8

Tech security question, having critical docs online safely

So, in reading some interesting posts regarding forced evacuations, etc., mention was made of uploading critical docs, insurance info, and so on to a secure online source. I’m paranoid about online security due to some nightmare stories from friends & coworkers, and don’t want to entrust my info to yet another new source. 
Asking techies out there; would saving those kind of things in an attachment to a draft email at a secure email address (like TP’s recommended Proton Mail) be a safe, reasonable spot for such things to be stored? Seems to me that would be easily sourced by me from any browser without having to remember/bring an extra thumb drive, password or other complication during a stressful event, since that’s a product I use daily already. I realize paper copies still have their place, but limitations too (easily lost, damaged or stolen, for starters.)

11

  • Comments (11)

    • 4

      Hi CR, that’s a really good question. You know, I actually have some old files that I’ve sent as attachments to myself years ago – exactly as you’ve described – so I guess it works! I wonder if others do that too.

      BTW, don’t know if you’ve seen our guide on digital preparedness, but it touches on Protonmail, too.

      • 3

        Yes, thanks! I’m working through its excellent suggestions & shared it with family too! 

    • 2

      I’m going to remain a dinosaur and keep printing both hard copies from dead trees and printing PDFs I store on flash drives and portable hard drives. I’m tech savvy enough to remember those huge data losses from the cloud only a few years ago.

      https://www.businessinsider.com/amazon-lost-data-2011-4?r=US&IR=T

      https://www.digitaltrends.com/computing/amazon-cloud-crash-wipes-out-customer-data-will-users-be-compensated/

      https://weareproactive.com/cloud-storage-data-loss-is-possible/

    • 8

      Great question, and one that many people should be thinking more about. Let me first give you some of the dangers and risks of various solutions.

      Storing critical documents with someone like Dropbox, Google Drive, or OneDrive. Or if you store as an email attachment with gmail, yahoo mail, outlook…

      • These companies do and will scan all of your documents that you upload to them.
      • I haven’t checked the other two but assume they should be similar to the terms of service as Google Drive, it says that whatever you upload to it’s service now becomes it’s property and it can do with it as it pleases. So if you upload that book you are writing to Google Drive and they decide to publish that and make money off of it, the terms of service says they can do that. Will they though? I can almost guarantee that they will never because it would be a PR nightmare, but if you read the terms they technically could.
      • If given a warrant by the police or government to hand over all your data, they will instantly. Alright, well I am not a criminal and that’s pretty much unlikely to happen. Well what happens when you are walking the dog down the street and Google pings your phone near the scene of a murder that is happening? The Police then get a warrant for all the data for everyone in the area at the time of the crime and you are caught up in that geo-fence warrant. They will then request all of your search results, emails, files, etc.. from Google. This has happened before.
      • You are technically storing your files on someone else’s computer. They may have a data breach, hacker, or rogue employee that accesses your information. A rogue employee is the most likely, and Google keeps firing employees for misusing data
      • You can easily get locked out of these accounts for storing something on their servers that you shouldn’t (like copyrighted material) since they do scan and see what you have on there. There have been stories of people getting locked out of their 10+ year old account by some bad guy attempting to break into your account too many times, or just for random bugs in their code. 

      Storing critical documents in an email attachment with Protonmail or other End to End encrypted provider like ProtonDrive or sync.com

      • You technically still are storing your files on someone else’s computer. Although, even the CEO of the company is unable to access any of your information because it is all end to end encrypted and only you hold the decryption keys.
      • Warrants still can be issued to these companies. Two things you have protecting you though is jurisdiction and the encryption protocol. If the US government wants to issue a warrant to Proton they would have to go through the Swiss government and it’s the Canadian government with Sync.com. They then will ask for all your information and in the past when presented with warrants, Proton has only been able to hand over the date, time, and IP address of when you created the account and when you last logged in. That’s it. They do not have any access to your data whatsoever, even if they wanted to.
      • If you have a free tier protonmail account, then you only have 500mb of storage in your email account. This can quickly be filled up if you use it as a storage of critical documents. It is also very easy to accidentally delete a draft. What I would suggest is email it to yourself and then click on the archive button to set aside that email with the attachment. That will be a lot more protected against accidental deletion. 
      • You still could possibly get your proton account deleted or locked out for the same reasons you could with Google.

