Creative use of tags

semblance

Over time, my use of tags in 1Password has grown more sophisticated, and I thought I'd share some of the ideas I've been using here. If this is going over old ground, I apologise.

It all started when I began using 1P to track what sensitive/private data I'd given out to who. Originally I was using custom fields — e.g. a custom field named "dob" with value "01 Jan 19xx" for my date of birth, and so on — but as I only have one date of birth, one name etc, it clearly became more efficient to use tags like "has-dob", "has-name" instead (I still use custom fields when I'm giving out fake data though). So, for example, the tag "has-dob" simply means that the Login has my (real) date of birth.

Here's where it starts getting interesting: unexpectedly, I had to move house — and one of the things you have to do then is inform various people of your new address.

What I found is that by clicking my "has-address" tag in 1Password, I got a very useful list of the organisations who had my old address, which I could then scan through and decide who I needed to give my new address.

But that's not all: when I started informing people of my new address, I wanted a way of tracking who I'd already informed — and I found a very easy way to do this. First I renamed the tag "has-address" to "has-address-old" (or something more descriptive). Thankfully you can rename a tag in 1P, and all the items that have the old tag name magically update to use the new tag name. Then I started applying a new tag "has-address-new" (or something more descriptive) to the organisations that I'd given my new address. By selecting either the "has-address-new" or the "has-address-old" tag, I could instantly see who I'd already told, vs. who I'd still to tell or didn't need to tell.

At this point I also found myself creating dummy 1P items for organisations who had some private data but didn't have login credentials or existing entries in 1P, like my employer, just so I could apply the relevant "has..." tags to them and make the dynamic listing more complete.

Later my debit card details got compromised and I was sent a new card — and I was able to do the exact equivalent thing all over again! I renamed the tag "has-debit-card" to "has-debit-card-exp-2013", scanned through the list of items with that tag, decided which of those organisations needed my new card details (typically because they deduct regular payments), and started applying a new tag "has-debit-card-exp-2016" as I updated the registrations. With minimal effort, I knew exactly who had the old card and who had the new card details.

Now, whenever I register with a new web site, it's second nature for me to add the relevant "has..." tags to the 1P Login as I'm filling out the registration form. It's not uncommon for my Logins to have long lists of tags like "has-phone-mobile", "has-phone-mobile-as-2FA", "has-bank-account-details", "has-passport-number", "has-cv-2012-01-01" (that's a résumé for those across the atlantic!), and all kinds of similar things.

In short, my usage of 1P has widened from: a place to store login credentials; to, a place to store sensitive data of all kinds; to, a place to track which sensitive data I'd given to what organisations; and finally, a place to track the process of informing those organisations when changes to my data occur. I'm kind of thrilled that I can use 1P for so much more than I first thought!

I guess the more obvious use of tags is to categorise items according to what they are — like financial, stores, social media etc — but I personally haven't found that to be particularly useful, compared to the sensitive data tagging I've described above.

There are a couple more tags that I'd like to share. As you probably know, there are web sites out there that force you to use weak passwords, by restricting the length, allowed characters, etc — for these I have a tag: "has-password-strength-limit".

When I click on my "has-password-strength-limit" tag in 1P, it instantly generates a "hall of shame" of all the ignominious organisations I've come into contact with who impose weak security on their users in this way. I don't know why this makes me feel better, but it does. Anyway, my own personal hall of shame includes quite a few very high profile web sites, a few of whom I might mention publicly one of these days.

Last, but least, are the worst of the worst: web sites that have a password strength limit and don't even know it. When you try to set a strong password, they reject it without telling you why, which forces you to guess what their hidden limit actually is.

Or, unbelievably, they actually allow you to set a password that exceeds their hidden limit, and then disallow you to log in with it (sometimes giving a crazy message like "HTTP 500 Internal Server Error") — which forces you to go through the whole password recovery mechanism each time you make a guess about what their hidden limit is.

And for these most shameful of web sites I reserve my most contemptuous moniker: my "has-password-strength-limit-hidden" tag.

semblance

Oops, when I said:

the tag "has-dob" simply means that the Login has my (real) date of birth.

...I really meant:

the tag "has-dob" simply means that the web site has my (real) date of birth.

The 1Password Login just has the tag of course :D

Megan

Hi @semblance,

As a person who is very familiar with using keyword tags for my photo library, I'm geeking out just a little bit about your creative use of tags idea. We have also moved a fair bit in recent memory, and having a solution like yours for keeping track of where info has been or needs to be updated is pretty brilliant.

