Locking up

In the light of recent events, I decided to take a little bit more care of my privacy. I am not overly paranoid concerning my data but it seems I need a certain level of confidence how the data can or cannot be accessed by third parties.

Sign and encrypt mails with GPG

I created a new GPG key pair according to this guide. For convenience reasons, I also removed the master signing key from my keyring. Thus when a malicious thief gets hold of it, I can revoke all signed subkeys but keep the accumulated trust in my master key.

This is the fingerprint of my currently used 4096 bit long key pair:

DD89 68B2 F64F 0260 A387  5EE0 018A 1479 4D3A 8106

All other keys that I used in the past are invalid from now on.

Also, I try to avoid the GMail web interface as much as possible and use Thunderbird together with the excellent Enigmail plugin instead. All out-going mails are signed and encrypted if possible.

Leaving the cloud

I removed all sensitive data from Dropbox and Google Drive. I know, they probably backed it up anyway but it’s a start. The most sensitive data (GPG master key, scanned documents, etc.) are saved on a USB thumb drive in an EncFS directory. It is the easiest and most comfortable solution I encountered so far. This should get you started:

$ sudo apt-get install encfs
$ encfs /path/to/usb/.secret /path/to/usb/secret
$ fusermount -u /path/to/usb/secret

I wrote a little shell script saving me from typing this over and over again. If the secret directory is empty, it runs the encfs line otherwise it unmounts it.


As said before, I am not a paranoid guy and I will try to be as open and public as possible as long as it does not touch my personal privacy.