So you were using common sense.

No it is foolish. Encrypt the damn files. If the drive is not encrypted, you encrypt the files. Seriously, not that hard to figure out.

I agree sometimes you can not risk encrypting an entire drive. The next logical course of action is simple: encrypt the files. Do not encrypt the drive. Encrypt the files. Seriously, anybody who could not figure this out is a fool.

I think he does. I didn't like that so much. I think I'm used to vlog-style videos with a bit more personality (and mistakes).

you had a drive failure? you are having trouble connecting a new drive to time machine? it's not clear what your problem is. my advice is to go to a computer store so they can help you out

No it is not 'entirely' honest. He left out a critical option. Frankly the obvious option to anybody who takes five minutes to read anything worth a damn about data encryption. He expresses these two options as the only options. As absolutes. No there is a logical option based on virtually any encryption software. Open source or retail. 'Encrypt the files.' You do not have to encrypt your entire hard drive; hardware or software. If the data is sensitive! Just encrypt the files. A common sense solution. He explicitly avoids. Do a search for any of the popular retail or open source options. VeraCrypt en.wikipedia.org/wiki/VeraCrypt , just an example. Allows you to created volume files which act as virtual disks. i.e. the computer reads them as hard drives or folders. Depending on you settings. You also have 7zip and PeaZip. Keep in mind these are open source off the top of my head. There are many that are both retail and open source. Point being, he ignored this obvious avenue.

On a small tangent. Cell Phones and Tablets get stolen often as well. While they are 'in use.' When you read online or watch the videos. Many people have their phones stolen while walking down the street. On public transportation. Or while putting it away momentarily while paying for something. In these instances while on the go. I recommend using an App Locker application in conjunction with enabled encryption. There was a story on the news a while ago. A man was out on the town one night. Basically, his phone was stolen while it was unlocked. They robbed his Facebook account by sending money from his debit card to the thieves. 'Updated: 11/22/2019 - I found the story link.' Thieves steal a cell phone then use Facebook to steal money by: Boneza Posted: Jul 1, 2018 / 04:21 AM HST / Updated: Jul 1, 2018 / 05:12 AM HST www.khon2.com/local-news/thieves-steal-a-cell-phone-then-use-facebook-to-steal-money/ www.khon2.com/ kzfaq.info/get/bejne/eaiKmc-Ex9jQfZs.html A app-locker is a secondary non encrypted way to restrict access. Most apps I have used that have 'any' direct access to money. Require a PIN to authorize an exchange. Facebook has this option but he never turned it on. What I do like is that more and more applications have some sort of lock you have to bypass to in order to use the app. My personal recommendation since this guy was robbed by a group outside of the club. Make sure you have two app lockers enable that cascade in authorization. Again, this is not encryption. A thief with skills and equipment can bypass an app blocker. However this buys you time. Also your typical smash and grab thief does not have the training, skills, or time to bypass this. Odds are if he is smart. He will wipe the device (android) after procurement. - This is a recommendation if you are going out having a night on the town or something. A better option is to completely log out of all non essential applications when hanging out at night. Yes, I know most of us do not log out of applications on our phones.

Paid or open source. Encryption software of any merit is available. We can squabble about whose is best? The point is, if you have a decent internet connection. VeraCrypt should be donated to and it is available to all OSes. Truecrypt is still out there and passed their audit. Most versions of Linux have encryption built in. FreeBDS, VeraCrypt. If you have $50 to $500, you can afford some sort of whole disk and file encryption. If you can afford to donate $5 to $10 you can keep VeraCrypt and other open-source applications alive.

I do not use Apple Products, but I do buy their stock. Also when it comes to encryption I have respect and thank them for not fucking over humanity. LOL, I still love to tease Apple users though LOL ;) ! Now in all seriousness. I had to learn what exactly it was, but I figured based on the name. If Time Machine holds all this valuable data about 'you.' It makes sense to back them up. You have no idea how far some criminals will go to get to you or other you know. A thief may break into your house and see your paper address book. They steal $5,000 worth of jewelry and consumer electronics. Let us assume he has no hacking skills whatsoever. Also, your backups are encrypted. This thief now knows your general schedule. May even learn where your friends and family live. Remember most of us know people who are like us: income, ethnicity, etc! Congratulations, you just gave him more targets. You remind me of an old woman I work with. I told her she should encrypt her phone. Given her years. A PIN or Pattern lock would be better for her to remember. She said, "What of value could they get from her phone?" - She uses Uber. - She has Grand Children. - She has 'female' family members. - They learn her address. - Etc. People fail to realize that Google and Apple make money off of meta-data. You are telling criminals can not do the same thing? Dude, go through backup stores on it. If it can be connected to anything important to you. Encrypt it, even if you have to store them on another drive. en.wikipedia.org/wiki/Time_Machine_(macOS)

Have you considered just using another application to backup your data? There is backup software outside the Apple ecosystem.

I actually think your time-machine backup is not encrypted as a by product of your Filevault disk encryption, since when you are using your computer the OS will have access to all the decrypted files and will copy those decrypted files to your backup disk. However, as you can read here support.apple.com/en-us/HT201250 it is possible to select the option to encrypt your backup drive.

