Protected document storage options for iPad ?

By Amamba
in Smart Home, Network & Security

 Share

Recommended Posts

Enthusiast

Amamba

Posted
Posted

Hi y'all, need help.

All of us have some documents they need protecting. I had a solution that worked great for me for years - a Keepass file for passwords, and a Truecrypt container for bank and credit statements. Both were saved in Dropbox and so were accessible from any computer I owned.

I recently bought an iPad to replace Nexus 7 that was driving me nuts with slowdowns and crashes. I ended up liking that iPad a lot more than I thought I would, despite lack of customization and control over OS the thing just works. I spend much more time actually _doing_ things on it. I barely touch the desktop anymore, unless I need to process some photos or do my bills. I have to do my bills from the desktop because that's the only way I can save the statements to my Truecrypt container.

So, here's the question.. What do you use for a protected file storage that can be shared between several different computers and an iPad ?

Is there a way on iOS to access a Truecrypt container from cloud storage ? Does it require caching the entire container locally ?

Is there an online solution that is proven safe ? I understand that nothing is 100% safe online, but a bank level security combined with some sort of file encryption would do.

Right now I am thinking of using AES encrypted 7zip archives with Box.com, but there's got to be a better way.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

You do know your ipad data is already encrypted right?  Did you turn on passcode? And if you loose it you an just remotely wipe it

 

http://help.apple.com/icloud/#/mmfc0ef36f

Erase your device

Are you storing your account numbers, and SS# on these statements? Most statements no longer have this sort of info on them - and pretty much other than some numbers don't really contain all that much info that all that private.

You can turn off simple passcode and use a better password and even enable wipe on 10 failed.. I would think its secure enough to have some old bank statements on to be honest.

Enthusiast

Amamba

Posted
  • Author
Posted

Yes I know iPad is encrypted, however I want to share data across devices. I need a central storage solution that works with all of my computers, not just one of them.

 

I have no control over what information is being put on statements. Can't rely on each provider making sure they don't put anything sensitive on them. This kind of data simply does not belong in the open.

 

It looks like Boxcrypt could work, I need to figure what it does on iPad.

Grand Master

#Michael

Posted
Posted

Yes I know iPad is encrypted, however I want to share data across devices. I need a central storage solution that works with all of my computers, not just one of them.

 

I have no control over what information is being put on statements. Can't rely on each provider making sure they don't put anything sensitive on them. This kind of data simply does not belong in the open.

 

It looks like Boxcrypt could work, I need to figure what it does on iPad.

 

Boxcryptor doesn't do anything to or on the ipad itself.  It is an encryption wrapper on a computer that encrypts a file before sending it off to a cloud provider.  The iOS app just allows files from the cloud provider to download to the app itself and be viewed. 

Enthusiast

Amamba

Posted
  • Author
Posted

Well, Boxcryptor could be it, but it's major limitation is that free version only links 2 devices and you need to unlink one of them to add another one. In a household with 4 tablets, 2 smartphones and a few computers, this won't suffice, and I am not paying $50 each year for a Pro subscription.

I decided to keep my Truecrypt container for archiving past data, and use encrypted zip files for current year's statements. Hopefully eventually someone would come up with a reasonable iOS encrypted container solution.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Who exactly are you protecting your files from?  They are encrypted on your ipad as we stated, they are encrypted in the cloud and they use an encrypted transfer method.

 

post-14624-0-51595900-1394623747.jpg

 

So your protecting your bank statements from the company your storing your files with?  Or the government?  Both of which prob have easier ways to access that information ;)

https://www.dropbox.com/help/27/en

https://sugarsync.custhelp.com/app/answers/detail/a_id/201/kw/security

 

Look up pretty much every cloud provider - they are very security aware.  I find it unlikely someone at dropbox is looking into your files and thinking - hey I can sell this info for identity theft, etc.  The first case of this would completely shutdown not only dropbox but pretty much every company like them.  So I think they take it pretty serious - prob more so than your CC company or online store you shop with that stores your CC numbers, etc.

 

Its more likely that say your CC company or a store you shop with employee's would sell of this data for profit where this data is just easy search in a database and prob 1000's of peoples info in a nice spreadsheet vs and employee of say dropbox weeding through users files looking for info that might be useful to sell for profit or use themselves..

 

While I agree everyone should be concerned with loss of your personal data..  Curious who guards your mailbox when statements come there? Keep in mind these companies are storing your data like where your original bank/company is storing the information they give you in the statement.  What your doing is hiding the information from the company you trust to store the data for you.. 

 

If your worried that online storage company has access to your encrypted data - I would look to spideroak, I believe their claim to fame is even they do not have access.

