Tong Family

Now that everyone is concerned (at least me!) about privacy, what about the various things we depend on. What’s safe and also private:

• Password Managers. Of course this is the motherlode, if you can hack into a password manager. Agilebits makes 1Password and they have been open about their security zero-knowledge. It does cost $49 for a Mac license and then an additional $17 for a iOS license though. Lastpass is a similar and has a similar stance and their web interface is free, but their software is closed, so who knows what hacks there are. There was a rumor that they allow a hack into their javascript for clients a few years ago. The best choice (although less convenient) is a service that does client-side only and which uses an safe cloud service to move data around. KeePass is completely client side and is open source and there are lots of versions for various clients. KeePassX is a multiplatform version.
• Cloud Storage. Don’t read the terms of use for services like Google Drive and Dropbox, they will only scare you. And since they show your files in clear text on their web interfaces, they all can decrypt your files and read them. The main issue is that these services can see your content, it is not encrypted. I’ve been testing SpiderOak which has zero knowledge and they say they are the path to being open source. Other good ones are Wuala, Tresorit (Windows only), Mega.co.nz are others
• Disk Encryption. If you want to be doubly safe, whether you are using Cloud Storage or locally, then you want to encrypt your files and folders. TrueCrypt, Boxcryptor, Viivo and CryptSunc are ones that do that. They make even insecure systems like Google Drive or Dropbox just storage places for encrypted stuff. Obviously, if you use