"1) I am backing up my laptop on my personal external hard drive. Do I need to be concerned at all about a security breach? Or does the fact that it's a personal external hard drive mean that I don't have to worry about encrypting? 2) What do you mean by a hard drive "failing"? 3) If I encrypt, but that means I cannot retrieve any of the data that is on my external hard drive, then what is the point of backing it up?" 1) The data you need to be concerned about is anything sensitive or compromising. Like your bank records, social security numbers, copies of ID, etc. Using myself as an example. I encrypt much of my data. My saved game files from years ago. I doubt criminals are going to want nor care about it. Family photos, is a grey area. If you are a high ranking official of a government or corporation. You may not want unencrypted backups on the cloud. A basic thought process is simple. Ask yourself, "how could this data be used against me in a negative way. If it were exposed?" Anything sensitive on the cloud must be encrypted. 2) I have been using computers more than half my life thus far. Drives fail. In fact, they can fail at anytime. Encrypted or not, your data must be backed up. Do not be an idiot and only have one backup. Search for the "3-2-1 Rule" on KZfaq, basically, as many backups as you can. In as many formats as you can. Also have at least one off site. I have had many hard drives fail in my life. I still have hard drives from the garbage that I have salvaged. Which are seven to ten years old. Yet I have newer drives that have failed after a few years. I have SSDs, platter drives, and DVD-RWs. 3) To me personally this entire videos' argument is nonsense and common sense. Since it seems you are new to this subject. I give you a pass. Whole Drive Encryption: You encrypt the entire drive. If you do this, you should be using software encryption not hardware encryption. Hardware encryption is flawed to various degrees. You can search the web on this. I own some of the drives mentioned. Either way your data can be difficult if not impossible to get back. Depending on the make and model of the drive. File Based Encryption: This is the option you use. If you want the 'encrypted' files to be recovered from a damaged drive. You encrypt each file accordingly. Also you have file volumes or containers. The name depends on who makes the software. Basically, these containers are self-contained archive folders of data. Where you access, read, write, deposit, delete, etc. Then when done you dismount them. The way the software does this. The computers sees them as drives! Or if you reconfigure, it will see them as independent folders. Security Concerns and my Personal Options: What I am working on for my current and future systems. Is to use all of the technology. If you search KZfaq, you can find videos on how hardware encryption can be broken. For anything super sensitive. You should use software encryption. Whether you encrypt the entire drive, make encrypted partitions, or containers. That is up to you. I plan on building and upgrading systems to utilize hardware and software. For example. The OS drive will have hardware encryption enabled. The secondary drives will have hardware encryption, but software partitions. Then you have whole drive software encryption for sensitive stuff. I encrypt based on the data. In fact I am researching buying cheaper server boards since many of them have dual processing in their designs. This works because you see Windows 10 is designed to use both processors. Depending the the game or software. It will either use one or both. If you do a full software encryption of your OS drive. You want performance. Yes, modern processors can take it, but why put the load on one processor? No matter how many cores it has. SSD Drives: SSD drives are a quantitative leap in technology, but they have limitations. Especially if you are going to do a full software encryption of the drive. Just read up on any software you choose for this. Which will probably be VeraCrypt. My personal recommendation, do not do software encryption on SSD with any codes you do not wan to be compromised. If you use SSD whole drive software encryption. This code must be in your password manage or stored in a safe location. Your better bet is to use a combination of hardware and software based encryption. www.veracrypt.fr/en/Security%20Requirements%20and%20Precautions.html www.veracrypt.fr/en/Trim%20Operation.html www.veracrypt.fr/en/Wear-Leveling.html I am using VeraCrypt as my baseline. However software developers of other tools will tell you the same thing. There are plenty of open source and retail options. However do your research. I lean on open source. Everybody, on either side of the law can review the code. In fact many criminals have downloaded the code for an open source project called DiskCryptor. To use in their malware tools. NO I DO NOT ADVOCATE FOR CRIMINAL ACTIVITY! Right now the DiskCryptor is in limbo. So if you use open source VeraCrypt is the better option. I think someone is trying to bring it back. Looking forward to it. Good luck.

... Just a continuation of my initial reply. Platter drives are more secure in terms of encryption because they do not have the weaknesses of SSDs in terms of security. That is one of the reasons platter drives still exist. Hence why threat and risk assessments must be taken into calculation and consideration. One of the advantages of paying the extra money for hardware encryption. It is a deterrence! Any moron who reads about this subject. Who is not an expert. Knows that most of the hardware encrypted drives today have significant flaws in terms of how their encryption works. However, as I have said countless times on the videos' threads. "If you are not going to software encrypt the drive. Software encrypt the files." Layering is key in any defense. A common smash and grab thief is not going to take the time and effort to hack your hardware encryption. That being said, it is not impossible. So say you have a hardware encrypted drive. With software encrypted files. Or in the absolute situation First Layer: Hardware Encryption Second Layer: Encrypted Partition. Third Layer: Software Encrypted Files. Hardware encryption would only make a curious person try to break it. However, the layer of software encryption makes it a lot harder. A full disk encryption means they can not port the data to another device. Unless they clone the drive bit by bit. Which again means more time. Now if you have software encrypted files. They can ship that data all over the world. Much faster. You must sit down and determine how secure or unsecured you want your data at every stage. Remember, hardware encryption typically requires proprietary software. For example like Samsung and Western Digital. Where I live. If someone broke into my home. I doubt that thief is going to make effort to hack my encrypted files on unencrypted drives. Nor are they going to make the effort to break my fully 'software' encrypted drives. So why turn on the hardware encryption. However, I am upgrading towards that with my current system. As well as when I build my new computer. Again, software encryption is way more secure than hardware encryption. So even if you only encrypt your files. Make sure it is software based encryption. Biometrics: Using biometrics for single factor access is fucking stupid. If the device contains sensitive data.

