In case of theft
21 September, 2010In the last few months, several of my friends have had either their laptops or phones stolen.
It’s only after I really thought what that would mean to me that I realised how serious this would be.
It used to be that if my phone got stolen then I would lose my address book and my text messages; if it gets stolen now then I lose a device which has full access to my Google account, is signed into more than a dozen other web services and has “remember my password” for the others.
If my laptop was stolen it would be a similar effect.
I am a very very happy user of Dropbox and use it to store my documents, photos, and so on. The Dropbox website allows me to remotely remove computers from the list of machines that sync, which is useful, but there’s still no way of then pulling all those files off of that machine.
There are quite a few apps in the Android Market that allow you to back up and then remotely wipe your phone (as well as do other things like lock the install/uninstall process, report GPS position etc.), but I haven’t been able to find something similar for laptops – I could encrypt my hard drive, but would the hit to performance be worth it? I’ve tried setting up Prey, but although it installs on my phone, it chokes on my laptop!
Comments
Craig
22 September, 2010 at 08:46
Phil
22 September, 2010 at 11:21
alf
22 September, 2010 at 12:39
Henning
24 September, 2010 at 21:55
Phil
24 September, 2010 at 21:56
A.M. Doherty
15 October, 2010 at 11:02
Phil
15 October, 2010 at 11:02
I started encrypting the hard drives on my computers for the reasons you describe. I use dm-crypt at the LVM level, I don’t notice it slowing down boot times. Of course that should also stop Prey from being any use at all, so it depends whether you care more about the data or the hardware 😉
Craig
Thanks Craig, that’s really interesting. I’ve used TrueCrypt before but only to encrypt groups of files and folders. I hadn’t realised that it also supports boot-level encryption, which, as you say, might have a smaller performance overhead. Hmmm!!
Yes, encrypt the hard drive, or at least your home directory (in Ubuntu and OS X the latter is built-in and simple; not sure about Windows).
It’s a myth that hard drive encryption has any noticeable impact on performance. It’s a few additional cycles for your bored-to-death CPU, during a completely IO-bound operation. Products like Truecrypt or dm-crypt make it so simple to switch on crypto, there’s really no reason to not encrypt everything.
I wouldn’t recommend just encrpyting super-secret folders though, because data encrypted that way will find its way to unencrypted partitions, e.g. by being swapped to disk. Also its usually easier to encrypt everything than just a single folder or partition.
Yes, if I was going to revisit encryption, it would be whole-disk. The performance issues are anecdotal, but first-hand from otherwise very reliable sources, which seems to give them more credibility. Some research on the subject appears to suggest a potential 5-15% performance hit, depending on hardware and exact encryption application.
I keep essential data, and run a few essential portable apps and a xampp server from a Truecrypt container. All on a pen drive and without any noticeable loss of performance.
I’ve recently started to use Dropbox for moving non-sensitive information around, but I’m still reticent to share my most important information with other companies networks – a legacy of studying computer security & forensics.
Keeping things portable ensures that the loss of a laptop wouldn’t give me the same nightmares it would’ve done previously, and loss of the pen drive would only set me back as far as my last backup. I’d not lose alot of sleep over my pen drive and encrypted container falling into the wrong hands.
That’s a nice way of working. Presumably you could backup your truecrypt container to dropbox so that if it did go missing it wouldn’t matter where you were either.