 

https://spideroak.com/whyspideroak

Complete Privacy Guaranteed

  • SpiderOak never stores or knows a user's password or the plaintext encryption keys which means not even SpiderOak employees can access the data
  • Our zero-knowledge privacy approach means we can never betray the trust of our users

 

But to me, this is a bit over the top for some bank statements ;)

Enthusiast

Amamba

Posted
  • Author
Posted

Bank statements, credit card statements, tax documents, medical bills... a lot of them have date of birth, full address, full or part social security number - this info needs to be stored somewhere somehow. And most of it nowadays comes in electronic format. This is ID thief's heaven - the whole system of using SSN's is broken, but that's beyond the point.

 

You can leave this information unencrypted in Dropbox, but after several publicized accidents - one when Dropbox opened user accounts for hours to anyone to browse through - I don't trust them much. Or OneDrive, or Google. I have no choice but to trust banks but at least the banks are supposed to have a system in place to vet their employees, and have decades if not centuries of security obsessed corporate culture (not that it prevents any issues), and there are laws that make them responsible for at least some monetary losses of their customers due to internal breeches. I have no idea how cloud services vet their employees, and as far as I know they can read anything in anybody's account and have zero oversight and zero responsibility.

 

You can leave the statements on bank site of course, but good luck getting them if you switch banks, or if your bank is bought out. And many only let you go back 1-2 years.

 

Also, banks and medical offices simply don't have all of your info - just (important) bits related to your business with them.

 

Short of printing every record and locking it up in a safe somewhere - which is really not a good solution anyway - the only sensible approach, in my view, is to assume that some of your data may become compromised sooner or later, and prepare for this by encrypting access. A thief sophisticated enough and equipped well enough to break an AES encrypted file with 12-15 character password likely isn't after your individual data anyway.

Grand Master

#Michael

Posted
Posted

Bank statements, credit card statements, tax documents, medical bills... a lot of them have date of birth, full address, full or part social security number - this info needs to be stored somewhere somehow. And most of it nowadays comes in electronic format. This is ID thief's heaven - the whole system of using SSN's is broken, but that's beyond the point.

 

You can leave this information unencrypted in Dropbox, but after several publicized accidents - one when Dropbox opened user accounts for hours to anyone to browse through - I don't trust them much. Or OneDrive, or Google. I have no choice but to trust banks but at least the banks are supposed to have a system in place to vet their employees, and have decades if not centuries of security obsessed corporate culture (not that it prevents any issues), and there are laws that make them responsible for at least some monetary losses of their customers due to internal breeches. I have no idea how cloud services vet their employees, and as far as I know they can read anything in anybody's account and have zero oversight and zero responsibility.

 

You can leave the statements on bank site of course, but good luck getting them if you switch banks, or if your bank is bought out. And many only let you go back 1-2 years.

 

Also, banks and medical offices simply don't have all of your info - just (important) bits related to your business with them.

 

Short of printing every record and locking it up in a safe somewhere - which is really not a good solution anyway - the only sensible approach, in my view, is to assume that some of your data may become compromised sooner or later, and prepare for this by encrypting access. A thief sophisticated enough and equipped well enough to break an AES encrypted file with 12-15 character password likely isn't after your individual data anyway.

 

And I thought I was paranoid.  The answer is simple: Don't store any of that information in the cloud.  You cannot prevent the individual companies from storing the information electronically and making it available to you over the internet but that doesn't mean you have to store it anywhere else and make it available.  Do this: Get a NAS and store those documents on the nas.  Then make sure that the storage device is not accessible to the outside world.  You could then use truecrypt to encrypt that storage if you are still paranoid.  Bing, bang, boom...all done.

 

Also...for redundancy and backups..backup the nas to an additional physical hard drive and place that hard drive in a safety deposit box.

  • 2 weeks later...
Enthusiast

Amamba

Posted
  • Author
Posted

And I thought I was paranoid.  The answer is simple: Don't store any of that information in the cloud.  You cannot prevent the individual companies from storing the information electronically and making it available to you over the internet but that doesn't mean you have to store it anywhere else and make it available.  Do this: Get a NAS and store those documents on the nas.  Then make sure that the storage device is not accessible to the outside world.  You could then use truecrypt to encrypt that storage if you are still paranoid.  Bing, bang, boom...all done.

 

Also...for redundancy and backups..backup the nas to an additional physical hard drive and place that hard drive in a safety deposit box.

 

 

This is not an answer, it's a limitation.

 

I looked at SpiderOak and Wuala, but I don't think I am ready to trust them just yet.

 

Winzip AES256 solution works good for protecting statements, but is a royal PITA for editable documents... as they have to be re-zipped and re-uploaded afer each edit on iPad.

 

For now, I'm afraid that's the only safe, if cumbersome, method. Although CloudOn seem to support password protected Excel files... will check that one, too. None of my spreadsheets have any account #s in them, anyway.

Enthusiast

Amamba

Posted
  • Author
Posted

There's an app called Disk Decipher that reads Truecrypt (and FreeOTFE and LUKS) volumes, even on Dropbox without having to cache the entire container locally.