www.reddit.com/r/DataHoarder/comments/8s7jrm/321_backup_rule_deconstruction/

2) What do you mean by a hard drive "failing"? 3) If I encrypt, but that means I cannot retrieve any of the data that is on my external hard drive, then what is the point of backing it up? Answer 2) A failing drive. Is a drive that is going to or is in the process of critical failure. In other words, the drive is broke! Answer 3) The point of encrypting data on a drive. Is to prohibit access. Understand all encryption can be broken. All you need are the bare minimal tools, knowledge, and time. "James, then why encrypt anything?" The point of encryption is to deter and delay access to information. For example, say you have a laptop that is completely software encrypted using VeraCrypt. Your password uses the full 128 character length. Takes keys for all character sets, has a long PIM, and a number of key files. en.wikipedia.org/wiki/VeraCrypt www.veracrypt.fr/en/Home.html If you use a computer generated password. That used all applicable points of entropy. It is in the settings. I could take even a nation state with no access to your any of the factors. Even with future predictions of practical use of quantum computing. Within your lifetime, centuries in the most ideal circumstances. www.tomshardware.com/news/quantum-computers-encryption-decades-researchers,38819.html#:~:text=Quantum%20Computers%20May%20Not%20Break%20Encryption%20for%20Decades%2C%20Say%20Researchers,-By%20Lucian%20Armasu&text=A%20new%20paper%20by%20researchers,encryption%20algorithms%20may%20be%20now. www.scientificamerican.com/article/new-encryption-system-protects-data-from-quantum-computers/ Keep in mind I am not even calculating hash collisions. Which in simplest terms. Means, a hash output that produced that is matches yours. To put this in perspective. You know when you watch education shows on how big the universe is? They often say that if the universe goes on forever. Mathematically the odds of an exact copy of you will exist. Just by probability. Hash collisions prove this. Since a human in the modern world is expect to live at least into their 70s. If you do it right. You will be long too dead to care if and or when the encryption is ever broken. If you are afraid completely encrypting your backup drive. Just encrypt the files that need to be encrypted.

I didn't get it either. It sounded like having your backup drive encrypted would make it impossible to recover the data. ?

There's really only 1 point he makes in the whole 8 minutes, that is on what is supposedly the topic of the video... that sentence is at 3:35 And it's a completely vague and meaningless blanket statement with no context. There's nothing universal about all "encryption" that means anything encrypted is unrecoverable in the case of partial corruption/failure. It depends on what software you're using, and if you have an intact encryption header, which can either be a separate small file, or one of the usually many redundant copies within the original disk/archive. His overall advice to basically "keep things simple" probably makes sense for non-technical people who don't understand encryption + proper backup software, and who don't have much need for encryption anyway. But pity he provided no details or context where this does/doesn't apply. Because as a general blanket statement... it's wrong. He surely could have given it 60 seconds or so to at least give some details within that 8 minutes instead of the other filler. Either he's out of his depth on the subject and is just repeating something he heard (which was probably specific to a certain system that sucks for recoverability, or whoever he heard from was a n00b too), or he just went for the clickbait title and didn't want to make that obvious by being clear that it's not actually a universal fact. Hopefully his misleading contextless sweeping statement that "the only thing you'll be able to recover is some metal for recycling" from a partially corrupt/failed encrypted disk hasn't led anyone to just throw a backup drive away, when it could have been recovered just fine.

When you encrypt your files, you need to set a password. In order to decrypt it, you need to type the password you set. However, chances are high you will forget that password (at least most users do) and never ever will you be able to recover your data. In other words, you locked yourself out. Forever. So the point of the video is: only encrypt your files if it is highly necessary.

Mohamed ahmed What I do, since I change phones often is take a screenshot of all my apps, upload the screenshot to a cloud service (DropBox,Google Drive,BackBlaze,Mega) {they give out free space without providing any credit card information} and once it’s time to get a new device, check out my old screenshot and download them all over again.

Mohamed ahmed Mohamed ahmed earlier today I bought the 200gb iCloud storage plan , I use two different apple ids, my phone Apple Id and a different one for iTunes. I will play with it and see what I can do, I’m going to download apps I’ve purchased a long time ago with one Apple Id, download apps I’ve purchased a long time ago with a different apple id , download third party apps, keep apps that are no longer on the App Store and do a backup when logged in with apple id #2

Mohamed ahmed log in with apple id #2 on a completely new device, try downloading the backup and see if all of the apps transferred

This. Back up solutions should at least have 2 copies, a backup onsite on a separate disk to the original, and one in the cloud. In this regard, hardware failure or fire is removed from the equation and the decision to encrypt is purely a function of sensitivity of the content.

Thank you!

Pragmatism is simplistic and direct. Just make backup copies of all your data. Look online for the 3-2-1 Rule for backing up and use it as a guideline. I myself did not need somebody to explain the logic of multiple backups to me. The dude in this video totally ignored explaining why you should have multiple backups in multiple formats. Encrypted or not, data storage can and will given enough 'time' will indeed fail. It is like a book. You can carve a book into stone. Have it in digital format. Etc. As long as you can read and maintain one of those copies over time. You can always make 'more' copies. This guy is a computer expert and did not explain this.

It does not leave your home. What happens if you home catches on fire? Do you have a rotating off site backup? Do you use the cloud? Having a backup at home is just common sense. Remember, sometimes you can not always get back to your home computer. Take Puerto Rico for example, some places were completely flooded out. Now if you had time to run out with your external drive. That is great. Is that backup drive water resistant? Did you buy a water resistant case? Did you use a cloud backup? Did you transfer the files to your family member electronically on the other side of the island? Are you able to get back if you are cut off but your house is intact? Did you backup your contacts on paper or online? - I know people who for some foolish reason do not have an account associate with their online identity. Like an apple, microsoft, or google account. Where they have transcribed all their contacts. So if need be, they could connect and contact. Failing that how about an encrypted plain text or .pdf file. Too many ways to do this in 2019. Or failing that. Have a second paper copy of the address book. I admit I have to update my address books. However I have a lot of address books online and offline. My point being? Your NAS is useless if you can not get to it or if it is destroyed!

This provider has flash sales for larger storage amounts. You might want to consider this company. I am still on the walls with them. As of 11/22/2019, when I went to their site. They have 5TB lifetime plan. One time fee. Not bad considering 11/21/2019 it was less than $100. However I understand your privacy concerns. www.polarbackup.com/

RAID is not backup

@@xybersurfer Correct. en.wikipedia.org/wiki/RAID kzfaq.info/get/bejne/i5N_dseFysCwkZc.html

From what I understand that is correct.

