Web-Based Private File Storage?

steve802 writes "Recently, someone died in our company, and word is getting around that the admins who were given access to his Outlook account have found personal things that are embarrassing at best (the rumor mill differs on what was found). No matter, it raises a question. I have personal stuff in Outlook folders that I would not want someone in IT to see if I suddenly dropped dead: emails to the wife, photos of the kids, that kind of thing. I also keep a journal at home that I save to a server; personal reflections that I never want anyone else to see, especially if I die. So I was thinking that some sort of web-based storage for files, individual emails, and perhaps even Outlook folders would be perfect. All my most private personal stuff in one place. I found CryptoHeaven, which seems to offer some of what I'm looking for — but it is pricey. I'm willing to pay, but something less than $400/year would be nice. Best would be a service with a dead-man's switch, so that if I don't access it in, say, three months, it auto-purges. Any thoughts?"

Separate them

[Anonymous Coward]

Dont use personal info on work systems. Often time anything in there is usually subject to scrutiny.

Translation

[grahamsz]

I think you mean "emails to the wife, photos of the wife, that kind of thing"

Work account?

[The MAZZTer]

Solution: Don't do personal stuff on your work account...

Whats the surprise?

[mschoolbus]

They can already read your emails..

Don't send personal emails at work?

[Anonymous Coward]

How about not sending personal emails using your work email account?

Problem solved.

Why?

[quarkoid]

I've got to ask the question, but... why?

I mean, if you don't want anybody to find this stuff when you're dead, why bother collecting it when you're alive?

And for the 'pictures' of the wife, what's wrong with a Truecrypt store?

You'll be dead

[Anonymous Coward]

Are you really going to care that much?

Completely Disagree

[TehZorroness]

When you die, your writings and works are the only thing left of you. They are the only way for someone to try to dig deeper into your mind and build up an understanding of your true character. A lot of crazy shit happens in a lifetime, someone may really appreciate you leaving a book of your reflections behind.

Re:Work account?

[Kronos.]

Indeed, a technical solution is not needed for this problem as far as I see it. A little common sense and separation of work and personal life would go a long way.

Re:TrueCrypt?

[Anonymous Coward]

Then you lose your job. The OP is not asking how to protect his job. He's asking how to protect his private data while accessing it on a company PC. That includes some risk.

Discretion?

[Xacid]

I'm kind of surprised I haven't seen any comments on the bigger issue - the IT folks entrusted with this data who let data leak (or at least rumors of the content). As a system admin - if you're at that level you're already not trustworthy enough to keep that postion and would probably be reassigned depending on the severity. Understandably if it's something illegal then it needs to be report it but even still - discretion is still required. It's no one else's damned business.

Compare this to your HR person - would you like them to spill your SSN randomly here and there? Just because the guy is dead doesn't mean his data requires less care.

Anywho - as far as technical solutions 1) don't put personal stuff on a work computer, 2) even some web space and an ftp account should be nearly sufficient if you just need a place to store files remotely that isn't easily accessible.

Re:Separate them

[Anonymous Coward]

Absolutely. Never, never, never, never use your employer's computers for personal stuff. At all. Period. That computer is your employer's, and anything you put on it is also his. Whether that is strictly, legally true is immaterial. In practical terms, it is.

You keep personal reflections in a journal that you never want anyone else to read, ever? Then, don't write it down. Duh. Anything you really don't want your survivors to ever under any circumstances see--physically destroy it. Don't have physical access? Oh, well.

Assume that anything you write down, especially if you store it on someone else's computer, will be read by someone, probably the owner of the computer. If it's on your own computer, it becomes your wife or childs computer when you die. Anything you left there is theirs.

Don't want to take this advice? Don't come crying to me if, after you die, somebody sees something you didn't want them to.

Re:Work account?

[TooMuchToDo]

Pay for a virtual private server somewhere. Tie it to a credit card or some payment method that you need to keep paying. You die? Payments don't get made, hosting provider nukes the virtual machine after X days for non-payment.

Re:Encryption

[bsDaemon]

I understand that it be a wicked long time before they crack the passphrase, and that a good passphrase is key. Mine is pretty amazingly awesome (long, case switching, numbers for letters, all that good stuff) but I still feel better knowing that there is a hard limit on the short side that prevents a successful attack.

Re:GOOGLE MAIL

[icebraining]

WinRAR? Turn over your geek card.

At least, use gpg to encrypt it and Dropbox to automate uploading/downloading. Bonus points for an automated encryption system (encfs mount point, for example).

Good God, only use work email for work!

[stevegee58]

I only exchange emails with my wife and friends using my gmail account.

Clean house in your work email and stop doing that.

Re:Freenet

[JumpDrive]

If he really wants to protect it, then he should also encrypt it.
My brother passed away a couple of years ago and I was able to gain access to his web server. I knew the CC used and the email address used. There wasn't anything on there, but the expected files, but if he wants to keep it secret permanent after death, then encrypt with a long key.

Re:Why?

[stdarg]

After he's dead, he still doesn't want people to know because it'll reflect badly on him and make people he's close to feel bad or uncomfortable?

I mean just because you'll be dead doesn't mean that you, now, alive, can't think of other people's feelings and how future revelations will affect them.

Re:Why?

