@@MrMessiah2013 explanation of the topic, by intro i meant the same corporate standardised clip of around 5 6 seconds that plays at the start of every video wasting the viewers time
it's so fluid I didn't notice and just started watching. i just would like a logo for some seconds at the start. the visual information isn't relevant so just show who you are/your brand at the beginning.
As someone in cyber sec I like that he doesn't use buzzwords and try to wow us. He knows what he's talking about, he doesn't add anything on top. This is what it is
@@rileywatson it's like a badge of honor that you only get to flash in niche places on the internet. If you try to tell a normie they either don't care or automatically assume that means you can crack any account and hack any device at will
@@GhostSamaritan very true. I'm not really looking to get rich out of youtube, probably never will. I just like to film anything that I think needs to be filmed to help some people. I mess with smartphones and Linux a lot and fix s lot of the issues on my laptop myself, then just try to film it to share the fix.
I haven’t trusted Google since I made a dummy account, uploaded a picture of an apple named “racecar” to Drive, and immediately saw ads for healthy foods.
I watched a speech about password cracking a while ago, where the guy (who I forgot the name, but who works professionally in pass-cracking) was saying an 8 digit password can be brute-forced in a few days with a cheap rig with 3 or 4 GPUs, and that a 9th digit exponentially raises that bar to a bunch of years, making it infeasible to brute-force. So, according to that guy, apps should be advising the use of 9 or even 10 minimum digits, not 8. And the takeaway from that video: DO NOT USE PATTERNS. _"Obama08!"_ and _"Shekelsteinberg69%"_ are effectively the exact same password from the perspective of a pattern matching algorithm.
@@kendarr Not regular people. But for someone that's more serious about cracking passwords, four GPUS isn't prohibitively expensive. I don't suppose you need the best in the market, or even anything close.
@@skaruts No reason to have 4 low end gpus in that manner, and sure for a especialist on that it might not be too much, but for the avarege "hacker" having 2 GPUs is already a bit a stretch, the more characters the better but more often then not 8 is good enough its what i'm saying
@@kendarr if you're talking about general password cracking on anyone you decide to target then yeah that's not cheap at all but if you really need to get into a specific person's stuff, a rig with a few extra gpus is not that much for what you might gain as a result
I don't even have to choose my background music. It just starts playing whenever I open my web browser, and I have no clue which of the 32 active tabs is doing the music...
Hey Kenny, would you mind going over open-source alternatives to Google Maps? I'm sick of Google having access to my location whenever I want to go somewhere. Thanks!
openstreetmap.org has always been the biggest recommendation for that, it's free (license) and open source. And Duckduckgo uses AppleMaps instead of Google, im not entirely sure why, and I know Apple is usually as spooky as a bioluminescent bureaucrat.
@@sugaryhull9688 OpenStreetMaps just provides the map data and a basic web client. There are multiple other clients available: eg. Gnome Maps, Qwant Maps (in beta, uses OSM data), OsmAnd (for Android, very feature rich, but slower than some other clients and the UI is not the best). _Do not_ use maps.me though. it was bought by some sketchy company. I think some people are working on a fork of it.
lol linustechtips had that happen tho, when they did the "infinite gcloud storage" video, iirc, google gjuys went like "huh, guys, what's all this random data you're uploading gigabytes of? you're not bad guys, right?"
@@jan_harald there are legitimate reasons to be to be skeptical when someone uploads tons of gbs of encrypted files, remember that tech dosent know what right and what's wrong, if there is some ilegal shit in there Google can be on the eyes of gov for that, I think the gouverment made this problem with mega, when they took down megaupload the dude made the system so good its a field for cracked and ilegal stuff, I'm not saying that's all there is there, what I'm saying is that Google can't trust you as much as you dont trust them
I'm going to have to do this at some point, unfortunately, because airports are full of glowFRIENDS so it's the only safe way for me to transport my files when I fly to another country.
In a world where gov agencies keep legally forcing companies to let them access people's files, you can be sure there's one or more ways that someone could be nosing around your files. Maybe even backdoors.
For offsite incremental backup, I recommend restic. It automatically do encryption and leverages rclone as backend to store backup almost any cloud storage providers
My fear is even if I encrypt my files Google keeps them eternally and wait until the awake of the quantum computers then decrypt it to see the content 😭
Most precious thing I have in Google's servers is a rare version of Vivaldi Four Seasons. All the rest is my external drives. I don't trust "cloud service" because hackers, a war or government could compromise provider's servers and I'd lose my games, music, work projects... No way.
loved that, even with applications to do that job is even better (for me) use command line thank u so much and I hope u keep bringing up this kind of content!!!
I prefer to use a cryptographic overlay file system like encfs, which is much easier to work with as it's completely automated. You designate a directory for the encrypted data, which will also be the directory that's synced to the Cloud, and the unencrypted mount point is another directory (or drive letter if using windows), where you work with your files as normal. That way you never have to manually encrypt and decrypt your data in order to work with it, and the only data that's ever synced to the Cloud is always encrypted.
