Wednesday, July 10, 2013

How to Keep Files Private on Your Hard Drive

Sometimes you need privacy on your computer. Maybe it’s you and your partner having certain photos you don’t want the computer repair place to find, maybe you need to keep sensitive records from work safe, or maybe you just want a “partition of one’s own” as I describe in my essay about creativity, a space on the hard drive where you can feel free to experiment without shared users of the computer happening across it. In this age of operating systems automatically scanning and indexing the contents of files, and multiple menus showing the most recently opened documents, it’s not enough to give a file a misleading name or hide it in an obscure folder. Sooner or later it will pop up.

The only solution is cryptography: using powerful mathematical techniques to scramble the contents of a file so that only people who possess the password can open it. And this type of protection is within your grasp.

If the file is a Microsoft Word document, you can use the Password to Open feature, which is found under the File -> Preferences and then the Security tab. According to Wikipedia this is very strong protection if it’s Word 2007 or later (and earlier is probably ok for discouraging kids or non technical people in your life from breaking into the files).

If you’re using a Mac, then a simple, built-in way to do this is through an encrypted disk image. This is a file that, when opened, acts like you inserted a USB stick into your computer, presenting a drive on your desktop that you can move files in and out of. A nice thing about using a disk image is that if you do all your work within it, there’s nothing to clean up when you’re done - it even locks back up automatically when you shut down your computer. To create an encrypted disk image, open the program called Disk Utility, which is found in the Utilities folder, in the Applications folder. Go to File -> New, and choose Blank Disk Image... Pick a size that can reasonably hold what you want it to hold, and where it says Encryption choose 256-bit AES Encryption. When you click Create it will ask you for a password.

If you’re not on a Mac, and it’s not a Word file, the best thing to do is to use the powerful, free encryption tools that go under the label GPG. To get set up, which includes making what are called a public and a secret key (but for our purposes amounts to a password), check out the instructions I wrote, and follow steps 1-3 for your platform. Then to encrypt the file on a PC, follow the instructions halfway down these docs for gpg4win, where it says “18.2 Encrypting and decrypting files”. Basically right click the file, choose Sign and Encrypt, and then Encrypt. Make sure your key is on the list. Click Encrypt. (On a Mac, using GPG Tools, right click the file, and choose Services, then “Open PGP: Encrypt” from the submenus. Again, make sure to choose yourself as one of the people who are allowed to open it!)

You should now have a file with the extension .gpg. Just to make sure it's valid, do a trial decryption of it, by right clicking and choosing the decrypt command for your platform, and checking that you get the same thing you put in (don’t delete the original until you’ve done this - so there should now be two copies of it). If you have multiple files, you can zip them first.

(Note that these are practically all the steps needed for making an encrypted file that others can open too, without having to exchange passwords. You just need to have imported their public key (step 4), and added them to the list of valid openers in a previous dialogue box.)

You’re not done yet. You have to get rid of the original. When you delete a file on a computer, it doesn't actually disappear: the data is all still there on the disk, it just is marked as blank and ready for reuse. So there are plenty of tools that could recover it, and might do so even inadvertently, e.g. if your hard drive crashed and you brought it to a computer shop. The information has to be deleted in a special way to actually get rid of those bytes, typically by overwriting zeros or random data. On the Mac there is something called Secure Empty Trash, right beside Empty Trash, that will probably do the trick. But I believe on the PC you need special software. I don’t have a firm recommendation, except that one called File Shredder is free and apparently not sleazy.

One caution is that it’s very difficult to keep the *existence* of secret files a secret, especially if you access it regularly (because of “Recently Opened” menus and the like) Typically the best you can do is to give things nondescript names, and rely on any shared users respecting that everyone needs a little private space. But it's a problem.

1 comment:

Mathew said...

Do you know How to Turn on a Mac Computer just hold and press Touch ID (power button) to turn on your Mac. See top corner of the keyboard there is power key or a circular button next to the keyboard. If still you are unable to turn on Mac Computer just follow us at website 800PCHELP or call us at 1844-872-1287 for any assistance.