Category Archives: Tips

Encrypting Degoo Cloud Drive With Cryptomator

Share

In this article in my series of “Encrypt All The Things!”, I’ll show you the specifics of encrypting a cloud drive using the Degoo.com cloud drive service. For a generic overview, that’s not Degoo specific, see:

If you use cloud drive services, of any kind, it’s critical that you do so ONLY with data that YOU have encrypted on YOUR END and that YOU are in control of the keys. Any service that handles the keys for you is NOT SECURE! The ONLY way your own data is secure is if YOU are in control of the keys. Some cloud drive services offer encryption at an extra price, which is crazy because you can do it FOR FREE with the added benefit of YOU being in control, NOT THEM!

The best way to ensure that you’re in control is for you to do the encryption yourself with software NOT provided by your cloud drive service.

In this article, I’ll show exactly how to do this with a commercial cloud drive service called Degoo.com and a free and open source encryption application called Cryptomator.

Create a Degoo account and install the software

First, you’ll need to sign up for the Degoo.com cloud drive service here.

100 GB Free Backup

Be sure to download and install the software. Don’t set up the download or sync folders yet. We need to get the encryption app installed first. BTW, Degoo has both free and paid options.

Install the Encryption App

Go to Cryptomator.org and download and install the software (It’s free and open source!). Once installed, you’ll need to setup one or more “vaults”, which are simply nothing more than a folder on your hard drive where encrypted files will be stored.

Set up a Cryptomator vault

First, you need to understand how Cryptomator works. DO NOT SKIP THIS!

The first time you run it, you will not have any vaults (encrypted folders). First, create a new folder on your drive in whatever way suits you best. This is where you’re going to have encrypted versions of your sync files stored.

  1. Click the “+” sign in the lower left and choose “Create New Vault” to create a vault.
  2. Navigate to the folder you want to store your encrypted files (the folder should be blank, right now) and give it a name, here I Cryptomator.
  3. Then create a password for it. DO NOT FORGET THE PASSWORD OR YOUR DATA WILL BE LOST FOREVER!!!!!
    1. I Highly recommend saving it in a password manager like LastPass.com. I also recommend using that password manager’s password generator to generate a long, random password for you.
  4. Create the Vault by clicking the “Create Vault” button. This stores a couple of small files in there that cryptomator needs.
    You’ll be prompted for the password again. This is not part of the vault creation process. You’re done. Now you’re ready to use it like you will everyday. Now you unlock the vault by entering your password.
  5. Click the “more options” button to see what you have available. Those options are pretty self-explanatory. I’ll skip those and let you choose how you want to configure it.

Your vault is now unlocked and is opened in a Windows Explorer window, usually as drive letter Z:.

The real folder on the real drive is here (below) (depending on where YOU chose to create it… this one is mine):

Now, I can store files in my Z: drive (as long as my vault is unlocked) and I can use any apps I want to read and write to the Z: drive. Everything works normally. Apps that read and write there have NO IDEA that they’re reading and writing to an encrypted folder.

You’ll notice that in Documents\deleteme\test (again, that’s where I created mine; yours will be where ever you put yours), you’ll see a “d” folder and 2 masterkey files. Those masterkey files have an ENCRYPTED version of your key. No one can decrypt it without knowing YOUR password that you just created.  This masterkey file WILL BE ON THE REMOTE SERVER, so this is why you need a STRONG password, preferably random characters generated by a password manager.

As you save more files into your Z: drive, you’ll see more files show up somewhere under Documents\deleteme\test (again, MY folder is here, YOURS is where ever you put yours). The files that show up here have unreadable filenames and if you try to open them, they will have what appears to be garbage in them. These are the files you stored in your Z: drive, but these are encrypted.

Think of your Cryptomator unlocked vault Z: drive as a decrypted, magic window into your physical, encrypted files stored in their encrypted state in your Documents\deleteme\test (again, MY folder name I chose, YOURS will be different).

One caveate: Files in your Z-Drive CANNOT be larger than 2GB! That’s a limitation with the current version of Cryptomator.

I created a text file in my new Z: drive. As you can see below, Cryptomator created a file in the Documents\deleteme\test\d\WQ folder with a funky name. That’s what’s REALLY stored on my REAL hard drive. If I try to open the funky named file, it looks like garbage bytes. Both of those windows are showing the SAME data, it’s just that the REAL data is encrypted (top window). The bottom window is a VIRTUAL drive with an decrypted view of the data. ALWAYS remember this! You will NOT back up your Z drive! EVER! You’ll back up and/or sync your Documents\deleteme\test folder. More on that later.

Now, how to sync your encrypted files with Degoo.com

Now that you have a folder that contains your encrypted files and an easy way to use the the encrypted files (your cryptomator Z-drive), you need to sync the encrypted files to your Degoo.com account. DO NOT SYNC OR BACK UP YOUR Z: DRIVE!!!!!!

  • If you haven’t already, download and install the software on Degoo.com and create an account.
  • When you open it, click on the “Choose what to backup” tab. The actual folders on disk that are being backed up are each in their own cryptomator vault folder with encrypted files.
  • Click the “Add folder to backup…” button and navigate to your Cryptomator vault folder… the one with the unreadable encrypted files NOT YOUR Z-DRIVE!!!! and click “Add folder to backup”
  • Your folder will be added to your list of folders to be backed up.

Now, you’re all set. Anything you put into your Z-Drive is automatically encrypted at the time it’s written and since the real folder with the encrypted files is the one that’s backed up, you automatically get your data backed up in addition to automatically encrypted. Now, no matter how malicious anyone at Degoo may be (I have to reason to believe the are (or aren’t)), your privacy is safe. They cannot see anything other than what you see when looking at the encrypted version of your folder. Unless they have your password to your vault (which, of course, should be DIFFERENT from your Degoo password), they’ll never be able to see the contents.

