Pages

Wednesday, 14 October 2015

How to Encrypt Data on External Drives

It's not hard to lose a USB flash drive; it's even easier to steal one. If you're the victim of such a theft, panic is understandable. There could be work documents, private pictures, your kid's birthday party video, or amazing notes for a NaNoWriMo novel—anything—on that drive. It's unlikely to be the only copy—this is the age of online backup and sync, after all. But if you're crazy enough to trust your most important, irreplaceable data to a device that's even easier to misplace or forget than your keys, at least make sure that data is secure.

What you'll need is software for encrypting the data, and that software has to be portable, in that it runs on any PC without installation, since it will likely run from the flash drive itself. Note, these solutions also work with any external hard drive, for the most part, plus your much-harder-to-steal internal hard disk drives (HDDs) and solid-state drives (SSDs).

Encryption Software

The first choice should always be to try a free software solution. A current favorite these days is VeraCrypt. It's free, open-source, and Windows-only. It lets you create a volume/vault on your USB flash drive that only you can access, or encrypt an existing drive (as long as it isn't system necessary, like your C: drive), or optionally, encrypt the entire system drive so anyone who tries to install programs or read/write files would need to enter a password each time. That last one is overkill; stick to the first few options.
VeraCrypt install
The volumes created by VeraCrypt can be standard—they're visible but only the person with the password can get access—or hidden. With the latter, even if you're forced to give up the password, it's unlikely anyone can find your data to get access anyway.

When you go to install VeraCrypt, there's an option to Extract. Do that and extract the files to your USB Drive. That makes a portable version, so you don't need to have VeraCrypt on every system that you'll plug the drive into—but it does have to be on an administror-level log-in on the PC.

The VeraCrypt site has an excellent step-by-step tutorial. Another free option is CipherShed; both are off-shoots of the late, great TrueCrypt. BitLocker, which comes with select versions of Windows (the non-"Home" versions), can also be used to secure USB or external drives. If you prefer to pay, check out the $12.99 EncryptStick, which comes for Mac and Windows.

Secure Flash Drives

There are millions of USB flash drives around—I have three of various capacities littering my desk at the moment. So using third-party software to secure their contents makes great sense. But if you want security from the start, there are plenty of drives that come with security built right into the hardware.

A few select flash drives have a number pad right on the drive itself. You enter a PIN code before you can access the contents. They include the Aegis Secure Key 3.0, a $65 flash drive at 4GB with FIPS 140-2 Level 3 encryption (pictured right; it also comes in 8, 16, and 32GB versions).

If you think reaching for the number pad is an issue, there's also a few biometric USB flash drives. IronKey, by Imation, is a pretty well-known name for secure drives; it's F200 with built-in finger-swipe (pictured above) and throws in multi-factor authentication for your files. The price, of course, is much higher, with the base model with 8GB starting at $189 direct and shooting to a price of $649 for 64GB! It gets good marks for security, but most reviews also say its performance is lacking.

But you don't need to have anything fancy built into the hardware of your USB flash drive to be secure. Several models come with encryption software. It's held in a partition of the drive itself and looks to Windows like a CD, so it can auto-play activate when inserted, giving you instant access. Some options include the Kanguru Defender 2000 (4GB for $69); IronKey F150 (8GB for $139), Kingston DataTraveler Vauilt Privacy 3.0 (4GB for $35), and several more. All of these listed are base models; you can always get more capacity by paying more. For savings, be sure to compare on Google or using Amazon.

Friday, 9 October 2015

IPFS (InterPlanetary File System): Why We Must Distribute The Web

IPFS isn’t exactly a well-known technology yet, even among many in the Valley, but it’s quickly spreading by word of mouth among folks in the open-source community. Many are excited by its potential to greatly improve file transfer and streaming speeds across the Internet.

From my personal perspective, however, it’s actually much more important than that. IPFS eliminates the need for websites to have a central origin server, making it perhaps our best chance to entirely re-architect the Internet — before its own internal contradictions unravel it from within.

How, and why? The answer requires a bit of background.

Why We Have A Slow, Fragile And Forgetful Web

IPFS is a new peer-to-peer hypermedia protocol that aims to supplement, or possibly even replace, the Hypertext Transfer Protocol that rules the web now. Here’s the problem with HTTP: When you go to a website today, your browser has to be directly connected to the computers that are serving that website, even if their servers are far away and the transfer process eats up a lot of bandwidth.

Data providers get charged because each network has a peering agreement, while each network hop costs money to the data provider and wastes bandwidth. Worse, HTTP downloads a file from a single computer at a time, instead of getting pieces from multiple computers simultaneously.