Thanks so much for sharing!

semblance

Thanks @Megan, glad you liked it!

charlie98

@semblance excellent ideas

being lazy I use the last 4 digits of the card as a tag, also a tag, "auto renew" where appropriate.

MrC

I actually employ the opposite approach. Add entries in Notes to indicate which cards, etc. are used by which organizations. I like to keep the info contained in a single card.

Uno_Lavoz

@semblance

I'm with @Megan here, I read your whole post in fascination and was geeking out big-time. I have a special reason to geek out because:

• I had never found tags useful in 1Password, and just sorted everything into folders like "Studio" "Company" "Stores" etc.
• Here's the big one: Two years ago I programmed a personal data tracking system with things like signup-date, email used, what personal data they have, when I've last updated my records, and what state of change the records were in (like "K-MCHANGED" meaning Keep-Manually Changed Record, and "K-WAITREQ" meaning Keep-Waiting for Admin to change my record (for sites that don't let you manually change things), etc).

The password tracking system has served me so INCREDIBLY well and made it ridiculously easy to manage things. I'm glad I programmed it. I had a major reason to create it and would have lost my sanity without it.

Well, with your 1Password tagging idea I can now COMPLETELY replace that with an all-in-one solution! That's so cool! I'll lose a few features but none of those matter.

I'll use your "has-cc" and "has-dob" idea, along with some things straight from my own password management system:

• Tagging each record with the current "action state"; where state is one of the following: NOACTION, D-MDELETE, D-INACT, D-WAITREQ, D-ODELETE, D-DEADSITE, D-ABANDON, U-SITEBOUGHT, K-MCHANGED, K-MADENEW, K-WAITREQ, K-OCHANGED, K-NEW. The "D-" prefix stands for delete, the "K-" prefix stands for keep. The "M" is for Manual and the "O" is for Owner. Explanation:

  • No Action Taken Yet, Needs Decision (NOACTION)
  • -----------------------
  • (D) Deleted Account/Unsubscribed (D-MDELETE)
  • (D) Already Removed For Inactivity (D-INACT)
  • (D) Requested Site Owner Delete, Awaiting Response (D-WAITREQ)
  • (D) Site Owner Deleted Account On Request (D-ODELETE)
  • (D) Site No Longer Exists (D-DEADSITE)
  • (D) Unable To Delete/Get Admin Help, Abandoning Instead (D-ABANDON)
  • (U) Site Bought By Other Entity (U-SITEBOUGHT)
  • (K) Changed Details And Kept Account (K-MCHANGED)
  • (K) Deleted Old Account And Made New (K-MADENEW)
  • (K) Requested Site Owner Change Details, Awaiting Response (K-WAITREQ)
  • (K) Site Owner Changed Details And Kept Account (K-OCHANGED)
  • (K) Newly Created Account (K-NEW)

• Every new account gets tagged "K-NEW", and then I live mostly in the "K-WAITREQ" and "D-WAITREQ" and "NOACTION" worlds to keep track of requests in progress and things that I need to consider.

• About half of the states above make no sense in the context of 1Password. For instance, "D-MDELETE" would signify a manually deleted site login where I went into the website, cleared out my personal data, and pressed a "Delete Account" button. "D-ABANDON" would be where I went into a site and cleared out as much personal data as possible and then abandoned the login by throwing away the password (because the site lacked a deletion system), etc. You obviously don't keep track of deleted logins in 1Password, and I don't really care about the fun statistics aspects of being able to count deleted logins, so here are the tags I see a use for in 1Password:

  • No Action Taken Yet, Needs Decision (NOACTION)
  • -----------------------
  • (D) Requested Site Owner Delete, Awaiting Response (D-WAITREQ)
  • (K) Changed Details And Kept Account (K-MCHANGED)
  • (K) Deleted Old Account And Made New (K-MADENEW)
  • (K) Requested Site Owner Change Details, Awaiting Response (K-WAITREQ)
  • (K) Site Owner Changed Details And Kept Account (K-OCHANGED)
  • (K) Newly Created Account (K-NEW)

• With those tags, it becomes possible to keep track of accounts that need decisions (like deciding whether to keep it or delete it, or where data needs to be updated, or things of that nature), as well as the status of outstanding deletion or data editing requests (in cases where you couldn't do it manually), as well as whether the site requires admin intervention (K-OCHANGED) or whether you were able to change it manually (K-MCHANGED), knowledge of which speeds things up next time you need to change things.