But that was hard!

No it wasn’t! And, the small amount of work you did above is only done when creating a new vault and installing everything for the first time. Once it’s done, here’s all you need to do moving forward:

  • Turn on your PC and log into Windows (or Mac or Linux)
  • Start Cryptomator and unlock your vault.

That’s it! You can even shorten that to not have to start cryptomator setting up your vault to save your password and auto-unlock on start.

You can also add more cryptomator vaults at any time.

Quick review:

In this tutorial you did the following simple steps:

  • Signed up with and installed Degoo.
  • Downloaded and installed Cryptomator.
  • Created a vault with Cryptomator.
  • Told Degoo to sync the encrypted version of your cryptomator vault.

That’s really all you did. And now, you’re protected both with encryption and with an automatic, encrypted backup.

What’s Next?

Just continue to use your computer with your Z-Drive as your unencrypted version of your data. You can even lock your vault and Degoo will continue to back up your data. Degoo doesn’t need you to have it unlocked because it’s NOT backing up the unencrypted files. It’s only backing up the encrypted bits.  Degoo isn’t even aware of the Cryptomator software.  From Degoo’s software’s point of view, all that matters is that folder with the encrypted files in it.

Conversely, the Cryptomator software is unaware of Degoo.  All Cryptomator knows is that you have a folder with encrypted files and it provides the means to unlock and use them.

You can create more vaults with Cryptomator, if you like and add them to Degoo as well.

You can create vaults inside your Google Drive sync folder, your Microsoft One-Drive sync folder, your DropBox sync folder, etc, etc… As many or as few as you want.  Cryptomator works by encrypting any folder and providing an unencrypted view of it.  Cloud drives work by backing up and/or syncing a folder.  Put the two of them together and you’ve got a robust and secure backup strategy.

I do strongly recommend you make a cryptomator vault in EVERY cloud drive sync folder and move all your non-encrypted files INTO your virtual drive letter created for that vault.

WARNINGS!

You MUST obey the following rules!!!

  • Don’t write files directly into your real folder that contains the encrypted files. If you do that, it will be backed up AS-IS… WITHOUT ENCRYPTION!
  • Do NOT backup your Z: drive (or whatever drive letter cryptomator makes for you). That is DECRYTPED and if you back THAT up, you’ve wasted all your time and effort and are NOT storing an encrypted version of your files. Your Z: drive should ONLY be used for your normal work. DO NOT BACK IT UP!!!!

You are, of course, free to break these rules, but your secure backup is not going to be encrypted if you do break them.

Share

GIT For Beginners

Share

Target Audience

Programmers that need a good source code repository and versioning system.

Expected Knowledge Level:

Beginner through Advanced. You do not necessarily have to have experience with other version control systems, but it helps, of course. Your knowledge of programming is of minimal importance to this article. But if you’re reading this, you’re most likely a programmer, and that’s all that really matters.

Purpose of this article:

To give you a head start with Git. This is not a complete tutorial. This will give you critical pieces of information that are usually lacking in other documentation that experienced GIT users forget that non Git users don’t already know.

What IS Git?

Git is a source code repository and versioning system. It’s free and open source. It lets you keep track of your source code projects, have them backed up on zero or more remote storage locations, share your source code (if you want), keep track of versions of your source code, branch from your source code to work on special features without interfering with the main branch, merge branches together, provide opportunities to review source before merging it back into an important branch (for teams), allows teams of programmers to easily work on the same project without undue burdens of coordination and synchronization.

What Problems is GIT a Solution For? (Why GIT?)

First, let’s answer what version control systems, in general, solve, not just GIT:

  • Provides a backup for your source code.
  • Allows collaboration with other programmers.
  • Allows keeping track of versions of your source.
  • Allows branching and/or forking of your source to work on specific features or bugs or experimental releases without contaminating the main source branch.
  • Replication of your source for safety.
  • Many other reasons.

So, why GIT in particular? I’m not an advocate for GIT in particular. I like it and I use it. What’s important is that you’re using a modern source code control system and have policies in place to prevent problems and provide standardized solutions. GIT is one of many solutions. However, GIT has risen in popularity and seems to be the defacto go-to source control software these days. And there’s good reason for that. It was created by Linus Torvalds (the creator of Linux) and is actively maintained. GitHub.com, arguably the most popular source code repo on the planet is based on GIT. And like most source control systems, GIT is multi-platform.

Again, I’m not advocating for GIT. I’m writing a quick-start guide with a little bit of background. I’ve written plenty of articles on subversion too. Note also that Mercurial is a Git derivitive, so pretty much everything I cover here applies to Mercurial as well.

Things You Need to Know:

GIT is not easy to get started with if you’re not familiar with it, and by definition, if you’re getting started with it, you’re NOT familiar with it. For one: GIT is not a single product. Since it’s open source, there are MANY products that are GIT compatible and you have options for command line, GUI, embedded into your favorites IDE or source editors, plus multiple server options as well.