Using symmetric encryption to access files on your employer's computer would be a really bad idea! Really, accessing any kind of secret on someone else's hardware is a bad idea. In the US (and most other places, AFAIK), employers have very few restrictions on what data they can collect about their employees. There are whole software suites dedicated to helping managers sift through data like key logging, screen recording, camera/mic recording, application usage stats, and whatever else you can imagine. It's all fair game to them. You should 100% assume that any password you type on a work computer is known by your employer.
@@OggerFN Oh, for sure. I just mean that on a work computer, a bad actor is DEFINITELY, ACTIVELY collecting keystrokes. While on any random x86 computer, a bad actor is maybe doing that.
@@skaruts it would be convenient if we could just copy-paste the ethics of individuals and apply them to corporations. Unfortunately, that has led to pretty egregious, widespread abuse of employees. So, we probably shouldn't treat company-owned machines the same way as personally-owned machines.
@@JoeJoeTater The corporations are owned by individuals. Fundamentally speaking, the relationship between employer and employee is the exact same as that between you and your plumber. An employer is an entity buying a service, and an employee is an entity selling a service. The hard reality is that many worker rights are nothing short of ways to extort or harass buyers. Hell, the minimum wage, for example, is the exact equivalent to telling you that you cannot pay less than X to your barber. Anyway, don't confuse this for a defense of corporations of whatever. I'm just laying things out for what they actually are. Companies are owned by people with the same rights as everyone else. Their computers are their computers. What should happen is that everyone should be aware about the problems of using other people's computers for personal stuff. Given that, realistically, most people won't ever know all that they need to know, maybe there's a discussion to be had about whether or not it would be justifiable to mandate that employers be transparent about their use of keyloggers and all that. Whatever the case, you should always keep in mind that there's no difference between having legal restrictions on their ability to monitor their computers and having legal restrictions on your ability to monitor your personal computer at home. If you're gonna be advocating for that kind of laws, that should give you a sense of what exactly you'll be advocating for.
I used to use that method a long time ago until I found a cryptomator. Cryptomator encrypts files and opens up a way to interact with your encrypted files in the vault via virtual disk or webdav rather than giving you a whole encrypted container that is extremely hard to sync with cloud. It also supports major cloud providers. It has some drawbacks though. Only the core part is open sourced (so that they can monetize the software) and it is written in java which forces you to have a jre on your machine. The encryption method is based on aes-ctr (if I'm not wrong), yet the implementation is not standard and but there is a good documentation about how it is done. I have been working on a lightweight alternative which is written on go. It behaves like a daemon exposing a webdav server, can be deployed to all platform that go supports, it is highly portable and lightweight. I haven't published it because of some issues with plain text files (all media files are ok). The project is abandoned as I don't have time to fix all issues and paying of technical debt during prototyping. Maybe I'll revive it someday, or maybe I'll find a good alternative to cryptomator. P.S.: Syncthing is a good way to sync stuff cloudless across your devices.
I do not find that there is a huge performance difference between symmetric and asymmetric encryption with GPG. The reason for this is that encrypts your data with a randomly generated one-time symmetric key, and then encrypts only that (relatively small) key asymmertcically. That's how you can encrypt a message to multiple recipients. You encrypt the message once, and then encrypt the session key with each of their public keys.
What about creating a VeraCrypt volume with your files and sync the volume? It seems easier. You can even create a hidden volume inside the main volume to really hide some data. Is it a good alternative? What are pros and cons?
That's similar in principle to what he did here with the tar archive. The main con I see is that you have to resync the whole archive to the cloud even if you just make a small change to one file. Should be fine for small volumes, in fact I do that myself. But if you have a large amount of data, and most of it doesn't change often, that's a lot of extra overhead
there is actually a way to keep integrity with AES by combining it with RSA. You can make a checksum of the encrypted file and then sign that checksum with your private RSA key. This way you can verify whether the data has been tampered with
@Capitalism 4 life Nah bruh, im talking about hardware which is used as a key to decrypt anything u had encrypted instead of letting the key float around in files.
You can technically encrypt the asymmetrical key too (passphrase), which I usually do for SSH. Also for integrity, the AES-GCM variant will ensure integrity, I don't know if gpg supports it though.
For me I just compress all my file to rar or 7zip then encrypt it in AES256 (including file names) in 64 character long password generated by urandom. So good luck decrypting that or even try to take a glimpse at the content of that file, though encrypting individual files is a good thing so I will also use this for when I have to store sensitive data on the cloud. Though I kinda hope those files can also be opened in windows machine because there are times that I have to access my file in windows...
Best thing is when Google calls to ask if you want advertising is to ask if they are Javascript free and if the software being used to push the ads is gpl
Tip for VIM: Shift z z in command mode saves the file and exits. ZZ in normal mode saves the current file if modified and exits or closes the current window/tab (same as :x but not :wq which writes the file even if it hasn't been modified). To exit unconditionally without changing anything: ZQ (same as :q! ).
Just buy a raspberry pi 4 and a usb drive, set up port forwarding and boom, you got "cloud" storage. For secure backups you can tar and encrypt it and store it on the cloud, or even better, a friend's drive
Who needs encryption when you can just upload a password protected zip file unconspicuously named budget2021.zip Nothing to see here folks, just "very important money stuff".