• Finally, complete it by always putting a note in the Notes area of every login, with the signup month and email used (this allows you to find all logins that use an outdated email address), for example "2009-11 myemail@gmail.com". With that, I can search for "2009-" and find all sites I signed up to in 2009, or "2009-11" to find all sites I signed up to in Dec of 2009, or "myemail@gmail.com" to find all sites that use that email, etc (super useful since most sites don't use the email as username and therefore wouldn't be searchable by email in 1Password). I never relied on the "created" date in 1Password for tracking signup date, since the date that you add a login is often not the date that you actually signed up.

This still needs more work and consideration but I'm grateful for your post. I'll gradually move over to completely relying on 1Password for all personal data tracking and site-related personal data TODOs and figure out some final tagging system.

As a fun fact about how well the personal system served me, and why I programmed it:

I started with 495 website logins, and used the system for tracking all personal data deletion/updating and ended up with just around 80 websites as keepers and the remaining in various states of "D-MDELETE" and "D-ODELETE" and "D-ABANDON". ;-) In other words, I had a major flushout of websites that have no value to my life, and used the tag-tracking system to remain sane while having hundreds of simultaneously waiting requests and tasks.

I could have done something very similar in 1Password via tags, and that is the novelty that I have to thank the thread starter for!

Megan

I may have spent a significant portion of my day off yesterday adding tags to my password database. It felt awesome.

[Deleted User]

If you need some general advice about tagging, I recommend reading Brett Terpstra's posts about the topic, like this one:

http://brettterpstra.com/2011/12/16/some-suggestions-for-better-tagging/

He writes about file tagging (mostly about OpenMeta, the precursor to Mavericks tags) but I think it applies to in-app tagging as well. Basically, and I agree with him: don't overuse it. When you create I tag, ask yourself: does it actually help me find/organize my stuff? Remember, tags is just one kind of metadata. A file (or 1Password object) has lots of other metadata. I have cleaned up my tags in 1Password, and removed tags like "google" because that data is already part of URL or title.

If you create too many tags, there is a risk you're taken hostage by your system. Every time you create a new 1Password object, you would have to think: "Now, what tags should I use, how did I think last year when creating this complex tagging system?"

Oh, and always use lowercase tags. Or you will go insane.

Uno_Lavoz

@Xe997 Thanks, that was useful. I'm still getting to grips with creating a good tagging system and am blending various ideas. Good read!

semblance

@Uno_Lavoz - Wow. It's amazing that not only do you want to track the personal data given out to organizations, but you care about it enough to write your own application to do this!

If you can do some of this in 1Password then that's great — glad you found the post useful.

You obviously don't keep track of deleted logins in 1Password

Actually I was planning on keeping closed and abandoned logins in a separate Vault, probably called "Archive" or similar (rather than deleting them from 1Password).

semblance

@Xe997 — yes, this is all good general advice about using tags. However the tagging ideas mentioned in this thread are, in my opinion, already consistent with these principles!

As I said in my initial post:

I guess the more obvious use of tags is to categorise items according to what they are — like financial, stores, social media etc — but I personally haven't found that to be particularly useful

I find those types of tags ineffective for all the reasons you stated: it's too hard to remember which tags to add when you create a new Login, and once created, they aren't that useful anyway. If you just want to organize Logins or create a taxonomy or make them easier to find, there are probably better ways to achieve this — such as Folders, Smart Folders, Search etc.

However, the "personal data" tags I've described are different: they do not duplicate existing information in the Login, and their purpose is not to help you find/organize your stuff. They have one very specific purpose: to track what personal data you've given to what 3rd-party organizations, and deal efficiently with the scenario where you've giving the same personal data to multiple organizations.

In this system, you don't need to remember any complex tagging system when you register with a new web site. Whenever a web site registration form requires you to supply personal data, you just tag the Login accordingly — if the registration form asks for your date of birth, tag it has-dob; if it asks for your address, tag it has-address; if it asks for your mobile phone number, tag it has-phone-mobile; and so on. I just let the web site's registration form drive the process instead of trying to remember anything.

The only alternative way to track this information in 1P I can only think of would be to create "custom fields" within the Login, or use free-form Notes fields — but this tends to involve duplicating the same personal data in more than one login. To avoid this duplication, I find tags quick and simple, and they make other things possible like generating a list of all the Logins that have a given piece of personal data (by clicking on the tag), and they deal more efficiently with the scenario where your personal data changes and you need to inform some of the organizations about the change.

