even still - discretion is still required. It's no one else's damned business.

    Compare this to your HR person - would you like them to spill your SSN randomly here and there? Just because the guy is dead doesn't mean his data requires less care.

    Anywho - as far as technical solutions 1) don't put personal stuff on a work computer, 2) even some web space and an ftp account should be nearly sufficient if you just need a place to store files remotely that isn't easily accessible.

    1. Re:Discretion? by JumpDrive · · Score: 4, Interesting

      In our work area, what has happened is information has gone from the CEO to a VP and then to everyone else. Then IT gets blamed for the rumor.
      First time it happened, I was thinking "Do you think I'm a dumbshit", second time it happened I realized IT was going to be blamed for their knitting circle talk.
      After that I just started pretending I don't see it.
      But if it ever something seriously illegal, I'll tell law enforcement.
      Other than that I don't want to add to the knitting circle talk.

    2. Re:Discretion? by fermion · · Score: 2, Insightful
      I would have to respectfully, and completely, disagree. Work computers are for work. The company is responsible for the machine, and to some extent what is done with it. If the IT staff let a rumor fly, it may well have been strategic to remind the staff that what is on their computer is not private.

      Given the naivety of the question, it is clear such a reminder was justified. The question implied that no one knows exactly what was on the machine, porn, naked pictures of the spouse, naked pictures of a lover, love notes between the spouse and the lover, plans for a jewelry heist, communications with a wetware person to terminate the spouse or lover? Who knows. The content is not the issue. It is that a company-public computer may have extensively used for something that could be embarrassing to some people.

      As far as the comparison to HR, that is faulty. Again, the post strongly indicated that no details were released. A better comparison would be HR telling staf that person was no longer employed because they were in jail. This may be done so the staff know that a round of layoffs is not happening.

      --
      "She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
  11. Re:Encryption by bsDaemon · · Score: 2, Insightful

    I understand that it be a wicked long time before they crack the passphrase, and that a good passphrase is key. Mine is pretty amazingly awesome (long, case switching, numbers for letters, all that good stuff) but I still feel better knowing that there is a hard limit on the short side that prevents a successful attack.

  12. Windows Home Server by Call+Me+Black+Cloud · · Score: 2, Funny

    I recommend Windows Home Server. Of course, it integrates perfectly with your Windows machines (since you're running Outlook you have at least one) and is the best backup and recovery solution I've been able to find for home use (you can roll back individual files). You can have folders mirrored on different drives, and you can control who has access to what folders.

    Additionally, through the magic of dynamic DNS you can access your files through the Internet. You get a subdomain off homeserver.com which allows you to check the status of the server, upload or download photos, and if you have expensive enough versions of Windows on your machines at home you can control them via Remote Access.

    I've used other NAS solutions for years at home, and I don't regret switching to WHS at all. FYI, I built my own server and installed WHS myself - I didn't buy one off the shelf, though you certainly could if you're not into building computers.

  13. Re:GOOGLE MAIL by icebraining · · Score: 4, Insightful

    WinRAR? Turn over your geek card.

    At least, use gpg to encrypt it and Dropbox to automate uploading/downloading. Bonus points for an automated encryption system (encfs mount point, for example).

    --
    Dilbert RSS feed
  14. Good God, only use work email for work! by stevegee58 · · Score: 2, Insightful

    I only exchange emails with my wife and friends using my gmail account.

    Clean house in your work email and stop doing that.

  15. photos of the kids by gandhi_2 · · Score: 4, Funny

    photos of the kids

    If you are afraid IT will see pictures of your kids, either you got ugly kids or you took the wrong kinda pictures.

    --
    THL phish sticks
  16. Re:Encryption by vux984 · · Score: 5, Insightful

    After 10 unsuccessful attempts at entering the passphrase in a row, it destroys the key, never to be recovered again.

