You are truly not understanding a thing. I am using Syncthing to not use the cloud!
You are understanding nothing too, who said I would use Syncthing to do backups?
Yes u are corect in that it would be best to not use Syncthing and do it manually all the way.
But I have included Syncthing in the combination for a reason donât u think?
Exactly.
In my setup Cryptomator is needed because I use Syncthing to sync it across my local network and sometimes that local network is a public wifi.
I will say this, why bother self hosting when you can locally sync? Using in this case Syncthing and Cryptomator.
KeePass was just an example for passwords but I meant to include also files of all types.
Because it is not just for passwords but all kinds of files. KeePass was just an example.
No I will never do that again, it costs a lot of money for worse privacy.
If you store things locally then you dont need cryptomator, syncthing can be set to untrust mode.
I dont know where you pointing your syncthing to, but if you just point to another local device, then you need to think about the security of your local network. If your destination could be discovered locally, it might risks being encrypted by ransomeware if any device on your local network is compromised.
On top of that, how proton not being private? It also serves as off site backup with top of the line security and reliability.
I wonder your definition of âbestâ. And you seem way too arrogant, which does not help when you seek âdiscussionâ.
1 Like
Agree.
If I store things locally and I want to sync across devices with an extra layer of security against someone taking my device while it is unlocked YES I DO NEED Cryptomator.
Because I assume then my vault will be most likely locked at least.For example I plan to only unlock the vault when I have to manually refresh.
Yes but I rather care about my local network than the internet with Proton.
Yes that is where Cryptomator helps and also maybe using a VPN or similar.
The best off site backups are a local USB, M-DISC or similar at different locations.
DO NOT USE THE CLOUD if you seek best resultsâŚ
My definition of best privacy for this situation is keeping things as local as possible.
But you have to read I mention Syncthing because I want to keep things at the local network level not necessarily at the local devices level.
So yes the best would be local device level and manually doing everything but because I am not that extreme for now I let that part be only a backup in case I get local network problems.
It is very obvious why Proton is not private. It can be easily seized from you.
For important data, you should employ 3-2-1 strategy, one copy onsite, one backup (or more) plus 1 offsite. Encrypted on the cloud kinda makes sense for the latter one.
Not any more or less than from your dwelling. Agian most people donât have that threat model.
This is where Syncthingâs [Untrusted (Encrypted) Devices â Syncthing documentation](https://Untrusted (Encrypted) Devices) is used for.
There are two different scenarios, 1 is device being seized for decryption (the device is removed from site and therefore data is on rest), 2 is the physical location of you storage device is cordoned off and forensic teams were brought in to decrypt data onsite (the data is NOT on rest).
If your storage device does not comes with / connnected with backup batteries (e.g. a laptop or Server connected to UPS), then you donât really need to worry about scenario 1, as long as your device has an effective FDE and ancient old. For Scenario 2, Syncthingâs feature linked above should be enough to address it.
This is somewhat a conflict with your primary concern, because basically you are going for self-host approach, you need to look after a much larger attack surface, which is usually a huge red flag if you have a high threat model, because your adversary only need to be likey once.
Also, your network exposure would be much higher compared to other solutions, because Syncthing does send quite a lot of queries, if I have higher threat model, I would prefer less footprint.
For cold backups, you will have to update your backup from time to time anyways, so a re-writable device would be more desireable, yet NAND storage is a bad idea, I would suggest HDD instead. However, that only valid if you have established a trust circle, if you have no one to rely on (or that would bring them into trouble), I would rather rely on cloud storage instead.
Actually, if you have a very high threat model, you might want to make some of the data/ device INACCESSIBLE / DESTORYED in case anything went south. From what I see, you might think you are in threat.
The weakest link is usually ourselves, not our hardware / software setup, so thats something to think about as well.
1 Like
I think that if using something like syncthing, itâs probably best to use a password manager that encrypts each entry separately, like pass/gopass
1 Like
I just briefly share my setup, that seems make sense on my current situation.
I had a VERY different threat model, and I had a setup meant to make some of my data INACCESSIBLE in any case of grave danger, TO PROTECT OTHERS. But this is not what I want to talk about.
The goal of my current setup is to provide reasonably secure, private, convinient, economical and resillent setup for everyday usage.
It involves my GOS phone, FDEed laptop with no battery, a Synology NAS with no UPS (Encrypted and Local access only), a family member and a Proton Cloud.
My data include Crucial Data (i.e. password vault), Daily life related data and historical data
For Crucial Data, Phone, laptop and NAS always keep latest copy with versioning, and a regular backup on Cloud and sent to my family member.
For daily life related, I keep it at laptop and have auto backup to NAS. (only some on cloud due to poor network speed)
For historical data, they stay on laptop and NAS.
NOT THE CLOUD IF YOU WANT THE BEST RESULTS IN PRIVACY.
I am not going the self host route. I hope you mean self hosting locally.
FORGET THE CLOUD
FORGET THE CLOUD
FORGET THE CLOUD
Hey⌠if youâre trying to convince your way is the best way for all to do things, itâs not going to happen.
You have consistently said the same thing over and over again in a few different ways now. More power to you if this works for you.