I recently spent a month separated from my trusty HP Pavilion DM1 laptop, having managed to break the screen a week into our Central / South America trip. The screen has now been replaced and I’m taking the opportunity to review and enhance my IT infrastructure. In particular, I have set up a transparent encryption and cloud-backup solution to keep all my files safe and permanently available.
To start with, I created a Dropbox folder on my computer. Dropbox, if you don’t know, gives you a folder on your computer which looks and acts like any other folder, except that its contents are transparently backed up to Dropbox’s servers. From there you can access them through the Dropbox website, or on any other device on which you install Dropbox (or a compatible app).
You can set up a fully-functional basic Dropbox account with a quota of free storage, or if you need more storage pay an annual fee.
Dropbox works so well that it almost entirely solves the backup needs of a typical user. However, there is one area where it falls a bit short – security. While Dropbox encrypts files as it transfers them to it servers, it stores them on its servers in an unencrypted format (as far as I can tell). This means that not only can Dropbox employees potentially access the contents of your files, but should Dropbox ever have a security breach, your files could potentially be exposed. To solve this we need an extra layer to our backup process.
Update: I’m not using Boxcryptor any more (see below), but I’ll leave the details here in case it is useful to anyone
Boxcryptor is a neat, free tool. It allows you to set up a virtual drive on your computer and will automatically copy any file you place on to that drive into your Dropbox folder, encrypting it before it does so. So if you work entirely in the Boxcryptor drive, any files you create are encrypted, copied into your Dropbox folder and then sent to Dropbox’s servers. As the files are encrypted before being sent to Dropbox, the security issues mentioned above are removed. To access your files in the Boxcryptor drive, you must enter a password each time you start your laptop (though you can choose to have Boxcryptor remember your password if you like). To access your files on another device, you install Dropbox on that device, connect it to your account, then install Boxcryptor and point it at your Boxcryptor files in the Dropbox folder. This sets up a virtual drive on that device which is syncronised with the one on the original drive. Enter the same password to access the virtual drive and voila, you’ve got shared, encrypted, backed up access to your files on both devices. Now you can (within reason) trust that your files will remain secure and available at all times.
Unfortunately, there are still a couple of imperfections to this solution. For one thing, Boxcryptor does not support compression. So files are encrypted and copied to Dropbox without having been compressed. Normally this would be okay as Dropbox itself compresses files before transfer, minimising transfer times and bandwidth usage. But encrypted files, being indistinguishable from random data, are not compressible, so Dropbox has to transfer them at their original size. This is wasteful, eats up your Dropbox quota and potentially reduces our productivity by creating syncronisation delays, etc.
Another issue with using Boxcryptor (though it is not an issue with Boxcryptor itself) is that some third-party programs do not play nicely with virtualized drives. Notably Apache running in XAMMP can’t support a htdocs (web files) folder in a virtualized drive – at least not with a lot of time-consuming customization. For ordinary users, this is probably meaningless. For developers it is a near-fatal flaw in the setup. Fortunately, there is a solution.
The solution is to introduce a third layer to our backup process. We want to be able to work in a regular windows folder (to prevent issues with virtualisation issues). We can then automatically syncronise this a folder in our virtualized Boxcryptor drive. And as the icing on the cake, we want to have the file copies stored in Boxcryptor in an encrypted form. The syncronisation seemed straight-forward enough – plenty of products exist to syncronise two folders on windows. But compressing one side of the synchronisation was a much bigger ask. And it had to be on a per-file basis so individual files could be replicated rather than requiring our entire file-system to be re-sent to Dropbox every time we changed a single file.
I had almost given up hope of solving the compression requirement. Until I found SyncBackFree. This brilliant program is a) free, b) very powerful. With it I was able to set up automatic syncronisation of my standard windows folder to the Boxcryptor folder, at one minute intervals with per-file compression on the Boxcryptor side. Exactly what I wanted. Configuration took a little bit of time (20 mins or so) to get things working the way I wanted (as there are options for everything). But it was well worth the effort.
Update: After using SyncBackFree for a bit, I realised it wasn’t quite as perfect as I thought. While it does pretty much all I said, it lacked true two-way syncronisation, so sometimes when I deleted a directory on one folder it would be recreated at the next sync, rather than removed in the other folder. Fortunately SyncBackSE (the paid version of SyncBackFree – available for $35) does two-way syncing and so upgrading (I’m currently on the free trial) provides the level of syncronisation my solution required.
As an added bonus, SyncBackSE does decent encryption (AES-256 rather than just old-style winzip), so I was able to simplify the above solution considerably, by having SyncBackSE do my encryption and removing the Boxcryptor component entirely.
So here’s where the solution is at.
I store all my files in one windows folder. Once every minute
SyncBackFree checks this folder for changes and updates a per-file compressed copy of my files, stored on a virtual drive. As soon as the files are updated on the virtual drive, Boxcryptor SyncBackSE makes an encrypted, compressed copy and stores it in my Dropbox folder. From there Dropbox backs up the files on its servers.
The changed files can then pushed to the Dropbox folder on another computer
, where they are picked up by Boxcryptor, decrypted and dropped into another virtual drive. From here another instance of SyncBackFree SyncBackSE picks them up, decrypts, decompresses and drops them into a standard windows folder.
Of course, this works in both directions, so I can modify files on any device and have it synchronised to every other device.
Cost-wise, this is
totally free a once-off $35 fee if your total storage is within Dropbox’s free quota (5Gb at the moment, I think). It uses as little storage space on Dropbox as possible (admittedly there are multiple compressed copies stored on your local system, but local storage is not usually the limiting factor here). And everything is encrypted locally so nothing should be in an accessible form once it leaves your laptop.