1. Terminology

  • “Repo”: A managed database of a source code project. Unlike other source control solutions like Subversion, where a “repo” is a centralized database where you store all your projects, in GIT, a “repo” is where you store ONE source code project. For example, say you’re writing a game. You’d have a dedicated repo just for that game. On your local machine, you’ll have a complete repo folder named “.get” inside your primary source code folder.
    “Project”: A centralized server can host multiple software projects. Each project is generally set up for a single software application being worked on by programmers. Programmers will “clone” or “check out” the project to their local machine, creating a local “repo”.
  • “Check Out”: The process of retrieving source code from a branch in a repo. That repo could be a remote repo or your local repo.
  • “Clone”: Pretty much the same thing as “Check Out”. In other source code providers, “checking out” a project informs the server that you have it checked out. In GIT, the server is never aware of who has what and doesn’t care and doesn’t need to know. You’ll simply “clone” the project to get a local copy of the database and work on it locally, committing locally, then eventually push your changes back up.
  • “Check in”: This is not a term used in the world of GIT.
  • “Commit”: The act of submitting your local source code edits into your local repository.
  • “Push”: The act of sending all of your commits from one of your local repositories up to a remote server. If someone else committed and pushed code in on any of the same files you worked on, chances are you’ll have a conflict and will be forced to perform a merge.
  • “Merge”: The act of you being presented with two conflicting versions of the same source file. You’ll be asked to pick and choose which differing lines from both versions should be merged into a single file version before committing.
  • “Pull”: The act of you pulling down the latest changes from a remote repository into your local one.  Note that “pull” is in the direction of the machine in which the code is moving to.  Whoever triggers a pull, does so from the location of the machine in which the code moves to.  For example you “pull” from the server to your local machine.  You log onto the server’s web interface and request a “pull request” to move your code into the central repository.
  • “Pull Request”: The act of a programmer requesting that their committed and pushed changes be merged with a more important branch. One or more other programmers (frequently the project lead) will review your changes and decided whether or not to allow them to become part of the bigger project. You may be asked to make some minor changes and re-submit your pull request or it may be rejected out-right.

2. Storage

Unlike Subversion and the much older Microsoft Visual SourceSafe, you don’t have 1 server and multiple clients. Instead, GIT has no “real” central server. Though most people use it in a way that sets up one repo as the understood central repo.

You don’t simply check out from the server, edit, then check back in. Instead, your local machine, itself, becomes a server. You become a client to your own server. So, when you check out and commit your code, you’re doing it from and to your local repository. At any time, you can push all your commits from your local repo up to another repo. You can “pull” from a remote repo to yours to get yours up to date.

But while writing code, you’ll create branches locally in your own repo, then checkout from those local branches, edit, commit. You may do this many times. Eventually, you’ll want to push your changes up to the shared repo.

3. Branching

If you’ve ever tried branching in things like subversion, you’re probably aware of how difficult it is and how easy it is to screw things up badly.

SUBVERSION BRANCH: HOW TO

In GIT, it becomes ridiculously easy. It’s so easy, in fact, that branching will become your common, every day practice. Everything you do… every feature you add, every bug you fix, will be done in a branch.

In all fairness though, it’s still hard if you’re not using the right tools. If you’re a command-line junky (which I do not recommend, nor should anyone be impressed by someone insisting on sticking with the command-line), you can implement best-practices like GitFlow. Better yet, are plugins for GitFlow that are made for Visual Studio, GitKraken, and many other Git clients. This removes the complexity of branching and merging down to a couple of clicks and removes the human error component, making your workflow incredibly powerful and easy at the same time.

4. GitFlow

Make your life much less complicated. Start using the GitFlow best practice. Just because GIT supports branching, doesn’t mean that everyone’s going to do it the same, nor that everyone’s doing it “good”. What’s your policy on how code moves from developers to production? There are just about an infinite amount of hodge-podge plans using GIT to make that happen. GitFlow is a standardized way of doing it. In short (very short) explanation, here it is:

 

  • When you create your project, you create a “main” or “master” branch. The becomes the gold standard for finished, polished code. You will most likely build what’s in there and publish it.
  • Create a branch off of “master” called “develop”. This will be the main, working branch where programmers will branch from and merge back into. This isn’t necessarily the “best” version of the code, but it’ll be the “latest” version that all developers use as their developing silver standard.
  • If you are tasked with fixing a bug or creating a new feature, you’ll create a new branch derived from the develop branch. You’ll work on your fix or feature until done, then merge it back into develop.
  • Some coding shops like to have a “bug fixes” branch, a “features” branch, and “hot fixes” branch from the develop branch. Then the developers never branch directly from the “develop” branch. They’ll instead branch from one of those 3 branches.

Making this happen is a chore if you don’t have tools that are designed for this and you are likely to introduce big mistakes without using GitFlow tools. If you’re using Microsoft Visual Studio, go to the Extensions and search for GitFlow. Install that, then you can very very easily automatically create, pull, and work on a feature or bug or hot fix branch. Then when you’re done, you simply click “finish” and it’ll do all the committing, pushing, and merging for you (except for the merging where human intervention is required). Your F-Up rate will greatly decline and your co-workers will appreciate it!

If you’re using GitKraken, there’s a plugin for GitFlow there too. You can use both Visual Studio’s GitFlow and GitKraken’s GitFlow interchangeably, at the same time, on the same project.

No joke! Go get GitFlow now!

Resources/Tools:

  • The base GIT software:  https://git-scm.com/downloads
  • GIT Bash
  • GitFlow
  • Git Clients
    • Git GUIs
    • Inside Microsoft Visual Studio
      • VS directly supports GIT
      • Install the GitFlow extension.
    • Eclipse
    • Sublime
    • Android Studio
    • Stand-Alone clients
      • GitKraken
      • SourceTree
      • GitExtensions
      • Git Bash
  • GIT Servers
    • BitBucket.com
    • GitHub.com
    • VisualStudio.com

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

How I Protect Myself Against Ransomware

Share

Ransomware

What is RansomWare?

Ransomware is probably the worst kind of malware you can get infected with.  After it gets into your system, it secretly encrypts all your disk drives in the background.  Once it’s done, it notifies you that all your files are encrypted and locked and demands an exorbitant amount of money to be transferred to the thieves (usually via BitCoin) in order to receive the decryption key and sometimes they take your money and never give you the key.  The longer you wait, the higher the ransom, until after about 3 days, they delete your key and your files are gone forever.