It would be even simpler not to bother tracking the personal data you're giving out in the first place — I'd totally understand someone not wanting to do that at all. But assuming you want to track the dissemination of your personal data, I think tags work pretty well for this, and are consistent with the general principles you mentioned about tagging sparingly etc.

In general, I'd say tags work when they have a very specific and useful purpose, they can be applied to multiple items, and their meaning is orthogonal to any other kind of organization being used or allowed by an application.

Uno_Lavoz

@semblance

Wow. It's amazing that not only do you want to track the personal data given out to organizations, but you care about it enough to write your own application to do this!

Hehe. That's what programmers do when they've got some large problem that they realize could be made much more manageable through an afternoon of programming.

Nowadays I don't have any major need for the program anymore since my personal data is static at the moment, but it was absolutely life-saving while I was in the middle of deleting/abandoning/wiping nearly 500 accounts. It let me keep track of the progress of everything.

If you can do some of this in 1Password then that's great — glad you found the post useful.

I could indeed have done most of it via tags and per-login Notes in 1Password. That's why I'm moving the remainder of the system to be 1Password-native thanks to your idea.

"You obviously don't keep track of deleted logins in 1Password"

Actually I was planning on keeping closed and abandoned logins in a separate Vault, probably called "Archive" or similar (rather than deleting them from 1Password).

Ah. Well, speaking from my experience of using the described system to manage ~500 logins, I can tell you that the absolute most important features were:

• Being able to tell exactly which email address signed up to a website (use the Notes area consistently for this so that all logins contain a record of their proper address). Makes it super easy to see which sites still have your old email. If you just have one email address, you could of course use a single tag such as "has-email" (and then use your own system of calling it "has-email-old" if it needs changing later, etc). In my case, I have 1 unique email inbox per website, and multiple different email domains, which is why I need to keep track of each email address per-site.
• Being able to tell which logins need decisionmaking from you ("NOACTION"); these are the sites that you might be considering deleting, or which you've decided to delete but can't do so until something is complete, or perhaps they just need some data edits to be brought up to date. This gives you an easily-viewed tag that says "these are the logins I need to do something about."
• Being able to tell which logins are awaiting admin-assisted data-changes or deletion, for the websites that don't allow you to edit things yourself. I would often have 20-30 outstanding requests at a time by just rapidly firing off emails, and the "D-WAITREQ" or "K-WAITREQ" tags saved my sanity. As things were being completed, I could simply tick them off ass "D-ODELETE" or "K-OCHANGED" to signify that they were done. And I could regularly look into the WAITREQ-tags to see if some site admins had forgotten to reply to me.
• Using a separate "has-newsletter" tag to signify that you are signed up to a separate newsletter on the site, which isn't managed via your regular user-area. This means that if you change email domain, you know that you need to both update your user-area AND separately unsubscribe/re-subscribe to their newsletter.

Combine these features with your system of tracking has-cc, has-dob, etc, and you've got a very potent solution for making sure that every site has your latest data - all without you losing any sanity points in the process.

I stared down Cthulhu and lived to tell the story. ;)

semblance

I see @Uno_Lavoz.

I also have multiple email addresses, but I use custom fields for those rather than the free-text Notes field.

E.g. In a Login, I create a custom field with label "email", and value "someone@somwhere.com".

This is mainly so I can copy the value with a single click, without having to select it first — but also I think the custom fields look nicer than free-form text.

Uno_Lavoz

@semblance Good point. Custom fields weren't an option back in the 1P3 daysl

benfdc

Very interesting thread. This gets at something that I long-ago realized: 1Password isn’t just my secure database anymore—it’s my primary database. Much of what is stored there does not need to be secure—software licenses, reward program account numbers, customer service phone numbers, etc. Doesn't matter. It’s a solid database, I know where to find my stuff, and it syncs to all of my devices.

I hope that Tag support will be added to other platforms.

Uno_Lavoz

@semblance @charlie98 @MrC @Xe997 @Megan @benfdc

While we're on the subject of unified databases and productivity...

I combine 1Password with DEVONthink Pro Office & a Fujitsu ScanSnap S1500 (a very common combo) - the world's best office document scanner, cost an arm and a leg (about $600-800) but so worth it. I can put a pile of papers in the top and press one button and it'll scan them faster than I can flick through them. It's insane how fast they are. And then I end up with completely digital PDFs of all important legal documents. I also store all digital receipts as "print to PDF" in there. It's basically a library of everything I own if I need to look things up. I have absolutely zero papers in my life. None. Zilch. Nada. I even refuse to keep original paper copies of legal documents. I scan them and shred them. I refuse to live in some stone age where we use paper for everything.