Consequently, we have what we’re stuck with now: a slow, expensive Internet, made even more costly by predatory last-mile carriers (in the U.S. at least), and the accelerating growth of connection requests from mobile devices. It’s not just slow and expensive, it’s unreliable. If one link in an HTTP transfer cuts out for whatever reason, the whole transfer breaks. (Whenever a web page or media file is slow to load, a problem with a link in the HTTP chain is among the likeliest culprits.)

How it works
IPFS is a peer-to-peer distributed file system that seeks to connect all computing devices with the same system of files. In some ways, IPFS is similar to the Web, but IPFS could be seen as a single BitTorrent swarm, exchanging objects within one Git repository. In other words, IPFS provides a high throughput content-addressed block storage model, with content-addressed hyperlinks. This forms a generalized Merkle DAG, a data structure upon which one can build versioned file systems, blockchains, and even a Permanent Web. IPFS combines a distributed hashtable, an incentivized block exchange, and a self-certifying namespace. IPFS has no single point of failure, and nodes do not need to trust each other.

Remaking The Internet With IPFS
The InterPlanetary File System — a tribute to J.C.R. Licklider’s vision for an “intergalactic” Internet — is the brainchild of Juan Benet, who moved to the U.S. from Mexico as a teen, earned a computer science degree at Stanford, started a company acquired by Yahoo! in 2013 and, last year at Y Combinator, founded Protocol Labs, which now drives the IPFS project and its modest aim of replacing protocols that have seemed like facts of life for the last 20 years.

As a peer-to-peer distributed file system that seeks to connect all computing devices with the same system of files, IPFS seeks to improve on HTTP in several ways. Two, Juan told me in a recent conversation, are key:

“We use content-addressing so content can be decoupled from origin servers, and instead, can be stored permanently. This means content can be stored and served very close to the user, perhaps even from a computer in the same room. Content-addressing allows us to verify the data too, because other hosts may be untrusted. And once the user’s device has the content, it can be cached indefinitely.”

IPFS also addresses security problems that plague our HTTP-based Internet: Content-addressing and content-signing protect IPFS-based sites, making DDoS attacks impossible. And to help mitigate the damage of discontinued websites, IPFS also archives important public-record content, and can easily store important, public-record content.

IPFS’s final core improvement is decentralized distribution, which makes it possible to access Internet content despite sporadic Internet service or even while offline: “We make websites and web apps have no central origin server,” Juan explained. “They can be distributed just like the Bitcoin network is distributed.” This is actually something that HTTP simply cannot do, and would especially be a boon to networks without top-notch connectivity (i.e., the whole developing world), and for access outside of metropolitan areas.

Released in Alpha last February, IPFS has already started to see a lot of experimentation among early adopters. On September 8, for instance, Neocities became the first major site to implement IPFS, following a call from the Internet Archive for a distributed web. We currently suffer a constant loss of websites as their owners abandon them over the years — a growing crisis to our collective Internet memory — and this is a small but important step toward a more permanent web.

But will websites owned by large corporations follow Neocities’ lead, adopting such an as-yet-untested protocol — especially when the mere mention of “peer to peer” often terrifies them? That takes me to my final point.

Why IPFS Matters For The Future Of Internet Business

As I explain in my upcoming book, we are fast approaching a point where the cost of delivering content will outstrip the benefits — and profits. The major Internet companies are already struggling to stay ahead of our content demands, with armies of engineers at companies like Akamai, Google and Amazon devoted to this one problem.

And they haven’t even seen the worst of it: Thanks to rapid adoption of low-cost smartphones, whole continents of consumers will go online in the coming decade. The Internet of Things promises to only compound this challenge, as billions of devices add their own demands on our rapidly dwindling connectivity.

We are already in desperate need for a hedge against what I call micro-singularities, in which a viral event can suddenly transfix billions of Internet users, threatening to choke the entire system in the process. (A potentially life-threatening outage, when the micro-singularity involves a natural disaster or other emergency.)

Netflix recently started researching large-scale peer-to-peer technology for streaming, an early, hopeful sign that companies of its size and reach are looking for smarter content distribution methods. Netflix, YouTube, all the bandwidth-heavy services we cherish now would thrive on an Internet remade by IPFS, dramatically reducing the cost and time to serve content.

Beyond improved service, IPFS would help the Internet grow into the system we’ve always aspired it to be at our most idealistic, but cannot become with our current protocols: Truly capable of connecting everyone around the world (even offline) to a permanent but constantly evolving expression of who we are, and aspire to be.