Things that do NOT work:

  • Encrypting your hard drive.  While it’s good practice to encrypt your hard drive, this does absolutely NOTHING to protect against Ransomware.  It may protect you from external people snooping your data, but if ransomware gets installed on your machine, it has access to your drive while it’s unencrypted, and can then encrypt it with its own keys.
  • Backups created using the same PC.  Why would having a backup NOT work against ransomware?  Because again, the ransomware can see and write to your backup drive if it’s accessible from your same PC and it will encrypt that too!

How I’m protecting myself against Ransomware

  • I have 2 drives on my main PC:  A boot drive that contains Windows and the installed applications, and an external, high capacity hard drive where ALL my data goes, INCLUDING my Windows Desktop, and all the special windows folders like desktop, documents, pictures, videos, downloads, etc…
  • My boot drive and my external drive are both encrypted (not really a help against Ransomware… just thought I’d mention that they’re encrypted).
  • I have a second drive of equal capacity as my data drive and it’s hooked up to an older Linux laptop.
  • On host, Windows PC, I created a user account named “Backup” (could be named anything) with read only access to my main data drive on my Windows PC.
  • On Linux, I used Veracrypt to encrypt my backup drive that’s connected to it (doesn’t really help against Ransomware, but again, just thought I’d mention it.)
  • Running a scheduled backup program on the Linux laptop (Lucky-backup… a GUI for rsync), connecting to my Windows PC over the network with the Windows “Backup” user account. It backs up all of my Windows external data drive to the Linux, encrypted backup drive and runs a differential backup every night.
  • Critically, the Windows PC has no direct access to the Linux backup drive.
  • My Linux laptop boots off a Linux flash thumb drive and does NOTHING but backup.

How does this protect me?

By using 2 different PC’s, the chances of BOTH of them being infected with ransomware at the same time is very small. By using 2 different operating systems, the chances of both being infected at the same time is drastically reduced.  While Linux is NOT virus free and is NOT ransomware free, it’s significantly more resilient and will NOT be infected by a Windows ransomware infection.  If, by chance, the Linux machine gets infected with Ransomware, it has only read only access to my data drive on my Windows PC and will not be able to encrypt it.  In either case, I have my full data on the other machine.

What happens if my Windows machine gets Ransomware?

I’ll reformat all of my Windows drives by booting off a clean flash thumb drive that has Windows installation media.  Then I’ll have to manually re-install my software, which will be a pain, but I have access to all of it.  Then I’ll need to restore my data to my data drive from my clean Linux backup.

What happens if my Linux machine gets Ransomware?

I’ll reformat all my Linux drives by booting off a clean flash thumb drive and then re-set up my backup system.  My Windows machine at that time should be clean.

Why doesn’t Encrypting my drives help me?

Encrypting your drives DOES  help protect you against adversaries trying to gain access to your data, but it does NOT help protect you against ransomware, which simply wants to DESTROY your data.  The reason is because ransomware runs after you’ve booted into Windows and Windows has decrypted access to your encrypted drives.  That means the ransomware has access to your encrypted drives too and can simply double-encrypt your data.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

Encrypting the Non-Encrypted Cloud Drive Services

Share

EncryptedCloudDrive

In this article in my series of “Encrypt All The Things!”, I’ll show how to fully encrypt your files on popular cloud drive services that do not support zero knowledge encryption.  Such services that do NOT support zero knowledge encryption are:

  • Google Drive
  • Microsoft OneDrive
  • DropBox
  • Box.Net
  • Amazon Cloud Drive

That is obviously not a comprehensive list.  Some that DO support zero knowledge encryption:

  • Mega
  • Spider Oak

That is also not a comprehensive list.  The problem with Mega is that it’s closed source, so you can’t confirm that everything’s on the up and up.  In fact, Kim Dot Com, the creator of Mega, was/is wanted by the United States government for hosting pirated material.  That’s why he created Mega, so he’d have zero ability to decrypt the data, which was a great big middle finger to the U.S. government.  He’s since left the company and now claims it can’t be trusted, but we don’t know if that’s just sour grapes from him, or if there’s a legitimate reason for him to say that.  At any rate, it’s closed source, so there’s no way to confirm.

Spider Oak is also closed source AND it costs money.  It’s not a free service.

But, there are plenty of free cloud drive services (listed above at the top of this article), but none of them support zero knowledge encryption.  But, there’s now a fairly easy way to encrypt those.

Download and install the free, open source software called Cryptomator.  You can get it here:

https://cryptomator.org/

As of this writing, they only have a Linux, Windows, and Mac version, but they are actively working on Android and iOS versions.

How it works

Once you install CryptoMator on your PC, you configure it to access each of your cloud drive services.  At the time of this writing, Cryptomator supports 4 of the popular cloud drive services.

  • Google Drive
  • Microsoft OneDrive
  • DropBox
  • (I can’t find information on the 4th one)

But, it should work with any cloud drive as long as you have a synced folder on your PC to that cloud drive service.  It doesn’t have to directly support your cloud drive service AS LONG AS your cloud drive software provides a local sync folder that other apps on your PC can access.

Below, I give general instructions.  The exact steps are clearly outlined in the CryptoMator documentation.  This will give you the basic idea of what you’re trying to accomplish…

Once installed, you add a “vault” to Cryptomator, create a password, and point CryptoMator to your local sync folder.  It will then create a virtual drive (using an unused drive letter) and store some encrypted files in your local sync folder.