To anyone who tries this and is unable to use --no-symkey-cache. This is because this was apparently added to gpg version 2.2.7, if you are on an Ubuntu derivative there is a chance that you are using an older gpg program, so you will probably have to update the program or the OS itself.
I generally don't bother compressing my tar files before encrypting. I believe that compression is the first step of then encryption process anyways. Doing it manually seems redundant.
AES256 is no more secure than AES128 for symmetric encryption where your passphrase limits your security, not the algo. Theoretically, AES128 is actually the more sound design anyway. AES256 has too few rounds for the key size, which its cyptanalysis has shown. Aes128 has better dispersion of the key material. Use AES128, or any other well-established algo, and worry about your passphrase instead, and you won’t end up looking stupid in the eyes of the intelligence agencies. The algo never matters.
The algo matters. AES256 *is* more secure, and the only acceptable option. Which cryptanalysis has told you otherwise?? Furthermore, when it comes to quantum computers, Grover's Algorithm can be used to speed up brute forcing the encryption key. "Grover's algorithm could brute-force a 128-bit symmetric cryptographic key in roughly 264 iterations, or a 256-bit key in roughly 2128 iterations."
AES256 is more secure in the long run. Quantum computers theoretically will half the difficulty of brute forcing AES. If you only use AES128 a quantum computer would reduce the bit security down to 2 to the power of 64 making it entirely brute forceable within a relativity short time frame. Use AES256 if you want your encryption to remain secure in the long term.
@@mulletman1705 Those AES256 related key attacks are nasty, though... showing AES256 design issues even though they are infeasible in practice. But so are all attacks on any modern 128-bit-block algorithms. The algo does not matter. No-one attacks the symmetric key by bruteforce. It is too expensive even with a future quantum computer within a timescale that matters. The adversary will always attack the passphrase since it will have less entropy and is easier to break -- or so the adversary conjectures. No algo, no matter how broken, is known to have successfully been attacked by bruteforce since DES or incorrectly applied RC4 or low-bit-RC5. Yet encrypted data are compromised all the time. It just happens by other means.
@@mechantl0up no one attacks the key by brute force as it would not be broken within a reasonable time frame with there being 2 to the power of 128 different possible keys for AES128. However it is feasable for current commuters to brute force 2 to the power of 64 different possible keys within a reasonable time frame. That is why you should not use AES128 if you are concerned about long term encryption.
@@mulletman1705 That assumption relies on the fact that 2^64 quantum computers are feasible within the time span necessary for keeping something secret from today, and that someone will expend such a computing resource on cracking the particular key I am using. These are bold assumptions. Before that happens, our existing public key crypto infrastructure will have collapsed and all our historical, asymmetrically encrypted data exposed by quantum computers. I am more concerned over that. Even today, no-one can afford to spend the money for 2^64 operations to crack keys. Moreover, for long-term secrets you have to be very careful with file formats. I only ever use TAR and standard GZIP and unformatted text documents when possible. Imagine decrypting your mid-1990s PGP-encrypted floppies. No-one still can break the broken 64-bit 128-bit-key IDEA algorithm, but you may not be able to access the data (at least inexpensively) due to extinct file formats...
You named your tar file pepes.tar.gz even though you didn't pass -z (meaning you're not doing any compression). You just made a tar file, not a compressed tar file, so you should drop the .gz
You can also use Age file encryption, it’s has saner default, for example it does not cache the password by default. Be careful with pgp it has soo many moving parts!
The cloud automatically backups your files and keeps them in a quality state. USB drives and external hard-drives go kaput, and you can see data decay on them within about 5 years. If you're wanting to archive your shit, the cloud is the cheapest way to do it.
@@AbandonedVoid I would rather pay 10 euros a month for USBs than give all my data to an unkown cloud service, or apple or google. And hosting one is less cheap and less secure.
Great content. Do you know of any solution to perform sort of an "encrypted mouting" of a cloud storage? Some software (eg. rclone) allow to mount a cloud storage (eg. it appears as a drive). But is there some way to seamlessly encrypt everything at client side? analogous as how full disk encryption with [LVM over] LUKS is (virtually) seamless. And also I'd to argue that symmetric encryption can provide integrity, if the cipher uses an AEAD mode of operation. However, I'm unaware about what cipher GPG uses.
I keep coming back to this vid because I forget the gpg args lol btw a little nitpicky comment, when you use tar -cf to make an archive, it won't actually gzip the file, using -zcf does tho. I say this beacuse you gave the filename a .tar.gz extension that would lead you to believe it was actually gzipped
So, your saying, that I should encrypt my furry porn videos that I find to the cloud? Also, I can't let people know what programs and registry tweaks I use on Windows 10.
Wow this is a really good way to encrypt files, if you're a software engineering professional that uses linux, that is. For the rest of us, just use a password protected .7z
this is basically what companies like Sentra advocate. However, when doing this en masse its better to only put layers of encryption on your most sensitive info
So you're telling me encrypting a tar archive without encrypting all the content first is just as secure as encrypting all the files within the folder individually?
