Submitted by raddleboy in Privacy

Assumption here is that the diary/journal is yours.

I would appreciate all the details ranging anywhere from the brand of SSD or external storage device you'd use to back-up, the kind of encryption to the general philosophy of maintaining one's privacy. I would appreciate if you would explain in great detail, how you would do it.

Another thing i would like to request of you is, if you could kindly share my query on r/privacy on Reddit. I for some reason can neither post nor comment anywhere in Reddit.

[Reddit has more people, i think more attempts would yield the best solution].

3

Comments

You must log in or register to comment.

Fool wrote (edited )

How far do you want to go?

Multi-segment safe?
Journal encrypted on Ultradense disk, placed in safe
Disk drive placed in another section of the safe
Encryption key secured by HSM
HSM placed in another segment of safe
HSM key split into 3 pieces, placed in 3 segments of another safe
Keys for safe distributed across multiple hiding locations.

Too much?

Veracrypt on usb with both keyfile and password for two factor authentication.

4

raddleboy OP wrote

Thank you for informative answer, I'm looking up everything you've mentioned and whether it fits my use case; that being said, could you also.....

Another thing i would like to request of you is, if you could kindly share my query on r/privacy on Reddit. I for some reason can neither post nor comment anywhere in Reddit.

[Reddit has more people, i think more attempts would yield the best solution].

2

GadgeteerZA wrote

Yep Veracrypt is an excellent option - plain and simple, very secure, and easy to use with any format of file for a diary etc. Backups of the encrypted file could be anywhere. I'd vote for that as a 1st option.

2

GadgeteerZA wrote

So many options... I have my own Nextcloud hosting with notes in. Nextcloud allows for it's own encryption that you can set. It's good because there is no backdoor to reset that password - you lose it, your data stays encrypted. In my case its hosted on a VPS at DigitalOcean, and that is backed up daily. But you can host Nextcloud inside your house and have the drive backup set for daily to auto backup to a second drive. I have two drives inside my home hosting setup which runs on openmediavault. I use LuckyBackup for my Linux desktop backup to that home hosting, and openmediavault has it's own backup software to replicate daily at 3am to it's second drive.

But otherwise look at open source software that you can install and set an encryption password for.

Another hosting that comes to mind is CryptPad where you set your own encryption password but you can easily access the documents and editor in their cloud. They are secure and that is an easy way to do it.

Just remember if it is a diary you want your family to have one day, you'd want to leave instructions for accessing it. So many things just get lost in the digital world.

2

raddleboy OP wrote (edited )

As of now i do not have any plans whatsoever for letting anyone read it, while or after me.

I had something along the lines of an air-gapped setup or something in my mind, so that even if someone steals my password, they would have to find someway to access my air-gapped PC [which i could also protect with additional key-files or yubikey or whatever].

I'm trying to stay away from anything cloud related for 2 reasons - 1) i have no understanding of it, even if i do allocate time to understand the system you have suggested.......... pt.2)......suggested........ isn't storing it on the cloud just storing it on someone else's system and also make it easier for someone to access, all they would have to do is get a keylogger or screen-grabber onto my system and all that encryption goes to waste. They have my password, if not screenshots of whatever i wrote.

Any other suggestions?

2

zuchini wrote

youtube how to install Kali Linux Virtual Machine on USB, and also How to Install Kali Linux Full Disk Encryption. Nobody will be able to access the machine without the USB You can also include a setting that if the password to unlock the disk when starting is wrong it Nukes it (destroys all the data) I think it is called LUKS. Its WAY easier then it sounds and probably the best method. You could even go further and encrypt files within your encrypted hard drive.

2

Ant wrote

monkkee is an online encrypted diary I used when I was younger, not sure how good it actually is

2

ab5 wrote

Don't forget to also plan for backup and recovery. I guess that diary is important to you and a mistake could leave you forever without it. I know this will add extra layers to protect, but it's a good thing to consider, in my opinion.

2