Now, with your new drive letter, just put any files you want encrypted into there and NOT directly in your local sync folder.  If you put anything directly in your local sync folder IT WILL NOT BE ENCRYPTED!!!!  If you put files in your virtual drive that CrytpMator created for you and gave it a drive they, those files will appear as unencrypted to you as long as you have the “vault” unlocked with CryptoMator.  The actual encrypted bytes of the files are stored in the local sync folder associated with your cloud drive service.  If you open the sync folder, you’ll see meaningless file names and meaningless folder names with encrypted files in them.  That’s the encrypted data.  To have an unencrypted window into that encrypted data, simply open the new drive letter that CryptoMator created for you when you unlocked the vault with your password.

Since the encrypted bits are stored in your sync folder, they get synchronized with your cloud server and it’s those encrypted bits that are stored on the cloud drive servers.

Once you get that working, it’s a good idea to drag and drop all your previously existing NON ENCRYPTED files and folders from your local sync folder into your vault virtual drive.  Once you’ve confirmed they’re in the vault, BACK UP YOUR FILES, then you can safely delete them from your sync folder, which will delete the unencrypted files from your remote cloud drive, leaving only the encrypted bits.  Cryptomator will automatically encrypt them and store the encrypted bits back into your local sync folder, which your cloud drive software will then upload to your cloud drive service.

Caveats

  • Errors with large folders: I have about 64GB in my Microsoft One Drive.  When I tried moving my camera roll folder into my Cryptomator virtual drive associated with OneDrive, it kept failing.  I presume it wasn’t designed for folders with that many files or that many bytes.  After many days of effort, I finally did get it working.  I do not know if it was a OneDrive problem or a Cryptomator problem.  I had no issues encrypting my Google Drive nor my DropBox, but neither of them had as much data.
  • No Mobile (yet): Right now, there’s no mobile access to your encrypted data.  They’re actively working on both Android and iOS apps, so that may change by the time you see this.
  • No browser access: Since the web interfaces of these cloud services simply show you the files as they are on their services, after you encrypt your files and folders, when viewing them with a web browser on those services, you’ll only see the encrypted data.  This makes sense because the cloud drive services are unaware of the encryption switch-aroo you’ve done.  Don’t expect this to change.
  • Your Key: With zero knowledge encryption, you keep your key locally, but Cryptomator stores your key ON your remote cloud drive.  Don’t fret too much though.  It’s encrypted with your password that you made when you created your vault.  Technically, your password is your key.  In my judgment, it’s fairly safe.  Though, I wouldn’t be storing my archives of my classified State Department e-mail on any of these public cloud drives, even with Cryptomator. Winking smile
  • Meta data: The contents of your files are encrypted as well as the file and folder names, but the timestamps are NOT encrypted and neither are the number of files, the number of folders, nor the sizes of the files.  The timestamps are left as is in order for your cloud drive software (OneDrive, Google Drive, DropBox, etc…) to know when things have changed so it can sync properly.  The file sizes are a result of how many bytes you’re encrypting.  The number of encrypted files will be roughly equal to the number of files as they were before they were encrypted (but the contents will be fully encrypted).  This too is a side effect of how the syncing works.
  • Mobile still unencrypted: You should probably turn off or uninstall the cloud drive software on your mobile devices because you won’t be able to see anything but encrypted data.  Also, any files you have locally on your mobile device that you have set to sync will be uploaded UNENCRYPTED.  Then you’ll have a mix of both encrypted and unencrypted files on your cloud drive.  Remember, CryptoMator is actively working on Android and iOS apps.  When they’re available, you can install those and follow Cryptomator’s recommendations on what to do with your cloud drive provider software.

Use this information about the caveats

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

Zero Knowledge Encryption

Share

Zero Knowledge

Spideroak.com has this to say about zero knowledge encryption:

“Zero Knowledge means we know nothing about the encrypted data you store on our servers. This unique design means nothing leaves your computer until after it is encrypted and is never decrypted until it is unlocked with your password on your computer. It’s not just “end to end encryption;” it’s a Zero Knowledge System.”

Spideroak.com, by the way, is a cloud drive service provider.  Though, there are some critiques of the way they password protect your local key on your own PC, it is far more secure than Google Drive, Microsoft One Drive, Amazon cloud storage, DropBox, Box.Net, etc…

In short, if you have full control over your encryption keys and the remote service provider does NOT and cannot decrypt your data, then THAT is zero knowledge encryption.  Never settle for anything less.

 

Share

Why it’s proper to assume the worst

Share

wJBvW7L

When you’re securing your devices, network, and data, you do so as if you’re expecting the worst.  This, of course, doesn’t mean the worst is going to happen, but if you can protect against it, you should, and if you don’t, and you get hit, it’s your own fault.

“Are you Paranoid???”

It’s inevitable that when you discuss standard security practices online, you’re going to run into some uneducated yahoo that loves to scream “paranoia!”.  If we used their “logic”, then we’d have no blinds on our windows, no bathroom doors, no bedroom doors, no locks on our homes or cars, no health insurance, no auto insurance, no life insurance, no home owners or renters insurance, no smoke detectors, and no fire extinguishers.  Just because you’re taking obvious and appropriate precautions, does not a paranoid schizophrenic make.

Reduce Your Attack Surface

A basic security principle is to reduce your attack surface.  That means that you simply turn off or disable avenues of outside attack, except for the few that you definitely need to use and protect those as best you can when they’re open, and close them when you’re done using them.

Capture

The fact is there’s plenty of money to be made and is being made by malicious users around the world, whether it’s phishing scams, viruses, trojan horses, worms, stolen databases, direct hacking attempts, webcam hijacking, bots, ransomware, or any number of other attacks, if it’s online, it’s definitely being scanned by malicious users and poked and proded for exploits.