Wouldn't it be safer to encrypt using a password instead of a gpg key? As I see it one key is one central point of failure, while you could use unique hard passwords for each file of interest instead
Symmetric encryption like aes is actually safer than let's say rsa. Rsa theoretically can already be cracked by Google with their quantum computer that's not the case with aes. The only pros of asymmetric encryption is that you can give out public key and use it for signatures. Otherwise symmetric is better.
Hello! I'm just learning things and I had a question. Is there any way to encrypt files into another directory that includes all the commands in the video. Thanks in advance!
3:12 you have no idea if the compiled binary they're using is the one they claim. Even if you were able to run a hash on it, who's to say they dont have software to masks what you get back.
Never change your video editing formula. This format is perfect, no music, no intro, no time-wasting bullsh, just fact and pure content. Good job.
and subtitles must be good
Agreed
> no intro
What do you call this: 0:00-2:00?
@@MrMessiah2013 explanation of the topic, by intro i meant the same corporate standardised clip of around 5 6 seconds that plays at the start of every video wasting the viewers time
it's so fluid I didn't notice and just started watching. i just would like a logo for some seconds at the start. the visual information isn't relevant so just show who you are/your brand at the beginning.
Starting to think Mental Outlaw is the one looking at my history rather than Google. I searched this shit like yesterday.
Should have tarred and encrypted your duckduckgo searches
@@magnusanderson6681 Not you too, how the hell do you know I use DuckDuckGo?
@@z_0968 He listened to your breathing patterns
@Picolino de Marte Oh yeah how many fingers am I holding up?
@@z_0968 two, should've just gotten rid of your hands, they're just bloat
As someone in cyber sec I like that he doesn't use buzzwords and try to wow us. He knows what he's talking about, he doesn't add anything on top. This is what it is
For real, I want to get into cybersecurity and it's helpful when I understand is what is said
As someone who isn’t in cyber sec, I like how everyone in cyber sec feels the need to state they’re in cyber sec before getting to their point
@@rileywatson it's like a badge of honor that you only get to flash in niche places on the internet. If you try to tell a normie they either don't care or automatically assume that means you can crack any account and hack any device at will
@@itsme7570wish I can find a niche to brag about my employment
Yes he does use buzzwords one example: *woke* in a negative connotation way.
No intro, no outro, and shit is still sofa king good. Thanks, man. You're the 🐐
Edit: and no background music.
@Average Linux User I guess I'll need to stop my bullshit then 😂. I do have intro and outro and BG music. Ya know, to attract people to sub.
I am the Sofa King
@@MyReviews_karkan People will subscribe if they really enjoy your content.
@@veirant5004 Apparently not. 😂
I just like to edit and add shit to my videos.
@@GhostSamaritan very true. I'm not really looking to get rich out of youtube, probably never will. I just like to film anything that I think needs to be filmed to help some people. I mess with smartphones and Linux a lot and fix s lot of the issues on my laptop myself, then just try to film it to share the fix.
I haven’t trusted Google since I made a dummy account, uploaded a picture of an apple named “racecar” to Drive, and immediately saw ads for healthy foods.
I watched a speech about password cracking a while ago, where the guy (who I forgot the name, but who works professionally in pass-cracking) was saying an 8 digit password can be brute-forced in a few days with a cheap rig with 3 or 4 GPUs, and that a 9th digit exponentially raises that bar to a bunch of years, making it infeasible to brute-force. So, according to that guy, apps should be advising the use of 9 or even 10 minimum digits, not 8. And the takeaway from that video: DO NOT USE PATTERNS. _"Obama08!"_ and _"Shekelsteinberg69%"_ are effectively the exact same password from the perspective of a pattern matching algorithm.
A rig with 3 or 4 gpus are not cheap, not even because of the whole chip problem, is just not common for people to have that type of rig
@@kendarr Not regular people. But for someone that's more serious about cracking passwords, four GPUS isn't prohibitively expensive. I don't suppose you need the best in the market, or even anything close.
@@skaruts No reason to have 4 low end gpus in that manner, and sure for a especialist on that it might not be too much, but for the avarege "hacker" having 2 GPUs is already a bit a stretch, the more characters the better but more often then not 8 is good enough its what i'm saying
@@kendarr if you're talking about general password cracking on anyone you decide to target then yeah that's not cheap at all but if you really need to get into a specific person's stuff, a rig with a few extra gpus is not that much for what you might gain as a result
Former insipid instance. So 😐 it was
rm -rf on a single file just for the lulz
i do that out of habit lul
@@kira64xyz me too
thats dumb you gotta zero it out first
muscle memory bruv
@@kira64xyz lul?
even your vids are like linux, I can customize them by adding my own background music
DISM moment
I don't even have to choose my background music. It just starts playing whenever I open my web browser, and I have no clue which of the 32 active tabs is doing the music...
I love that XD @@InventorZahran
Pretty useful. Especially for coomers.