You should still add an additional layer.

James Duff Ok what if i want to make a new backup? Then it says: Do you want backupS of “(Phone name)” to be encrypted? But then it says “If u proceed without encryption. The backup will not include sensitive data. Sooo what do i do?

Notice he never mentions encrypting individual files. Via PGP, .zip files, encrypted file volumes, and 7zip. Never comes up even in passing. This is fear mongering. You do not have to encrypt your drives. Sensitive 'data' should be. How about creating an .iso of a drive. Then encrypting that file in a zip file. O damn, problem solved. I am concerned that more and more of these 'fear' videos are popping up.

You do not have to encrypt your drives. You just have to encrypt the data on them. There is a difference. Yes your 'encrypted' data should be put in a safe. Not encrypting sensitive data is insane.

You are right encrypt everything you can.

Anywhere you store your data. Your risk of losing it to theft, curruption, physical damage, etc. Is essentially no different. Remember the '3 2 1' Rule. Three different copies. Two different formats. And one off site. Now the 3 2 1 Rule is a guideline. You have to ask yourself a bunch of logistical questions. In my personal offline experience. Most people depend on the cloud exclusively. I have given them many options quick and easy to backup the data. Hard Drives, Tape, CDs, DVDs, SSDs, BlueRay, M-Disk. You should physical copies of backups. Senstive data should be encrypted. Again, even if you chose not to have a fully software encrypted drive. You at the bare minimal should encrypt the files. People say, "James, I can go online and get them." Sure as long as you can go online. The same works for the opposite. Hang on sir. I am going somewhere with all of this. Here is my personal problem. It is economically more efficient for me to buy more hard drives. Including for those I would keep off site. The internet cost alone. As a monthly expenditure. That would be throwing good money after bad. Now one of my unique exceptions. In the hypothetical. Say for the sake of argument. I knew within 6 months. I would be homeless and have no job. There are a few lifetime online storage companies. Where I would have offsite backups. Asl well as all the limited but free storage accounts. Also, as far as my password manager. I would start creating free, but limited accounts with every password manager service I could. Some have term plans. Also, I use KeePass. Since it is an open source application. With a bunch of people writing applicaitons for it. So mey 'never' being able to access the data again. Not likely. Having the file scattered all over. Minimizes the risk of lost. Also if you have a bunch of MicroSD cards. You can buy so many of them. They cost so little. So backing up your encryptoed TOTP files and you KeePass File. Is hardly an issue. Backing Up is a matter of compromises. However, always backup your data. Always make an effort to get sensitive data encrypted.

@@jamesedwards3923 Exactly. My most important stuff (less than 1 TB) is backed up to like 6 locations (local NAS, remote NAS, two cloud services, USB sticks I keep outside the house etc.).

With Backblaze, my files are encrypted on my computer and then sent to their server, so I don't think they could read my data, or even scan it regularly.

@@Halbmond .. Pretty much every Encryption has been broken. Not necessarily by John Q Public but certainly by most every Government and computer experts. Simply search _How Secure is Encryption._

@@DJaquithFL All encryption can be broken with force. What you want is to make it so time consuming that it is not economically viable to make the effort. Take the hash functions MD5 and SHA-1, There are collision attacks, which is an attack that can mathematically match the hash. So even if they do not get the actual password. Just close enough. en.wikipedia.org/wiki/Collision_(computer_science) Also, the more important the aforementioned. Is simple they have become too easy to attack. You could use SHA 256 or 512. The 255 bit hash is weaker than 512, but stronger than 128 bit. You could have 20 character password. Depending on the hash it will take longer or not to brute force. en.wikipedia.org/wiki/Cryptographic_hash_function This why no matter what hash you use. Your password needs to be good as you can make it.

@@DJaquithFL All encryption can be broken. All it takes is the bare minimal tools and time.

@@jamesedwards3923 true

Not the topic but the video is confusing and hard to understand

BMW 2017 Yes it does. iTunes backup encryption is up to you however

If you are backing up data that has exploit all over it. You should be backing it up to the cloud encrypted. With your own encryption. For example, using a .zip file for backing up those photos. Except that zip file should be encrypted. So if icloud is compromised, the thief will still have to break another layer of encryption.

@@alishah7078 Good to know, but is it 'Zero Knowledge?' I doubt it. I am sure they do, but even Apple has had data breaches.

@@asificam1 I own a lot of those hardware encrypted drives. Anything worth a damn on them. Is software encrypted. A smash and grab thief typically is not going to try to break the hardware encryption. However, I am not a fool. Software encryption is my next layer or layers.

Please elaborate. How can someone not steal data from what I assume is a desktop computer. If your BIOS is locked up. They can extract the drive. If the drive is hardware encrypted, depending on the hardware drive. It can be broken. Some harder than others. Unless you are armed to the teeth. Locked your computer in a bomb resistant case and or room. Stealing your data is relatively simple.

This dude is in many more people not encrypting backups. I agree that 'full drive' encryption can be disastrous. However files can be encrypted individually! So if you have drives have encrypted files. You solved his conundrum. Now the security flaw in file only encryption. Is that you allow multiple attack vectors. Why are more and more of these videos advocating not encrypting backups popping up?

I purchased a new drive recently. This drive in particular is not encrypted. The sensitive files on the drive are. Really, this guy did not cover this obvious answers to this issue.

@@jamesedwards3923 how would you integrate individual file encryption with backup software?

@Jay Jones what if you lose access to your backed up key? encryption adds a point of failure in recovering your data. that's the compromise

@@xybersurfer That is an open ended question. It depends on the software. However, in the context. Most programs I have read about do not 'encrypt and then backup' automatically. You will have to encrypt and then automate the backup process.

There is a difference between a saved game file and a your tax documents.

There is a difference between your saved game files and your tax return data. Your phone can be lost. Your external drive can fail. If your file is important for any reason. You never have just one copy of it.