Your current software and operating systems and devices are not secure

Today, in the second half of the second decade of the 21st century, if you put a fresh install of Windows 95 on a computer and hook it to the internet, it’s estimated that within 45 seconds, it will be compromised.  I’m not trying to scare you away from Windows 95.  By now, you’re certainly on a newer operating system.  That’s just an example of what kind of attacks are constantly running and scanning everything hooked up to the internet.  Newer operating systems are much less vulnerable.  Let me clarify that.  Newer operating systems are no longer vulnerable to those old, known attacks, but they are still vulnerable.  Every week, Microsoft releases security patches to Windows.  They’ve been doing this for at least 15 years.  And next Tuesday (no matter when you’re reading this), there will be another round of security patches to close up some of the security holes your up-to-date copy of Windows has right this moment.  But, it will not fix the security holes that are still in it.  The following Tuesday, even more holes will be closed.  And the cycle will continue ad-infinitum.  Even as Microsoft continues close up more security holes, they’re always making other modifications to Windows to add new features or fix bugs, that ultimately open new security holes.

Capture2

Conclusion

It doesn’t matter how much you try to protect yourself, there will always be holes open for attackers, but you should, of course, close up the holes you know about, keep your software up to date, encrypt your data, don’t re-use passwords, use long passwords, preferably computer generated, use a password manager, and even cover up your webcam on your laptop with a piece of tape.  You’re not paranoid if they really are out to get you, and believe me and all the others in the security industry… They Are!  However, they’re most likely not out to get specifically you, just anyone or anything that they find that’s not protected, and that’s YOU, me, and everyone else on the internet.  Just as you lock your front door, close your bedroom blinds, and buy insurance, protecting your digital content is no different.  You’re not expecting anyone to rob you tonight, but you’re going to lock your door anyway.  You don’t expect to die today, but you have life insurance anyway.  However, unlike your front door on your home, your home network is constantly being probed.

Now, go an encrypt your data.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

How to deal with Trolls Online

Share

Years ago, back when Google+ was still in the invite phase, I wrote the following article on Google+ Netiquette:

Google+ Netiquette

Years have gone by and the pleasant days of invite only are gone and now we deal with trolls on a daily basis.  If you’ve spent any time online, you’ve dealth with trolls.  But what IS a troll?

Troll Defined

According to Google, it’s someone that “make(s) a deliberately offensive or provocative online posting with the aim of upsetting someone or eliciting an angry response from them.”

image

According to the Urban Dictionary, it’s “Being a prick on the internet because you can. Typically unleashing one or more cynical or sarcastic remarks on an innocent by-stander, because it’s the internet and, hey, you can.”

image

Let’s look at some real life examples of trolling, shall we?

Here’s a typical one I encountered recently.  During an innocent conversation about someone that got a chip on their Gorilla Glass screen on their Samsung Galaxy S7 phone, which, has a premium build glass and metal body (that’s important to follow the trolliness here)…

image

So, this troll jumped into an ongoing, pleasant conversation instantly stating lies (or he’s just 2 generations behind on his knowledge of what Samsung phones are made of), then he jumps to drastically wrong assumptions, repeats his misinformation, jumps to massive conclusions, attacks the entire Android platform, then expands his insults to all Android users across the entire planet, then accused me of being the troll when I called him out on his trolliness.  This thread went on further with more of the same.

image

Good Luck Lifestyle Theme Trolls 5″ – Ballerina by Play Along

This is just the latest troll I’ve dealt with and is a typical example of the trolls I deal with almost daily.  No doubt, in true troll form, if this troll ever sees this post, he’ll make a new thread claiming this post is all about him.  Reminds me of the old Carly Simon song, “You’re So Vain” … you probably think this song is about you.  Would be the same with any troll that I used as an example here.  This is just the most recent one at the time of this posting.

Of course, you see this behavior on any subject where people have opinions… politics, religion, science, favorite devices, etc…

But, how do you DEAL with these trolls?

There are 2 schools of thought on this and they’re both equally valid:

  1. Ignore them and the’ll go away.  Also known as “Don’t feed the trolls”.
  2. Take them on.

The conventional wisdom is “don’t feed the trolls”.  The theory goes that they only post to get people riled up and if you ignore them, they’ll go away.

While that’s true for some trolls, and in my opinion, a very small minority of them, it’s not true for all trolls and it’s my experience that it’s not true for most of them.  Ditto for the claim that they just want to rile people up.  My experience in dealing with them going all the way back to 1988 is that most of them are just people with strong opinions, poor social skills, and an extraordinarily sensitive ego.  Their purpose is not to rile people, but to make themselves feel better by belittling others.  When uncontested, they feel vendicated and that is a reward to them to do more of the same.

image

So, step 1, Don’t be a Troll!

See these Google+ Netiquette tips

Step 2:  Understand that you’re not necessarily dealing with this one troll, but combating a larger problem of trolls everywhere.

Step 3:  Determine what kind of troll this person is.  Are they just confused and if you provide corrected information, will it fix them?  Or, are they a repeat troller or trolling in a known trolling topic (such as iOS vs. Android or Republican vs. Democrat)?

Step 4:  Always try to first resolve issues politely and respectfully, even when the other party isn’t being respectful… IF you’re not sure they’re a repeat offender or trolling on a repeat troll topic.

Step 5:  Establish yourself as a polite, honest, reasonable person.  Politely try to resolve the problem.  Don’t give them an opportunity to label you as a troll.  They’ll do this anyway, but when you’re being more than polite, it only makes them look more ridiculous.  This is a big hit to their ego.

