Protect Your GTD System : Getting Things Done

Protect Your GTD System As a true GTDer you (should) have captured “everything” from your personal and professional life into your GTD system of choice. That includes actions, current projects, future projects, dreams, and so on. If your GTD system is anything like mine, it doesn’t only contain general, neutral information, but also sensitive and private information.

Did you ever think about protecting your GTD system to prevent this collection of private information from falling into the wrong hands? Do you want to know how to do this?

General versus private information

My GTD system certainly doesn’t only contain general items like “Fix my car” or “Call the garage”. I wouldn’t care if other people took a look at this kind of information. However, my GTD system also contains what I consider to be personal, private and sometimes sensitive information like (and I’m making this up here): “Call doctor re: face lift” (next action), “Find a new job” (project), “Pay back $5000 loan” (someday/maybe). And I’m sure you will find much more sensitive information than this in your own GTD system. I would definitely care if this kind of information was either lost, stolen or read by somebody else.

In general, I guess you could say that my GTD system is an accurate snapshot of my current life and future dreams, something that I do not wish to share (certainly not involuntarily) with just anybody! How about you?

Analog, digital and hybrid GTD systems

The “problem” is that GTD systems come in all shapes and sizes. On one end of the spectrum you have completely analog systems and on the other end completely digital, and every possible combination (hybrid) in between. What is the best way to protect each individual system?

It is beyond the scope of this article to discuss all possibilities, so I will be mostly talking about digital measures you can take to protect your digital (or hybrid) GTD system. And I will be talking from personal experience.

I will not be talking about protecting completely paper-based GTD systems. If you use such a system, you may consider applying some physical protection measures:

Keep your hPDA, Moleskine, reference system and other paper-based tools in a locked drawer or closet (or even a safe!) when they are not in use
Use a custom (obfuscated) notational system for writing down sensitive information
Create backups by making photocopies, scans or even manual syncing with your computer

Of course, these tips also apply to the analog part of your hybrid GTD system.

(Partly) digital GTD systems: online versus offline

To further complicate matters, the digital part of your GTD system may be (partly) online or (partly) offline. For the online part you are basically dependent on the protection measures that your service provider has taken to protect your data. Are they encrypting your data? Does communication from your computer to their online service take place over a secure line? Do they create regular backups of their servers? Perhaps you are beginning to see why I don’t particularly favor online services for sensitive information, like my GTD system.

Backup and encryption of (partly) digital GTD systems

So, I’ve narrowed down the subject of this article to: How to protect the digital, offline part of your GTD system? In my opinion there are 2 key components to this kind of protection: backup and encryption. Neither of which are common or consistently applied in my experience!

Backup
This is part of the common sense that you should apply when using computers. And who isn’t these days (using computers, that is)? Of course you are using some sort of program to back up your valuable data (including your GTD system) every day, right? If not, I would strongly suggest you start doing so. Create a Next Action on your list right now. Creating regular backups will not help against prying eyes or someone stealing your data of course, but at least you will still have your data!

Encryption
Combined with regular backups, encrypting your data (and specifically your GTD system) is the best thing you can do to protect your sensitive information. Let me put it this way: if somebody stole my laptop or my PDA, I wouldn’t care one bit (except for the obvious loss of equipment, that is). You know why? Because I have encrypted every single bit of (sensitive) information on my laptop and also on my PDA. That includes my GTD system. And I have backups of course.

Two free, open source solutions for encrypting your data

When I talk about encryption and the two solutions presented below, I do not talk about simple password protections. I also don’t talk about solutions that need a technical expert to install and use. I’m talking about free, open source, easy-to-use but very secure encryption solutions.

Again, it is far beyond the scope of this article to explain both solutions in-depth. However, I use both of them daily. I use TrueCrypt on my Windows (and on my Linux) laptop and I use FreeOTFE on my Windows Mobile PDA. Both programs are able to create so-called “encrypted volumes”, which is nothing more than an encrypted “container” file (which behaves like any other removable disk) that contains your personal information.