I have gaming files going back over a decade. Those do not need encryption. Your tax files do.

This is simple to resolve. Any file that needs to be encrypted. Like your bank information. You can encrypt the files. If the drive is broken, they are just files. You can spend the couple of hundred dollars. Tell them to restore the files. That is all you have to do. Remember the 3 2 1 Rule: 3 different copies. 2 different media types. 1 off site. That also includes how you encrypt the data. You can have two versions of the data. You can have a fully encrypted drive. Then you have have one where only the files are encrypted. He brushes over the easy answers to this. You can get a 2TB portable platter drive for less than $100. If we are talking about laptop patter drives $50 to $200. SSDs are a bit pricer, again depending on the technology and storage. So if we stick with the $200 max range. You can get 1TB to 2TB easy. Especially, if you buy an older drive and buy durable enclosure. Cloud storage has taken a price range in this model. Most prices ranges per year, $65 to $150. A decent hard drive. Of any construction. Should last you five to ten years. I have drives that have lasted ten. Also I have had drives that have lasted two or three. Once my drives get to five year mark. I consider the distant possibility that they could fail. I have a 1TB portable drive that has last ten years or so. The good news, again. Is that depending on the make, model, and type you can get terabytes for $100 to $200. There are things you must consider when and how to upgrade your drives in accordance with the 3-2-1 Rule. 1) How many drives? 2) How many different types of drives? - Third party portable drives? - Drives in sturdy enclosures for external transport? 3) How many are on station? - Installed on your machines. So they never leave. How many redundancies on in the machine? - How often do you rotate your external drives to off site status? If you can afford a full backup of your data on the cloud. Then do so. Most individual adults in America. Have an average yearly gross income between $30,000 and $35,000 a year. Remember it is not just the storage your paying for. You also have to consider the cost of transmitting that data. For most 'average' Americans. The cost of a full drive backup is draining. So buying a few drives are more cost effective? There are many things to budget for when it comes to computers.

SSD drives are getting cheaper and cheaper. If speed is your primary concern. My opinion is to simply make the investment. I am in the process of learning basic video editing. I have a few KZfaq Channels on the drawing board. I use platter drives for long term local storage. I will make the capital investment in SSDs. Depending on the SSD technology. You are looking at a $1,500 for one drive.

@@jamesedwards3923 it’s been a while since I made this comment, lol, and things are very different for me. I use a 2TB ssd for Time Machine backups of my computer and then I pay for a Backblaze subscription so that I have a copy of both everything on the computer and on my connected hard drives on their servers. I also use Gatekeeper. So I have a decent backup setup now, although I kind of want to stop paying for Backblaze and just get a bigger time machine hard drive that can fit everything.

@@TheInternetEnzyme You can buy bigger hard drives. Sir, if you have pockets that deep. More power to you. It is a trade off when developing a workflow with backing up data. LOL, I am glad you have a respectable setup now.

@@jamesedwards3923 hard drives arent too expensive these days, and I dont think you need an ssd for time machine backups unless the noise of hdds bothers you. The only reason i am using an ssd for my time machine backups is that this ssd, for some reason, became slow as hell over time and simply unusable to edit off of, measuring at like 20MB/s read. So i repurposed it.

1) Drive is damaged. 2) Data corruption. It has happened to me with a few files. Tried to open the file with the wrong settings on an application. That was the end of that file. Fortunately, I can recreate the data. Just will take time. Hence why I have drives that are on both ends of the spectrum. I have drives that are fail safe. Then I have drives that are fail secure. So if they do get damaged or die, but I need the data extracted from them. The data can be recovered. Dude rebuilding an encrypted partition is a lot harder than rebuilding an open partition with files in it. I am not a moron. I just encrypt the files. Fixing a drive reader or getting an encryption chip for a hardware encrypted drive. Is a lot easier.

@@jamesedwards3923 No one said anything about you being a moron, I was simply asking a question because I don't understand much about encryption and I was trying to better comprehend what you were saying in your video (i.e. the "why" behind the things you said).

@@SteveGergetz Sorry I can fly off at times.What do you not understand?

I am not an expert. I understood it. Since I casually read about these things on a layman level. As well as I have watched and or listened to videos on the subject. O yes, I also use encryption. I am almost done upgrading and retro fitting my old tech. As well as building a new machine. The one thing that annoys me about this video. He does not discuss the middle ground. So I am going to explain the middle ground to you as simply as possible. 1) You can encrypt individual files. Without encrypting the drive. He for some reason. Left this out. From my perspective. He us basically fear mongering. Why, because the way he communicates the question. Is in terms of absolutes. 2) If you encrypt the entire drive. With software encryption. Which in virtually every circumstance is the superior option. If the drive is physically damaged. The data may not be recoverable. This is absolutely correct. 3) Middle Ground: Encrypt the files, but not the drive! It really is that damn simple. When following the '3 2 1 Backup' rule. It would make sense to have a drive where the data is encrypted, but the drive is not. Of course this drive. Should be the one that is hardest to get to physically. However if it was stolen. You should make sure the software encrypting the files. Is good, so good that you will old, dead, and turned to dust by the time it is compromised. A good timestamp on even the latest encryption should be twenty to thirty years if properly implemented. For example, most older software use an iteration of 1000 as a baseline. Even TrueCrypt defaulted to this. Even if you are using SHA-512, this not bad. However, you should increase the iteration count as high as your system specs allow you to. Hardware Encryption is currently flawed, but I still by the drives. Why, you might ask? 1) For the commercial external drives. I often encrypt with software underneath that. - So if a common thief or script kiddy. Took the effort to steal and break into it. Which is doable by the way. Look up 'everything' I am discussing. They will then have to break my software encryption. - Many common petty thieves poke around a computer. Most will probably just wipe the drive if they can not gain access. Hence "Fail Secure." If I do not get my drive back. I at least want to know the data will be destroyed. 2) Drive Life Cycles: As technology progresses. I may upgrade, like I am doing now. Hence I buy hardware encryption enabled drives. Since depending on the manufacture. They have proprietary software. Even for their internal drives. Which is required to access it. 3) Threat Modeling: I might have data that does not require a total encrypt of the drive on a software level. However I do not want people easily accessing it. So I might decided given the threat and the data contained within. I level of hardware encryption is preferable. I could have encrypted partitions on the drive for more sensitive data. You have to figure out what you threats are and how you are going to secure your data. Also your means must complement your work flow. Hence why I am in the process of using a mixture of all of these methods. Take the time to go online and figure out what you want to do. Read up on the basics. The one thing I will say. If the data is sensitive. Always encrypt it. Preferably with software encryption. Remember if you want the files secure. There are plenty of free, paid, or open source options. Use them to encrypt the files. So if your drive is damaged. The 'files' are easier to recover! FYI: If your drive is damaged and a data recovery service wants your passwords. You 'always' say no! I mention this because I have read stories on threads of people suffering identity theft after the fact. Which proves my point. You are paying them to retrieve your data. You are not paying them to decrypt the data. Hence the flaw in this video. So when you are backing up your files for example. Say your tax return: Backup Drive 1) Your first backup drive should be completely encrypted. Backup Drive 2) Files are encrypted. Backup Drive 2 Alternate) You use something like the Samsung T7. Where the files are encrypted. Yet you enable the 'hardware encryption'.

