content/blog/data-volatility.md (view raw)
1+++
2title = "Data volatility"
3date = 2022-01-14
4tags = [ "privacy", "foss", "advice" ]
5+++
6
7I tried to access my domain at smol.pub yesterday and I noticed the service went down. Fear started rushing through my veins as I noticed I would have to choose another platform and, most importantly, write everything back from scratch since I don't have a backup. This made me think about the importance of always having a backup stored somewhere.
8
9## Why though
10Creating a backup of your important data is crucial. On a daily basis, people discover vulnerabilities that allow remote code execution on any host machine. Try to imagine what would happen if someone ran a ransomware program on your PC. Would you be safe?
11
12This genuinely feels like fearmongery, but it's something that can seriously happen: you can be attacked by someone that specifically targets you. If you run Windows, you might be part of a botnet (think about all of the unsigned EXE files you've run since you installed the OS). What happens when someone doesn't need your machine anymore? Well, that person might try and squeeze some money from you by holding your files hostage.
13
14## Cloud backups
15Most people define cloud storage as follows:
16> Cloud storage is a way for businesses and consumers to save data securely online so that it can be accessed anytime from any location and easily shared with those who are granted permission. Cloud storage also offers a way to back up data to facilitate recovery off-site.
17
18Source: [Investopedia](https://www.investopedia.com/terms/c/cloud-storage.asp).
19
20In reality, cloud storage is no more than some dude's computer.
21
22As soon as you upload your personal data to any service, you're trusting it to store it in a safe and private way. If that software is not open source, you're basically asking to get spied on.
23
24Most people do not care about that, that's why cloud storage solutions are very popular and basically enabled by default on any device you might buy nowadays.
25
26I personally use cloud storage but I would never actually upload anything I actually care about on it...
27If you have to choose, I have a few suggestions.
28
29### Don't trust non-encrypted solutions
30Everybody has a Google account nowadays. If you forget your password, there is a way to recover it and get access to everything inside, including your Google Drive contents. As long as there is a password that can be changed or reset, your files are NOT encrypted and fully visible to anyone who has access to the Drive servers (Google or any other government agency that might want to take a peek).
31Most cloud solutions work like this, and it's actually frightening how many people trust megacorporations to have all of their private information available unencrypted.
32
33One encrypted solution I use is mega.nz.
34While I can't be sure that the mega team isn't spying on me, at least they're hiding it well if they do.
35Mega includes an encryption key with your account, which is not tied to your login information.
36This means that if you lose your key, you also lost all of your files, there is absolutely no way to get them back, even if you change your account password.
37
38Now, Mega is not open source, so you can never be sure that there isn't any backdoor, or that keys aren't stored together with your personal information, but at least it's something.
39
40### Encrypt your data yourself
41If you really need to trust Google, Apple or Amazon with your files, you can encrypt your files locally with the gpg command. This way, feds and big tech are going to need another password to actually access your private files.
42
43It's really easy, just two commands mainly.
44
45Encrypt:
46```
47gpg -c --cipher-algo AES256 secret.file
48```
49
50Decrypt:
51```
52gpg segret.file.gpg
53```
54
55If you need to encrypt a folder, you can compress it first:
56```
57tar -cf output.tar.gz secret-folder
58```
59
60Then encrypt your output.tar.gz archive as if it was a single file.
61
62After decrypting it, you can extract your archive through this command:
63```
64tar -xf output.tar.gz
65```
66
67Check out Mental Outlaw's [video](https://invidio.us/M0O7vhvQW30) about this very topic.
68
69## Local backups
70This is the best way to backup your data.
71You don't need to encrypt it if you have full physical access to your data, but you would still be vulnerable if it gets lost or stolen, so it's always better to keep it encrypted and safe.
72
73Of course, if you have a backup hard drive always plugged in your PC, it's not really secure at all, since one could remotely execute a ransomware that encrypts everything in your PC, including all drives both internal and external, so you would get your backup encrypted with the original files voiding everything you've done.
74
75This is why you should keep a GNU/Linux device that only serves backup purposes and is turned OFF most of the time. As long as no current runs through your CPU, your files are safe. You should only turn it on once a month and copy everything important over, so you have a safe and offline backup.
76
77You could also use a USB stick or external hard drive, as long as you only plug them in your PC when necessary.