To illustrate my point: as you know I use my PDA with ListPro for the implementation of my core GTD system. The ListPro file is contained within an encrypted FreeOTFE volume on my PDA. I can sync my GTD information to ListPro on my laptop. The ListPro file on my laptop is contained within an encrypted TrueCrypt volume. My GTD system is protected at all times!

Here is some additional information about what I consider to be two of the best programs for protecting your GTD system (or any sensitive information):

TrueCrypt
TrueCrypt has built quite a name for itself. It has proven to be fast, easy and secure. It is available for Windows, Linux and an OS X version is planned. Best of all, it’s free and open source.

FreeOTFE
FreeOTFE is less famous than TrueCrypt, I guess. As far as I know it is available for Windows and for Windows Mobile. Since I’m using TrueCrypt on my Windows laptop, I only use FreeOTFE on my Windows Mobile PDA and it’s very similar to TrueCrypt: fast, easy and secure. It’s also free and open source.

I hope I have succeeded in making you see the need for protecting your GTD system and also in giving you a few pointers as to how to go about implementing it. I would be more than happy to answer any questions you may have about this.

Share This

Sherlock on August 22nd, 2007 at 23:00

Will TrueCrypt on Mac OS X be any different (or better?) than using the OS’s in-built ability to create a password protected DMG disk image?

gtdfrk on August 23rd, 2007 at 05:50

@Sherlock:
I’m not an expert on OS X, but from what I can gather TrueCrypt offers:
- AES-256, Serpent, Twofish or any combination, whereas an encrypted DMG uses AES-128 (correct me if I’m wrong!)
- the ability to encrypt entire partitions
- “plausible deniability” –> see http://www.truecrypt.org/docs/?s=plausible-deniability
- password + any number of keyfiles

Most of all, it’s a matter of taste. The main point is to encrypt your private (GTD) data and I expect an encrypted DMG on OS X to do that safely as well.

Geoff R on August 23rd, 2007 at 23:11

Personally, I use SSL encryption on my Vitalist account. It’s nice, but I don’t think I really need it. I may have some personal stuff that I don’t want friends or family reading, but I don’t think any packet hackers are going to care that I have to talk to John about our french project.

Sherlock on August 23rd, 2007 at 23:21

Thanks for the link, I do see the difference but like Geoff I don’t think my to do lists are going to warrant that much interest, and that level of protection “in case an adversary forces [me] to reveal [my] password” might be a bit over the top. Do see how it might be useful for some though.

gtdfrk on August 24th, 2007 at 04:57

@Geoff, @Sherlock:
Slight warning: computer security and data encryption is something I’m personally and professionally interested and involved in, so it might be more top-of-mind to me than others

Just like GTD, it’s the principles that count, not the exact implementation. *If* you have private or sensitive data in your GTD system (which is very likely if you put *everything* in it, including personal relationships, personal feelings, financial situation and so on) then please use some form of regular data duplication (backup) and some form of protection (encryption). A hacker may not be interested in it, but I know *I* feel a lot better knowing my data is safe. After all, a PDA or laptop is easily lost or stolen.

The degree of protection and which tool you use for it is entirely up to you, of course! That means even TrueCrypt can be used for simple encryption of a single file if you want, or very strong encryption of an entire partition. As a side note: I’m already using TrueCrypt for all of my data and some programs on my laptop, so the step to include my GTD data is a small one.

Does anybody else feel the need to encrypt their GTD system? If so, what tool(s) do you use?

Bodo on October 25th, 2007 at 07:59

I also use a GTD tool that supports SSL http://www.wrike.com/. It’s pretty secure. But really I don’t think that anyone would ever want to get into my plans. Anyway I trust Wrike team The great thing is I’m one of thousands of their users.

Getting Things Done
My experiences with using GTD

Like this blog? Subscribe now!

Featured Sites

Recent Posts

Categories

Recommended Reading

Archives

Protect Your GTD System

Comments

6 Responses to “Protect Your GTD System”

Leave a Reply

Featured Posts

GTD Tumblelog

Recent Comments

Community

Thank You for Supporting Me!

Getting Things DoneMy experiences with using GTD