Hi there, I have an external and an internal (slowly in the process of eliminating the internal drive for obvious reasons). The problem I have is that the files are just there, unprotected, I know I can unplug the external, and I will, but are there any other methods you all use to hide or secure these video and funscript files floating around?
I have tried quite a few things so curious if this is the normal/best practice or if I’m missing out on some added security.
I’ll note, I use Stash and XBVR, but these don’t protect the actual files still.
I don’t encrypt my videos either, but I have thought about it. I store all my files on a NAS - which has the ability to encrypt the file system. I’d probably go that route.
VeraCrypt, you can either encrypt the whole drive or create a file that can be decrypted and mounted like a drive.
You can also make a fake/hidden volume with separate password in case your fam puts a gun to your head and forces you to decrypt it.
basically this, Veracrypt is my personal go-to for storing even financial documents. Just make sure you remember your password, although if it’s just for jerkoff material it doesn’t need to be the recommended 20 characters, I think your standard pass will do. Since veracrypt vaults are stored as files just name it taxe_backup or something
I use Cryptomator to encrypt everything on my NAS. I’ve never used Veracrypt, but Cryptomator is lightweight and even has a phone app.
I use it for a lot of stuff that I need encrypted. It creates a folder with an assortment of seemingly random names. When using Cryptomator, with the correct password, those can be decrypted and mounted as a drive.
A very important question to ask is what are you protecting them from?
If its from prying eyes you could consider 2 options
Obfuscation
Encryption
Note these have pros and cons
Obfuscation
This isnt really protecting anything it simply creates a small barrier that someone would need either prior knowledge or technical knowledge to bypass. Typically this could be a folder with an empty name and custom empty icon.
Encryption
This actually protects files with requiring a secret to view them. This comes with great security but at the cost of ease of use and performance ( content needs to be decrypted on the fly ) you may encounter buffering/long loading times. In addition if you lose the secret. The data is gone forever.
Thanks all for your replies, very helpful as always.
I’ll just tag a few of you as they are all related.
@Yoooi Thanks for this! I’ll check it out - I noted I use Stash and XBVR, do you happen to use the same? If so, is there a way to grant that specific application rights to view regardless, or API integrations? Basically, my objective is to hide the files from simply stumbling on them, but still have those two applications run and view the files without me having to unlock them every time I want to use them.
@LoliLoki Thanks for your reply too - I’ll definitely check it out and thanks for the tips, agreed that it doesn’t need to be kept secure to hide the information, moreso just hiding the files exist for the average person.
@Spunkle Thanks for your reply too, I’ll check this out and see which is a better fit! Good to know about mounting as drives too!!
@VladTheImplier Thanks for your reply too (seems less genuine the more I repeat it here, but I do mean it)! I think both are potential options, the more fitting being encryption, but my concern there is the accessibility of those files without intervention so that these services (Stash and XBVR) function without any impact.
If any of you (or others who stumble on this post) have some other ideas - I’m open! I will mark this topic solved after a day or so just to keep replies open.
No, that would defeat the purpose of encrypting the drive.
Ideally you would put Stash or XBVR and their config/database etc. on the encrypted drive, and only run them after mounting via VeraCrypt.
If all you want is to just “hide” the files then I would just create some random empty folder in some random location and mount the drive to that folder:
Then remove the assigned drive letter so its not visible in windows explorer, and you will be able to access the drive thru that “hidden” folder.
Technicaly this can be achieved as its still something that is considered a relevant part of an MFA chain. Its part of the ‘who’ portion, where something you have/own is used to verify. This can be as easy as just having a certain user attached to it.
But to ensure proper working, it must not store the key on disk. This check must be taken to something like a usb stick (which if its missing means decryption is completely impossible). And when it is available, that key can check rights to obtain the key. Its a weak check on that though, but since the usb can also have its own encryption means another protection level is added.
But on that its a huge pain to setup these things if you cannot make software yourself. And rarely worth it. If you want to resolve to things like this, just encrypt an entire external HDD. It only has to demand your password when you need it, so if an application does need it, it will only ask for the password the moment it wants to access it. And when done use the ‘detach usb device safely’ option in the os, as that will then also purge the key from memory.