Liking the upload spree so far.
coomers get the rope
@@jcs27 BDSM Coomers like rope
@@hhhyyy4375 fuck, totally missed that one
Rclone with encryption layer is also a great tool for using 3rd party cloud drives seamlessly
actually expected this to be the content of the video
That sounds really cool. Any guide on how to do it?
@@glitchy_weasel they have very good documentation on their website
I love your channel, I've watched a couple of them and all of them are informative and useful thank you.
Hey Kenny, would you mind going over open-source alternatives to Google Maps? I'm sick of Google having access to my location whenever I want to go somewhere. Thanks!
Deactivate location on your phone
openstreetmap.org has always been the biggest recommendation for that, it's free (license) and open source. And Duckduckgo uses AppleMaps instead of Google, im not entirely sure why, and I know Apple is usually as spooky as a bioluminescent bureaucrat.
OpenStreetMaps, but it's not as feature-rich
@@sugaryhull9688 OpenStreetMaps just provides the map data and a basic web client. There are multiple other clients available: eg. Gnome Maps, Qwant Maps (in beta, uses OSM data), OsmAnd (for Android, very feature rich, but slower than some other clients and the UI is not the best).
_Do not_ use maps.me though. it was bought by some sketchy company. I think some people are working on a fork of it.
Apple maps would work
I'm sure Google won't bat an eye when I start uploading hundreds of gigabytes of encrypted data to their servers.
lol linustechtips had that happen tho, when they did the "infinite gcloud storage" video, iirc, google gjuys went like "huh, guys, what's all this random data you're uploading gigabytes of? you're not bad guys, right?"
@@jan_harald there are legitimate reasons to be to be skeptical when someone uploads tons of gbs of encrypted files, remember that tech dosent know what right and what's wrong, if there is some ilegal shit in there Google can be on the eyes of gov for that, I think the gouverment made this problem with mega, when they took down megaupload the dude made the system so good its a field for cracked and ilegal stuff, I'm not saying that's all there is there, what I'm saying is that Google can't trust you as much as you dont trust them
I'm going to have to do this at some point, unfortunately, because airports are full of glowFRIENDS so it's the only safe way for me to transport my files when I fly to another country.
@Blaxer XO do you even know what an RFID scanner is or do you just assume it's some star trek shit that magically vacuums your data?
@@4.0.4 since he deleted his reply what did he say
In a world where gov agencies keep legally forcing companies to let them access people's files, you can be sure there's one or more ways that someone could be nosing around your files. Maybe even backdoors.
For offsite incremental backup, I recommend restic. It automatically do encryption and leverages rclone as backend to store backup almost any cloud storage providers
My fear is even if I encrypt my files Google keeps them eternally and wait until the awake of the quantum computers then decrypt it to see the content 😭
Most precious thing I have in Google's servers is a rare version of Vivaldi Four Seasons. All the rest is my external drives. I don't trust "cloud service" because hackers, a war or government could compromise provider's servers and I'd lose my games, music, work projects... No way.
my loli lewd handholding pics will be always in danger at this rate , might as well starting build my own server with my uni savings.
based purechad
Definitely encrypting mine before any situation that requires being around glowFRIENDS that may want to invade my privacy for my safety, as they say.
@@censoredterminalautism4073 with some encrypting software wrote in Holy C
based af
HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS HILARIOUS
loved that, even with applications to do that job is even better (for me) use command line
thank u so much and I hope u keep bringing up this kind of content!!!
I prefer to use a cryptographic overlay file system like encfs, which is much easier to work with as it's completely automated. You designate a directory for the encrypted data, which will also be the directory that's synced to the Cloud, and the unencrypted mount point is another directory (or drive letter if using windows), where you work with your files as normal.
That way you never have to manually encrypt and decrypt your data in order to work with it, and the only data that's ever synced to the Cloud is always encrypted.
Is there a vid 9n how to do this?
No filesystem compression with encfs makes me sad.
Hello, are you still using cryptography overlay? Which program should I buy that's like yours ? Thank you
"Don't Be Evil" wasn't removed by Google as their mission statement. They only removed the word "Don't" 🙂
These tutorial formats make sense, and are to the point. Appreciate your time and explanation of this opsec mitigation method.
Using symmetric encryption to access files on your employer's computer would be a really bad idea! Really, accessing any kind of secret on someone else's hardware is a bad idea. In the US (and most other places, AFAIK), employers have very few restrictions on what data they can collect about their employees. There are whole software suites dedicated to helping managers sift through data like key logging, screen recording, camera/mic recording, application usage stats, and whatever else you can imagine. It's all fair game to them. You should 100% assume that any password you type on a work computer is known by your employer.
I mean encrypting on a computer with Intel ME (or Amd's counterpart)active isn't really safe either.
@@OggerFN Oh, for sure. I just mean that on a work computer, a bad actor is DEFINITELY, ACTIVELY collecting keystrokes. While on any random x86 computer, a bad actor is maybe doing that.
To be fair, they should not have any restrictions on monitoring their own computers.
@@skaruts it would be convenient if we could just copy-paste the ethics of individuals and apply them to corporations. Unfortunately, that has led to pretty egregious, widespread abuse of employees. So, we probably shouldn't treat company-owned machines the same way as personally-owned machines.
