Locking up

In the light of recent events, I decided to take a little bit more care of my privacy. I am not overly paranoid concerning my data but it seems I need a certain level of confidence how the data can or cannot be accessed by third parties.

Sign and encrypt mails with GPG

I created a new GPG key pair according to this guide. For convenience reasons, I also removed the master signing key from my keyring. Thus when a malicious thief gets hold of it, I can revoke all signed subkeys but keep the accumulated trust in my master key.

This is the fingerprint of my currently used 4096 bit long key pair:

DD89 68B2 F64F 0260 A387  5EE0 018A 1479 4D3A 8106

All other keys that I used in the past are invalid from now on.

Also, I try to avoid the GMail web interface as much as possible and use Thunderbird together with the excellent Enigmail plugin instead. All out-going mails are signed and encrypted if possible.

Leaving the cloud

I removed all sensitive data from Dropbox and Google Drive. I know, they probably backed it up anyway but it’s a start. The most sensitive data (GPG master key, scanned documents, etc.) are saved on a USB thumb drive in an EncFS directory. It is the easiest and most comfortable solution I encountered so far. This should get you started:

$ sudo apt-get install encfs
$ encfs /path/to/usb/.secret /path/to/usb/secret
...
$ fusermount -u /path/to/usb/secret

I wrote a little shell script saving me from typing this over and over again. If the secret directory is empty, it runs the encfs line otherwise it unmounts it.

Conclusion

As said before, I am not a paranoid guy and I will try to be as open and public as possible as long as it does not touch my personal privacy.


Discussion