Yeah your iCloud is safe if you have a good password and you don’t give it up to random people so long as the iCloud servers are still up You should have any backups of photos you really need

@@gonetea4081 If Apple can give them open copies of your data on the account. Encrypt the data before you upload it.

@Tiem That means nothing if Apple holds the keys.

No, iCloud is not end to end. So you totally lack understanding of the term. Yes, the files can be encrypted on the servers of Apple. However, Apple has the keys. It is common knowledge that Apple has given governments around the world access to the cloud drives and backups of users. You should make effort to encrypt all sensitive data before storing it on the cloud. Even if it is 'zero knowledge' encryption. Like Spider Oak for example. Remember encryption can always be broken. All it takes is time.

​@Tiem Within context. So you are telling me that if a the CIA had a valid warrant. They could not gain access to your iCloud account? The iCloud data is 'encrypted in transit.' It is 'not' end to end encrypted at rest. By that, the data is not zero knowledge. Apple has the keys to your iCloud account. The Feds can come with a 'valid' warrant. Apple decrypts the data on cloud. In an unencrypted state. Dude, iCloud is not like Spider Oak en.wikipedia.org/wiki/SpiderOak,. Unlike iCloud, Spider Oak is "Zero Knowledge." Which means any nation state that wanted your data. Could not order them to decrypt it. The best they could get is a drive with good encryption. It would be up to the nation state to break the encryption. My dropbox account is encrypted. If the cops got a legal warrant. They could order dropbox to provide an unencrypted copy of my account contents. Again - Apple does not provide "zero knowledge." Apple does not 'break' their own encryption! Apple has the 'keys' to decyrpt your cloud. The same as Google and Microsoft. Which means anybody who has access to the keys. They are a security risks. Again, your iCloud data is encrypted in transit. Apple has outright refused to 'break' their own encryption. If you hand Apple an iPhone. They will tell you to fuck off. If you have a warrant to access the phones' iCloud backups. They will give you the copies! You want Zero Knowledge cloud backups? You want my evidence? Here you go: kzfaq.info/get/bejne/ptKhZ7aj1OC0hok.html kzfaq.info/get/bejne/e8t0ebhmsbm2qnU.html en.wikipedia.org/wiki/ICloud support.apple.com/en-us/HT202303

If the data is worth anything to anybody. You are in a world of pain. I would respectfully suggest if it is not in your home. Under lock and key. Please pick some form of encryption.

There are so many levels of encryption free, paid, and open source. Even hardware encryption. Depending on the threat. I am almost done with my security upgrades.

In my professional and personal experience. It is not a matter of ignorance. Users are lazy. Many users simply do not care. Seriously, they care but are blissfully careless.

Most of them don't care until their data is getting exposed, of their device being robbed. Yet I suppose most of people are not aware that mass surveillance is real (or simply think it's okay). For example, most people actually support the government being able to scan files on Microsoft's cloud service known as One Drive. Even thought this is an immoral invasion of our privacy, most people think the government is justified in spying on us in order to catch pedophiles that upload CP into One Drive. Same thing for Apple's iCloud. They scan your files whenever they want. A few years ago I tried to upload a veracrypt container on Google drive. That didn't worked. Proof that government is watching and analysing our data. Another, even better example, of how the public passively accepts totally surveillance of their electronic devices is how the government tries to justify the privacy-invasive features of Windows 8. According to many reputable sources online, there is a certain chip, called the TPM (Trusted Platform Module) , that allows the NSA and Microsoft to gain access to your Windows 8 PC anytime they want. They can spy on ALL of your files and activities on Windows 8 at anytime they want. (I suppose it's also the case on Win 10) Many people don't believe this is an outrageous invasion of their privacy (even though it is) because they believe the government is invading on their privacy in order to protect the public from so-called “bad” people like child lovers and terrorists that happen to be using Windows 8. The brainwashed people believe that “oh, I got nothing to hide. I am not doing anything illegal, so I have nothing to hide. So I don't mind that the government has the ability to monitor everything I do on a Windows computer whenever they like”. People, if you decide not to encrypt your data, then you're giving them to the government and to 3rd party prying eyes. So don't be lazy.