@@JoeJoeTater The corporations are owned by individuals. Fundamentally speaking, the relationship between employer and employee is the exact same as that between you and your plumber. An employer is an entity buying a service, and an employee is an entity selling a service. The hard reality is that many worker rights are nothing short of ways to extort or harass buyers. Hell, the minimum wage, for example, is the exact equivalent to telling you that you cannot pay less than X to your barber.
Anyway, don't confuse this for a defense of corporations of whatever. I'm just laying things out for what they actually are. Companies are owned by people with the same rights as everyone else. Their computers are their computers.
What should happen is that everyone should be aware about the problems of using other people's computers for personal stuff. Given that, realistically, most people won't ever know all that they need to know, maybe there's a discussion to be had about whether or not it would be justifiable to mandate that employers be transparent about their use of keyloggers and all that.
Whatever the case, you should always keep in mind that there's no difference between having legal restrictions on their ability to monitor their computers and having legal restrictions on your ability to monitor your personal computer at home. If you're gonna be advocating for that kind of laws, that should give you a sense of what exactly you'll be advocating for.
I used to use that method a long time ago until I found a cryptomator.
Cryptomator encrypts files and opens up a way to interact with your encrypted files in the vault via virtual disk or webdav rather than giving you a whole encrypted container that is extremely hard to sync with cloud. It also supports major cloud providers.
It has some drawbacks though. Only the core part is open sourced (so that they can monetize the software) and it is written in java which forces you to have a jre on your machine. The encryption method is based on aes-ctr (if I'm not wrong), yet the implementation is not standard and but there is a good documentation about how it is done.
I have been working on a lightweight alternative which is written on go. It behaves like a daemon exposing a webdav server, can be deployed to all platform that go supports, it is highly portable and lightweight. I haven't published it because of some issues with plain text files (all media files are ok). The project is abandoned as I don't have time to fix all issues and paying of technical debt during prototyping. Maybe I'll revive it someday, or maybe I'll find a good alternative to cryptomator.
P.S.: Syncthing is a good way to sync stuff cloudless across your devices.
Great informative videos without all the bloat. Just like Linux.
I do not find that there is a huge performance difference between symmetric and asymmetric encryption with GPG. The reason for this is that encrypts your data with a randomly generated one-time symmetric key, and then encrypts only that (relatively small) key asymmertcically. That's how you can encrypt a message to multiple recipients. You encrypt the message once, and then encrypt the session key with each of their public keys.
If you want to have integrity with a block cipher like AES, you can use AES-GCM (SIV) for confidentiality and integrity.
Love the videos, I was wondering if you could do a tutorial on setting up an encrypted network directory for use as a pseudo-cloud just for the LAN?
What about creating a VeraCrypt volume with your files and sync the volume? It seems easier. You can even create a hidden volume inside the main volume to really hide some data. Is it a good alternative? What are pros and cons?
.
That's similar in principle to what he did here with the tar archive. The main con I see is that you have to resync the whole archive to the cloud even if you just make a small change to one file. Should be fine for small volumes, in fact I do that myself. But if you have a large amount of data, and most of it doesn't change often, that's a lot of extra overhead
Your best bet is rsync, with an encrypted volume. It's a touch less portable but much easier to use.
@@ICy42 sounds a whole lot more complicated just to encrypt a file
I agree with the question and am still a little confused after all the answers given. Is there more overhead when using VeraCrypt?
Thanks, my 2TB stash of Marina Ann Hantzis movies has never been safer.
there is actually a way to keep integrity with AES by combining it with RSA. You can make a checksum of the encrypted file and then sign that checksum with your private RSA key. This way you can verify whether the data has been tampered with
This is why banks use RSA keys for wires and loans
remember that encryption based on passphrases is only as secure as the way you chose to distribute the passphrase
After seeing your video, I have started storing heavy data in my google workspace account. Now, the workspace admin will only see crap in his Vault😆😆😆
Can you make a video on hardware security keys? They really intrigue me cos they seem to be much more convenient , just plug and play access
@Capitalism 4 life Nah bruh, im talking about hardware which is used as a key to decrypt anything u had encrypted instead of letting the key float around in files.
@@crashedbruh a USB key? would be a real help for me too ^^;
@@DezzarTac Yep those ones, pretty neat stuff !
Still a pretty good idea to remove the metadata from files too even after encrypting using something like mat2 or exiftools.
You're one of the best things on RUclips
You can technically encrypt the asymmetrical key too (passphrase), which I usually do for SSH.
Also for integrity, the AES-GCM variant will ensure integrity, I don't know if gpg supports it though.
thank you sir! I learned something new today and now to go and encrypt all my docs in Dropbox!!!
For me I just compress all my file to rar or 7zip then encrypt it in AES256 (including file names) in 64 character long password generated by urandom. So good luck decrypting that or even try to take a glimpse at the content of that file, though encrypting individual files is a good thing so I will also use this for when I have to store sensitive data on the cloud. Though I kinda hope those files can also be opened in windows machine because there are times that I have to access my file in windows...
holy, it's actually very useful!
thank you orange cat
exactly, this stuff should be pure common sense to most...yet we see how lacking that can be over-all in society at times. Well, times change.
