Cloud Storage: To Encrypt or to Not Encrypt

Recently Google Drive launched which for some people like myself who already subscribed to Google’s yearly plan of 20GB of storage turned out to be a wonderful thing. The reason being that this meant we were grandfathered into their lowest tear plan at the old price of $5.00 a year. Score! However while I was putting my files on Google Drive I had a feeling that I was doing something wrong. But what could it be? Did I subconsciously feel I was taking advantage of Google? Nah.

The funny feeling I was having was my common sense telling me “are you serious, why are you doing that?” I didn’t see the harm in what I was doing for a few days and I kept thinking “what, I want the drive space, I like Google, I (kinda) trust them.”

After some further thinking I summed up my uneasiness of the thought with this analogy. Let’s say your cool neighbor had a shared drive for the whole block to backup their data to. Let’s say he made sure each person couldn’t see the other person’s stuff, would you be cool with it? Yeah after all you like him, he’s your cool neighbor, right? Well you shouldn’t be and here’s why. First the obvious, why in the world would you trust your neighbor with your data no matter how useless you think your data is? Second how do you know that neighbor has taken the correct precautions to ensure your data isn’t looked at by others? And last how do you know that neighbor doesn’t have an evil brother that looks through all you and your other neighbor’s stuff to get the information to take out credit cards in your names? Don’t do it without taking precautions yourself. Encrypt!

So with that in mind I armed myself with some tools to make sure my data was encrypted before I uploaded it to Google’s servers. I downloaded TrueCrypt (free) and created a 300MB volume for my super private data. The limitation of this is that once your encrypted volume runs of out of space you would have to create a larger volume and transfer your files over which could be time consuming. So in addition to a TrueCrypt volume I also encrypted some standalone files using GPGTools (free) which in addition allowing me to encrypt standalone files, it also allows me to store keys and send encrypted emails. This time I think Score! is appropriate.

Check out this video showing how simple encryption is using GPGTools.

Though these methods for protecting your data can be time consuming. It will be time well spent if it means keeping your identity from being stolen and having to deal with the hassle, or keeping a rogue Google employee from sifting through user data in search of some valuable information, or keeping the government off your back for something you are writing which pushes free speech.

Open WiFi Privacy and VPNs

On Laptops

So i’ve been looking into securing my internet browsing lately. Thinking of sure ways to avoid man-in-the-middle attacks and falling victim to things like Firesheep since I use a lot of public wifi. I had recently discovered the VPN service HotspotShield.com (free) which encrypts your internet browsing from point to point thus avoiding any sort of WiFi snooping. It is a very good solution but didn’t seem reliable as of late and its ads got a bit annoying. But if free is what you are looking for I seriously recommend it.

I then invested in a year’s worth of PrivateInternetAccess.com’s VPN ($40 a year). It’s great if you set it up using your system’s native VPN abilities. Sometimes it disconnects when you put your computer to sleep (which some might see as obvious though it rarely disconnects for me when I do that.) Regardless it is still very nice and reliable, especially when you set up a script (Mac) that automatically turns it on upon boot. : )

Script:

tell application "System Events"
	tell current location of network preferences
		set VPNservice to service "My VPN's Service Name"
		if exists VPNservice then connect VPNservice
	end tell
end tell

Source: http://macscripter.net/viewtopic.php?id=22992

So VPN services seem like a great way to protect yourself on open networks and even to keep your ISP from peeking at your data and selling it off to the RIAA, ad networks, data miners, governments, etc. It is important to keep in mind that most of these company’s terms of service specifically say that they do not condone using their VPN for illegal activities.

On Mobile Devices

During my venture I did run into a problem; my phone would not let me connect to my VPN service. Many of us use smartphones most our day and what good is it encrypting your laptop’s traffic when you mostly surf the web on your phone? And can you even be sure your bank apps and other sensitive apps connect to their remote websites via SSL/ Secure Sockets Layer (protocol which encrypts your traffic on a per site basis)? There is no easy way of knowing.

So the problem I faced and many have faced is that some wireless carriers seem to block the ability to use VPNs on phones. For example my Droid X on Verizon can’t seem to successfully use my VPN no matter what I try. I even tried the rooted route, nothing. After much googling I came to the conclusion that there is nothing I can really do about it, my carrier has it’s firewall set up to disallow it, hopefully for security reasons and not because they want you to purchase a business account *cough*.

One thing I do know is that VPN connections actually seem to work on Apple iOS devices seamlessly. Maybe it’s because the device has been untouched by the carrier and works the way manufacturer means for it to work (+1 for Apple).

Update: After two weeks I decided to try to VPN from my Droid X again and it worked. Was something down when I tried it last or did Verizon see this post? Something was probably down. Anyways VPN now works on my Droid X on Android 2.3. Like on the iOS devices it disconnects after a few minutes so you can’t live on it like I wanted to. : (

My Conclusion

After purchasing a VPN service for a year and trying to hook up all my devices to it. I Came to a realization that complete security is almost impossible. Computers (and smartphones) don’t always stay connected to the remote VPN like one would like. In my opinion VPN is good if you frequently use open coffee shop WiFi to avoid lurking ‘hackers’ from getting their sticky hands on your info. And if that costs $40 a year then I think it is well worth it. As for your Android phone that doesn’t work with VPN because your carrier hindered it, keep it on 3G as much as you can! Or…*sigh* get an iPhone. Ouch that hurt.