@@Zblu Hardware encryption has always been proven to be extremely flawed. Anybody with the most minimal amount of skill can compromise it. Now, what you can do? Is use hardware encryption to a limited extent. Remember, technically it is still encryption. You can use it as a layer of security. It will not stop a determined and knowledgeable thief. If you keep reading the posts I have made in the comments I find the argument somewhat laughable. If you are going to have an unencrypted drive. Yet the data is sensitive. O and you also want the 'files' to be recovered. You simply encrypt the files. If you are so afraid of your entire drive being software encrypted. Hence the fail secure argument! Then just encrypt the files. What find curious, in a negative context. Is that he did not discuss this as an option at all! Using myself as an example. I have saved game files that are old. I mean very old. Do I personally care if some thief or hacker gets those files? No, because they have nothing to do with my life in any way. Now lets say I have financial documents. That might be compromised if not encrypted. Except, I want the files to be recoverable if the drive is damaged? It does not matter if the data is encrypted or not. They are sill files. If the files are intact on the damaged drive. The data is secure within the strength and weaknesses of the method of encryption. So your basic options in this video. If you are being completely honest: 1) Do not encrypt any of you data. Which would be a bad idea. 2) Do full disk, software encryption. Which is fail secure. Which means if the drive is damaged and no image can be built off of it. Thus recovering the encrypted partitions. Then nobody can read it! Fail Secure is it not? 3) Then we have a middle option. Fail Safe. Where is the files were encrypted on an unencrypted drive. This is the option he never mentions at all. He is the professional. I am not, but I do not need be a computer expert to understand the basic concept. What I recommend to most people when it comes to data that needs to be secure: "Always use software encryption. Even if you do not encrypt the drive." I read something somewhere. Where Lenovo did hardware encryption was rated as good as software in penetration testing. I am not on board with that yet!

​@@Zblu People are drawn to OneDrive because it is the cheapest option for yearly subscriptions. Any data you do not have physical control over. If it means anything at all to you. If could ruin you financially or socially; I am not talking about anything illegal. You should be encrypting. Frankly as a casual user. Whom is turning enthusiast. Hopefully professional in time. What I see personally and professionally. Online and offline, is that many users indeed 'understand'. Most are just lazy or grossly apprehensive. I have personally know two people whom have gotten hacked. These two people used the same password on 'every' account. Do not use password managers. Also have no desire to enable multifactor authentication. Worse yet, I know people who rely on using their browers' password manager. Both Apple and Google users. I remember one saying, "I trust Apple." That is not the point. I explained to them that if your accounts are compromised. All of your data is compromised. I give some credit for Google, Microsoft, and Apple. All trying to improve their security. If memory serves. Microsoft is offering an 'exclusively' password manager. However, logically I do not see how this would not be tied into their ecosystem. Plus is this going to be a 'zero knowledge' system?

Ty! But why is it bad to encrypt full harddrive? I'm new to this :)

this doesn't sound like a complete solution. do you plan to backup whole TrueCrypt volume for every small change?

​@@DjLundbladh when you fail to decrypt/unscramble your data. you lose what was encrypted/scrambled. if you encrypted your whole drive then you will lose the whole drive. if you encrypted only some files then you will lose only those files. encrypting data scrambles data to make it unreadable in a very precise way down to the bit, so that it can only be unscrambled with a secret password/key. if anything happens to the encrypted data or your password, then you won't be able to unscramble your data. this could happen when: - a few bits in your harddrive become corrupted or unreadable (can happen easily because harddrives are not perfect) - you lose/forget/corrupt your password/key

@@xybersurfer Short answer, any significant change. Any small change in my backup scheme, no. I will post a more detailed answer when I get the chance.

@@xybersurfer This is not my detailed answer, I am responding on your second reply. I use pretty much all the methods available to me. I have drives that have encrypted files. As well as whole disk. To clarify, I have drives that are encrypted entirely with software encryption. As well as drives that are not 'whole disk' encrypted. Where only the files are encrypted. Are their files I do not need to encrypt. Of course, like my saved game files. Anything that a thief would have 'zero' interest in. You are right. It can happen. It has happened. However, it is a risk I have accepted. For example there was a tax return file that took me years to decrypt. Why, because I had a different method of passwords. That I no longer use. Bank records, tax documents, etc. All of that is encrypted. When I do business with other people. Yes, all of that is indeed encrypted.

Jonas Smith encrypting is just another step on the processor

Depends on the machine. iMac Pro and the 2018 MacBook Pro use the T2 chip for real-time encryption. Many other modern machines are so fast you won't notice the on-the-fly encrypt/decrypt. On older machines with slower processors and storage, you might see a slight reduction in I/O as it encrypts/decrypts.

@@vector3578 That is true. However you will only see a significant performance hit on really really really old PCs. Like the ones that you have to run Linux on because Microsoft has stopped releasing updates for them. Check your encryption software to see what its requirements are. Eg. Veracrypt greatly benefits from AES instructions. If your CPU doesn't have that, then you will see a performance hit. However that would likely only be if your CPU was old.

Encrypting your drive is the best option. Unless you have no problem with people going through your computer and its entirety. Yes, you can encrypt individual files. Or use encrypted partitions. The all or nothing approach is often the 'easiest' option. The trade off is workflow i.e. performance and efficiencies. Some use a combination of encrypted partitions and hardware encryption. - If somebody stole your computer and could bypass the hardware encryption. Which depending on your drive is doable. They will be stonewalled by your encrypted partitions. Many people go this route because they are on portable machines. They want 'reasonable' security from theft, but do not want to sacrifice speed and efficiency. - Some do not encrypt their drive, but just files. Using compression formats like .zip as a classical example. - Some will use virtual drives aka encrypted file volumes. Like used in VeraCrypt. The file when opened will be seen as a disk drive. Or a specific folder depending on how you configured it prior. Remember even if somebody can not access the file. The rest of your computer is still open to anybody. I plan on using a combination of all of these further. I have a bunch of side projects, but I also use my computer for gaming, work, school, etc. So I keep a lot of personal data on my laptop. Hence since I plan on traveling with it. I want to be reasonably secure. You actually have to sit down and figure out what your threat vector models are. Who could steal it? What environments? Etc. You have to figure out your layering. In the near future. Once I get the choices setup. All of my technology will be further locked down.