Everything software license/website/credit card-related goes in 1Password, along with lots of metadata. That's the most vital database of them all.

Lastly, I use OmniFocus to handle context- and location-based TODOs, automatically synced to iCal based on deadlines. I also use Fantastical for extremely easy calendar scheduling such as typing "lunch tomorrow at five," which will schedule an appointment for 5 PM tomorrow. It's way better than fiddling with iCal manually.

I would honestly pay a thousand dollars each for these apps:

• 1Password
• DEVONthink Pro Office
• OmniFocus
• Fantastical

You can always make more money, but you can never make more time. As an added bonus, they save your sanity in this information-overflow world.

Oh and a tip to everyone: Honestly, why are you sitting there with 300, 600, 1200, 1500, 2000, 3000 unread emails? The best thing that I ever did in my email life was when I got rid of hundreds of useless websites and useless newsletters, keeping only what truly matters. Now I get a very manageable stream of data into my inbox and I act on them immediately: Skim through and delete. If it's something I need to buy/do, I file an action in OmniFocus via a keyboard shortcut. If it's something I need to delegate, I pass it on and delete my copy since I don't need it anymore. The end.

I'm here with 3 absolutely empty inboxes. Bliss.

It's achievable by anyone if you'd just cut out all of the crap newsletters and worthless sites you're signed up to.

For instance, do you really need five newsletters a month from Amazon, even though the last time you bought something there was 3 years ago? Stuff like that is the reason that people are overflowing with emails. Now multiply that by hundreds of sites and you'll get the exponentially overflowing inbox problem.

Just cut out everything that doesn't truly matter. The countless hours you'll save can be spent doing Sudoku or taking a walk in the park or something. As an added bonus, your mind will be clear and you'll actually be able to enjoy the moment, since you can trust that all tasks have been taken care of and are safely synced to your phone's OmniFocus & 1Password as well. ;-)

I'll never go back to a life of uncertainty and information chaos. :P

benfdc

@Uno_Lavoz—

I sure hope that you inadvertently omitted software for on-site and off-site backup from your list of faves.

Uno_Lavoz

@benfdc Absolutely. Apple Time Capsule in the home keeps everything backed up - however, you might obviously be unlucky and your computer and time machine disks might die at the exact same time (or be stolen, or burn down). That's why I have a script that automatically puts a weekly encrypted disk image on Dropbox, containing the entire 1Password, DEVONthink and OmniFocus databases.

It's simple to make disk images from folders. See: "Tip 16-5. Create a Disk Image from a Directory in the Terminal": http://www.macdevcenter.com/pub/a/mac/excerpt/osxph2_1004/?page=2

Although I do it differently. Rather than making new images the whole time, I made an encrypted (passworded) sparsebundle image once, and then the script just mounts that image (http://blog.joshdick.net/2012/10/14/programmatically_mounting_encrypted_disk_images_in_os_x.html) and rsyncs just the changes into that image. This means that only modified files get overwritten inside the image, and since it's a sparsebundle (disk image broken into 8MB-bands), it means that only one or two bands get modified. Consequently, only a few bytes or megabytes get modified and synced to Dropbox, rather than needing to sync a massive disk image every time.

Yet another, less technical alternative for newbies, is to store the following in your Dropbox folder: Your encrypted 1Password database (1Password.agilekeychain), an encrypted disk image containing all of your DEVONthink databases (which you manually mount whenever you want to open one of the databases; or you could make a startup script which ensures that it's always mounted at boot, see the 2nd link above), and finally syncing your OmniFocus database to "OmniSync" or whatever they call their free cloud sync service. This alternative means securely backing up all 3 pieces of data on the net with less effort than the geekier methods above.

Complete everything with FileVault 2 whole-disk encryption so that a physically stolen computer is useless to the thief, and you're done. All of your data is safe.

benfdc

@Uno_Lavoz—

Sounds like a fine system so long as you have Packrat for your Dropbox account. Using sparsebundles with Dropbox is a nice tweak.

Uno_Lavoz

@benfdc I had to look up what Packrat is and see that it makes Dropbox indefinitely back up all prior versions of your files. Why pay for that? By default, they back everything up (even deleted files) for 30 days. For free. That's ample time to react and recover your files.

