Web-Based Private File Storage?

steve802 writes "Recently, someone died in our company, and word is getting around that the admins who were given access to his Outlook account have found personal things that are embarrassing at best (the rumor mill differs on what was found). No matter, it raises a question. I have personal stuff in Outlook folders that I would not want someone in IT to see if I suddenly dropped dead: emails to the wife, photos of the kids, that kind of thing. I also keep a journal at home that I save to a server; personal reflections that I never want anyone else to see, especially if I die. So I was thinking that some sort of web-based storage for files, individual emails, and perhaps even Outlook folders would be perfect. All my most private personal stuff in one place. I found CryptoHeaven, which seems to offer some of what I'm looking for — but it is pricey. I'm willing to pay, but something less than $400/year would be nice. Best would be a service with a dead-man's switch, so that if I don't access it in, say, three months, it auto-purges. Any thoughts?"

GOOGLE MAIL

[stanlyb]

Create a google email account.... Nooo, i am just joking.

TrueCrypt?

[e065c8515d206cb0e190]

Why does it have to be web based? If the only requirement is absolute privacy, TrueCrypt will suffice.

Web-Based Private Is An Oxymoron

[Maarx]

Web-Based Private is an oxymoron. Why does this have to be web-based?

It would be pretty trivial to set up a Linux distro with two hard drives, one with the simple operating system and the other an encrypted drive with a passphrase, and set up the OS to nuke the second drive if the current time is ever greater than three months from the last time the passphrase was successfully supplied.

Re:Separate them

[shentino]

Indeed.

Best solution to keeping your boss out of your personal stuff? Don't do personal stuff on company time.

Re:Freenet

[0100010001010011]

I have Chrome, Thunderbird, my MP3 player and DropBox on TrueCrypt partitions.

Computer is PowerCycled and it's "gone". Since speed isn't a huge factor I went paranoid and went with AES-Twofish-Serpent. Good luck recovering my stuff.

I use DreamHost [dreamhost.com] for my mail/webserver. They're not 5-9s but they're cheap and still seem like they are a "small company". Plus they wrote Ceph [newdream.net], (distributed/scalable file system, which merged into 2.6.34.)

I'm sure you could write cron script or something to run on the shell to do what you're talking.

Re:TrueCrypt?

[ds_job]

Which is what the two key "Plausible Deniability" feature is all about:
http://www.truecrypt.org/docs/?s=plausible-deniability [truecrypt.org]

SpiderOak.com

[Anonymous Coward]

I use spideroak.com as it is convenient, multiplatform, synchronizes across machines, provides a backup and is secure through encryption on my local machine - and it is free.

Re:TrueCrypt?

[Andy Dodd]

Portable TrueCrypt requires admin rights.

Re:Freenet

[Anonymous Coward]

Please don't respond to commodore64_love, he's retarded and you're just encouraging him. Thanks.

My two cents.

[istvaan]

My thoughts are similar to those which have already been posted, but here's my two cents anyways.

1.) Do something about that IT staff. Their behavior is unprofessional at best, borderline illegal at worst. As Network and Systems Administrators, we essentially have the "keys to the kingdom." As such, it is our responsibility to exercise professionalism and discretion at all times. We are entrusted with this data -- employee data, customer data, what-have-you -- because it needs to be managed, secured, transported, and we know how to do that. When I ponder this, it sometimes brings to mind a line from Angels & Demons: "Be delicate with our treasures." If management has asked that the late co-worker's email be opened and archived, and that email happens to contain pictures of him in a tutu and a snorkel dancing hip-deep in a lake, and IT happens to see these photos, it is their responsibility to maintain their professionalism, and to say nothing about it.

2.) Do not, for any reason, store personal data on company resources. Period. Company resources belong to the company, and, as such, the company has the right to inspect any and all data which those resources may contain. My personal data on my laptop, and my personal mail (which sits on an IMAP server which I administer and to which I have physical access) are backed up to DVD every quarter, and those DVDs are placed in an envelope in a sealed plastic bag - along with a hardcopy of my password spreadsheet - in a safe-deposit box. My Will clearly states who gets access to that box if I should happen to fall under a bus, as does the paperwork at the institution which houses the box. It's not the fanciest solution, but it's effective, and I like it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

That would be great....

[jotaeleemeese]

.... if companies didn't encroach in personal time.