Hi,
I'm currently running FreeNAS-11.0-U4 with a single unencrypted pool composed of 6*4TB WD Red hard drives in RAID-Z2. The main use of my NAS is for Plex, and let's say that I have rather large libraries of content if you know what I mean. In the not too distant future, I will have to move my setup from Canada to France. I'm obviously thinking about taking the whole thing with me on the plane : the drives with me in the cabin luggage to prevent harsh manipulation, and the case and everything else in the checked in luggage). But I'm getting a bit paranoid about some agent willing to inspect the content of my drives and the fact that he could see all my "personnal content". Now I know that the probability that this happens is extremely low and that most likely nobody will bat an eye, but still.
All the following aims to protect my data, my privacy and myself. Therefore, I'm going to consider the worst case scenarios, which might raise a few eyebrows. But as the saying goes : "Better safe than sorry".
So the way I see this, I have three solutions :
For solution 1 :
Thanks
Scentle5S
I'm currently running FreeNAS-11.0-U4 with a single unencrypted pool composed of 6*4TB WD Red hard drives in RAID-Z2. The main use of my NAS is for Plex, and let's say that I have rather large libraries of content if you know what I mean. In the not too distant future, I will have to move my setup from Canada to France. I'm obviously thinking about taking the whole thing with me on the plane : the drives with me in the cabin luggage to prevent harsh manipulation, and the case and everything else in the checked in luggage). But I'm getting a bit paranoid about some agent willing to inspect the content of my drives and the fact that he could see all my "personnal content". Now I know that the probability that this happens is extremely low and that most likely nobody will bat an eye, but still.
All the following aims to protect my data, my privacy and myself. Therefore, I'm going to consider the worst case scenarios, which might raise a few eyebrows. But as the saying goes : "Better safe than sorry".
So the way I see this, I have three solutions :
- I decide to leave everything as it is and travel with all my data accessible to anybody willing to poke my drives.
- I send 4 of my drives in two distinct packages (2 drives in each) via mail, the second package being sent after the receiving the first, so that I can replace the drives and resilver in the event of a lost package. Finally the last 2 drives would travel with me on the plane. This way, there will never be the required number of drives to mount the pool (4) at the same time in one location (except the source and destination of course), and unless I'm extremely unlucky (3 drives failing during the whole process), my data should be safe at the arrival.
- I encrypt all my pool and travel with all the drives. So that even if someone really wants to see what's on the drives, I could say that they are empty / faulty / "insert_random_lie_here" drives. Heck I could even send the key and password to decrypt the drives to my destination by other means and travel without them, so that if someone at the airport doesn't believe me and tortures me to get access to the data, even I wouldn't be able to do it. What did you say ? I'm being too paranoid ? Anyway, for this solution, I found this very nice post about encrypting an existing pool and his little brother to do the reverse operation (if I ever want to decrypt the pool afterwards). This would be the only solution for me as I don't have a full backup of my 10TB+. This is bad I know, I definitely would do it if I could, but I can't afford one at the moment, so no "backup - erase - encrypt - restore" for me here : if I encrypt, I have to do it "live".
For solution 1 :
- What do you think is the likelihood that, at both the departure and arrival, somebody sees a NAS with 24TB worth of storage and wants to take a look at it ? I found a few topics talking about this and, from what I understood, unless you're traveling to the US, you'll mostly be fine.
- Do they have the right to power the NAS on at the airport or plug the drives in another system to try and read the data that's on them ?
- Do they have the right to confiscate your hardware to perform further analysis ? I found a topic about that but I still find this highly unlikely.
- I read everywhere that if you loose more drives than what your redundancy layout allows (in my case 2), you loose the whole pool and you can't access your data anymore. In this case, I would use this to my advantage, so that the data cannot be accessed. But is this really true ? Especially since the drives aren't encrypted. What exactly will someone be able to see by plugging up to 3 of my drives with the appropriate OS and tools ?
- Is the post I mentioned still valid for this version of FreeNAS ?
- Is there a risk that, in the event that they find encrypted drives, I get "forced" to either decrypt them so they can check the content, or erase them ? Like "if we can't read them, you'll get them back sure, but erased".
- According to this thread, my data wouldn't be entirely safe unless I securely erase the drives before the encryption process. Is it correct ? I thought this was a full drive encryption, so even empty space should be encrypted and nothing could be read until the pool is unlocked, right ?
- I'm almost sure about this one but I'd like some confirmation regarding the encryption process used in solution 3. They talk about resilvering after encrypting a drive. This means that during the encryption, the drive is erased, right ? Otherwise there wouldn't be a need for resilvering, correct ?
- Solution 1 is too "risky" for my privacy.
- Solution 2 is too expensive and too risky for the integrity of my data : the packages will most likely be harshly manipulated.
- Solution 3 is risky as well, especially since I don't have any backup of my data, but I tend to prefer this one anyway.
Thanks
Scentle5S