Frank J. Gómez wrote at about 15:41:14 -0400 on Tuesday, March 23, 2010:
 > I have an interesting situation here.  One of my users refuses to
 > participate in the system of backups because she's concerned about the
 > security of her files.  She agreed to participate if I can make the system
 > work such that even I am unable to see the contents of her files.  She's
 > running Windows -- XP Home, I believe.

XP Home is hardly enterprise class or secure -- and I would think that
Backuppc would be the least of her security issues...

Interesting company where users run their own home versions of XP and
don't trust IT. Does the user realize that if you don't trust IT, then
you better not ever connect your computer to the network unless you
have totally hardened it and treat the work network as potentially
"hostile"?

Unless the user is the CEO, it sounds like the user needs a polite
talking to by either her manager or the IT head about the role of
IT. At least she should better justify her need for such paranoia.

On the other hand if she has a legitimate need to protect a subset of
her *work* files (say uniquely confidential legal or personnel matters
or key business deals), then she could store those in a directory that
would be excluded from backups and to which everybody but her would be
denied access (this is a bit harder to do with XP Home than XP Pro) --
she would then be responsible for either backing up those files
herself or encrypting them and storing them in a directory accessible
to BackupPC -- Note you also would need to probably exclude her temp
folder from backup since copies of files sometimes appear there.

Barring such rare but potentially legitimate needs I would be
concerned about two things:
1. Why is she so paranoid and is she truly a team player who is
   willing to trust her co-workers?
2. Is she using her work computer and or work-time to store and access
   inappropriate materials such as porn or any other uses that would
   violate the law or company policy. Does she use proxies to encrypt
   her internet access while at work?

 > 
 > A little Googling and some brainstorming leads me to consider three courses
 > of action.
 > 
 >    1. Use a pre-dump command to encrypt the files before BackupPC reads her
 >    files.  I've not used pre-dump commands before, so I'm not entirely sure 
 > how
 >    they work, but I imagine I could tell BackupPC to read only c:\foo, but,
 >    prior to doing that, run a script which takes the files in
 >    c:\my\sensitive\junk and creates an encrypted archive in c:\foo.  I assume
 >    the pre-dump script would live in the cygwin environment, which is 
 > probably
 >    better for me anyway, since I don't know anything about Windows scripting.
 >    If this were a Linux system, I'd tar the files up and then pass the tar to
 >    gnupg, but I don't know if this is possible in a cygwin environment.  
 > Then,
 >    post-dump, I'd shred (or rm, if shred is unavailable) the temporary file 
 > in
 >    c:\foo.

Well if you create a single archive or do something like tar then you
will lose the benefit of pooling and will essentially just be copying
over large archive files every day -- to do that you would probably
better off just writing a simple cron script that would run on her own
machine to encrypt her files in an archive and copy it over to a
backup server on a regular schedule. BackupPC is a lot of overhead
with few benefits in this situation.

 >    2. Some post I read somewhere suggested you could simply change your
 >    compression method or transfer method to a script that does the encryption
 >    before writing to disk.  Nice thing about this idea is I can do all the
 >    configuration on the server.  Does sound a little scary though!

Problem is if you have access to do this then you have access to read
her files too so it doesn't solve her concerns (whether legitimate or not)

 >    3. Use scheduled tasks (or whatever the Windows equivalent of cron is) to
 >    periodically create/delete encrypted archives, independent of BackupPC
 >    scheduling.

Probably the best of the three...
 > 
 > How would you do it?  What encryption software would you use?
 > 
 > Cheers,
 > -Frank
 > 
 > ----------------------------------------------------------------------
 > ------------------------------------------------------------------------------
 > Download Intel® Parallel Studio Eval
 > Try the new software tools for yourself. Speed compiling, find bugs
 > proactively, and fine-tune applications for parallel performance.
 > See why Intel Parallel Studio got high marks during beta.
 > http://p.sf.net/sfu/intel-sw-dev
 > 
 > ----------------------------------------------------------------------
 > _______________________________________________
 > BackupPC-users mailing list
 > BackupPC-users AT lists.sourceforge DOT net
 > List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
 > Wiki:    http://backuppc.wiki.sourceforge.net
 > Project: http://backuppc.sourceforge.net/

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/