Best thing is when Google calls to ask if you want advertising is to ask if they are Javascript free and if the software being used to push the ads is gpl
Tip for VIM:
Shift z z in command mode saves the file and exits. ZZ in normal mode saves the current file if modified and exits or closes the current window/tab (same as :x but not :wq which writes the file even if it hasn't been modified). To exit unconditionally without changing anything: ZQ (same as :q! ).
Just buy a raspberry pi 4 and a usb drive, set up port forwarding and boom, you got "cloud" storage. For secure backups you can tar and encrypt it and store it on the cloud, or even better, a friend's drive
Who needs encryption when you can just upload a password protected zip file unconspicuously named budget2021.zip
Nothing to see here folks, just "very important money stuff".
How effective are ZIP passwords anyway
Any suggestions for filename encryption too? Which can be decrypted quickly.
@@nykal1510 You can download a myriad of zip brute forcers that do the job in a few minutes, so...
@@No-uc6fg Damn, that's tough
@@nykal1510 even a script kiddoe can open it
I prefer gocryptfs, so it can sends diffs and you can edit the files inside the directory
To anyone who tries this and is unable to use --no-symkey-cache. This is because this was apparently added to gpg version 2.2.7, if you are on an Ubuntu derivative there is a chance that you are using an older gpg program, so you will probably have to update the program or the OS itself.
Thank you Kenny. Very Cool!
Now I can upload more torrents by google-colab on google drive without getting that copyright email!
thanks now i use this for my Google Drive and Dropbox
Subscribed because of the subtle request.
go to dwm's config.h > set value of "resizehints" to 0. your uneven terminal around the edges always bugs me
Thanks for the valuable content.
Thanks for this niche content.
For anyone wanting to automate such as process I can recommend rclone
Google's "don't be evil" was never meant for themselves.
Love this channel!
I generally don't bother compressing my tar files before encrypting. I believe that compression is the first step of then encryption process anyways. Doing it manually seems redundant.
You forgot the 'z', tar -cf just creates an archive, no gzip. No need for gz.
No need for the .gz _filename extension._
it was to throw off the hackers duh. do you even secure your data?
AES256 is no more secure than AES128 for symmetric encryption where your passphrase limits your security, not the algo. Theoretically, AES128 is actually the more sound design anyway. AES256 has too few rounds for the key size, which its cyptanalysis has shown. Aes128 has better dispersion of the key material.
Use AES128, or any other well-established algo, and worry about your passphrase instead, and you won’t end up looking stupid in the eyes of the intelligence agencies. The algo never matters.
The algo matters. AES256 *is* more secure, and the only acceptable option. Which cryptanalysis has told you otherwise??
Furthermore, when it comes to quantum computers, Grover's Algorithm can be used to speed up brute forcing the encryption key. "Grover's algorithm could brute-force a 128-bit symmetric cryptographic key in roughly 264 iterations, or a 256-bit key in roughly 2128 iterations."
AES256 is more secure in the long run. Quantum computers theoretically will half the difficulty of brute forcing AES. If you only use AES128 a quantum computer would reduce the bit security down to 2 to the power of 64 making it entirely brute forceable within a relativity short time frame. Use AES256 if you want your encryption to remain secure in the long term.
@@mulletman1705 Those AES256 related key attacks are nasty, though... showing AES256 design issues even though they are infeasible in practice. But so are all attacks on any modern 128-bit-block algorithms.
The algo does not matter. No-one attacks the symmetric key by bruteforce. It is too expensive even with a future quantum computer within a timescale that matters. The adversary will always attack the passphrase since it will have less entropy and is easier to break -- or so the adversary conjectures.
No algo, no matter how broken, is known to have successfully been attacked by bruteforce since DES or incorrectly applied RC4 or low-bit-RC5. Yet encrypted data are compromised all the time. It just happens by other means.
@@mechantl0up no one attacks the key by brute force as it would not be broken within a reasonable time frame with there being 2 to the power of 128 different possible keys for AES128. However it is feasable for current commuters to brute force 2 to the power of 64 different possible keys within a reasonable time frame. That is why you should not use AES128 if you are concerned about long term encryption.
@@mulletman1705 That assumption relies on the fact that 2^64 quantum computers are feasible within the time span necessary for keeping something secret from today, and that someone will expend such a computing resource on cracking the particular key I am using. These are bold assumptions.
Before that happens, our existing public key crypto infrastructure will have collapsed and all our historical, asymmetrically encrypted data exposed by quantum computers.
I am more concerned over that.
Even today, no-one can afford to spend the money for 2^64 operations to crack keys.
Moreover, for long-term secrets you have to be very careful with file formats. I only ever use TAR and standard GZIP and unformatted text documents when possible.
Imagine decrypting your mid-1990s PGP-encrypted floppies. No-one still can break the broken 64-bit 128-bit-key IDEA algorithm, but you may not be able to access the data (at least inexpensively) due to extinct file formats...