 

Once I RTFM'd, I was able to open the container in Dropbox and read files. For now it's read only, but I can use Winzip for individual files & transfer them to TC container in bulk later.

 

Highly recommended.

Grand Master

#Michael

Posted
Posted

There's an app called Disk Decipher that reads Truecrypt (and FreeOTFE and LUKS) volumes, even on Dropbox without having to cache the entire container locally.

 

Once I RTFM'd, I was able to open the container in Dropbox and read files. For now it's read only, but I can use Winzip for individual files & transfer them to TC container in bulk later.

 

Highly recommended.

 

That has to be the worst idea I have seen in a long time.  Talk about a convoluted and wrong implementation.  The moment I saw view only is the moment I said no.  Boxcryptor is what you are looking.  Stop being cheap and buy a subscription for it.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Paint.NET can finally be downloaded from the "right" place

      By dismuter · Posted

      You could make the argument that K should not be included, but FC, the fried chicken, is not the framework, it's the product. It's the Paint in Paint.NET. A closer analogy is if KFC included the name of the deep fryer they used. HennyPennyFC.
    • Spyro: A Realm Beyond revealed by Toys for Bob, the first new entry after almost 20 years

      By DoorSnail99 · Posted

      Flying as the central point eh... As a massive Spyro fan who has replayed the Reignited Trilogy three times and the originals 4 times... I have some doubts, but maybe...
    • Apple is expanding Private Cloud Compute beyond its own data centers

      By pradeepviswav · Posted

      Apple is expanding Private Cloud Compute beyond its own data centers by Pradeep Viswanathan At WWDC 2026, as part of the improved Apple Intelligence capabilities, Apple today announced that it is expanding Private Cloud Compute (PCC), its privacy-focused cloud infrastructure for Apple Intelligence, beyond its own data centers for the first time. Private Cloud Compute was designed to handle Apple Intelligence requests that are too complex to run fully on-device. The PCC system does not store user data and does not allow Apple or anyone else to access user requests. Last year, Apple also expanded its Security Bounty program with rewards of up to $1 million for researchers who could find serious vulnerabilities in PCC. Until now, Apple's PCC data centers were using Apple's own silicon. As part of the expansion, Apple is working with Google and NVIDIA to run new Apple Intelligence workloads on Google Cloud systems powered by NVIDIA GPUs. Apple will be using this new infrastructure to execute more demanding AI tasks while maintaining the same privacy and security guarantees of PCC. The new implementation uses NVIDIA Confidential Computing with NVIDIA GPUs, Intel CPUs with TDX, and Google’s Titan chip. Apple says it has worked with Google to build additional protections beyond a traditional confidential computing deployment. Despite the expansion to third-party data centers, Apple claims that its core PCC requirements remain unchanged, including stateless computation, no privileged runtime access, non-targetability, and verifiable transparency. The company highlighted that it will continue to control the PCC software stack, and Apple devices will only trust PCC software that has been cryptographically approved by Apple. To take security to the next level, Apple mentioned that it is maintaining an append-only ledger of Google Cloud hardware that is part of the PCC fleet. The company claims this will help reduce the risk of supply chain attacks. In addition to AI infrastructure, Apple also worked with Google to use technologies behind the Gemini family of models to build the next generation of Apple Foundation Models to power Apple Intelligence features across on-device and cloud workloads. As expected, for more demanding AI tasks like agentic tool use and complex reasoning, Apple will rely on the expanded PCC infrastructure running on Google Cloud. The expansion of PCC on Google Cloud will gradually ramp toward the full set of protections during the summer preview period. As before, Apple will also publish binaries for public inspection, provide research tooling, and give researchers access to live PCC nodes in research mode through the Apple Security Bounty Program.
    • Classic Outlook vs New Outlook — Which one do you prefer and why?

      By Bdpy · Posted

      my problem with outlook (new) is that it connects only to outlook.com. all connections to external providers goes through there. Got your mail server and want to use imap directly? no way... it adds a connector on outlook.com. last bug; if your email on an external provider if the same as principal email of your microsoft account, it doesn't work...
    • Apple finally brings the slider for Liquid Glass and many other changes

      By cleverclogs · Posted

      It's the only reason I finally have an iPhone (for work) and enjoy using it so much that I'm tempted to move from android next time I need to replace my own device

  • Recent Achievements

    • Very Popular
      Captain_Eric earned a badge
      Very Popular
    • One Month Later
      amusc earned a badge
      One Month Later
    • One Month Later
      DJC50PLUS earned a badge
      One Month Later
    • Week One Done
      DJC50PLUS earned a badge
      Week One Done
    • Proficient
      Eric Biran went up a rank
      Proficient

  • Popular Contributors

    1. 1
      +primortal
      506
    2. 2
      PsYcHoKiLLa
      222
    3. 3
      ATLien_0
      92
    4. 4
      +Edouard
      86
    5. 5
      Steven P.
      81
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!