      My suggestion ranked in order from free to most expensive:

      • If you only have a few documents and can make sure you don’t reach your limit, then place some critical docs in your email. 
      • You can get a free Sync.com account and have end to end encrypted documents with 5gb of storage, which may be enough for your use case. Sync.com is a more polished product with mobile and desktop applications and I haven’t had an issue with them at all. You can always purchase more storage. In my opinion they are not as transparent and secure as Proton, but much better than Google Drive.
      • For $48/year ($4/month), you can get an upgraded protonmail account with additional benefits and access to ProtonDrive. This is the most secure end to end encrypted cloud service that I know of. You get 5gb of storage and can purchase additional space for $0.75/month per GB. Don’t make this your primary storage of these critical documents, because like I said, things happen and you could accidentally have your account deleted. But it’s the best cloud storage option that should always be there. Have a backup of all these docs on a flash drive that you carry on your person or in your BOB, and have a duplicate at a friend or family member’s house.

      With any of these solutions, make sure you are enabling two factor authentication as stated more in detail in the guide that Carlotta Susanna shared. 

      I hope that all made sense, if you need more info into a particular solution for maximum security, let me know.

      • 3

        Excellent, Supersonic, thanks so much for all the details! I already have the upgraded Proton account, so I will use it as an online backup as discussed, and keep my hard copy originals safe as always. Nice peace of mind using something I had already for secure storage, and not having to open & keep track of yet another online account. 

        Last specific questions, wouldn’t it make sense & skip a step to just upload attachments to a draft, rather than emailing to self from same secure account? Or can drafts not be encrypted & archived?

      • 4

        Glad it was helpful to you. If you have an upgraded proton account, you automatically have 5gb of Proton Drive and don’t need another account. Just go to: https://drive.protonmail.com. That will be the easiest way to keep track of things. Give it a try, I know you will love it

        Or when logged into your email, click the 9 dots near the search bar and then click Proton Drive

        Screenshot from 2021-08-18 13-22-35

        The calendar is also great because that’s end to end encrypted like everything else with Proton. Syncing your calendar with a service like Google is scary in my opinion because now they know when you are going to Timmy’s soccer game and when you have your tumor removal surgery. A calendar can be quite telling, so having it all encrypted where no one else can view it is pretty neat.

      • 3

        Very cool, thanks so much! Yes, online calendars give me the willies, but do have their appeal if private. Will follow your advice!

    • 3

      In a previous post here I gave some prices for Proton Drive that have recently changed so I wanted to update for everyone here.

      If you sign up for 2 year subscription, a Proton Unlimited plan is $7.99/month. That gives you an upgraded Proton Mail, Proton VPN’s highest speeds, and 500GB of encrypted Proton Drive cloud storage. Definitely an incredible steal!

      If you don’t need all that, you can still get a great deal at $3.99/month which gives upgraded mail, medium speed VPN, and 15GB of cloud storage.

      For more info, check out https://proton.me/pricing

      (I’m not affiliated with Proton, I just like their stuff)

    • 4

      I use 1password for this. Most of my critical private information is passwords, and a password manager like 1password or bitwarden is designed for that. It also supports storing confidential documents in the form of PDF or pictures.

      • 2

        That is nice to be able to attach a photocopy of your drivers license, medical insurance card, or another important PDF. 

      • 2

        Similarly, I use LastPass premium to store critical documents as notes and attachments. For context, I travel domestically a great deal but I don’t travel abroad frequently. Likewise, I’m not a journalist, political figure, or similar who might carry high-value data that they need to secure.

        Can anyone think of a reason to be concerned about this method of storing digital records, or am I good?

      • 1

        The documents should be encrypted if you upload them into the password manager, so you shouldn’t have to worry about LastPass being able to see them. 

        The only security risk I can see is that if someone does crack your master password, they have access to your passwords AND critical docs, but even if you compartmentalize and store those critical docs in a different cloud service, you probably would store that password to that cloud service in your password manager that just got cracked. 

        I think you are good. If at any time you become famous and have a higher threat model you can change things up then.