• If my computer's hard disk dies, I just grab the latest data from Time Machine.
• If both the computer hard disk and the Time Machine disks die at the exact same time (or are stolen/burned down) then I'll very rapidly hop on Dropbox to grab the latest backup file.
• This last scenario should never even need to happen, since the risk of Time Machine loss/crashes at the exact same time that your Mac dies is very, very low.
• Even in the extremely rare scenario where both your Mac and Time Machine data is irretrievable, Dropbox won't just magically delete your files; you can always retrieve versions up to 30 days old, even if they have been deleted from your Dropbox folder, or if the latest backup is corrupt, or something.

It's true that the basic tenet of risk management is that "everything that can go wrong, will go wrong," but I don't see how anything can go wrong when Dropbox gives you 30 days of complete history/recoverability even for deleted or modified files. That's enough time to buy a new Mac / hard drive (if you need one) and to recover your data from Dropbox.

Uno_Lavoz

All of this talk makes me think that there's a business opportunity to be had in making my kind of backup system easier for end-users.

An app that automatically creates an encrypted sparsebundle inside of Dropbox and keeps various sensitive databases and files on your system rsynced within that disk image. That way, users can securely back anything up to the cloud, since it's doing pre-cloud encryption.

That's the beauty of my system: Dropbox/the NSA can't peek into my files. And if there was an app to easily automate it, users won't have to do what I did and write shell scripts and stuff like that. It also protects against family members and people that figure out your Dropbox password, since all they'd see is an encrypted disk image.

I'd knock something together, but I'm not interested in selling apps and I have a working system already. However, maybe this is something for Knox in the future. All you need to do is to make it use rsync under the hood. Very simple to add. Knox is not an impressive app whatsoever since it's just a wrapper on top of hdiutil, but this new hypothetical feature would add some actual value to it - heck, I'd possibly even begin recommending people to purchase Knox.

Throw in some 1Password integration/synergy so that Knox stores all disk image passwords inside of 1Password and automatically mounts them[1] via either the echo-technique or the Keychain technique[2], and Knox would have enough nice features to actually warrant its price. Right now it's just an overpriced, pretty wrapper.

( CC: @Megan @dteare @roustem @MikeT @Nik )

[1] Yes. It's fine to store even the encrypted backup-sparsebundle passwords inside of 1Password, since the user should hopefully be syncing their 1Password.agilekeychain separately, and will always be able to recover their backup-sparsebundle password from there if they forgot it.

[2] Both techniques are covered at http://blog.joshdick.net/2012/10/14/programmatically_mounting_encrypted_disk_images_in_os_x.html

benfdc

I don't see how anything can go wrong when Dropbox gives you 30 days of complete history/recoverability even for deleted or modified files. That's enough time to buy a new Mac / hard drive (if you need one) and to recover your data from Dropbox.

Things that could go wrong:

• A data corruption issue arises that goes undiscovered for several weeks (not a problem unless your Time Capsule fails).
• The same episode that resulted in the loss of your laptop and Time Capsule incapacitates you for several weeks.

Low probability events, to be sure; I would imagine that your system probably puts you in better shape than 99.5% of your peers. Still, you might consider switching from Dropbox to SugarSync, which saves the last five versions of your files rather than deleting all old versions after 30 days, or to SpiderOak, which saves all historical versions unless or until you purge them.

I don’t have a Time Capsule. I use Time Machine with a hard drive dock and a few bare drives that I rotate into and out of my safe deposit box every so often.

FWIW, I agree with everything you say in your Knox post.

[Deleted User]

I use Arq when it comes to online backups. No limits, no worries. Dropbox is a nice syncing tool but is not meant for backups (google "Dropbox is not backup", a lot has been written on this topic). With Arq something can be deleted on my Mac and go undetected for months, even years, and still I can restore them. And you get to use Amazon Web Services directly, skipping the middle man like Dropbox (they use AWS as well).

Also, with the Dropbox restore feature I think it only restore individual files. You cannot restore entire folders. At least in the free version, havent tried Pro or Packrat.

I use local backups as well, of course.

Uno_Lavoz

@Xe997 I use Arq when it comes to online backups. No limits, no worries. Dropbox is a nice syncing tool but is not meant for backups (google "Dropbox is not backup", a lot has been written on this topic).

The main argument is "if you delete something on your Mac, it gets deleted from Dropbox, hence Dropbox is not backup." But that argument falls apart when you realize that Dropbox lets you go back in the history-view to recover deleted files. Things get even better when you realize that you're only dealing with a single sparsebundle, which you'd notice if it was missing.

@Xe997 Also, with the Dropbox restore feature I think it only restore individual files. You cannot restore entire folders.