Yes, a non software encrypted drive is more efficient. So I have very simple solution for you. Whatever files that need protection. Encrypt the files not the drive. Problem solved. I just saved you ten minutes of foolishness.

I have an option for you. Get another application to encrypt your data independently! VeraCrypt or Cryptomator, just a few examples.

Buy a safe. Put the safe in grandparents house. Only you and your lawyer should have the combination. - Although I strongly disagree with not encrypting your backups. I recommend that you use encrypted volumes on a non-encrypted drive. Those files are encrypted. The drive is not. Unless the files are corrupted; which almost never happens. They are fine!

Not everybody has a safe alternative place to store they data outside their home. Money or not. Cloud storage is the option for many. If I had the money for the bandwidth I would have mine up. It is not economically viable to do full cloud backup.

.iso imaging of a drive and then encrypting the file is a secure option. However remember the 'source' of that data is not encrypted.

Creating an .iso. I wish Windows 10 made that easy. Do you have any open source recommendations? For .iso creations? Do you have recommendations for android .iso readers?

Dude encrypted file volumes. This solves all of these problems. Notice how he completely ignores this option.

... Your option is not bad, but takes more time. Most users, including myself. Are more interested in mission critical data. You can buy or download freeware to clone a drive. I am more concerned about losing decades of data. Spending a day to a week installing drivers, updates, etc. Not on the top of the list for most users. Photos, legal documents, videos, receipts, financial records. Those type of things supersede. I do get your point. Again, you are not wrong. You could create an image of the drive or the entire partition. Save it as an image then, reconstitute it.

If you feel that whole drive encryption is a problem. Just encrypt the files. That way if the drive physically fails. You can recover the files. In many cases, from what I have read on forms. To 'ensure' that the data was recovered on full software encrypted drives. The recovery company will request that you give them the encryption codes. So you have a few options: 1) Have them sign nondisclosure agreements. Also swearing under law to destroy all records of your password. 2) Give them the passwords. Which you should never do. 3) Accept that they have claim to have recovered drive volume and partition. Insist that you can bring your own drive cable adaptor and laptop to review the drive. Then you both sign the receipt. Thus, they do not know what the password is. Or again, encrypt the files on the drive. Not the drive itself.

Password Managers. Contacts, even stored locally. Absolutely sloppy horrible practices. Using the same password. Absolutely wrong advice.

@@jamesedwards3923 No, you missed the point. The advice given in the video is to not encrypt a drive because you could lose access to it due to the encryption. In that situation, encrypting using a password, even a password that is easily guessed, is still a better option than not encrypting at all.

@@lllmmm3572 I understand the point and thus yours. I just disagree; for the most part. You are discussing threat modeling. In most threat models. The people whom are going to screw you over, lie, cheat, and steal from you. Are people you know or know of you. I know this academically and personally. Most of my tech is encrypted. Even if I do not encrypt a drive. Which almost never happens. I encrypt anything senstive. Passwords, passwords must be treated depending on threat modeling. However there is a line. For example, I had a discussion with someone this week. Told me how they were hacked. I guessed everything else without hearing more than five words. He was amazed how I knew how he got hacked. He used [and stil does] use the same password for 'everything'. I know a few people. Another had part of their password on their notepad. No - Not tools to help them remember what the password is. The darn passwords. Remember most users are lazy. So like them both. I guess the range of their passwords. Keep in mind I am learning, relearning, and suck at IT academically. I am not even qualified to be called a script kiddy. I have not skill cape. Point being I am not stupid. Nor am I as ignorant as some would guess. You are advocating for weak foolish practices rather than a minimal amount of security. There are avenues and tools to develope decent passwords you can remember. You do not need to remember all of your passwords. That is the problem. A trap I fell into a long time ago. Guess, what I knew better back then. So I know both sides. Also remember that the bulk of the tools needed to break a hash. Which can be extracted easily from most file types and drives. Are 100% free. Or if you are super lazy. The retail foreignsic software is $25 to $50,000. Basically almost anybody can do it. So no, choosing an easy password is basically handing your files over to adversaries. Yes, everything can be hacked. The questions are whom is trying to hack you?What are your resources to combat them? Also remember data storage for short, moderate, and long term. For someone earing a gross salary of $35,000 US. Is enough for following the 3 2 1 Rule. Absent, nuclear war. You should be able to backup your passwords. Have I forgotten passwords? Yes, in the distant past I have. In fact I manually hacked a bunch of my old data. I could have used Hash Cat or John The Ripper. Again, still learn. That could have saved years off my efforts. I understand what I did wrong. I did not save the codes. I knew what the codes might have been. So eventually I accessed all of but a handful of files. When I am done. I will hack the rest with the aformentioned software. Backup the damn passwords. There are so many options it makes me sick. I prefer open source such as KeePass, Password Safe. Yes, I contribute to all the software (projects) I use. At least once. There are so many open source encrypt applications that work with Apple, Android, Windows, Linux, and so on. Doing the basic stuff is not hard. That is all I ask. Do the basics. If you use different passwords for your password managers. You are less likely to lose access to all of them. LOL, I got into a heated debate online about that. You are afraid of losing your mind and might forget :( . Fare enough. A lot of the retail products have tools just for that. Again, basics are not hard here. You afraid of your drive being damaged. So full software drive encrypt bad idea? O.K., encryp the files and backup the password manager holding the passwords; 3 2 1 Rule. The world would have to go to hell if you follow the Rules?

Welcome to KZfaq. I always skip the first minute of every "how to" video because 95% of the time it's just time wasting fluff. This time it was over 2 min. The worst is when after that they go "Now let's jump right in...".