Are they just sitting on your hard drive? After all, they may contain sensitive data. How about something like Cryptomator?
1 Like
Full disk encryption here, always powering down the machine when I am away from home/work.
3 Likes
I use full-disk encryption (FDE) like f-a. In my case, it’s through VeraCrypt. Most of my financial documents are in fact double-encrypted because they’re stored in a standalone VC container I created long before I started using FDE.
If I wanted per-file encryption instead, I’d probably use age, which I’ve been impressed by over the past few years:
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
1 Like
100% this. Luks on all my disks.
1 Like
I use Keybase git.
Using git keeps my workflow normalized. Using Keybase keeps it secure, end-to-end and zero knowledge. If I lose trust in Keybase, I could
- temporarily use
git-remote-dropboxif I trust Dropbox[1] - write the repo to a single file with
git-bundlethen encrypt it probably withage, then store it probably on Dropbox or GDrive - set up a git server (Gitea, ForÄťejo, Gitbucket, etc.; GitLab is too much really) inside my firewall, and set up encrypted backups to Dropbox or GDrive or S3 or Tarsnap or whatever
I try not to be too paranoid. Someone is more likely to socially engineer or subpoena my financial institutions than to compromise my workstations or servers, but that’s just my threat model.
Like cryptocurrency private keys, the safest financial data is that which is offline and never connected to a networked computer.
Questions about Dropbox’s security and compliance enter my mind, but my threat model does not include entities that could not already get my financial data from the financial institutions I use. ↩︎
3 Likes