Rene wants to know if she can use a VPN to keep herself safe and still log into sites like Facebook. Leo says that a VPN is an encrypted tunnel for your traffic that masks your data as you use it. You should be able to still log in, but some sites don't support it. How about using an airport WiFi with a VPN. Leo says that's a very good place to use a VPN, but he generally doesn't use public wifi, especially in an airport. And you NEVER want to do banking or eCommerce on one.
Mary recently installed an SSD into her computer, as well as Bitlocker. Now she's getting a blue screen of death. So she started over, without Bitlocker, and got a BSOD again. Sandisk told her to update her laptop BIOS, and that worked. But Sandisk also said not to put encryption on an SSD. Leo says he encrypts every SSD drive. His phone is encrypted and they are SSDs. In fact, Windows Pro has Bitlocker built-in! And some turn on Bitlocker at the factory. So Mary is fine to use it, as long as she doesn't lose her password.
Mike resurrected an old computer to look through some old floppies, but they're password protected and he can't remember the password. Leo says that if Mike can figure out how he password protected it, that could give him a clue. But floppy disks weren't normally password protected. So it's an odd thing for a password pop up to happen. It may be possible to examine the disk using a Linux computer. That could lead to being able to read it. But not for very much longer, as Linux will not support floppies moving forward.
Nancy has T1 drive encryption on her Samsung 1TB hard drive, but she can't see it on her laptop. Leo says she has to install special drivers that will modify the OS to encrypt the hard drive. But Leo doesn't like a third party having that kind of control. Since she had it on her old hard drive, she is aware and still has the password. So she'll have to re-download the software from Samsung. She can get it here.
Mark hears that Public Wifi may not be safe. Is that true? Leo says yes and no. When we're on a public network, people can see our connection. We can see other people's computers in our browser. We may not be able to see everything, but a hacker can use what's called a "WiFi pineapple." So there is a potential risk. But with a secure connection via HTTPS, they can't really see anything. That's why Google is pushing hard for every website to be https. That's why it's Leo's opinion that we're mostly safe. When in doubt, just use a virtual private network while on a public wifi.
Gordon is in the hospital, and wants to know if their public wifi is safe or should he use a VPN? Leo says that if it's using a wide-open network, then anyone can log in. It's a shared, public network. There are some risks, but your banking is safe because it's encrypted. The one thing to worry about is a "man in the middle" attack. Hospitals with public wifis could give the hospital the ability to watch what you do. That's when a VPN can come in handy. It will encrypt all traffic, by burrowing an encrypted tunnel to the internet.
Bobby encrypted his backup, and he uploaded it to Carbonite. But he couldn't because it was encrypted. He used Mac's FileVault. Leo says that encrypting is a good idea, but after you've uploaded it, it's encrypted, so it's redundant, actually. The thinking is that if you encrypt it, and need one file, you'd have to download the entire backup in order to get it. But Leo says that if you're logged in, then it's unencrypted through the Mac. Carbonite needs an unencrypted backup in order to do incremental backups. And in doing so, they keep your data encrypted on their end.
The caller wants to know if backing up data to DropBox is secure? He's worried that backup companies have access to his sensitive data. Leo says he can encrypt the data, and he alone has the keys to that. So if he loses it, he's out of luck. DropBox will accept secure encrypted data. If he's looking for a cloud-based encryption backup option, SpiderOak is an option, though it's a bit clunky. VeraCrypt is another.
Australia has recently passed a bill that would require companies like Signal and 1Password to provide the government with user messages and data upon request. Many companies that offer encrypted communications, however, don't have access to that information themselves because it uses end-to-end encryption. But now that sort of encryption technology is illegal in Australia without a 'back door' being put in. If there is a back door, then access to that data isn't just available to the government, it could be available to any hacker as well.
Parliament in Australia is pushing through an anti-encryption law that will make it not only illegal to use encrypted communications, but will also give law enforcement and other government authorities the power to use malware to crack an encrypted network. Leo says it will endanger the security of anyone using an online service and obvious violates an individual's privacy rights. Russia has a similar law, as does England.