    If I was transporting a copy of the data across national borders, and I didn't want customs to get a copy... a self-destruct sequence makes a lot of sense. But to have a permanent sword of damocles dangling over the data by a thread... If I valued the data so much that I was willing to go to extremes to protect it... and then set it up to be irrevocably trashed that easily... I might as well just delete it now to save myself the aggravation.

  17. Work email accounts are for work email by Anonymous Coward · · Score: 2, Insightful

    Are we still discussing this today? Use your work email for work only. If you don't want it printed and put on the office wall, email from 1) the web using hotmail/gmail/yahoomail/etc. 2) use your personal cell phone 3) use a portable client on a usb drive to send via your personal account. 3) Connect to a pc at your home to send email via logmein/etc. By encrypting you are just going to get management and the IT admins pissed. I tell my users, that if they type it on a company computer then it belongs to the company. If you don't agree, you need to talk to your manager and get the "official" word.

  18. You need a Porn Buddy by zerosomething · · Score: 2, Funny

    http://www.youtube.com/watch?v=h9gnexnnIDc

    --
    It all starts at 0
  19. NAS by DogDude · · Score: 2, Insightful

    You could just put a NAS in a closet and use that. You'd have 100% control, and you could do it for $0 if you use something like FreeNas.

    --
    I don't respond to AC's.
  20. Re:GOOGLE MAIL by rwa2 · · Score: 3, Interesting

    Yeah, really! I don't know why anyone is paranoid about Google at all when your ISP and cellphone providers have all your data activity records on hand.

    I pay a bit extra for the "business" tier of service, so I can actually run my own web and email server on my home machine. I've pretty much been hosting everything on my own server since my college days. Never used / needed a USB stick for working on school projects, just pulled it in over the internet using PuTTy/PSFTP or more likely VNC+ssh. I even presented some final projects over VNC running a little opengl thing over VNC.

    I don't have a "smartphone" (call me old skool), but if I did all I'd need is a good ssh client (such as midpssh) and a good VNC client, and I'm in business. Works fine on my Palm TX PDA tethered to my dumbphone.

    For offsite backups, I occasionally rsync my home dir over to a friend's server, which I've donated hardware for (including hard disks, among other things). The sensitive stuff like financial records and nekkid pics of the wife are encrypted with PGP. The rest of the porn we all share.

    Frankly I'm more worried about data being lost forever than data getting "out". If I get hit by a truck, my dying words scrawled in a pool of blood will be the master password for my keyring vault so my wife can pay the bills online. I'll pass away very anxious about whether she can decipher the special characters properly.

  21. My two cents. by istvaan · · Score: 2, Informative

    My thoughts are similar to those which have already been posted, but here's my two cents anyways.

    1.) Do something about that IT staff. Their behavior is unprofessional at best, borderline illegal at worst. As Network and Systems Administrators, we essentially have the "keys to the kingdom." As such, it is our responsibility to exercise professionalism and discretion at all times. We are entrusted with this data -- employee data, customer data, what-have-you -- because it needs to be managed, secured, transported, and we know how to do that. When I ponder this, it sometimes brings to mind a line from Angels & Demons: "Be delicate with our treasures." If management has asked that the late co-worker's email be opened and archived, and that email happens to contain pictures of him in a tutu and a snorkel dancing hip-deep in a lake, and IT happens to see these photos, it is their responsibility to maintain their professionalism, and to say nothing about it.

    2.) Do not, for any reason, store personal data on company resources. Period. Company resources belong to the company, and, as such, the company has the right to inspect any and all data which those resources may contain. My personal data on my laptop, and my personal mail (which sits on an IMAP server which I administer and to which I have physical access) are backed up to DVD every quarter, and those DVDs are placed in an envelope in a sealed plastic bag - along with a hardcopy of my password spreadsheet - in a safe-deposit box. My Will clearly states who gets access to that box if I should happen to fall under a bus, as does the paperwork at the institution which houses the box. It's not the fanciest solution, but it's effective, and I like it.

  22. That would be great.... by jotaeleemeese · · Score: 2, Informative

    .... if companies didn't encroach in personal time.

    --
    IANAL but write like a drunk one.