This is true. You recover files one by one, meaning that you have to click the Restore button for the individual sparsebundle component files you want. But that's no big deal. The only serious sparsebundle corruption that can happen is in band-0 and in the description-file. Those hold the filesystem description (band-0) and the master encryption keys (the description-file). So if things ever became corrupt (which is extremely unlikely, as I'll get to below), then you'd just recover two files and then mount the image and run a filesystem-check in read-only mode to see if any other parts of the sparsebundle are corrupt. If so, recover those bands too. Recovering on a file-by-file basis like this requires technical knowledge, of course. But as I'll get into next, you'll see why your Dropbox should never even contain a corrupt disk image in the first place:

@benfdc A data corruption issue arises that goes undiscovered for several weeks (not a problem unless your Time Capsule fails).

The only way an encrypted disk image would become corrupted is if something overwrites part of the raw disk image data with garbage. That never happens. Really, it doesn't. There are no Mac viruses that perform random overwrites of random files (and such a thing is ultra-rare even on Windows, because files are more valuable to bad guys if they're uncorrupt). Nor are there any misbehaving apps that would just randomly freak out and overwrite random parts of a random disk image on your system. No apps have any business meddling with your disk images. Only the OS itself touches them.

Someone might then exclaim "Well, even if no viruses or apps will overwrite/corrupt the disk image data, it could still become corrupted if the system loses power in the middle of a write to your disk image!" - Sounds reasonable, right? Nah. The Mac OS X file system is journaled, meaning that a file is flagged as "modification-in-progress" before a write takes place. All file modifications are then written to a new temporary area, and if the write is successful, the file's new data is made permanent and the "modification-in-progress" flag is removed. If your system loses power during a journaled write, it will be detected on the next file access and the corrupt, partial write will be reverted and the corruption will be removed again.

It's ridiculously difficult to corrupt a disk image. You'd pretty much have to manually go in with a file-editor and corrupt it on your own and intentionally save the changes. Because no apps, viruses or power losses will do it. But that's beside the point, since you'd have to lose a lot of things before you even got to the point where a corrupt disk image even matters. You'd have to lose:

• Your main Mac.
• Your Time Machine backups.
• All other devices that contain a copy of the data (your other Macs, your phones, your tablets, etc).
• Your backed up Dropbox disk image must have become corrupted, which is an ultra-unlikely event.
• The corruption must be older than the free 30 days of revision/undelete-history provided by Dropbox for free. Very unlikely to ever happen even if things got down to this stage. You would have noticed the OS popup dialogs saying that "the disk image is corrupt" while your backup script was running, so your Dropbox should never get to the point where it contains a corrupt disk image.

If you are really concerned that all of the above will go wrong at the exact same time, then yeah get Packrat. Or, just write a shell script that keeps multiple (monthly, for instance) copies of the encrypted sparseimage inside of your Dropbox, so that you have something like monthly images for the last half-year as well as weekly images for the last few weeks.

You can also sign up to multiple cloud services so that the data is available on more than one cloud provider. But once again this is really complicating things needlessly. Usually the checklist above ends at the loss/death of your Mac or Time Machine drive. Not even both at the same time. You'd have to be the unluckiest man on the planet to have everything above fail. The odds of ALL of the above happening at the EXACT same time are ridiculously low.

Of course, as Terry Pratchett says, "Million to one chances... crop out 9 times out of 10." Jokes aside - I don't worry about it. At some point you have to say that enough is enough and that the odds are so highly stacked in your favor that you don't need to pay $139 a year to add a feature that you'll never need.

@benfdc The same episode that resulted in the loss of your laptop and Time Capsule incapacitates you for several weeks.

This one is low-probability but is at least more likely than the above corruption scenario. Yeah, it's possible (but super unlikely) that there's a fire and that your equipment is destroyed and that you end up in the hospital in a coma for longer than a month... That'd be really terrible and I don't think I'd even care about my passwords or documents at that point. I think I'd prefer to just start life over and begin anew, if I'd ever recover from such a thing. And how often does such a severe thing happen? Losing your house, possessions, and ending up in a coma. You never hear about it on the news. And on top of that, you'd have to have corruption in your Dropbox backup, which I've already mentioned is almost impossible for so many reasons.

But yeah, all this being said, of course the infinite "Packrat" extension is better than the 30 days you are given for free by Dropbox. If you need the extra 100GB of storage that the $100/year plan gives you, then by all means add +$39/year to add Packrat as well. I'd definitely do it if I was already a Dropbox Pro subscriber since it's not much extra on top of that, but I'm doing fine with the 16GB I've got for free thanks to various promos and referrals, so I'm not about to add a whole $139/year to my expenses for something that's way, way overkill.

