A friend of mine just reported me a very tragic event. His bag with his laptop and his backups hard drive was stolen. I can feel his pain, having experienced the very same situation once, and I am writing here hints for him and the rest of the world to protect yourself from this eventuality.

Buy cheap. Computers can be expensive to buy again, but you can tolerate more the loss of a 13 inches macbook than a 17 inches macbook pro. Of course, you should buy the minimum that satisfies your actual needs, but if you can survive without a feature, or buy it external, you can spend less money and therefore lose less in case of theft.

Encrypt everything. As our lives are more and more represented on digital media, it could be a complete and utter disaster if they fall into the wrong hands. Bank access, credit card numbers, all our online passwords, health documents, tax documents, non open intellectual property, your MP3s, movies, family photos, software licenses, emails... in the hands of a thief ? Use Truecrypt to create an encrypted area on your media. As a key, you can use "something you know", like a passphrase or "something you have", like a well defined file acting as your key. I strongly advise against the latter: you can lose your keyfile, meaning that under no circumstance you will be able to access your data again. If the file is accidentally modified (e.g. it's a MP3 file and some music program changes the ID3 metadata info), the file is no longer a valid key. Ditto. A long passphrase uses your brain, which is less prone to corruption. Choose wisely: you will not use this passphrase often, so it is something that under no circumstance you can forget. Anything chosen in the bout of the moment will be long forgotten the next time you open the backup. Of course, it is strictly important that nobody (yes, I really mean it, nobody) knows, can spy on, or can guess your passphrase.

For movable storage (like SD cards, USB keys and solid state disks you use for everyday data handling) use Truecrypt to create an encrypted disk image file onto the storage device. Do not encrypt the whole card. Instead leave a readable area, and put a textfile named "RETURN_LOST_DRIVE_DETAILS.TXT" containing something like "if found please contact me at me@example.com". Remember the TXT extension so that windows users are not intimidated by an unknown file, as these devices can be used for social engineering. Encryption cannot work for SD card aimed at cameras or MP3 players, as the hardware device won't be able to access the encrypted area. Complain with your camera/pod producer to add Truecrypt support (don't hold your breath). If you use the SD as a disk for your computer, there's no problem.

Computer: use the native disk FileVault encryption of Mac, and turn off autologin. Alternatively, create a Truecrypt volume and open it every time you perform login, but remember this won't protect some parts of your personal life, such as your browser cache, from curious eyes. Using Truecrypt has the advantage of being cross platform: you can move your encrypted disk image and read it on Linux or Windows as well, while the Mac encrypted storage format can be opened only by Mac (as far as I know).

Backups medias: For optical devices, remember that CDs and DVDs tend to become unreadable with time. It makes sense to refresh your backup media every 5 years. In this span of time, you will likely have a larger storage format, allowing you to concentrate your data (e.g. from 5 CDs to 1 DVD). Of course, you have a single point of failure in that DVD, so you have to make two exact copies of them. Use different brands for the two physical supports! This protects you from a faulty shipment. Optical devices in general don't become completely unreadable, but tend to develop areas of unreadability. If this happens, with some doctoring and the second optical media you should be able to recreate the original archive completely. It's a good idea to store the md5 of the files you burn. This hint however is rather obsolete, as optical devices are used less and less.

Backup hard drives: if you prefer to get rid of optical media completely, and go hard disk, my personal solution is to buy a small disk and encrypt it with Truecrypt, whole. You are not supposed to lose backup disks, and if you lose them it should not be a tragedy. If you want to feel safer, use the textfile trick, but it should not be needed for backup disks. Once you get the encrypted partition, put the contents of your computer onto the disk with the following script


# if the external drive is not there, complain and stop
if [ ! -e "$TARGET_DIR" ]
 echo Target directory does not exist!
 exit 1

date=`date +%Y%m%d-%H%M%S`
pushd .
cd ~/
/usr/bin/rsync --backup --suffix="-backup-$date" --progress -av $SOURCE_DIRS "$TARGET_DIR"

This script automatically backs up everything in your home directory onto the backup disk. New files will be added. Old files you modified since the last backup will be renamed to append the date, and the new, updated file will be stored. This command never deletes anything from your backup disk. It always adds. Run this script with some frequency, as high as you feel safe. If the backup disk breaks down or is stolen, you will have the most recent files on your computer. If the computer is stolen, you can recover the files from the backup. You will have some cleanup to do, but still...

Sooner or later the disk will fill up. Buy a new, larger disk from a different company (again, to protect you from a faulty stock). Copy all the contents of your old backup disk into the new one, and continue adding data to the new one from your computer. Eventually you can remove old, unused stuff from your computer now, because you know that at least two copies exists: one in the first disk, one in the second. When the second disk fills up, repeat the procedure with a new, larger hard drive. Store all your backup drives in a safe, fire resistant place. Banks are specialized for this.

As you can see, older files gets replicated more than recent ones, but even the most recent file is always present in at least two copies: one on the latest backup disk, one on the computer. Even if one of your backup disks breaks down in 10 years, you will have the same data duplicated on later disks.

Now, there are only two points to address. The first one is to find the sweet spot in increased hard disk size that allows you to fill it up in approximately one year, so you can archive it and move on to a newer hard drive. This depends on your usage intensity. If you put large, transitory files on your computer, remember to delete them before running the backup. Same if you move large files around, they will be copied again (remember, the script never deletes anything). The second point is relative to the most recent files you have on your computer: they are not backed up, so unless you run your script every day, you risk to lose something more than a day worth of work. For this, you can have a small USB key. You can trash the contents at the next run of the script.

What about online backups ? Well... do you trust them ? If you do, go for it. I don't.

Summing up, the basic rules are:

  • Encrypt everything
  • Plan for worst case scenario
  • At least duplicate, better n-plicate
  • Keep live data and backup in two different locations
  • Frequency of backups is tuned to the amount of work you are willing to redo