You named your tar file pepes.tar.gz even though you didn't pass -z (meaning you're not doing any compression). You just made a tar file, not a compressed tar file, so you should drop the .gz
I cringed when I saw that, he also passed the `recursive` and `force` flags every time he removed a single file that wasn't even write-protected.
I never use cloud storage unless I gotta send a file to a friend. I use USB sticks instead.
I’ve heard of people uploading a ton of encrypted files and having that data corrupted or disappear after a few months.
Who is going to encrypt files individually before uploading to the cloud? It’s too difficult and time consuming.
You can also use Age file encryption, it’s has saner default, for example it does not cache the password by default. Be careful with pgp it has soo many moving parts!
I use the ancient forgotten method of buying an external hard drive, disconnect from the internet and copy and paste into said hard drive.
I hope my world conqueror 3 rebalance mod will be safe.
shut up you mobile gamer hungarian
Albania 🇦🇱🇦🇱🇦🇱
Would you still suggest this in 2024 and if so, can you share a link for the installation instructions, please.
Why not get an USB drive and store it on that instead?
Do you want to drag around 400 TB of cp in USB drives with you?
@@OggerFN lmaoo I imagine it all tied to a key chain making clacking sounds hahaha
The cloud automatically backups your files and keeps them in a quality state. USB drives and external hard-drives go kaput, and you can see data decay on them within about 5 years. If you're wanting to archive your shit, the cloud is the cheapest way to do it.
@@AbandonedVoid
kaput?
Do you mean kaputt as in german for broken?
@@AbandonedVoid I would rather pay 10 euros a month for USBs than give all my data to an unkown cloud service, or apple or google. And hosting one is less cheap and less secure.
Great content.
Do you know of any solution to perform sort of an "encrypted mouting" of a cloud storage? Some software (eg. rclone) allow to mount a cloud storage (eg. it appears as a drive). But is there some way to seamlessly encrypt everything at client side? analogous as how full disk encryption with [LVM over] LUKS is (virtually) seamless.
And also I'd to argue that symmetric encryption can provide integrity, if the cipher uses an AEAD mode of operation. However, I'm unaware about what cipher GPG uses.
I keep coming back to this vid because I forget the gpg args lol
btw a little nitpicky comment, when you use tar -cf to make an archive, it won't actually gzip the file, using -zcf does tho. I say this beacuse you gave the filename a .tar.gz extension that would lead you to believe it was actually gzipped
So, your saying, that I should encrypt my furry porn videos that I find to the cloud?
Also, I can't let people know what programs and registry tweaks I use on Windows 10.
Tahoe-LAFS works too!
I can trust it by hosting it by myself 😉. Synology NAS ftw
Am I missing something, or shouldn't the tar command also have the -z option if you name the archive .gz?
Wow this is a really good way to encrypt files, if you're a software engineering professional that uses linux, that is. For the rest of us, just use a password protected .7z
Thanks. Hella useful video 👍
People who understood this video don't need the guide.
i needed it, and it worked for me
bruh what if we use client side encryption but also have the corporation encrypt the encrypted data 😎
this is basically what companies like Sentra advocate. However, when doing this en masse its better to only put layers of encryption on your most sensitive info
*laughs on private 8tb hdd storage server located at my house*
I really think we should all just goto the store and print all those pics weve been saying were going to for years now. Then delete all the digitals.
Looks like DWM and that you may be running LARBS? ;)
I'm new on Linux, these commands work in all distros?
I use Veracrypt and Rclone crypr to get my files in the cloud, not really handy but still good!
Restic a great way to do encrypted backups to a number of cloud services.
Is it safe to upload bitcoin wallet seeds on cloud by this encryption method?
Encrypted rare pepes!
You are true fren
What OS is this? I love this setup.
I remember i just xored something and saved it to notes because i am a bit paranoid
So you're telling me encrypting a tar archive without encrypting all the content first is just as secure as encrypting all the files within the folder individually?
Yes
@@njpme ok
You should host this helpful content on peertube!
Wouldn't it be safer to encrypt using a password instead of a gpg key? As I see it one key is one central point of failure, while you could use unique hard passwords for each file of interest instead
Symmetric encryption like aes is actually safer than let's say rsa. Rsa theoretically can already be cracked by Google with their quantum computer that's not the case with aes. The only pros of asymmetric encryption is that you can give out public key and use it for signatures. Otherwise symmetric is better.
Also hashes and macs are used for integrity and not asymmetric encryption
Hello! I'm just learning things and I had a question. Is there any way to encrypt files into another directory that includes all the commands in the video. Thanks in advance!
You can use rclone with crypt. Can you make a video on that?
That's a lot better since you just just mount the remote encrypted drive and it just werks
gpg is too low level, you should use rclone and automatically sync the directory (and encrypt). I use rclone to store my notes on gdrive encrypted
Uhh thats a neat idea, thank you for sharing
Why not decentralized storage
3:12 you have no idea if the compiled binary they're using is the one they claim. Even if you were able to run a hash on it, who's to say they dont have software to masks what you get back.