Still, you might consider switching from Dropbox to SugarSync, which saves the last five versions of your files rather than deleting all old versions after 30 days, or to SpiderOak, which saves all historical versions unless or until you purge them.

Those sound great. Unfortunately Dropbox is pretty ubiquitous and exists all over iOS apps, so I don't think I'll switch since I'm not worried about Dropbox's 30 days failing me. It's a long window of opportunity to recover your files, and will only be needed in the extremely unlikely event where all other devices fail and the data has to be recovered from Dropbox. And like I've already covered - you would know if your disk image had become corrupt since the OS warns you when the mount fails, so your Dropbox should never even be able to get to the point where it contains a corrupt disk image.

@benfdc FWIW, I agree with everything you say in your Knox post.

Thanks. I can tell that we're both very security-conscious and share a lot of the same sentiments. I enjoy your posts.

Uno_Lavoz

The most important point is that corrupting a disk image is near-impossible, and you would have noticed the OS popup dialogs saying that "the disk image is corrupt" while your backup script was running, so your Dropbox should never get to the point where it contains a corrupt disk image.

[Deleted User]

There are no Mac viruses that perform random overwrites of random files (and such a thing is ultra-rare even on Windows, because files are more valuable to bad guys if they're uncorrupt).

Well, sometimes the files are only valuable to the victim, so the bad guy then encrypts them and demands payment in exchange for the encryption key.

http://en.wikipedia.org/wiki/CryptoLocker

Some Dropbox users have encountered CryptoLocker:

https://forums.dropbox.com/topic.php?id=107444

https://forums.dropbox.com/topic.php?id=107012

Uno_Lavoz

@Xe997 Haha, the funniest part is that I was thinking about that exact scenario but decided not to mention it, because it's ridiculous. There are so many ways to avoid that:

• It only happens on Windows.
• Cryptographic ransom viruses are ultra-rare even there.
• You'd have to be a moron without antivirus.
• All of your other computers/devices would have to lose their clean copies as well.
• All of your other backup systems (such as Time Machine) would have to have failed.
• You would notice the ransomware immediately and could easily just recover the original via your 30-days of free Dropbox history.

I am glad you brought it up, though, since I was tempted to mention it as well just so that we cover absolutely every angle. But my post was long enough as it was. ;)

[Deleted User]

Yeah I'm not too worried about that CryptoLocker thing.

Anyway, what I'm trying to say is, why be happy with Dropbox tacked-on backup features when there are dedicated tools? Sure, in your specific case with sparsebundles the limits of Dropbox are not that visible. But if we take them out of the picture, Dropbox is clearly not an ideal solution. So it may work for you, but I wouldn't advice people in general to rely on Dropbox as a backup service. Not saying that you are doing that, but it is very common.

Right tool for the right job etc.

EDIT: we are off topic

Uno_Lavoz

@Xe997 I agree with you and never said that Dropbox was a perfect backup tool for all jobs. Dropbox is absolutely great for backing up specific files; however, when you need to track lots of files (such as a whole system) or need more than 30 days of backup, then there are more advanced tools dedicated to the job.

As for being off-topic, we should indeed get this derailed train back on the train-tracks. It was still a valuable discussion. Anyone that reads my life-workflow above (post #17) can now learn about how to protect such a digital library from data loss as well.

Very useful reading for anyone who has digital assets to protect - which is actually all of us in this digital information age. ;)

There's good off-topic and bad off-topic, and all-in-all this was pretty good.

benfdc

@Uno_Lavoz wrote:

The most important point is that corrupting a disk image is near-impossible, and you would have noticed the OS popup dialogs saying that "the disk image is corrupt" while your backup script was running, so your Dropbox should never get to the point where it contains a corrupt disk image.

I was actually thinking in terms of undetected corruption of one of your databases (1Password, DEVONthink, OmniFocus). You would notice pretty quickly if one of those databases could not be opened, of course, but it might take a while to discover if some of your data had been accidentally deleted.

The only way an encrypted disk image would become corrupted is if something overwrites part of the raw disk image data with garbage.

Maybe, or then again maybe not.

I’m not arguing that you’re doing it wrong, just as you are not really disagreeing with others who deem Dropbox inadequate for their own backup needs. If your system meets your needs and satisfactorily addresses the risks that you are concerned about, then you’re good to go.