[stdarg]

Is it fear that society would make you a pariah post-mortem? Whet do you care? Death is forever, the last thing you'll do in your life :)

It might be uncomfortable for your still-living family. Why would you not care what happens to your family after you die? Do you also think people who buy life insurance are dumb?

Re:Web-Based Private Is An Oxymoron

[spazdor]

Web-Based Private is an oxymoron

Actually, they have this thing, "cryptography" now.

Re:Encryption

[vux984]

After 10 unsuccessful attempts at entering the passphrase in a row, it destroys the key, never to be recovered again.

If I was transporting a copy of the data across national borders, and I didn't want customs to get a copy... a self-destruct sequence makes a lot of sense. But to have a permanent sword of damocles dangling over the data by a thread... If I valued the data so much that I was willing to go to extremes to protect it... and then set it up to be irrevocably trashed that easily... I might as well just delete it now to save myself the aggravation.

Re:Freenet

[Anonymous Coward]

All this for stuff after you're dead. Who the Hell cares? You're either in heaven, hell, limbo, reincarnated with no knowledge of previous life, or worm food, and in any of those cases you've got bigger things to worry about (or nothing at all ever depending). I can see someone else wanting life insurance on you, but not you wanting it for yourself, since when it gets used you won't care, and that's a much bigger thing than whatever sicko porn collection you happen to have for whatever reason. Your reputation with other people means nothing once you die. Either there's some omnipotent being that already knows all that crap about you, or there isn't and either way, who the hell cares?

Work email accounts are for work email

[Anonymous Coward]

Are we still discussing this today? Use your work email for work only. If you don't want it printed and put on the office wall, email from 1) the web using hotmail/gmail/yahoomail/etc. 2) use your personal cell phone 3) use a portable client on a usb drive to send via your personal account. 3) Connect to a pc at your home to send email via logmein/etc. By encrypting you are just going to get management and the IT admins pissed. I tell my users, that if they type it on a company computer then it belongs to the company. If you don't agree, you need to talk to your manager and get the "official" word.

Re:You'll be dead

[Anonymous Coward]

In the same way a funeral is not for you, it's for your family or other people associated with you. They are going to be the ones to suffer when everyone learns about your octopus porn collection

Re:Work account?

[roman_mir]

I have a better, more perfect solution.

Don't die.

(in the unlikely event that you do die, ask yourself a question: "why do you give a fuck what anybody finds out about you? Really?")

Re:Discretion?

[fermion]

I would have to respectfully, and completely, disagree. Work computers are for work. The company is responsible for the machine, and to some extent what is done with it. If the IT staff let a rumor fly, it may well have been strategic to remind the staff that what is on their computer is not private.

Given the naivety of the question, it is clear such a reminder was justified. The question implied that no one knows exactly what was on the machine, porn, naked pictures of the spouse, naked pictures of a lover, love notes between the spouse and the lover, plans for a jewelry heist, communications with a wetware person to terminate the spouse or lover? Who knows. The content is not the issue. It is that a company-public computer may have extensively used for something that could be embarrassing to some people.

As far as the comparison to HR, that is faulty. Again, the post strongly indicated that no details were released. A better comparison would be HR telling staf that person was no longer employed because they were in jail. This may be done so the staff know that a round of layoffs is not happening.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Completely Disagree

[Angst Badger]

When you die, your writings and works are the only thing left of you. They are the only way for someone to try to dig deeper into your mind and build up an understanding of your true character.

Thanks, but I don't owe that to anyone. Period. The very thought of someone having unrestricted access to my private writings makes me feel physically ill. And it's not because I have any unusual skeletons in my closet, it's because that access would be a total violation of my personal boundaries. You're welcome to what I choose to share while I'm alive, and I share quite a bit, but I don't belong to you or anyone else. Quite frankly, I like the idea that I'll be completely erased by death. Having spent my entire life with claims placed upon me by family, employers, government agencies, creditors, and countless social organizations, it is no small comfort to know that something will escape the insatiable demands of my fellow man.

NAS

[DogDude]

You could just put a NAS in a closet and use that. You'd have 100% control, and you could do it for $0 if you use something like FreeNas.

Re:Freenet

[kernelphr34k]

Web-Based 'Private' file storage does not exist IMO. This private data that's on the web. The server the data is hosted on will get cracked, or the database will be compromised and then cracked....its just a matter of time...

If you have all this private data in your work email, then its you're fault. Stop sharing now, delete what you can before you die. Use another email client/service when at work to send dirty emails to your wife, and use the work email for work!
br> You should start trying to secure this private data @home where it could be physically secure, as well as offline. Transfer this data from once PC to another with an encrypted USB stick etc.. Just an idea.

Read this from EFF: https://ssd.eff.org/3rdparties/protect/storage [eff.org]
This is a good read too: http://www.eff.org/wp/trusted-computing-promise-and-risk [eff.org]

Re:Separate them

[shentino]

It has nothing to do with privacy.

It has everything to do with misappropriation of company property for personal usage.

Re:Freenet

[Mr. Freeman]

Because your secrets could possibly affect other people. For example, your wife might not be looked upon too highly if people know that she married a guy that was into some weird fetish. Also, their secrets might be stored with your stuff as well. Those things should not be released.

Re:Freenet

[McFadden]

Cross platform compatibility

He's a Mac user.

There aren't any other platforms.