I’m mostly looking to protect against family, there isn’t anything abnormal aside from run of mill mp4 and funscript files. It’s kind of like this meme:
I don’t have a huge collection, its about 1TB of VR and 250gb of flat video, but I’d like a bit more peace of mind that not just anyone can access the files, it should take at least a bit of technical knowledge to find them.
I’m slowly making improvement, Stash was a big one, removing the SMB share with 0 protections was another (pre-stash method I used). So this is just another opportunity for me to improve the security of my collection.
Not sure if this is helpful, happy to answer any other questions that help make my intention clearer - thanks again for your reply!!!
@Yoooi (thanks for your reply) gave some ideas to work with, but in a perfect world, I wish stash would somehow protect the files on it’s own, but I understand the nature of service and I don’t expect that to be a feature for many years.
In that case I would recommand Full disk encryption with LUKS. Assuming you host your stash on a linux server this is pretty trivial to setup.
We want to make sure your family cant get access to the files so we need to ensure that TPM unlock at boot doesnt happen, thankfully the default requires a password to boot and TPM requires some configuration, so we can skip that. You can effectively have the server off most of the time and when you want to use it, you can boot the server, enter the encryption password at boot and then start everything up.
Alternatively you can configure the server to power down at a deadmans switch. I can help with planning that out.
The key is that while the server is powered off, the files are all encrypted, but while on, everything is accessible.
So you can protect things normally like a regular computer with a password. But for 100% guarantee safety power the server off.
@VladTheImplier your recommendation to set this up sounds like a perfect fit, pretty well to the T what I would like. I feel pretty confident I can get this going, would you be open to me DMing you for some more technical questions if I can’t find the answers I’m looking for?
Once again, appreciate your reply and everyone else, another reason I really appreciate this community.
Feel free to DM me.
Also you should test with just 1 VR video on the encrypted setup. Your performance will take a substantial hit due to the need of decrypting things on the fly.
Prefect, will do and thanks for the heads up, not sure if I’m the only one but VR has kind of worn off for me, so maybe this a good excuse to finally purge those old files.
Hey again, looks like I’ve hit a bit of a wall where I’m not too sure which is the best option for me. I hadn’t understood the tie of LUKS being to linux, it seems obvious to me now, but they hadn’t connected until I had done my research.
I use a windows os and stash boots from an external drive through an exe file. From what I’ve been able to gather, there are third party tools that can be used, but I assume that will introduce performance issues and lag. So I don’t know where the next best option is and I’m hoping maybe you’d have a recommendation - seems like VeraCrypt may be an okay alternative?
I’ll keep digging and researching other options, hoping to find one that is natively supported in windows or has a low impact third party app.
Veracrypt is a decent alternative but because you’re using an external drive, the combination of decryption and the speed of USB might make the performance unusable.
This is a desktop, I just usually run stash when I need and close it when I’m done. External usually stays plugged in unless I go out town, I don’t both travelling with the handy.
Any ideas of how to eliminate the performance issues?
Have you made sure that your USB cable, USB port and external drive are all the same speed? As if one of them speed wise is less than the other then you could be losing some transfer speed.
The drive depending on what it is can over time get slower (I recently found out the Samsung’s 980 M.2 had really bad firmware eventually bricking it) which by having it plugged in when your not using it contributes to it getting slower and worn down.
Vlad also mentioned that if you choose to have it encrypted then on the fly decrypting will impact performance the most I feel too.
Personally I feel that external drives are only good for file transferring rather than running off them and question why no one has made an PC case where it has an SATA (and power) extension cable in it so you can have an SSD drive you plug in the front and use as an portable if you get a good case for it since it then connects to your motherboard. (But you obviously you shouldn’t really be hot-swapping drives)
Encryption - move the storage from external to internal. Sata is far faster than your USB will be and preferably an SSD so you dont have to worry about bandwidth being a bottleneck. This will make encryption performance hit not as bad and likely usable.
Obfuscation. Make the folder you store everything named " " (rename the folder and hit alt + 255 on the numpad ) and change the icon to an empty png. This is not as secure, there are many ways to identity that the folder is there. Fill the drive with garbage innocuous data so it will be unlikely to be found non-chalantly. I tend to make the folders sort of like a passphrase. Where I need to open the correct order to find the folder. Again this is trivial to bypass if you know what youre doing and should only be done if the performance impact of encryption is too much.
! Note: if you have file indexing enabled on your device turn it off so the files can be searched.