Step 6:  Re-confirm that you’re goal is to get to the truth, not to argue, and that you’d appreciate being treated with respect and that you’ll provide him (or her) with respect too.  Killing them with kindness makes their heads explode.  On a few occassions, they realize what they’ve done and apologize.  Sometimes they just leave, licking their wounds, usually blocking you on the way out.

There are, however, times when a troll needs a true smackdown.  I caution against this unless you can hold your own and are an expert in the topic being discussed.  Don’t be rude for the sake of being rude (that’s trolling), but feel free to mirror their insults.  Copying and pasting their own text against them is a great way to mirror their bad behavior that they can’t tag you on, because they’re actually the ones that wrote it.  Make absolutely certain that your facts are correct, because if you make any factual mistakes, YOU will be called out.  Keep reminding them that you tried to be civil, rational, and respectful, but they chose this path and you’re simply reciprocating the style of discussion that they chose… that it appears to be the only style they’ll pay attention to.  Also, trolls hate it when you use complex sentences and multisyllabic words or sound educated in any way.

Conclusion

When a troll has an unpleasant experience trolling (when their ego is hurt), they’ll think twice before trolling again, especially against you.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

Mobile: Encrypting All Internet Traffic

Share

This is one of many articles in a series I’m writing to cover end-to-end encryption for everything you do in your digital life.  I’ll cover encrypting specific types of internet traffic (like E-Mail, Web sites, etc…) in other articles.

For a primer on encryption, please read my article “Understanding Encryption” as it teaches VERY IMPORTANT concepts that you need to know before moving forward here.

This works for rooted AND unrooted phones.

Big Disclaimer

Before going any further, let’s make one thing perfectly clear on THIS particular encryption.  This does NOT make all your internet traffic encrypted from your phone all the way to the final destination!

So… What does it do then?

This will encrypt your connection from your phone through and past your ISP.  It protects you from your ISP and anyone snooping on  your local end of the network.  This is great for when you need to use public wifi.  Scammers running a free wifi node will NOT be able to see your data NOR will they know where on the internet you’re going.

So… What does it NOT do?

Excellent question!  Let’s say you’re browsing a website that’s NOT encrypted (like this page you’re on right now)… Under normal circumstances, anyone snooping your network traffic ANYWHERE on the internet… from your local connection all the way to the connection on my end at my website, can see:

  • Your IP address.
  • The URL you’re wanting to visit.
  • Anything you type on my search page.
  • The contents of the pages my website sends back to you.
  • In short, everything is visible and in the clear.

Using the techniques in this article, you’ll be on an encrypted connection from your phone, through and past your ISP to some random computer on the TOR network, to a couple MORE computers on the TOR network, till your connection finally exits the TOR network and gets back on the regular internet, possibly in another country.  From THERE, your connection from THAT computer to my website is entirely unencrypted.

So… Why use TOR then?

To hide your network activity from your ISP, your cell phone provider network, your employer’s wifi, your local government(s) (including the NSA and GCHQ (the British NSA)), and anyone else snooping on the network near your end of the connection.  It will also hide your IP address from the websites you’re visiting.  You can make yourself appear to be in just about any country you choose.

Will this guarantee no one can see what I’m doing online?

LOL!  You’re cute when you’re innocent.  Of course not.  NOTHING is 100% safe on the internet, but it’s pretty darn strong protection and causes even the NSA headaches.  Someone with lots of resources would have to be specifically targeting you and it would be very difficult for them, even then.  You’re reasonably safe even against the NSA, but not totally.

What does it encrypt?

Note that this is a method to obfuscate ALL your internet traffic from your Android device, not just web browsing, but everything, including traffic to and from the Google Play Store, Google searches, game communication.  Again, it will NOT encrypt an unencypted connection.  It will encrypt all steps of the connection up to the exit node (see “How does it work?” below).

How does it work?

There are thousands of computers all around the world volunteering to be part of the TOR (The Onion Router) network.  When you connect to the TOR network, you’re randomly choosing an entry node computer somewhere in the world.  That computer then forwards your traffic to another, randomly chosen computer somewhere else in the world, which then forwards you to yet another computer on TOR somewhere else in the world, which then forwards you to a randomly selected TOR “exit node” computer… a computer on TOR whose purpose is to act as a fake YOU to the sites you visit.  It’s THAT computer’s IP address that your sites will see.

All traffic between you and all the TOR computers that your traffic passes through is encrypted.  The TOR computers do not know of your entire connection path through all the TOR computers you’re connecting through.  ONLY your own device knows that.  This is to prevent malicious adversaries from trying to reverse trace where you are.

Doesn’t this slow my connection down?

You betcha!  Yes.  Yes it does.  You do NOT want to do this for a first person shooter game.  YOU WILL LOSE!

Step by step instructions (FINALLY!)

If you’re device is NOT rooted, you’re going to change your Proxy address to “localhost” and your port to 8118 after you download and install Orbot. Below the installation steps are steps on doing that below:

  1. Download the app “Orbot” from the Google Play store.Screenshot_20160404-165041
  2. Optionally, you may want to ALSO install “Orfox”, a browser made to work on the TOR network.  It’s a modified version of the FireFox browser.  It works in tandem with Orbot.  But any browser will work.
    1. Screenshot_20160404-165051
  3. Launch the Orbot app.
    1. Screenshot_20160404-165126
  4. Long press on the screen to start Orbot.
    1. Screenshot_20160404-165118
  5. If you want to appear to be from a specific country, tap the drop down control in the bottom right of the screen and choose your desired country.
    1. Screenshot_20160404-165145
  6. If your device is rooted, skip the following steps about configuring your wifi connection and go directly to step #11.
  7. If your device is NOT rooted, it requires a little more work.  Steps 7-9 will need to be completed every time you connect to TOR.  Go to Settings->Wifi and long press on your wifi connection that you’re connected to and select “Manage network settings”.Screenshot_20160404-165310 BLURRED
  8. Now check the box “Show advanced options”
    1. Screenshot_20160404-165317 BLURRED
  9. Change your Proxy to “Manual”.
    1. Screenshot_20160404-165332 BLURRED
  10. Change your Proxy Host Name to localhost and your Proxy port to 8118 and tap “SAVE”.
    1. Screenshot_20160404-165404 BLURRED
  11. If everything worked (and it doesn’t always), you should have a secure connection on the TOR network now.  Open OrBot and click the “Browser” button on the lower left.Screenshot_20160404-165118
  12. If you have OrFox installed, it should open OrFox and load a page that tests.  It will tell you if you’re on a safe Tor connection.  If you don’t have OrFox installed, it’ll launch your default browser and do the same thing.  Here are 2 screenshots, one of OrFox and one of Chrome:

Screenshot_20160404-165205Screenshot_20160404-165422

If it didn’t work, you’ll see a page like this:

Screenshot_20160404-165246 BLURRED

If you see the “sorry” page, launch Orbot, then open its menu and choose “Exit”, then go to step #3 and try again.  There’s no guarantee that this will work all the time.  Some days it works.  Some days it doesn’t.

image

How to end TOR and go back to NORMAL networking

  1. Open the Orbot app, long press, and Orbot will end the TOR connection.  The onion icon will become gray.
  2. Open the menu in the Orbot app and choose “Exit”.
  3. Fix your wifi proxy back… Settings->Wifi.
  4. Long press your wifi network and choose “Manage network settings.
  5. Click the check box “Show advanced options”.
  6. Change “Proxy” back to “None”.
  7. Tap save.

You should now have a normal network connection again.  As a last resort, simply reboot your device if networking fails to restore to normal.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

Hangouts: "photo sharing is not available because of your administrator settings"

Share

If you get the error “photo sharing is not available because of your administrator settings” in Google Hangouts (iPhone, Android, or any other platform) when you’re trying to send a picture (either by taking a photo within hangouts or just selecting an existing picture on your device), here’s what’s up with that and how to fix it…

Why you’re getting this:

You’re probably using an e-mail address that’s NOT @gmail.com.  You’re using Google custom domains (or whoever assigned you your account is using it) or Google domains for business or education.  Your account does NOT have “Google Photos” enabled.

image

How to fix it:

If you’re NOT the administrator for the domain, then contact your domain administrator (the person that set up your account) and have them follow the following instructions:

If you ARE an administrator…

  1. Log into your domain control panel and click on “User”.image
  2. Click on the appropriate user account.
  3. Click on “Google Apps enabled”image
  4. Scroll down to “Show more” and click it.
  5. Then click “Additional Google services enabled”
  6. Scroll down and click on “Google Photos”.  It’s probably “off”.  Turn it on.
  7. image

Now the user should immediately be able to send images from within hangouts.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share

Fitbit is a Major Privacy Peeping Tom

Share

I ran the setup for my new fitbit Surge watch and during the Windows 10 fitbit app setup, it showed me this list of fitbit owners from MY PRIVATE CONTACTS!FitBit Contacts cleaned

In this list of fitbit owners:

  • Dude from High School I barely knew
  • Ex girlfriend from Jr. High.
  • Several people I don’t recognize.
  • Bunch of girls I knew from 1-12 grades.
  • A good friend’s cheating ex.
  • Little sister’s friend.
  • Brother in law.
  • Wife of brother in-law’s good friend (dont’ know why she’s in my contacts… probably through a facebook sync from years ago).

Also, everyone else in my contacts that do not have a fitbit account.

Some of these names are NOT in my contacts on my PC, which means they came from my phone.  And for the Windows 10 app to know that these 16 people have fitbits, my contacts had to have been uploaded to the fitbit servers so it could compare them to its database.  At no time was I asked permission to upload my private contacts (from either my phone nor my PC).  And I’m guessing these people didn’t explicitly grant it permission to let me know they have fitbits and they will likely be notified that I have one, even though I’ve given no such explicit permission to notify them nor any explicit permission to hijack my entire contacts list.

Fitbit spying

In addition to this, 100% of all health data that a fitbit collects is uploaded to the fitbit servers, viewable by fitbit employees… all done without notifying you and certainly without asking for explicit permission.  Turns out, the only way to use a fitbit without uploading all your private data is to not use the PC app or the mobile app, but, of course, the fitbit is mostly useless without them.  There’s no technical reason for uploading our data to the fitbit servers.  The PC and mobile software could easily have communicated with the watch without the involvement of the fitbit servers.

While on technical support today trying to resolve why my fitbit won’t charge, I discovered that they have access to all my health information collected by this watch, even though the employee I spoke with said it “only” uploads… then rattled off every thing the watch does… “for the purpose of knowing your fitbit is working”.  In addition to that, they know when we charge them, when we reboot them, and what devices we charge them from.  All this without permission from us.  Sure, some of this is somewhat inacuous data, but I did not give it permission and collected together, all this information can be used against you.  This is your HEALTH information.

Just about any kind of personal information online can be used against you and your _*personal health*_ information is especially vulnerable.  In this article, I list ways that seemingly innocent information can hurt you:

So, HOW do you stop it?

  1. Don’t run the mobile fitbit app.
  2. Don’t run the desktop fitbit software.

Of course, without the apps, the fitbit is pretty much useless.  Your only real option here is to stop using your fitbit.  There should be other smartwatches that can do similar or better things that DO NOT send all (or any) of your private data to remote servers.

Thank you for sharing this article.  See this image?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Share